1. Overview

Implementing a procedure for retaining, destroying and anonymizing personal information is important to ensure the protection of individual privacy, comply with privacy laws, prevent privacy incidents involving personal information and security breaches, maintain customer confidence and protect the organization’s reputation.

2. Objective

The purpose of this procedure is to guarantee the protection of individual privacy and to comply with legal obligations regarding the protection of personal information.

3. Scope

The scope of this procedure should cover the entire life cycle of personal information, from collection to destruction. It concerns all employees and stakeholders involved in the collection, processing, storage, destruction and anonymization of personal information in accordance with legal requirements and good privacy practices.

4. Definitions

Anonymization: the process of modifying personal information so that it can no longer be identified, directly or indirectly, at any time.

Retention : secure storage of personal information for as long as required.

Destruction: deletion, elimination or permanent erasure of personal information.

Company: 10146200 Canada Inc. (Myelin Solutions)

Personal information: any information that directly or indirectly identifies a natural person.

Services: Any software, offered by the company, downloaded by the customer onto an electronic device.

5. Types of data collected

5.1 Personal identification data

Personal identification data may include, but is not limited to:

5.2 Usage statistics

Statistical usage data may include, but is not limited to:

5.3 Data entered by the customer when using the services

Data entered by the customer when using the services may include, but is not limited to:

4. Procedure

4.1 Data usage

4.1.1 The company uses customers’ personal information to provide and improve its services. This includes, but is not limited to

4.1.2 By using the services, the customer agrees to the collection and use of information in accordance with this policy.

4.2 Shelf life

4.2.1 Personal information has been categorized as follows:

4.2.2 The retention period for each of these categories has been established as follows:

4.3 Secure storage methods

4.3.1 The degree of sensitivity of each of these storage sites has been established as follows:

4.3.2 Personal information is stored in the following locations:

4.3.3 These storage facilities, whether paper or digital, are adequately secured.

4.3.4 Access to these storage facilities has been restricted to authorized persons only.

4.4 Destruction of personal information

4.4.1 Personal information on paper will be completely shredded.

4.4.2 For digital personal information, it will be completely deleted from company devices (computers, phone, tablet, external hard drive), servers and cloud tools.

4.4.3 The destruction schedule based on the retention period established for each category of personal information has been created.

4.4.4 Destruction will be carried out in such a way that personal information cannot be recovered or reconstituted.

4.4.5 The customer may request the deletion of personal data by e-mail or telephone.

4.4.6 The destruction of a customer’s personal data will take place within a reasonable period of time.

4.4.7 This reasonable period includes time for deleting company backups made in the clear interest of the customer (data recovery in the event of data loss).

4.5 Anonymization of personal information

4.5.1 Personal information used in applications is anonymized.

4.5.2 The chosen method of anonymizing personal information is as follows:

4.5.3 The types of information considered to identify a customer include, but are not limited to, personal identification data.

4.5.4 The types of information considered not to identify a customer include, but are not limited to, data entered by the customer when using the services and statistical usage data.

4.5.5 Information considered public includes, but is not limited to, data that a customer has explicitly identified as public.

4.5.6 When personal information is deleted, only public data will be retained.

4.6 Sharing personal information

4.6.1 The company may share customer data in the following situations:

4.7 Employee training and awareness

4.7.1 Employees will receive regular training on the procedure for retaining, destroying and anonymizing personal information, as well as on the risks associated with breaches of privacy.

4.7.2 This also includes raising staff awareness of good data security practices and the importance of complying with established procedures.

Last update: October 10, 2023