March 31 2023
1. General purpose
This policy ensures the security and protection of personal information collected, held, used, disclosed and retained by Genolife from unauthorized access, use or disclosure. It is also intended to protect this information from being compromised.
In addition, this policy aims to determine the rules regarding access to and retention of this information, as well as the rights of correction and destruction of such information.
Genolife is a private company subject to the Act respecting the protection of personal information in the private sector (CQLR, P-39.1), the Act to establish a legal framework for information technology (CQLR, c. C-1.1), the Civil Code of Quebec (CQLR, 1991, c. 64) and the Privacy Act (RSC (1985), c. P-21).
Genolife recognizes the importance of privacy, security and protection of personal information. It thus undertakes to respect all of the applicable legislation’s provisions, values and fundamental principles, including any updates thereto.
Genolife ensures that it implements the necessary physical, computer and technological security measures to guarantee the confidentiality of personal information it receives in the course of its activities.
This policy applies to all Genolife employees, agents, suppliers and partners who may have access to personal information while performing their duties.
This policy aims to define the type of personal information Genolife collects and how Genolife protects that information.
It also specifies the standards for the collection, retention, use, disclosure, and destruction of such information, as well as the rights of access, correction, and destruction of personal information by the company or by a third party, regardless of the media on which it is held or the form in which it is made available, such as written, graphic, audio, visual, computerized, or other formats.
5. Definitions of personal information
Any information about an individual that directly or indirectly identifies them and that is not public within the meaning of the Privacy Act in the private sector. This information may include, but is not limited to, a person’s first and last name, street address, e-mail address, IP address, telephone number, or health information.
6. Applicable rules and procedures
6.1. General principles
Genolife shall take appropriate and reasonable security measures to ensure the protection of personal information collected, used, disclosed, retained or destroyed, taking into account, among other things, its sensitivity, the purpose for which it is used, its quantity, distribution and support, in particular by ensuring the following:
- The integrity of the information so that it is not destroyed or altered in any way without authorization, that its processing is done in accordance with Genolife’s retention schedule, and that the media containing this information provides the necessary stability and sustainability;
- The confidentiality of personal information, by limiting its disclosure to only those persons authorized to receive it, either externally with the express consent of the individual concerned or internally when the information is necessary for the performance of the employees’ duties;
- The identification and authentication, so as to confirm, when required, the identity of a person or the identification of a document or device;
- Compliance with legal, regulatory, or business requirements to which Genolife is subject.
6.2. Personal Information Principles
Genolife may collect the following information: last name, first name, mailing address, e- mail address, IP address, telephone number, credit card number, date of birth, health insurance number, and certain medical, family and genetic information. Technical data, such as cookies, may also be collected by Genolife during visits to its website, such as the type of browser used, language preference, referring site, date and time of visit to the site. This data is collected to understand better how users use the website and to improve its effectiveness. Technical data is not combined with personal information that may be collected through electronic forms accessible on the Genolife website.
6.2.2 Consent to Collection
Genolife’s collection of personal information is done in a transparent manner and with the free, prior and informed consent of the individual, which is obtained through one or more detailed consent forms. In the case of medical information, the consent received is express. In accordance with applicable laws, when Genolife collects personal information, the consent of the individual is obtained by disclosing in advance the purposes for which the information is collected and will be used. If the individual from whom personal information is collected is a minor under the age of 14, consent is obtained from the parent or guardian.
Genolife will obtain new and separate consent before using personal information held for purposes that are not consistent with those for which it was initially collected.
An individual may withdraw consent to the processing of their personal information at any time by contacting the Privacy Officer. Such withdrawal of consent shall be effective only for the future, upon receipt by Genolife. Upon receiving notice of withdrawal of consent,
Genolife will cease all processing of the personal information in question and destroy it, subject to any legal or regulatory obligation regarding retention.
Genolife will also notify any person or entity to whom such personal information has been disclosed with such consent so that this person or entity also ceases processing the personal information and destroy it, if applicable.
6.2.3 Collection Method
Personal information may be collected through forms, telephone interviews, questionnaires, access to medical records, etc. It is also possible for the patient to provide them electronically through the secure Genolife portal.
Genolife collects personal information from the individual or third parties (with the individual’s prior consent) and provides the following information, inter alia, upfront and in plain language, at the time of collection and thereafter upon request:
- The name Genolife;
- The purposes for which the information is collected;
- How the information is collected;
- The rights of access and correction provided by law;
- The right to withdraw consent to the disclosure or use of the information collected.
Genolife collects cookies when you use its website to ensure proper website management and to provide a consistent, efficient and personalized website experience. A cookie is a small data file stored on the user’s computer or mobile device. A consent banner is automatically displayed upon entering the Genolife website, allowing the user to activate cookies. The effectiveness of certain services offered by the website may be affected if the user refuses to enable cookies. The cookies used fall into four distinct categories:
- Necessary cookies;
- Functionality cookies;
- Performance cookies;
- Follow-up cookies.
