Privacy Policy

Privacy and Personal Information Governance Policy - Compliance with Law 25

A. Girardin Inc.
Effective date : May 21, 2025
Revised on : May 21, 2025

1. Objective

The purpose of this policy is to ensure the protection of personal information held by A. Girardin Inc. and to comply with the requirements of Bill 25, which amends the Act respecting the protection of personal information in the private sector in Quebec.

2. Scope

This policy applies to all employees, managers, subcontractors and partners of A. Girardin Inc. who collect, use, disclose, retain or destroy personal information in the course of their duties.

3. Privacy Officer

The Privacy Officer is:

Name: Bruno Leclerc
Position: President
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 888-697-3222

The person in charge ensures the organization's compliance with Bill 25, the processing of complaints, and the implementation of this policy.

4. Collection of Personal Information

For our customers and suppliers, personal information is collected only for specified, legitimate purposes that are necessary for the operation of our services (e.g., sale of buses or parts, maintenance, warranty monitoring, human resources management, security, invoicing, etc.).

Examples of information collected:

  • Name, address, telephone, e-mail
  • Driver's License Information (for Vehicle Test Drives)
  • Bank details (invoicing, payments)

As for our employees' personal information, it is collected only for specified, legitimate purposes that are necessary for the operation of our services (e.g., payroll management, pay equity, human resources management, etc.).

Examples of information collected:

  • Name, address, telephone, personal email
  • Social Insurance Number (SIN)
  • Banking information for payroll
  • Medical records (e.g., sick leave)
  • Driver's license (if used for work)
  • Performance evaluation, disciplinary history, etc.

5. Consent

Consent is required for the collection, use and disclosure of any personal information, except as permitted by law. Consent can be express or implied, depending on the context.

6. Use and Disclosure

Personal information will only be used for the purposes for which it was collected. It may be disclosed to third parties (e.g., suppliers, partners, insurers) only when necessary and adequate safeguards are in place.

7. Security measures

Physical, technological and administrative measures are in place to protect information from unauthorized access, loss or disclosure:

  • Restricted access to folders
  • Passwords and firewalls
  • Secure document destruction
  • Employee training

8. Rights of data subjects

Any individual whose personal information we hold has the right to:

  • Access your information
  • Request a correction
  • Withdraw consent
  • File a complaint

Requests should be directed to the Privacy Officer.

9. Confidentiality Incidents

Any confidentiality incident must be reported without delay to the designated official. If the incident presents a serious risk of harm, a report will be made to the Commission d'accès à l'information and to the person concerned.

10. Retention and Destruction

Information is retained only for as long as necessary for the purposes for which it was collected, and then securely destroyed in accordance with our internal procedures and applicable regulations.

11. Policy Update

This policy will be reviewed annually or when there are significant changes in our practices or legislation.

If you have any questions or comments regarding this policy, please contact the Privacy Officer.