In the course of its operations, Sollio Cooperative Group (collectively “Sollio,” “we,” “us” and “our”) collects, uses and shares the personal information of its employees, members, customers and partners (“you,” “your”).

This policy (the “Policy”) does not apply to our subsidiaries, partners, retailers, member cooperatives or other members, which are required to adopt their own privacy policies.

Sollio values your privacy and is committed to respecting and protecting the privacy of individuals who communicate with it by any means. This includes the privacy of those who use Sollio’s websites.

We collect, use, share and store a significant amount of data in the course of our operations. This data may contain personal information.

For the sake of transparency and to make our policies and practices regarding the processing of personal information easily accessible to the individuals concerned, our privacy standards are explained in general terms in this Policy. In some cases, these standards are explained more comprehensively and specifically in the policies posted on our various websites or brought to your attention by Sollio before or when your personal information is collected for a specific purpose (collectively the “Privacy Policies”).

These Privacy Policies describe:

• the purposes for which we may collect and use your personal information

• the types of information we collect • how we use this information

• the individuals we may share your personal information with

• Our practices regarding the storage and destruction of your personal information

• the security measures we have implemented to protect your personal information

• your rights regarding this information

• how to contact us if you have any questions, comments or complaints

It is therefore your responsibility to read these Privacy Policies in order to ensure that your personal information is protected should you agree to share it.

What is personal information and what is the processing of personal information?

In this Policy, “personal information” means any information about a natural person that can be used to directly or indirectly identify said person.

• Financial information includes a person’s salary, payroll information, bank account numbers, credit card numbers, transaction history, transactions and tax returns.
• Information about employees or customers who are private individuals includes disciplinary records, work performance, information on working conditions, consumer information and any other information that is private in nature according to the context.
• Government information includes social insurance numbers, health insurance numbers, passport numbers, work permit numbers and notices of assessment.
• IT information includes usernames, user IDs, passwords, IP addresses, input or sign-in logs, unique identifiers and online browsing data.

In this Policy, the term “processing” used in relation to personal information means any collection, storage, access, use, disclosure, transmission, sharing, destruction or anonymization of personal information, using either our IT systems or traditional paper files.

The “General rules” section below applies as soon as you share your personal information with Sollio, regardless of the means of communication or your situation.

Responsibility

Sollio is responsible for the personal information under its control. It tasks a specific person with ensuring compliance with the applicable legal framework for the protection of personal information, including as set out in the Act Respecting the Protection of Personal Information in the Private Sector (CQLR, c. P-39.1).

This person also ensures compliance with the regulatory framework (policies, directives, procedures and internal standards) established and put in place by Sollio so that its compliance with the privacy laws applicable to its operations can be demonstrated.

This individual will also fulfill the function of Person in Charge of the Protection of Personal Information.

The contact information for this person is found in this Policy under “Contact information.”

Determination of collection purposes and limitation of collection and use

The purposes for which your personal information is collected are determined by Sollio at or before the time such information is collected. We only use your personal information for the purposes stated at the time of collection, except in the case of exceptions provided for by applicable laws. We limit the type of information that we collect and use to the personal information required for these purposes.

Who can access your personal information?

We limit access to collected personal information to employees who need it to carry out the processing purposes set out in this Policy.

How do we protect personal information?

We act in strict compliance with the privacy legislation that applies to us, including the Civil Code of Québec and the Act Respecting the Protection of Personal Information in the Private Sector (CQLR, c. P-39.1).

We have implemented reasonable technical, administrative and physical security measures to protect your personal information. These measures account for the sensitivity of such personal information, the purpose for which it is used, and the quantity, distribution and medium of the information, among other factors. For example, we have put in place policies and guidelines establishing a framework for information security. These policies and guidelines establish a framework for the protection of personal information, including guidelines on the retention and destruction of personal information. Our security measures include penetration testing and detection, 24/7 surveillance, access management and review, and vulnerability and risk management.

We use service providers who implement appropriate measures to manage and protect the personal information entrusted to them.

We take reasonable business steps to protect the integrity of our website and the confidentiality of information collected by any means. In addition, the personal information we collect can only be accessed by persons who require such information to fulfil the purposes stated to you prior to its collection by Sollio by way of any of its privacy policies, including this Policy, or by any other means.

Despite the security measures taken by Sollio to keep personal information secure, the possibility of illegal cyberattacks by third parties, who could steal personal information without Sollio’s consent, creates a degree of uncertainty. No electronic collection, transmission or storage method is 100% secure. We cannot guarantee that your personal information will not be viewed, obtained, disclosed, modified or destroyed following the violation of the security measures described above. We therefore cannot guarantee the security of any personal information you provide to us. When you provide information, you do so at your own risk.

We have a policy against any unauthorized disclosure or use of personal information, and we train our employees on this policy. Employees who violate this policy may be subject to disciplinary action. We have also appointed a Person in Charge of the Protection of Personal Information. Any concerned person may contact the Person in Charge of the Protection of Personal Information at any time to request information or make a comment or complaint regarding this Policy or the processing of their personal information. The Person in Charge of the Protection of Personal Information’s contact information is available under “Contact information.”

Consent

We ensure that all relevant persons are informed of any collection, use or communication of personal information concerning them and that they provide implicit or express consent as required by applicable law.

Where do we store your personal information?

Although our servers, including those providing cloud storage services, are generally located in Canada, we may also host data outside Canada. We adhere to the principles applicable under Québec law with regard to data retention by third parties. When your personal information is stored outside Canada, it may be subject to laws that differ from Canadian law and do not afford the same protections as Canadian law. However, we address this by signing contractual agreements with suppliers stipulating that your personal information will be adequately protected, particularly with respect to generally accepted principles for the protection of personal information.

How long do we retain your personal information?

We only retain your personal information for as long as necessary to carry out the purposes determined in accordance with the context and to meet our legal and regulatory requirements. Sollio Agriculture also retains personal information for at least as long as required by applicable laws. Personal information is subsequently deleted in a secure and confidential manner. To learn more about how long we retain your personal information, please contact Sollio’s Person in Charge of the Protection of Personal Information, whose contact information is found below under “Contact information.”