Last Updated on: September 6, 2023
Phoenix Partners, its subsidiaries and affiliates (“PHOENIX” or the “Company“) recognizes the importance of protecting Personal Information, that is, any Information concerning an individual which allows them to be directly or indirectly identified (“Personal Information”).
This Privacy and Protection of Personal Information Policy (the “Policy”) describes the measures applied by PHOENIX to protect the Personal Information that it collects, uses, discloses, processes and stores as part of the operation of its Website (phoenix-partners.ca) and its day-to-day operations.
This policy is defined by and aims to comply with the provisions of the Act respecting the protection of personal information in the private sector (ARPPIPS, as amended by SQ 2021, c. 25 and the Personal Information Protection and Electronic Documents Act (PIPEDA).
2. Personal information collected
For the purposes of this Policy, the collection of Personal Information by PHOENIX includes only that which is necessary for the purposes of its activities.
The nature and types of personal information are identified by category.
Clients and future clients category:
- Identity information (last name, first name, address, date of birth, gender, telephone number, driver’s licence number, passport number, social insurance number, health insurance number, family ties).
- Demographic information (field of interest, association, profession, salary).
- Financial information (financial balance sheet, banking information, investments).
Job candidates category:
- Identity information (family name, first name, address, date of birth, gender, telephone number).
- Demographic information (employee status, fees and commissions, salary).
- Professional information (education, certification, employment history).
Website visitors category:
- Browsing preferences (language, province, etc.)
- Browsing history on our websites and applications
- IP address
- Information about your device, operating system or browser
3. How PHOENIX collects your personal information
Directly from you
Most of the Personal Information that is collected is that provided directly:
- When communicating at a point of service via the “Support” page of the Website.
- When subscribing via the online documentation portal.
- When making specific requests concerning products and services offered by PHOENIX.
- When registering for events via our Website.
- When applying for a job.
- When opening and managing your account.
- When sending comments or filing complaints.
PHOENIX may also collect your Personal Information from third parties with your consent or if the law authorizes us to collect it in this manner.
Through our Website and online services
PHOENIX may also collect information on visitors to the Website or through the online services portal, including the identifier of the computer equipment used (IP address). This collection is done through the use of cookie files commonly called “cookies.” These files make it possible among other things to recognize users of our Site when they access it and when they go from one page to another. Where required by law, PHOENIX will seek consent before collecting information.
PHOENIX collects, uses and communicates Personal Information for the purposes specified at the time of collection, for example when an individual makes a request for information via the contact page of the Website.
Here are some examples (non-exhaustive list) of purposes for which PHOENIX collects personal information:
- To manage requests concerning products and services offered.
- To confirm the identity of individuals, verify the accuracy of Personal Information and update it.
- To establish the (investment) profile of a client or future client.
- To perform analyses to understand client needs for financial services and thereby offer personalized services.
- To analyze in order to understand client needs for financial services.
- To analyze and model for the purposes of developing, designing and improving the quality of products and services (internal work).
- To analyze, model and segment to define investor profiles, understand needs, and make personalized and targeted recommendations and proposals to clients.
- To manage risks, compliance and security.
- For administrative purposes (open and administer accounts, manage complaints, prevent/detect fraud, etc.).
- To personalize and adapt the browsing experience on the Company’s Website.
- To assess a file as part of an application for a position mentioned in the Careers section.
- To meet regulatory and legal obligations.
PHOENIX may also collect, use or communicate your personal information for business prospecting purposes: PHOENIX will make sure to obtain your explicit consent beforehand.
5. Access to and communication of personal information
Personal Information is disclosed and accessible to PHOENIX employees who reasonably need to access it to achieve the purposes set out in this Policy. All Personal Information stored on PHOENIX servers is secure and is only accessible to employees who have the right to access it, as part of their duties. The principle of least privilege is followed in granting access to Personal Information, depending on the role and responsibilities of the users.
Third parties (partners and suppliers) may also access the Personal Information collected to achieve the purposes set out in this Policy. They will not be able to access Personal Information beyond what is reasonably necessary to achieve the given purpose.
