Privacy and Personal Information Protection Policy for Employees, Candidates, and Website Users

1. General Purpose

This policy aims to inform you of Progitek Dev Inc.'s (“Progitek”) practices in personal information governance and privacy for its employees and users of its website www.dentitek.ca (hereinafter referred to as the "website").

It also aims to ensure the security and protection of personal information collected, held, used, communicated, and retained by Progitek against unauthorized consultation, use, or disclosure. It also seeks to protect this information against any breach of its integrity.

Furthermore, this policy aims to establish rules regarding access, communication, use, retention, and destruction of this information, as well as rectification rights.

2. Foundation

Progitek is a private enterprise subject, among others, to the Act Respecting the Protection of Personal Information in the Private Sector (R.S.Q. P-39.1), the Act to Establish a Legal Framework for Information Technology (RLRQ, c. C-1.1), the Civil Code of Quebec (RLRQ, 1991, c. 64), and the Privacy Act (R.S.C. (1985), c. P-21).

Progitek is the legal entity registered under the Business Corporations Act doing business occasionally under the name “Dentitek.” Dentitek is also a software solution developed by Progitek for simplifying dental clinic management.

Progitek may collect personal information about its employees, candidates, and website users through its website.

Progitek acknowledges the importance of privacy protection, security, and personal information protection. It thus commits to respecting the provisions, values, and fundamental principles established by the applicable laws, including updates.

Progitek ensures the implementation of reasonable physical, computational, and technological security measures necessary to guarantee the privacy of personal information communicated to it during its activities.

Despite the security measures taken by Progitek to keep personal information secure, uncertainty remains due to illegal cyber-attacks by third parties that could unlawfully access personal information without Progitek's consent. No method of collection, transmission, or electronic storage is 100% secure. We cannot guarantee that your personal information will not be accessed, obtained, disclosed, modified, or destroyed due to a breach of our aforementioned security measures. Thus, we cannot guarantee the security of the personal information you provide us, and you do so at your own risk.

3. Scope

This policy applies to all Progitek employees, agents, suppliers, and partners who may have access, as part of their duties, to personal information.

4. Objectives

This policy aims to define the type of personal information Progitek collects and the means by which Progitek protects that information.

It also specifies the standards of collection, retention, use, communication, and destruction of this information, as well as rights of access and rectification by the company or by third parties, regardless of the nature of their medium and the form under which they are accessible: written, graphic, sound, visual, computerized or other.

5. Definition of Personal Information

All information concerning an individual, which directly or indirectly identifies them and is not of a public nature according to the Act Respecting the Protection of Personal Information in the Private Sector. This information can notably include the first and last names, civic address, email address, social insurance number, or phone number.

5.1 General Principles

Progitek takes security measures to ensure the protection of personal information collected, used, communicated, held, or destroyed, which are reasonable given their sensitivity, the purpose of their use, their quantity, distribution, and medium, by ensuring the following elements:

  • The integrity of the information, ensuring that it is not destroyed or altered in any way without authorization, in compliance with applicable laws, and ensuring that the medium provides the desired stability and permanence;

  • The confidentiality of personal information, limiting its disclosure to authorized individuals, externally with explicit employee consent, or internally when necessary for employees' duties;

  • Identification and authentication, confirm when required, the identity of a person or the identification of a document or device;

  • Compliance with legal, regulatory, or business requirements to which Progitek is subject.

6. Collection of Personal Information

Progitek collects personal information on its employees. Progitek also collects personal information from candidates (hereinafter "candidates") who apply for a job through its website and social media platforms. Progitek also gathers personal information on its website and social media platforms users.

Progitek may specifically collect the following information: name, first name, postal address, email address, IP address, phone number, banking details, date of birth, and social insurance number.

7. Consent to Collection

The collection of personal information by Progitek is conducted transparently and with the prior, free, and informed consent of the employee, candidate, or website user, obtained through one or more consent forms detailed in plain and clear terms. For sensitive information, express consent is obtained.

Respecting applicable laws, when Progitek collects personal information, it seeks the consent of the concerned employee, candidate, or website user by disclosing in advance the purposes for which this information is collected and will be used.

Progitek will seek distinct new consent before using the personal information held for purposes incompatible with those for which it was initially collected.

8. Collection Method

The collection of personal information can be conducted notably in person, via email, through forms, telephone interviews, questionnaires, social networks, text messages, or electronically via the website.

