This policy aims to ensure the protection of personal information and regulate how M1 Composites uses, communicates, stores, destroys, and manages such information. Additionally, it aims to inform interested parties about how the company processes their personal information.
To what information does this policy apply?
This privacy policy applies to Personal Information. Personal information refers to information about a person that directly or indirectly enables identification. Examples include name, address, email address, phone number, gender, or banking information, as well as information about health, ethnic origin, language, etc. Sensitive personal information is information with a high degree of reasonable privacy expectation, such as health information, banking details, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.
In general, professional or business contact information (e.g., name, title, work address, email, or phone number) does not constitute personal information. Specifically, under the Quebec Private Sector Privacy Act, as of September 22, 2023, sections 3 (collection, use, disclosure), 4 (retention and destruction), and 6 (data security) do not apply to information related to a person’s role in a company, such as name, title, function, work address, email, and phone number.
Who does this policy apply to?
This policy applies to M1 Composites, including its executives, employees, consultants, interns, and anyone else providing services on behalf of M1 Composites. It also applies to the company’s website. It encompasses all types of personal information managed by M1 Composites, including information about clients, potential or current, consultants, employees, members, and other individuals (such as visitors to its website).
When and why does M1 collect Personal Information?
In all cases, M1 Composites only collects information if it has a valid reason to do so. The collection will be limited to the necessary information needed to achieve the intended purpose.
M1 Composites does not target minors intentionally, and it does not intentionally collect personal information about minors without the consent of a parent or guardian.
Collection from third parties: M1 Composites may collect personal information from third parties. Unless an exception provided by law applies, M1 Composites will request the consent of the individual before collecting their personal information from a third party. If information is not collected directly from the individual but from another organization, the individual can request the source of the information from M1 Composites.
The legal bases justifying our processing of your Personal Information may include:
Type of personal information | Business purpose for processing | Lawful bases |
| Basic contact information | We collect this information to verify your identity and communicate with you in the context of our services. | – Legal obligation – Contract performance – Legitimate interest – Consent |
| Compliance-related information | We collect this information to verify your identity in compliance with our statutory and regulatory obligations, such as licensing, security, export control and other requirements, as required. | – Legal obligation – Consent |
| Information related to the delivery of our services and solutions | We collect this information to perform our services under our contract with you or your employer. | – Legal obligation – Contract performance – Legitimate interest – Consent |
| Recruitment-related information | We collect this information to enable us to process applications for employment submitted via the “Careers” section of M1’s website and to assess your suitability for any position for which you may apply at M1. | – Contract performance – Consent |
| Financial information | We collect this information to process payment transactions in connection with the purchase of our products and services. | – Legal obligation – Contract performance – Legitimate interest – Consent |
| Photos, video and audio information | We collect this information to keep the M1 facility safe, for the support of debriefing of training sessions (video & audio). | – Legal obligation – Legitimate interest – Consent |
| Website usage and other technical information | We collect this information to ensure network and information security, monitor the performance of our websites, applications and systems or improve your user experience. | – Contract performance – Legitimate interest – Consent |
| Other Personal Information | We collect this information to respond to any inquiry or complaint made by you or your employer | – Legal obligation – Contract performance – Legitimate interest – Consent |
How can Personal Information be used by M1?
M1 Composites ensures that the information it holds is up-to-date and accurate at the time of use for a decision regarding the individual.
M1 Composites can use an individual’s personal information only for the purposes stated in this policy or for other purposes disclosed during collection. If the company wants to use this information for another reason, a new consent must be obtained from the individual, obtained explicitly if it is sensitive personal information. However, in some cases allowed by law, M1 Composites can use the information for secondary purposes without the individual’s consent, for example:
In its activities, M1 Composites may collect various types of information for different purposes. M1 Composites commits to informing individuals, at the time of collecting personal information, of any other collected information, the purposes of collection, and the means of collection, along with other required information as mandated by law.
How does M1 ensure an individual consents to Personal Information collection and use?
Generally, M1 Composites collects personal information directly from the individual with their consent, unless an exception is provided by law. Implicit consent may apply in certain situations, such as when the person decides to provide personal information after being informed by this policy about its use and disclosure for stated purposes. Thus, individuals can consult this policy at the time of personal information collection.
Normally, M1 Composites must obtain the individual’s consent before collecting their personal information from third parties, before disclosing it to third parties, or for any secondary use. However, M1 Composites may act without consent in certain cases allowed by law and under the conditions specified by it. The main situations where M1 Composites can act without consent are outlined in the relevant sections of this policy.
How does M1 protect my Personal Information?
M1 Composites implements measures to restrict access to personal information only to employees and individuals within its organization who have the authority to access it and for whom the information is necessary in the performance of their duties. M1 Composites will request the individual’s consent before granting access to any other person.
The company is responsible for protecting the personal information it holds.
The personal information protection officer of M1 is the director of HR, administration, and security of the organization. In general, they must ensure compliance with applicable legislation concerning the protection of personal information. The officer must approve policies and practices governing personal information governance. Specifically, this person is responsible for implementing this policy and ensuring its awareness, understanding, and application. In the absence or inability to act of this officer, the president of M1 Composites will perform the functions of the personal information protection officer.
Employees of M1 Composites with access to personal information or otherwise involved in its management must ensure its protection and comply with this policy.