PHOENIX undertakes not to sell or share Personal Information with other third parties except in the following cases, where:
- The law requires it.
- It is required for any legal proceedings.
- It is necessary in order to prove or protect legal rights.
- It is required to achieve the purposes set out in this policy.
- As part of a business transaction, to potential buyers if the company has to change hands.
6. Where is personal information stored?
The servers containing Personal Information are located in Quebec, Canada. However, it is possible that the communication of Personal Information to certain technology solution providers may result in the transfer of such information outside of Quebec. In such cases, PHOENIX will first check the applicable laws and practices for protecting Personal Information in the jurisdiction concerned and will ensure adequate protection of your Personal Information.
7. Retention period and destruction of personal information
PHOENIX has put in place measures to ensure compliance with its obligations to retain and destroy Personal Information.
Personal Information collected by PHOENIX is not retained for longer than necessary to achieve the purposes for which it is collected.
Notwithstanding the foregoing, PHOENIX will retain your Personal Information when such retention is required in order to comply with applicable legal obligations.
8. Measures to protect personal information in the company
PHOENIX has put in place physical, organizational, contractual and technological security measures to adequately protect Personal Information from any theft, loss, unauthorized access, transfer, copy or alteration.
PHOENIX employees are bound by confidentiality agreements. Training and awareness sessions concerning Information Security and the Protection of Personal Information are offered on a regular basis to PHOENIX employees. The IT systems comply with industry-recommended security guidelines and protocols.
9. Security Measures
PHOENIX applies very strict security measures to protect your personal information against any unauthorized access, regardless of the format in which we hold it.
The physical and material security measures include:
- Offices with controlled access and locked filing cabinets.
- Restriction of access to your personal information to a selected group of persons.
- Contractual obligations with third parties who must have access to your personal information, obliging them to protect the confidentiality and security of your personal information.
Information systems security measures include:
- Use of passwords, PINs and firewalls.
- Restricted access to our data processing and storage rooms.
- Encryption of electronically transmitted data.
- Use of a secure link protocol (SSL protocol).
- A regular review of our security practices.
- A regular upgrade of our technology to protect the confidentiality and integrity of the information concerning you.
- Prevention of email fraud: we never send email messages to ask you to provide us with confidential information, such as your password or your account number. If you receive such requests by email, please do not follow the instructions appearing in these emails ostensibly issued by Canadian banks, because you could compromise the security of your information by clicking on the links leading to counterfeit websites.
10. Rights of the persons concerned
As a person whose Personal Information has been collected by PHOENIX, you can assert the following rights:
Right to access, rectify or complete your Personal Information:
PHOENIX makes reasonable efforts to ensure that the Personal Information it collects is accurate and complete for the purposes for which it is used. You can consult your Personal Information, verify its accuracy and modify it if necessary, subject to exceptions provided by law. Your request for access or rectification must be sent in writing to the Privacy Officer at the address indicated in section 12 and will be processed no later than thirty (30) days following the date of receipt of your written request.
Right to withdraw your consent: You may withdraw your consent to your Personal Information being used by PHOENIX for purposes that are not essential to the management and administration of its products and services.
It will generally not be possible to withdraw your consent to the use of your Personal Information for purposes relating to the management and administration of products and services without terminating your contract.
Any request for withdrawal of consent must be sent to the Privacy Officer, whose contact information can be found in section 12.
Right to file a complaint: Any questions regarding your Personal Information or complaints due to non-compliance with the principles set out in the Policy must be sent to the Privacy Officer, whose contact information can be found in section 12.
11. Policy update
This Policy may be amended from time to time to maintain compliance with the law and to reflect any changes in the process of collecting Personal Information.
PHOENIX will inform users of any updates to this Policy via a notice posted on its Website.
The contact information of the Privacy Officer is responsible for ensuring the protection of your Personal Information is as follows:
3414, rue Stanley
All requests will be taken into consideration and treated with all due respect. A response to your request will not be possible if the Personal Information is no longer retained by PHOENIX.