Privacy Policy

Privacy Policy – Protection of Personal and Confidential information

Last updated: November 27, 2025

Our Privacy Policy applies to all employees, contractors, and third parties handling personal or confidential information within IO Solutions Contact Center Inc.

  1. Purpose

This policy establishes how we collect, use, store and protect personal and confidential information, in compliance with Quebec Law`s 25 and applicable privacy legislation.

Our aim is to safeguard client, employee and partner data while maintaining trust and transparency.

  1. Scope

This policy applies to:

  • All personal information of clients, employees, and third parties process by our company.
  • Confidential business information entrusted to us by clients.
  • All systems, platforms and physical environments where data is stored or accessed.
  1. Definitions
  • Personal information: Any information that identifies an individual directly or indirectly (eg: name, contact details, recordings, account data).
  • Confidential information: Proprietary or sensitive business data belonging to clients or the company.
  • Privacy officer: Designated individual responsible for compliance with Law 25 and privacy governance.
  1. Collection and use
  • We collect personal information only for specific, explicit and legitimate purposes related to service delivery.
  • Consent is obtained before collection, except where permitted by law.
  • Information is used strictly for agreed purposes and not shared with third parties without authorization.
  1. Safeguards

Technical: Encryption, access controls, secure VPNs for remote work, regular vulnerability testing.

Organizational: Role-based access, confidentiality agreements, ongoing employee training.

Physical: Segregated call center floors (production), secure printer areas, locked storage for employee belongings, shredders for disposal.

  1. Retention and Destruction
  • Personal information is retained only as long as necessary for service delivery or legal compliance.
  • Secure destruction methods (shredding, wiping) are used when data is no longer required.
  1. Incident response
  • All suspected breaches are reported immediately to the Privacy Officer.
  • Incidents are assessed for real risk of significant harm, as defined under law 25.
  • If required, notifications are sent to the Commission d’accès à l’information du Québec (CAI), affected individuals and impacted clients without delay.
  • Records of all breaches are maintained for at least 6 years.
  1. Client notifications

We commit to notifying clients promptly regarding:

  • Any cybersecurity incident affecting their data or services.
  • Changes in access rights (remote or onsite).
  • Known vulnerabilities in products/services provided.
  1. Business Continuity & Disaster Recovery
  • We maintain a documented BRP and DRP, tested annually.
  • Lessons learned from tests are documented and improvements implemented promptly.
  1. Rights of individuals

In accordance with Law 25:

  • Individuals may request access to their personal information.
  • Individuals may request correction or deletion of inaccurate or outdated data.
  • Individuals may withdraw consent for processing, subject to contractual/legal obligations.
  1. Generative AI and Emerging Technologies

Strict Prohibition:The use of any artificial intelligence (AI) tool or emerging technology is strictly prohibited in all roles involving customer relations or employee relations. This prohibition applies to all operations personnel, including management, as well as all support teams with access to critical or sensitive data such as, but not limited to, Human Resources, Payroll, Recruitment, Training, Compliancy and Information Technology.

  1. Governance and Accountability

A Privacy Officer is appointed to oversee compliance.

Regular audits and privacy impact assessments are conducted.

Employees receive mandatory privacy and confidentiality training annually.

  1. Website Cookies & Tracking
  • Use of cookies: Our website uses cookies and similar technologies to improve functionality, analyze traffic, and enhance user experience.
  • Types of cookies we use:

Essential cookies: Required for the site to function (eg: security).

Analytics cookies: They help us understand how visitors use our site.

Preference cookies: They improve the user experience by saving the preferred setting (eg: language)

  • Consent: In accordance with Law 25 and all applicable Privacy laws, non-essential cookies are disabled by default. Visitors are asked to provide clear, informed consent before such cookies are activated.
  • Control: Users can withdraw consent or manage cookie preferences at any time through their browser settings or our cookie banner.

Online Forms and applicant information

Collection: When applicants submit personal information through our online forms (eg: name, contact details) the data is collected only for recruitment and evaluation purposes.

Transparency: At the time of collection, applicants are informed of:

– the purpose of data collection.

– the categories of persons with access to that data (eg: HR Team, hiring specialists).

– how long the information is retained.

– their rights to access, correct or withdraw consent.

Security: Online submissions are encrypted in transit and stored securely. Access is restricted to authorized personnel only.

Retention: Applicant data is retained only for the recruitment cycle or as required by law. After this period, it is securely destroyed.

  1. Contact information

For questions or to exercise privacy rights, contact our PRIVACY OFFICER.

  1. Privacy Officer:

Email:privacy@ioscenter.com

Mailing:

C/O Privacy Officer,

IO Solutions Contact Center Inc.

800 rue de la Gauchetiere O., Bureau 5900,

Montreal (QC), H5A-1K6