M1 Composites commits to implementing reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, support, and sensitivity of the information. This means that information that can be considered sensitive (see the definition in section 2) must be subject to more significant security measures and better protection. Specifically, and in accordance with the previously mentioned limited access to personal information, M1 Composites must implement necessary measures to impose constraints on the rights of use of its information systems so that only employees who need access are authorized to do so.
Disclosure of Personal Information to third parties:
Generally, unless an exception is specified in this policy or otherwise provided by law, M1 Composites will obtain the individual’s consent before disclosing their personal information to a third party. Additionally, when consent is required and when it involves sensitive personal information, M1 Composites must obtain explicit consent before disclosing the information.
However, disclosure of personal information to third parties is sometimes necessary. Personal information may be disclosed to third parties without the individual’s consent in certain cases, including but not limited to the following:
M1 Composites may disclose personal information, without the individual’s consent, to a public entity (such as the government) that collects it in the exercise of its powers or the implementation of a program under its management.
Personal information may be transmitted to service providers who need the information, without the individual’s consent. For example, these service providers may be event organizers or subcontractors designated by M1 Composites for mandate execution. In such cases, M1 Composites must have written contracts with these providers specifying the measures they must take to ensure the confidentiality of the disclosed personal information, that the use of this information is only for the execution of the contract, and that they cannot retain this information after its expiration. Moreover, these contracts must stipulate that the providers must notify M1 Composites’ personal information protection officer (indicated in this policy) of any breach or attempted breach of confidentiality obligations regarding the disclosed personal information and allow this officer to conduct any related confidentiality verification.
If necessary for the conclusion of a commercial transaction, M1 Composites may also disclose personal information, without the individual’s consent, to the other party to the transaction and subject to conditions specified by law.
How long is Personal Information retained?
M1 Composites will retain personal information only for the duration necessary to achieve the purposes for which it was collected, unless a minimum retention period is required by applicable law or regulation.
Personal information used by M1 Composites to make a decision about an individual must be kept for at least one year following the decision in question or even seven years after the end of the fiscal year in which the decision was made if it has tax implications, such as employment termination circumstances.
At the end of the retention period or when personal information is no longer necessary, M1 Composites will ensure its destruction or anonymization (i.e., making it irreversibly unidentifiable, with no possible link between the individual and the personal information) for legitimate and serious purposes.
The destruction of information by M1 Composites will be done securely to ensure the protection of this information.
What are your rights?
Under certain circumstances and in accordance with applicable laws, you may have the right to require us to:
How can you access, rectify, or withdraw consent for use of your Personal Information?
To exercise your rights of access, rectification, or withdrawal of consent, you must submit a written request to the personal information protection officer of M1 Composites, using the email address indicated in the following section.
Subject to certain legal restrictions, individuals can request access to their personal information held by M1 Composites and request its correction if it is inaccurate, incomplete, or ambiguous. They can also demand the cessation of the dissemination of personal information about them or the delisting of any hyperlink attached to their name that allows access to this information through technological means, when the dissemination of this information violates the law or a court order. They can do the same, or demand that the hyperlink allowing access to this information be reindexed, when certain conditions specified by law are met.
The personal information protection officer of M1 Composites must respond in writing to these requests within 30 days of receiving the request. Any refusal must be motivated and accompanied by the legal provision justifying the refusal. In these cases, the response must indicate the remedies available under the law and the deadline for exercising them. The officer must help the requester understand the refusal if necessary.
Subject to legal and contractual restrictions, individuals can withdraw their consent to the communication or use of the information collected by M1 Composites. They can also request information from M1 Composites about the personal information collected from them, the categories of people within M1 Composites who have access to it, and its duration of retention.
How can you submit a complaint regarding your Personal Information?
Anyone wishing to file a complaint about the application of this policy must do so in writing by addressing the personal information protection officer of M1 Composites, using the email address indicated in the last section of this policy.
The individual must provide their name, contact information, including a phone number, and the subject and reasons for their complaint, providing sufficient details for the complaint to be evaluated by M1 Composites. If the filed complaint is not specific enough, the personal information protection officer may require any additional information deemed necessary to evaluate the complaint.
How is your complaint processed?
M1 Composites commits to treating any received complaint confidentially.
Within 30 days of receiving the complaint or receiving all requested additional information, M1 Composites must evaluate it and provide a reasoned written response via email to the complainant. This evaluation aims to determine if the processing of personal information by M1 Composites complies with this policy, any other policies and practices within the organization, and applicable laws or regulations.
If the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons justifying the extension, the progress of their complaint processing, and a reasonable timeframe required to provide a definitive response.
M1 Composites must create a separate file for each complaint received. Each file contains the complaint, the analysis, and supporting documentation for its evaluation, as well as the response sent to the complainant.
It is also possible to file a complaint with the Commission d’accès à l’information du Québec or any other privacy supervisory body responsible for the law related to the subject of the complaint.
However, M1 Composites encourages anyone interested to first contact its personal information protection officer and wait for the completion of the company’s processing.
How can you contact M1 regarding Personal Information?
This policy is approved by the personal information protection officer of M1 Composites, whose business contact information is as follows:
Personal Information Protection Officer:
Ms. Caroline Poirier
2460, Rue Michelin
Laval (Québec) H7L 5C3
caroline.poirier@m1composites.com
For any requests, questions, or comments within the scope of this policy, please contact the officer via email.