Policies and practices governing the protection of personal information

Last update: September 19, 2023

1. Prospecting information (requests for demos and discovery meetings)

1.1. Information designation

1.2.Retention and destruction of information

The information is stored in Calendly, an external tool, as well as in an internal calendar. The information is also entered into our internal customer relationship management system.

Calendar events in Calendly and the internal calendar are deleted one (1) year after the meeting with the customer, and information in the customer relationship management system is destroyed seven (7) years after the meeting. Please note that if the company becomes a Loginnove customer following the meeting, the procedure in the “Customer Information” section will apply.

1.3. Staff roles and responsibilities

2. Customer information

2.1. Information designation

2.2. Retention and destruction of information

Customer information is kept for as long as the customer is active with Loginnove. The above information is deleted/destroyed seven (7) years after the end of the customer’s activity.

Exceptions :

2.3. Staff roles and responsibilities

Billing Information

Information about access and data contained in Viridem and custom applications

Information on the proposal and functional analysis documents

Source code

3. Supplier/partner information

3.1. Information designation

3.2. Retention and destruction of information

Supplier/partner information is kept for as long as the supplier/partner is active with Loginnove. The above information is deleted/destroyed seven (7) years after the end of the activity with the supplier/partner.

Exceptions :

3.3. Staff roles and responsibilities

Contact and banking information

Contractual agreements

4. Employee information

4.1. Information designation

4.2. Retention and destruction of information

Employee information is retained for as long as the employee is employed by Loginnove. The above information is deleted/destroyed seven (7) years following the end of the employee’s employment.

Exceptions: none

4.3. Roles and responsibilities of employees

Information (all)

5. General policy

The information collected is not sold, given, exchanged or shared with any third party, except Loginnove’s partners who are contractually bound to the company and who are obliged to respect the confidentiality agreement as well as all the rules surrounding Law 25.

Partners are external companies that offer their professional services exclusively to integrate the Viridem solution.

All access information is stored in a tool accessible internally only or via VPN. Access includes mandatory two-factor authentication for all employees. This tool makes it possible to control users’ access to different information according to their role within the company.

All internal tools containing sensitive or non-sensitive information feature mandatory two-factor authentication where available.

6. Complaint handling procedure

All complaints should be addressed to confidentialite@viridem.ca and should contain the following minimum information:

Upon receipt of a complaint, an acknowledgement of receipt is returned to the sender and will then be processed within a maximum of 15 working days to enable the committee to investigate, analyze, document, implement emergency corrective measures if required and finally respond to the complainant by email.

For security and confidentiality reasons, it is important never to include the information in question in email communications.

7. Termination of distribution of information

If you wish to stop the distribution of your personal and confidential information, you can contact Loginnove’s confidential information manager at confidentialite@viridem.ca.

The request must be made directly by the individual concerned. If the request concerns an organization, the request must be made by a person who holds the required authority to make such a request. The request must contain the following information:

An acknowledgement of receipt will be sent within minutes of receipt of the request.

The request will then be processed as quickly as possible by our internal team to ensure that dissemination of the information ceases on the date indicated. If the termination request is to take effect as soon as possible, every effort will be made to remove the information as quickly as possible.

Once completed, the requestor will receive an email confirmation that the termination request has been conducted.

Termination requests are kept in an internal register.