Privacy Policy

Preamble

This document outlines the implementation and applicability of the Personal Information Protection Policy (PIPP) and the Privacy Policy.

Document Ownership

Corporate Management of MILESTONEPARTNERS

Stated Needs

This policy directly falls under the applicability of the Personal Information Protection Act (PIPA) of British Columbia, which compels organizations that collect personal information from their customers to better safeguard this information.

Context

MILESTONEPARTNERS (entity doing business under the legal name of MILESTONEPARTNERS Inc) is a corporation (or company) registered in Canada which processes personal information in the course of its activities.

This policy aims to ensure the protection of personal information and govern the manner in which MILESTONEPARTNERS collects, uses, discloses, retains, and destroys personal information or otherwise manages it. Additionally, it aims to inform any interested person about the manner in which MILESTONEPARTNERS processes their personal information. It also covers the processing of personal information collected by MILESTONEPARTNERS by technological means.

Application and Definitions

This policy applies to MILESTONEPARTNERS, including its officers, employees, consultants, and any person who otherwise provides services on behalf of MILESTONEPARTNERS. It also applies to the MILESTONEPARTNERS website, as well as all websites controlled and maintained by MILESTONEPARTNERS.

It targets all types of personal information managed by MILESTONEPARTNERS, whether it is the information of its customers, potential or current, its consultants, its employees, its members, or any other persons (such as visitors to its websites or others).

For the purposes of this document, personal information is information that relates to an identifiable individual and that allows, directly or indirectly, that person to be identified. For example, it could be a person’s name, address, email address, telephone number, gender, or banking information, information about their health, ethnic origin, language, etc.

Sensitive personal information is information for which there is a high degree of reasonable expectation of privacy, for example: health information, banking information, biometric information, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.

Generally speaking, a person’s professional or business contact information does not constitute personal information, such as a person’s name, title, address, email address, or work telephone number. More specifically and for the sake of clarity, within the meaning of PIPA, and as of the date this policy comes into effect, sections 3 (collection, use, communication), 4 (retention and destruction), and 6 (data security) do not apply to a person’s information relating to the exercise of a function in a business, such as their name, title, function, as well as their work address, email address, and telephone number.

These same sections also do not apply to personal information that is public information under the law, as of the date this policy comes into effect.

Collection, Use and Disclosure

In the course of its activities, MILESTONEPARTNERS may collect different types of information for different purposes. The types of information that MILESTONEPARTNERS may collect, their use (or intended purpose), and the means by which the information is collected are indicated in Appendix A of this policy.

MILESTONEPARTNERS will also inform the persons concerned, at the time of collection of personal information, of any other information collected, the purposes for which it is collected and the means of collection, in addition to other information to be provided as required by law.

MILESTONEPARTNERS applies the following general principles regarding the collection, use, and communication of personal information:

Consent
  • Generally, MILESTONEPARTNERS collects personal information directly from the person concerned and with their consent, unless an exception is provided by law. Consent may be obtained implicitly in certain situations, for example, when the person decides to provide their personal information after having been informed by this policy on the use and disclosure for the purposes indicated therein (see Appendix A for more details). Thus, this policy and the information it contains may be consulted by the person concerned at the time of collection of personal information.
  • Normally, MILESTONEPARTNERS must also obtain the consent of the person concerned before collecting their personal information from third parties, before disclosing it to third parties, or for any secondary use of it. However, MILESTONEPARTNERS may act without consent in certain cases provided for by law and under the conditions provided for by it. The main situations where [Your Company Name] may act without consent are indicated in the relevant sections of this policy.
Collection
  • In all cases, MILESTONEPARTNERS only collects information if it has a valid reason to do so. In addition, the collection will be limited to the necessary information it needs to fulfill the intended purpose.
  • Please note that MILESTONEPARTNERS services are not aimed at minors, and more generally, MILESTONEPARTNERS does not intentionally obtain personal information concerning minors (in these cases, information cannot be collected from it without the consent of a parent or guardian).
  • Collection from third parties. MILESTONEPARTNERS may collect personal information from third parties. Unless otherwise provided by law, MILESTONEPARTNERS will seek the consent of the individual concerned before collecting personal information about him or her from a third party. In the event that such information is not collected directly from the individual, but from another organization, the individual concerned may request the source of the information collected from MILESTONEPARTNERS .
  • In certain situations, MILESTONEPARTNERS may also collect personal information from third parties, without the consent of the person concerned, if it has a serious and legitimate interest in doing so and a) if the collection is in the interest of the person and it is not possible to do so from him or her in a timely manner, or b) if this collection is necessary to ensure that the information is accurate.
  • This collection through third parties may be necessary to use certain services or programs, or to otherwise do business with MILESTONEPARTNERS . When required, MILESTONEPARTNERS will collect the individual’s consent at the appropriate time.
Detention and use
  • MILESTONEPARTNERS ensures that the information it holds is up to date and accurate at the time it is used to make a decision regarding the person concerned.
  • MILESTONEPARTNERS may only use an individual’s personal information for the reasons set out herein or for any other reasons provided at the time of collection. As soon as MILESTONEPARTNERS wishes to use this information for another reason or purpose, new consent must be obtained from the individual concerned, which must be obtained expressly if it concerns sensitive personal information. However, in certain cases provided for by law, MILESTONEPARTNERS may use the information for secondary purposes without the individual’s consent, for example:
    • when such use is clearly for the benefit of that person;
    • where necessary to prevent or detect fraud;
    • when necessary to assess or improve protection and security measures.
  • Limited Access : MILESTONEPARTNERS must implement measures to limit access to personal information to only those employees and individuals within its organization who are authorized to access it and for whom the information is necessary in the performance of their duties. MILESTONEPARTNERS will request the individual’s consent before granting access to any other individual.
Communication
  • Generally, and unless an exception is indicated in this policy or otherwise provided by law, MILESTONEPARTNERS will obtain the consent of the individual concerned before disclosing his or her personal information to a third party. In addition, when consent is necessary and when it concerns sensitive personal information, MILESTONEPARTNERS must obtain the explicit consent of the individual before disclosing the information.
  • However, the disclosure of personal information to third parties is sometimes necessary. Thus, personal information may be disclosed to third parties without the consent of the person concerned in certain cases, including, but not limited to, the following cases:
    • MILESTONEPARTNERS may communicate personal information, without the consent of the person concerned, to a public body (such as the government) which, through one of its representatives, collects it in the exercise of its powers or the implementation of a program under its management.
    • Personal information may be transmitted to its service providers to whom it is necessary to communicate the information, without the individual’s consent. For example, these service providers may be event organizers, MILESTONEPARTNERS subcontractors designated to carry out mandates in programs administered by MILESTONEPARTNERS  and cloud service providers. In these cases, MILESTONEPARTNERS must have written contracts with these providers that indicate the measures they must take to ensure the confidentiality of the personal information communicated, that the use of this information is only made in the context of the execution of the contract and that they cannot retain this information after its expiry. In addition, these contracts must provide that the providers must notify MILESTONEPARTNERS privacy officer (indicated in this policy) of any violation or attempted violation of confidentiality obligations concerning the personal information communicated and must allow this officer to carry out any verification relating to this confidentiality.
    • If necessary for the purposes of concluding a commercial transaction, MILESTONEPARTNERS may also communicate personal information, without the consent of the person concerned, to the other party to the transaction and subject to the conditions provided by law.
  • Communication outside British Columbia : It is possible that personal information held by MILESTONEPARTNERS may be communicated outside British Columbia, for example, when MILESTONEPARTNERS uses cloud service providers whose server(s) are located outside British Columbia or when MILESTONEPARTNERS does business with subcontractors located outside the province.
Additional information on the technologies used
  • Use of cookies: Cookies are data files transmitted to a website visitor’s computer by their web browser when they visit the site and can serve several purposes. Websites controlled by MILESTONEPARTNERS use cookies, including:
    • To remember visitors’ settings and preferences, for example for language choice and to enable tracking of the current session.
    • For statistical purposes to understand visitor behavior, content viewed and to enable improvement of the website.

    Websites controlled by MILESTONEPARTNERS use the following types of cookies:

    • Session cookies: These are temporary cookies that are stored in memory for the duration of the website visit only.
    • Persistent cookies: They are kept on the computer until they expire and they will be retrieved during the next visit to the site.

    Some cookies may be disabled by default and visitors may choose to activate these functions or not when consulting MILESTONEPARTNERS websites. It is also possible to enable and disable the use of cookies by changing the preferences in the settings of the browser used.

  • Use of Google Analytics: Some MILESTONEPARTNERS sites (in particular, the sites https://milestonepartners.ca/ and https://milestonepartners.odoo.com/) use Google Analytics to enable its continuous improvement. Google Analytics allows in particular to analyze the way in which a visitor interacts with a MILESTONEPARTNERS website. Google Analytics uses cookies to generate statistical reports on the behavior of visitors to these websites and the content consulted.
    Information from Google Analytics will never be shared by MILESTONEPARTNERS with third parties. It is possible to install a browser add-on to disable Google Analytics .
  • Other technological means used: MILESTONEPARTNERS also collects personal information through technological means such as web forms integrated into a website controlled by MILESTONEPARTNERS (for example, its contact form, its membership form to become a member, its form to register for the newsletter and seminars), questionnaires accessible online on its platforms and applications, as well as other platforms or form tools (for example, Microsoft Forms or Odoo Survey).
    If MILESTONEPARTNERS collects personal information by offering a technology product or service that has privacy settings, MILESTONEPARTNERS must ensure that these settings offer the highest level of privacy by default (cookies are not affected).
Retention and destruction of personal information

Unless a minimum retention period is required by applicable law or regulation, MILESTONEPARTNERS will only retain personal information for the period necessary to fulfill the purposes for which it was collected.

Personal information used by MILESTONEPARTNERS to make a decision about an individual must be retained for a period of at least one year following the decision in question or even seven years after the end of the fiscal year in which the decision was made if it has tax implications, for example, the circumstances of an end of employment.