Progitek collects personal information from its employees, candidates, or users of its website with their prior consent and provides upfront and in plain and clear terms the following information during collection and upon request:

  • The name of Progitek;

  • The purposes for which this information is collected;

  • The means by which the information is collected;

  • The rights of access and rectification provided by law;

  • The right to withdraw consent to the communication or use of collected information;

  • The name of the third party for whom the collection is made, if applicable;

  • The names of third parties to whom it will be necessary to communicate the personal information;

  • The possibility that personal information may be communicated outside Quebec.

Upon request, Progitek will inform employees, candidates, and users of its website about the personal information collected from them, the categories of people who have access to this information within the company, the retention duration of this information, and the contact information of the person responsible for personal information protection.

9. Usage

Progitek collects and retains the personal information of its employees, candidates, and website users to:

  • For Employees

    • Verify their identity;

    • Communicate with them;

    • Process payroll, deductions, and other compensations;

    • Produce personalized tax returns;

    • Administer various collective plans (Benefits)

    • Track employee performance evaluations.

  • For Candidates

    • Conduct job interviews with candidates;

    • Verify their identity;

    • Communicate with them.

  • For Website Users

    • Improve, customize, and develop the website;

    • Develop new products and services;

    • Provide customer service on its website;

    • Provide updates and other information related to its website;

    • Engage in marketing and promotion;

    • Offer training;

    • Any other compatible purpose;

    • Perform profiling;

    • Assert its rights, if applicable.

Progitek uses the collected and held information solely for the purposes for which consent has been obtained. Thus, without specific consent, Progitek does not communicate, sell, rent, give, exchange, share, or disclose any held personal information to third parties.

This information is accessible only to Progitek employees, suppliers, or agents who necessarily need it to perform their duties, and they are obligated to respect the confidentiality of this information.

10. Retention and Security of Personal Information

All collected personal information, regardless of its medium, is retained in a secure environment against unauthorized access, disclosure, copying, use, or modification, as well as against loss or theft. These security measures include, where applicable, the use of firewalls and secure servers, the deployment of appropriate access management systems and processes, sufficient training of Progitek staff who have access to personal information in the course of their duties, and other indispensable measures to ensure appropriate protection of your personal information against any unauthorized use or dissemination. Progitek uses information technology to support its business processes to offer better service delivery and appropriate security to the information it holds.

Progitek implements reasonable access management and security measures to ensure the confidentiality, integrity, and availability of the personal and confidential information it holds based on the sensitivity of this information, the risks they face, and the obligations Progitek is subject to.

11. Communication of Personal Information to Third Parties

From time to time, Progitek may disclose to third parties aggregated or depersonalized data, which does not contain personal information or other personal information concerning identifiable persons.

Progitek may also share personal information with third-party service providers that Progitek has hired to provide services on its behalf, according to our instructions, such as advertising agencies, marketing agents, data processing and storage companies, or organizations that provide administrative and support services to Progitek.

Progitek requires the consent of its employees, candidates, and website users before communicating personal information about them to a third party, unless applicable laws authorize communication without this consent.

In the context of services offered, Progitek may communicate, in compliance with applicable legal requirements, personal information to its external suppliers located in and outside Quebec. These suppliers include financial institutions, marketing firms, providers of administrative services, human resources, productivity solutions, payroll production, surveys, and benefits management.

Progitek may also enter into service agreements with its external suppliers, compliant with the law, to facilitate the communication of personal information between them and with other stakeholders.

Progitek and its suppliers may be required to provide personal information held due to a court order, administrative investigation, or other situations provided by law.

In connection with a sale, buyout, acquisition, or any other restructuring of Progitek's activities, Progitek may have to disclose personal data, which may be assimilated to personal information, to potential or existing acquirers and their advisors for the purpose of said transaction. Progitek will ensure that applicable law requirements are met before any communication.

12. Rights of Access, Rectification, or Withdrawal

Any individual who requests has the right to access personal information concerning them and held by Progitek, unless exceptions are provided by applicable laws. It is possible to make the request via the personal information protection officer.

An individual may request that their personal information be corrected, rectified, destroyed, or no longer used for the purposes for which it was collected, subject to compliance with different legislation.

Any concerned person may also, at any time, withdraw their consent to the processing of their personal information by contacting the personal information protection officer. This withdrawal of consent will only take effect for the future, and this, as soon as Progitek receives it. Upon receiving the notice of withdrawal of consent, Progitek commits to stop processing the targeted personal information and proceeding with its destruction, subject to a legal or regulatory obligation related to its retention.

Progitek will also inform any person or entity to whom this personal information has been disclosed according to the obtained consent to proceed with the cessation of their processing as well as their destruction, if applicable.

