Confidentialité

PRIVACY & DATA PROTECTION POLICY

Scope
The present document presents ABI's Privacy and Data Protection policy which applies to all personal and operational information and data held on ABI members, sub-contractors and clients. All ABI members must read, understand and apply it.

Purpose
While exercising its right to collect, use and disclose personal information or data for legitimate business purposes, ABI is committed to protect, in all countries where it does business, the personal and operational information and data concerning.

  • Our members
  • Our sub-contractors
  • Our clients and their operations

In order to maintain strict rules of conduct to lower the likelihood of:

  • Confidentiality breaches;
  • Loss of privacy;
  • Loss of trust; and/or
  • Legal liability.

Position and Etiquette
ABI is committed to protect the personal information of its members as required for staffing, member management, compensation and benefits administration purposes.

ABI may also collect personal and operational information and data on client and client personnel, for example, in Outsourcing contracts. All client personal and operational information and data collected by ABI will comply with the policies and procedures established by the client and/or ABI. As well, ABI will always respect and act in compliance with all applicable legislation.

ABI respects the privacy of any visitors to www.ABI.com and does not share any personal information with third parties.

ABI's principles for information handling practices are the following:

Accountability
The Vice Presidents responsible for a Business Unit oversee the application of this policy and take corrective action on violations and on non-compliance. ABI members who have concerns regarding the privacy of their own, sub-contractor or client personal information should report their concerns as well as any weakness in the measures protecting such information to their manager (for client and sub-contractor personal information) or to their local Human Resources representative (for member personal information). All members must respect this Privacy and Data Protection Policy as well as the privacy of other ABI members and the client's privacy policies when working at a client site.

Business Units who hold and manage client personal or operational information and data, as a result of providing services to these clients, must protect such information and data. Any violation of client personal or operational information or data, in the context of providing services to these clients, should be reported directly to the Vice-President responsible for the Business Unit safeguarding such information or data.

Identifying Purpose of Collection
Advise members, sub-contractors and clients when collecting personal information of the reason for collection, how the information will be used and any new purpose for the collection.

Consent for Collection
Obtain the member's sub-contractor's or client's written or electronic consent to the collection of information and whenever a new use of the information is identified.

Limit Collection, Use, Disclosure, and Retention
Collect only the information necessary for the identified purpose. Use and disclose information only for the purpose for which it was collected or when required by legislation and in the manner prescribed by the legislation in the jurisdiction where ABI does business. Retain information only as long as necessary and dispose of all sensitive information in a secure manner.

Accuracy
Ensure the accuracy of the information collected by verifying with the individual and updating it periodically. ABI members must notify their local Human Resources of any changes or updates that will affect their personal records.

Safeguards
Protect personal and operational information or data according to its sensitivity and as required by any applicable legislation. Sensitive personal or operational information or data is to be protected from unauthorized use, disclosure, access and modification. These safeguards apply to sensitive personal and operational information or data irrespective of the storage medium.

Such safeguards may take the form of locked filing cabinets, restricted access to information (physical and on a need-to-know basis, alarm systems or other electronic control devices, technological tools such as passwords, encryption, firewalls, anonymizing software, etc. The selection of safeguards will be done considering the sensitivity, amount and format of the information or data needing protection.

Security measures around data protection are reviewed regularly to follow the company evolution or changes in the organization.

Openness
In distributing this document, advise the members, sub-contractors and clients about ABI's practices and the application of this policy.

Individual Access
Provide members, sub-contractors and clients access to their information held by ABI so that they may know what information is retained. Provide the members, sub-contractors and clients an opportunity to verify the accuracy of their information and to correct any inaccuracies. Inform in writing, if access is refused, of the reasons why and of the appeal process.

No Expectation of Privacy
Subject to the applicable legislation, ABI has the right to monitor any and all aspects of its information systems and infrastructures including, but not limited to:

  • Visited Internet sites;
  • Instant messaging systems;
  • Chat groups;
  • News groups; and
  • E-mail sent and/or received.

Such monitoring may occur at any time, without notice, and without obtaining the user's permission.

Sanctions
Violations of this policy may result in a disciplinary action which will be proportional to the seriousness of the behaviour concerned. Vice Presidents responsible for business units or corporate functions are responsible to decide on the proper course of action in case of a breach to this policy. The General Manager is the designated ABI Privacy and Data Protection Officer.