At the end of the retention period or when the personal information is no longer necessary, MILESTONEPARTNERS will ensure:

  1. to destroy them; or
  2. to anonymize them (i.e. they no longer allow, irreversibly, the identification of the person and it is no longer possible to establish a link between the person and the personal information) to use them for serious and legitimate purposes.

The destruction of information by MILESTONEPARTNERS must be done securely, in order to ensure the protection of this information.

This section may be supplemented by any policy or procedure adopted by MILESTONEPARTNERS regarding the retention and destruction of personal information, if applicable. Please contact MILESTONEPARTNERS Privacy Officer (identified in this policy) for further information.

MILESTONEPARTNERS Responsibilities

Generally speaking, MILESTONEPARTNERS is responsible for protecting the personal information it holds.

The Privacy Officer of MILESTONEPARTNERS is the General Manager of the organization. He or she must, in general, ensure compliance with applicable legislation regarding the protection of personal information. The Officer must approve the policies and practices governing the governance of personal information. More specifically, this person is responsible for implementing this policy and ensuring that it is known, understood and applied. In the absence or inability of this Officer to act, the President of MILESTONEPARTNERS will assume the functions of the Privacy Officer.

MILESTONEPARTNERS staff members who have access to personal information or are otherwise involved in its management must ensure its protection and comply with this policy.

The roles and responsibilities of MILESTONEPARTNERS employees throughout the lifecycle of personal information may be specified by any other MILESTONEPARTNERS policy in this regard, if applicable.

Data Security

MILESTONEPARTNERS undertakes to implement reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium and sensitivity of the information. This means that information that can be described as sensitive (see the definition provided in section 2) must be subject to more significant security measures and must be better protected. In particular, and in accordance with what was previously mentioned concerning limited access to personal information, MILESTONEPARTNERS must implement the necessary measures to impose constraints on the rights of use of its information systems so that only employees who must have access to them are authorized to access them.

Rights of access, rectification and withdrawal of consent

To exercise his or her rights of access, rectification or withdrawal of consent, the person concerned must submit a written request to this effect to the MILESTONEPARTNERS Personal Information Protection Officer, at the email address indicated in the following section.

Subject to certain legal restrictions, the persons concerned may request access to their personal information held by MILESTONEPARTNERS and request its correction in the event that it is inaccurate, incomplete or ambiguous. They may also demand that the dissemination of personal information concerning them cease or that any hyperlink attached to their name allowing access to this information by technological means be deindexed, when the dissemination of this information contravenes the law or a court order. They may do the same, or demand that the hyperlink allowing access to this information be reindexed, when certain conditions provided for by law are met.

The MILESTONEPARTNERS Privacy Officer must respond in writing to such requests within 30 days of the date of receipt of the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In such cases, the response must indicate the remedies available under the law and the time limit for exercising them. The Officer must assist the applicant in understanding the refusal if necessary.

Subject to applicable legal and contractual restrictions, data subjects may withdraw their consent to the disclosure or use of the information collected.

They may also ask MILESTONEPARTNERS what personal information is collected from them, the categories of people at MILESTONEPARTNERS who have access to it and how long it is kept.

Complaints handling process

Reception

Any person who wishes to make a complaint regarding the application of this policy or, more generally, the protection of their personal information by MILESTONEPARTNERS , must do so in writing by contacting MILESTONEPARTNERS personal information protection officer at the email address indicated in the following section.

The individual must provide his or her name, contact information, including a telephone number, and the subject and grounds of his or her complaint, providing sufficient detail so that it can be assessed by MILESTONEPARTNERS . If the complaint is not sufficiently specific, the Privacy Officer may request any additional information he or she deems necessary to assess the complaint.

Treatment

MILESTONEPARTNERS undertakes to treat any complaint received confidentially.

Within 30 days of receiving the complaint or receiving any additional information deemed necessary and required by MILESTONEPARTNERS Privacy Officer to process it, the latter must evaluate it and provide a reasoned written response by email to the complainant. This evaluation will aim to determine whether MILESTONEPARTNERS processing of personal information complies with this policy, any other policies and practices in place within the organization and applicable legislation or regulations.

In the event that the complaint cannot be processed within this period, the complainant must be informed of the reasons justifying the extension of the period, the progress of the processing of his complaint and the reasonable period necessary to be able to provide him with a definitive response.

MILESTONEPARTNERS must create a separate file for each complaint addressed to it. Each file contains the complaint, the analysis and documentation supporting its evaluation, as well as the response sent to the person who originated the complaint.

Approval

This policy is approved by MILESTONEPARTNERS Privacy Officer, whose business contact details are as follows:

Responsible for the protection of personal information:
For any requests, questions or comments under this policy, please contact the manager by email .

Publication and modifications

This policy is published on the MILESTONEPARTNERS website, as well as on all websites controlled and maintained by MILESTONEPARTNERS , to which this policy applies, with respect to the personal information collected therein. This policy is also disseminated by any means appropriate to reach the persons concerned.

MILESTONEPARTNERS must also do the same for all modifications to this policy, which must also be the subject of a notice to inform the persons concerned.

Note : Please note that the use of the masculine gender is intended to lighten this policy and make it easier to read.