ACCESS TO INFORMATION POLICY

The purpose of this policy is to ensure our organization’s compliance with Quebec law on the protection of personal information in the private sector. It aims to limit access to certain documents and files containing personal information, whether physical or electronic.

Scope

This policy applies to all employees, contractors, suppliers and any other person with access to our premises or information systems.

Definitions

Personal information: any information concerning a person that allows them to be identified.

Authorized access: access granted to an individual to enable them to carry out their professional functions.

Access to personal information

Access to personal information is strictly limited to those individuals who need the information to perform their professional functions. These include human resources employees, customer account managers and information security managers.

Physical access control

Physical files containing personal information are kept in locked cabinets. Only authorized employees will have the key or access code to these cabinets. Keys and access codes will be managed by the information security manager.

Electronic access control

Access to electronically stored personal information will be controlled by unique and secure passwords. Authorized employees will be assigned a unique username and password to access this information. Passwords must be changed every three months and cannot be reused.

Audit and monitoring

Regular audits will be carried out to ensure that only authorized individuals have access to personal information. Any suspicious activity will be immediately reported to the Information Security Officer.

Training

All employees will receive training on this access to information policy and how to protect personal information. This training will be provided upon hire and will be repeated each year.

Violations

Any violation of this policy may result in disciplinary action, including termination. Employees are required to report any violations of this policy to the Information Security Officer.

Revision

This policy will be reviewed annually to ensure that it remains compliant with Quebec legislation and meets the needs of our organization.

Responsibility

The information security manager is responsible for implementing and monitoring this policy. All employees are responsible for complying with this policy.

Responsible of IT department

Christian Tremblay

ctremblay@groupetranswest.com

Responsible of human resources

Audrey Gagnon

agagnon@groupetranswest.com

Responsible of truck drivers

Patrick Gagnon

pgagnon@groupetranswest.com