Continue without accepting
Regitex uses cookies to improve your experience on the site, offer you personalized content and analyze site performance. By accepting, you consent to the use of these cookies. Learn more

Policy and practices governing governance of personal information

RÉGITEX is committed to protecting all personal information collected and used in the management of its activities.


All persons working with, for or on behalf of RÉGITEX are required to respect the confidentiality of personal information and the right to privacy of every individual, in accordance with the Privacy Act, when collecting, using, disclosing, retaining or disposing of personal information in the course of their duties.


Personal information under the custody or control of RÉGITEX is only created, collected, retained, used, disclosed and disposed of in a manner that complies with the Privacy Act. We respect the privacy rights of individuals whose personal information is in our possession, in accordance with these requirements.


Personal information is defined as any information or combination of information that relates to a natural person and allows that person to be identified. However, an individual’s name, business title, business address, business telephone number and business e-mail address are not personal information.

Personal information must be protected regardless of the nature of its medium or form: written, graphic, audio, visual, computerized or other.


The organization obtains the written consent of an individual in the following situations:

  • prior to collecting personal information, unless seeking consent would result in the collection of inaccurate information, defeat the purpose of collecting the information or compromise the use of the information collected. For example, the organization will generally consult with the complainant to indirectly collect personal information for the purpose of conducting an investigation;
  • before using or disclosing personal information for purposes that do not respect the purposes for which the information was collected or prepared;
  • prior to any disposal of personal information, unless such disposal is expressly authorized by law;
  • if it intends to disclose a complaint received by the company or any privileged or confidential information obtained in the course of an investigation or proceeding. In such cases, the written consent of all persons whose rights or interests may reasonably be affected must be obtained.

Obtaining an individual’s consent to the collection of personal information does not replace or establish the authority to collect such information under the Privacy Act; rather, the organization must ensure that the personal information to be collected is directly related to and demonstrably necessary for the organization’s regulatory activities.


Personal information may only be collected or created (e.g., the assignment of a licence number or the imposition of licence restrictions constitutes the creation of personal information) under the following conditions:

  • the personal information is directly related to a regulatory activity of the organization;
  • the collection of this personal information is necessary to enable the organization to fulfill its statutory purposes or regulatory objectives.

To determine whether personal information is directly related to a regulatory activity, consult the policies that require or authorize the collection of personal information. The organization’s policies provide guidance and advice on the need to collect personal information to enable the organization to meet its objectives. Before collecting or creating new personal information, the organization must:

  • Identify the personal information that will be collected;
  • Identify the purposes for collecting each type of personal information;
  • collect only the personal information required to fulfill the identified purposes.

The organization collects or creates personal information intended to be used for administrative purposes directly from the individual concerned, except when:

  • the individual authorizes the organization to collect personal information from another source;
  • the personal information is collected for a purpose for which it may be disclosed to the organization;
  • collecting personal information directly from the individual could result in the collection of inaccurate information; or
  • collecting personal information directly from the individual could defeat the purpose or compromise the use for which the personal information is collected. For example, the organization will generally consult with the person making a complaint to indirectly collect personal information for the purpose of conducting an investigation.

We limit the collection, use and disclosure of your personal information to the purposes we have identified to you. Your personal information may only be accessed by certain authorized persons, and only for the purposes for which they have been designated.


Personal information held by the organization will not be disclosed without the consent of the individual concerned or unless disclosure is authorized or required under the Privacy Act.

Any person subject to this policy must:

  • disclose only the minimum amount of personal information required to satisfy the valid purposes indicated;
  • consult with the Privacy Officer before disclosing any personal information other than that required in the course of his or her duties.


We retain your personal information for as long as necessary to fulfill the purposes for which it was collected. We must destroy this information in accordance with the law and our records retention policy. When we destroy your personal information, we take the necessary measures to ensure its confidentiality and that no unauthorized person has access to it during the destruction process.


The organization takes reasonable steps to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used, and to minimize the possibility that inaccurate or incomplete information may be used to make a decision that directly affects an individual.

The organization has documented procedures allowing individuals to request correction of their personal information when they believe there has been an error or omission.

We do not routinely update personal information unless necessary to fulfill the purposes for which it was collected. The degree of accuracy, currency and completeness of personal information will depend on the input you provide on the consent form.


We are responsible for personal information in our possession or custody, including information we entrust to third parties for processing. We require these third parties to maintain this information in accordance with strict confidentiality and security standards.

Our Privacy Officer oversees this Privacy Policy and related processes, as well as the procedures to be followed to protect this information. 

Our staff is informed and properly trained on our privacy policies and practices.


The organization is required to protect personal information in its custody or control from such risks as unauthorized access, collection, use, disclosure or disposal, by taking reasonable security measures. These include a combination of technical, administrative and physical safeguards. The reasonableness of security measures takes into account such factors as the sensitivity, amount, distribution, format and method of storage of the information to be protected.

We have implemented and continue to develop stringent security measures to ensure that your personal information remains strictly confidential and is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

These security measures include organizational measures such as restricting access to what is necessary; backing up and archiving data using an external system, etc.); and technological measures such as the use of passwords and encryption (for example, frequent password changes and the use of firewalls). 


The organization requires that access to personal information be role-based and limited to the minimum amount of information required for authorized purposes.

The organization monitors access to and use of personal information in order to promptly detect instances of inappropriate or unauthorized access to or processing of personal information by such means as auditing.

The organization requires service providers to comply with the organization’s legal obligations relating to the processing and protection of personal information, and service providers are required to comply with this Privacy Policy.


Subject to the exceptions set out in the Privacy Act, any individual may access, review or receive a copy of his or her personal information held by the organization by submitting a written request to that effect to the organization’s Privacy Officer.

We will provide you with such information within a reasonable time from the date of receipt of the written request. A reasonable fee may also be charged for processing your request. 

Under certain circumstances, we may refuse to provide you with the requested information. Exceptions to your right of access include the fact that the information requested concerns other individuals, that the information cannot be disclosed for legal, security or copyright reasons, that the information was obtained in the course of a fraud investigation, that the information can only be obtained at prohibitive cost, or that the information is the subject of litigation or is privileged. 

When we hold medical information about you, we may refuse to disclose it directly to you and request that it be disclosed to a health care professional designated by you.

You may verify the accuracy and completeness of your personal information and, if necessary, request that it be amended. Any request for amendment will be processed within a reasonable period of time.

Requests to access or amend personal information may be sent to the address below:

(418) 397-5775 poste 237
(418) 397-5775 poste 239


You may contact the Privacy Officer at the above address.

All complaints concerning the protection of personal information should be forwarded to the Privacy Officer at the above address.

We will investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including, if necessary, amending our policies and practices.


The company promotes best practices and respect for transparency and privacy rights in a number of ways:

  • It informs all team members (consent form);
  • It posts the name and contact details of the person responsible for PR;
  • It mobilizes various means of raising awareness, including:

Information sessions on the protection of personal information, reminders at team meetings, training for her staff, an action plan for the protection of personal information, a logbook, etc.


If for any reason you feel that the company has not adhered to these principles, please notify us by contacting our Privacy Officer. We will then take the necessary steps to identify and correct the problem within a reasonable timeframe. Please mention “Privacy” in the subject line.


This policy must be reviewed every three years. It must also be updated whenever there is a substantial change in legislation or regulatory requirements.

Updated: 22-11-2023