Boivin Evolution (BEV) is committed to offering a safe environment that respects people, whether they are customers, partners, employees or visitors. It is for this reason that we confirm, through this Directive, the rules put in place in compliance with Law 25 on the protection of personal information used in the context of company operations. 

In order to reduce the content of the information available on its company website, BEV has decided to publish a summary. However, the full content is available on request. 

Designated Responsible Person 

It has been agreed that Gilles Boivin, Special Financial Advisor, can be contacted with regards to this Directive at the following email address: 

Role and Responsibility 

This person must ensure the processing of access requests in connection with this Directive. This person will have to assist people who request access and assess the legitimacy of access to information in the context of their work. All this to ensure the protection of personal information throughout its life cycle, from collection to destruction. This person will also have to carry out the required reporting with regards to access to information and protection of information. 

Indirectly, this person must ensure the company complies with its legislative, administrative and regulatory obligations. This person will have to take part in any questions relating to access to documents or the protection of personal information. This person must ensure that personnel, including management, receive information and training on the obligations and practices regarding access to information and protection of personal information. Finally, this person must act as a representative to other public organizations and the Commissions d’access à l’information for all questions relating to access to documents and the protection of personal information. 

Some of these tasks may be delegated but legal responsibility lies with the responsible person. In the absence of the responsible person, the most senior manager automatically becomes the person responsible within the meaning of the Law.

Governance of Personal Information 

In order to respect a level of confidentiality of the information transmitted in the present, it is important to know that Boivin Évolution has carried out certain exercises, the details of which are in the full version of the Directive on the Protection of Personal Information, available on request. 

Here are the exercises that were carried out: 

  • A table containing the collection of personal information, how it is used and the communication 
  • How sensitive and confidential information is stored to ensure its security and who has access to it 
  • The Terms and Conditions of the storage and destruction of information 

Procedure in the Event of an Incident or Complaint 

  • In the event of a confidentiality incident involving one or more personal information, BEV undertakes to take reasonable measures to reduce the risk of damage caused to the persons concerned, and to prevent new incidents of the same type from reoccurring 
  • In the event of an incident with risk of serious damage, in accordance with the Law, BEV will notify the Commission and the person or persons concerned, unless there is a risk of harm to any investigation related to the incident 
  • At the same time, BEV will keep a register of incidents, a copy of which will be sent to the Commission on request. The register will report incidents, complaints and events that may cause serious harm 
  • The responsible person will ensure to carry out an analysis of the existence of a risk periodically and implement mitigation measures to reduce the risk of an incident 

Contracts of Consent 

In compliance with Law 25, a statement was added to the information collection form, credit applications and pay slip, to the effect that by attaching their signature the person consents to the information that they provide being used in the context of “the credit application / their employment” for the normal operations of BEV, all in compliance with Law 25. 

The present Summary of the Directive is implemented on August 21, 2023, and will subsequently be subject to annual reviews.