Feraoun Consultants is committed to ensuring the confidentiality and protection of the personal information it holds. We have established a governance program that frames our information management practices.

Collection and Consent

  • We only collect information necessary for identified purposes.
  • We obtain free, informed and valid consent before collecting any data.
  • Individuals can withdraw their consent at any time.
  • We limit the collection of sensitive data to what is strictly necessary.

Use and Retention

  • We only use data for the purposes initially specified.
  • We retain data according to a defined schedule.
  • We securely destroy or anonymize data at the end of its lifecycle.

Data Breach Response Plan

We have implemented a documented response plan to address confidentiality incidents rapidly and mitigate potential harms. This plan outlines the roles and responsibilities, notification procedures, evaluation process to assess risk of harm, as well as measures to contain the incident and prevent future occurrences.

Incident Register

As part of our governance program, we maintain registers to document compliance, including for confidentiality incidents, consents, privacy impact assessments completed, data transfers to third parties, and data retention periods.

Access and Correction

Upon written request, we will provide access to personal information under our control within 30 days. We will make corrections free of charge and notify any third parties who may have had access to inaccurate data. Requests may be refused in certain circumstances prescribed by law, in which case we will inform the requester of the refusal reasons. Individuals can challenge our decision before the CAI.

Security Measures

We use industry standard technologies and procedures based on the sensitivity level of data to ensure its confidentiality, integrity and availability. These include encryption, access controls, network security, application security, employee training, and regular audits of our practices.

Transfers to Third Parties

We enter into written agreements with all third party processors which frame their governance responsibilities and security obligations. Subcontractors only process personal data per our instructions. We conduct privacy impact assessments before any cross-border data transfer.

Complaint

Individuals can file complaints with the Commission d’accès à l’information (CAI) if they believe we are not complying with our responsibilities under Law 25. Violations may result in sanctions including fines and damages. 

Responsible for Personal Information Protection

We would like to inform our visitors that Mr. Idir Feraoun is the Responsible for Personal Information Protection at Feraoun Consultants. As an IT Consultant, Mr. Feraoun oversees all matters related to the protection of personal information and compliance with current regulations, such as Quebec’s Law 25.

For any questions or concerns regarding the protection of your personal information, please contact Mr. Feraoun at the following address: idir@feraounconsultants.com.

We are committed to handling your personal information responsibly and securely, and we appreciate the trust you place in us.