By providing personal information under this section, a person consents to the use and disclosure of that information for the purposes for which it was collected.
6.2.4 Use Genolife collects and retains personal information in order to provide a personalized and secure service to its patients, in compliance with applicable safety laws and regulations.
As such, Genolife will use the personal information collected for the following purposes, among others:
- Verifying the identity of the patient;
- Communicating with the patient;
- Providing the requested service in a personalized manner;
- Processing payment for the service requested;
- Improving the services offered;
- Conducting an assessment of the patient’s record;
- Meeting with the patient to discuss genetic risks;
- Coordinating genetic testing.
Genolife uses the information collected and held only for the purpose for which consent was obtained. Therefore, unless specifically agreed, Genolife does not communicate, sell, rent, give, trade, share or otherwise disclose to third parties any personal information held.
This information is accessible only to those employees or agents of Genolife who necessarily need it to perform their duties, and they must maintain the confidentiality of this information.
All personal information collected, regardless of the media, is stored in a secure environment protected against unauthorized access.
6.2.6 Communication to third parties
Genolife must obtain the individual’s consent before disclosing personal information about them to a third party, unless applicable law permits disclosure without consent.
Genolife may, in the course of providing the Services, disclose personal information to its external suppliers, including genetic testing laboratories located in the United States, in accordance with applicable legal requirements. In this case, Genolife’s external service providers are subject to confidentiality agreements and legal restrictions prohibiting the use of the information provided for purposes other than those for which Genolife collected it.
Genolife and its suppliers may be required to provide personal information held as a result of a court order, administrative investigation, or other legal requirements.
In connection with a sale, buyout, acquisition or other reorganization of Genolife’s business, Genolife may disclose personal data, which may constitute personal information, to prospective or existing purchasers and their advisors for the purpose of such transaction.
6.2.7 Rights of access, correction or withdrawal
Upon request, an individual has the right to access personal information about them held by Genolife, subject to exceptions set out in applicable laws. It is possible to make the request using the form used by hospitals and clinics in Quebec: “Authorization to release information contained in the medical record” (AH216). An individual may request that their personal information be corrected, adjusted, destroyed or no longer used for the purpose for which it was collected. The Privacy Officer, Mr. Martin Landry, Chief Executive Officer of Genolife, can be reached at 1-844-440-5454 or by e-mail at email@example.com.
Personal information is retained only as long as necessary to fulfil the purposes for which it was collected, and destroyed thereafter.
6.2.9 Complaint Management
An individual who wishes to make a complaint regarding Genolife’s collection, retention, use, disclosure, correction or destruction of or access to their personal information should address that complaint to the Genolife Privacy Officer named above.
6.2.10 Distribution of this Policy
Genolife publishes this policy on its website and disseminates it by any means appropriate to reach the individuals concerned. Genolife will use the same means to provide notice of any changes to this policy.
6.3. Information Security
Genolife uses information technology to support its business processes in order to provide better service delivery and appropriate security for the information it holds. All personal information collected, regardless of media support, is maintained in a secure environment against unauthorized access, disclosure, copying, use or modification, and against loss or theft. These security measures include, where appropriate, the use of firewalls and secure servers, encryption, deployment of proper access rights management systems and procedures, careful selection of processors, sufficient training of Genolife personnel who have access to personal information in the course of their duties, and other measures necessary to ensure appropriate protection of your personal information from unauthorized use or disclosure.
Genolife implements appropriate security and access management measures to ensure the confidentiality, integrity and availability of personal and confidential information held by Genolife, commensurate with the sensitivity of the information, the risks to which it is exposed and Genolife’s obligations.
6.4. User Responsibility
Anyone who submits information to Genolife is responsible for the accuracy of the information and for maintaining the confidentiality of their identification and authentication information (user ID, access code, password, etc.). Genolife cannot be held responsible for any unauthorized use caused by this user. Anyone sending information to Genolife must also ensure that the system or equipment with which they transmit or receive information from Genolife is sufficiently secure and exercise due care. Genolife is not responsible for unauthorized access to information resulting from negligence or vulnerabilities in a user’s equipment or system.
In the event that the confidentiality of the user’s information is compromised or the user’s identity is stolen, the user is required to notify Genolife as soon as possible by contacting the Privacy Officer mentioned above.
6.5. Incident Report
Genolife will promptly notify its customers, business partners or users of any incident affecting the protection of their personal information. Genolife will also take the necessary steps to reduce the risk of harm being caused and to prevent further incidents of a similar nature from occurring.
7. Enforcement Official
The Chief Executive Officer, Mr. Martin Landry, is responsible for the application of this policy and can be reached at 1-844-440-5454 or by e-mail at firstname.lastname@example.org.
8. Effective Date
This policy will come into effect on the day it is adopted by the Genolife Board of Directors.