However, it is possible that Progitek may not meet its obligations in the event of a request to withdraw consent or early destruction. In this case, Progitek cannot be held responsible for the prejudice suffered by the concerned person.

13. Destruction

Personal information is retained for the period necessary to achieve the purposes for which they were collected and are subsequently destroyed. Personal information may be retained beyond the achievement of the purposes for which they were collected when another retention period provided by another law applies. They will be destroyed in accordance with applicable laws.

14. User Responsibility

Anyone who forwards information to Progitek is responsible for its accuracy and maintaining the confidentiality of their identification and authentication information (user code, access code, password, etc.). Progitek cannot be held responsible for unauthorized use caused by this user.

Anyone who forwards information to Progitek must also ensure that the system or equipment with which they transmit or receive information from Progitek is sufficiently secure and must be vigilant. Progitek cannot be held responsible for unauthorized access to information resulting from negligence or vulnerabilities present on a user's equipment or system.

In the event that the confidentiality of personal information is compromised or their identity is usurped, the user must notify Progitek as soon as possible by contacting the personal information protection officer identified below.

15. Privacy Incidents and Measures to Take

A privacy incident involves unauthorized access by law to a personal information, the unauthorized use by law of a personal information, the unauthorized communication by law of a personal information, or the loss of a personal information or any other intrusion to the protection of such a piece of information. During a privacy incident, Progitek will quickly take the required measures to reduce the risks of harm to the concerned person and to prevent similar incidents of the same nature from happening again. In case of risk of serious harm to the concerned person, Progitek will inform them as well as the Information Access Commission.

16. Record of Incidents

Progitek keeps a record of all privacy incidents it is subject to, even those that do not present a risk of serious harm to the person concerned.

Progitek will allow the Information Access Commission to consult this record and can provide a copy upon request.

17. Cookies and Privacy Settings

To be able to offer some of its services, Progitek, through its website, may also collect personal information using the following technologies:

  • Cookies: When a user visits its website, it transmits one or more cookies to their computer, as well as related service cookies such as from Google Analytics, Google Adwords, Google Adsense, LinkedIn, Youtube, or Facebook. These cookies contain identification information that allows Progitek to know how users interact with services, target users with relevant offers, their browsing history on the website, and synthesize their service usage experience.

  • Connection Logs: Each time a user uses Progitek’s services through its website, the servers automatically record the connection information that their browser sends when connecting to a website. These server connection logs may contain information such as their Internet search, IP address, browser type and language, Internet service provider, connection date and time, pages visited, and one or more cookies to identify their browser and the number of clicks.

To the extent required, the information provided by a user in connection with the use can be combined with those from other Progitek services or third parties such as Google Analytics, Google Adwords, Google Adsense LinkedIn, Youtube, or Facebook, to improve service quality. For certain services, the user may choose whether or not to allow the combination of this information.

A consent banner automatically appears upon arriving on the website to allow the user to activate cookies. The efficiency of certain services offered by the website may be affected if the user refuses cookie activation.

Anyone providing personal information following this section consents to its use and communication for the purposes for which this information was collected.

18. Affiliated Sites

Some of Progitek’s services are offered in connection with other websites. Personal information communicated to these sites is liable to be sent to Progitek for service provision. This information is processed according to this policy. Affiliate sites may have different privacy practices, which is why Progitek recommends reviewing their applicable policies and practices.

19. Links

Progitek may display links formatted to determine whether these links have been followed. This information is used to improve the quality of personalized content and ads.

20. Complaint Management

Anyone wishing to file a complaint about the collection, retention, use, communication, destruction, or access or rectification rights to their personal information by Progitek should address it to the personal information protection officer of Progitek. The personal information protection officer will analyze it and provide a response within 30 days of receiving the complaint.

21. Distribution of This Policy

Progitek publishes this policy on its website and distributes it by any suitable means to reach the concerned persons. Progitek does the same for the notice that any modification of this policy must be subject to.

22. Personal Information Protection Officer

Progitek is responsible for the personal information it manages. It appoints an individual who ensures compliance with the applicable legal framework in personal information protection. This individual also ensures respect for the normative framework (policies, directives, procedures, and internal standards) established and implemented by Progitek to demonstrate Progitek’s compliance with various privacy laws applicable to its operations.

The president of Progitek, Mr. Éric Vézina, assumes the function of "Personal Information Protection Officer" and can be reached at the following address: evezina@progitek

Effective Date

This policy will take effect on the day of its adoption by the personal information protection officer: May 1, 2024.