CYBERSECURITY AND PROTECTION OF PERSONAL INFORMATION POLICY
RENSEIGNEMENTS PERSONNELS
Judith Noël Gagnon, shareholder of Mycoboutique Inc., is officially appointed as the responsible person for personal information.
INVENTORY OF PERSONAL INFORMATION
INFORMATIONS |
EMPLOYEES |
CUSTOMERS |
VISITORS |
PROSPECTS |
NAME |
X |
X |
X |
X |
BUSINESS ADDRESS |
|
X |
X |
X |
PRIVATE ADDRESS |
X |
X |
|
|
SIN |
X |
X |
|
|
DATE OF BIRTH |
X |
X |
|
|
PHONE NUMBER |
X |
X |
X |
X |
BUSINESS PHONE NUMBER |
|
X |
X |
X |
|
X |
X |
X |
X |
WEB SITE |
|
X |
X |
X |
SOCIAL MEDIA |
X |
X |
X |
X |
PRIVACY INCIDENTS REGISTER
A register of privacy incidents is kept in the event of a breach of personal information confidentiality.
A register, following the model below, must be filled out in case of an incident and communicated to the Access to Information Commission as well as the persons targeted by the incident.
Date of the incident or discovery |
Type of incident |
Personal information targeted by the incident |
Information storage medium |
Number of persons affected by the incident |
Measures taken followwing the discovery of the incident |
CYBERSECURITY MEASURES
Several measures are in place to ensure superior security for the protection of personal data and for cybersecurity purposes:
The company's passwords are stored on specialized software.
All employees of the company are required to only store their passwords on our software. They are required to create highly secure passwords consisting of uppercase and lowercase letters, numbers, and symbols. No password should be used twice. Employees must use, if available, two-factor authentication.
A backup copy of these passwords is stored on the company's general hard drive once a month.
An antivirus is installed on each of the company's computers.
Each computer system used during travel is connected to a VPN to protect data in motion.
A system backup is performed once a month. Backup copies are held on an external hard drive.
All employees are required to maintain a firewall on their computer at all times.
A weekly check by employees of compliance with cybersecurity measures is mandatory
No personal data will be stored in an insecure paper format.
Our website is managed on Shopify and is secured.
A banner asking for cookie consent is present on our website.
All company documents and external hard drives are kept in a secure, locked room.
ACCESS MANAGEMENT LIST
INFORMATIONS |
CEO |
Assistant |
Marketing |
Collaborations |
Name |
X |
X |
X |
X |
Business Address |
X |
X |
X |
X |
Private Address |
X |
X |
X |
|
SIN |
X |
X |
X |
|
Birth of date |
X |
X |
X |
|
Phone number |
X |
X |
X |
X |
Phone |
X |
X |
X |
X |
|
X |
X |
X |
X |
Web site |
X |
X |
X |
X |
Social Media |
X |
|
X |
|
PERSONAL INFORMATION GOVERNANCE POLICIES
Several measures are in place to ensure superior security in protecting data.
Information collection
• A privacy and information collection policy is published on our website to regulate the use of data from website usage.
• A privacy and information collection policy is included in our service contract to regulate the collection and use of data in our services.
Storage and destruction of information
We keep the data received from clients and website users for as long as we need it.
In the context of our services, if we do not provide services for more than 12 months, we return all information to the client and delete this data from our systems.
Roles and Responsibilities of Company Members
Employees
We may disclose to any member of our organization the user data that they reasonably need to fulfill the objectives set out in this policy.
Third Parties
We may share user data with the following third parties:
• Professionals with whom we work
We may share user data with third parties for the following purposes:
• To respond to your service request
Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given objective.
Other Disclosures
We are committed to not selling or sharing your data with third parties, except in the following cases:
• If required by law
• If required for any legal proceedings
• To prove or protect our legal rights
• To buyers or potential buyers of this company in the event we are seeking to sell the company.
If you follow hyperlinks from our site to another site, please note that we are not responsible and do not have control over their privacy policies and practices.
Process for Handling Complaints Regarding Information Protection
If you wish to have your information deleted or modified in any way, please contact our confidential information protection agent:
Judith Noël Gagnon
info@mycoboutique.com
514 223-6977