PRIVACY NOTICE

1.      INTRODUCTION

At Zolerna HR Consulting, we are committed to safeguarding personal information, strictly adhering to legal mandates, and valuing the trust our clients place in us. Our proactive approach combines technological advancement with regulatory compliance, ensuring the confidentiality and integrity of your data.

By engaging with our services, you are not only partnering with a team that is legally compliant but one that genuinely values and prioritizes the sanctity of personal data.

For purposes of this Agreement, “Site” refers to the Company’s website, which can be accessed at www.zolernahr.com. “Service” refers to the Company’s services accessed via the Site. The terms “we,” “us,” and “our” refer to the Company. “You” refers to you, as a user of our Site or our Services. By accessing our Site or our Services, you accept our Privacy Policy and Terms of Use, and you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Policy.

2.      DEFINITIONS

Personal Data: Refers to any data related to a natural person that allows identification, directly or indirectly, excluding business contact information used for business purposes.

Sensitive Personal Data: Refers to specific categories of personal data that are more sensitive and require higher levels of protection, such as health information, racial or ethnic origin, and trade union membership.

Processing: Encompasses operations on personal data, such as payroll processing, employee discipline and performance management, harassment complaints handling, the creation of employee records, drafting employment documents, workers compensation claims, group insurance administration, retirement savings administration and more.

In all these operations, we adhere to the highest standards of data protection and privacy, ensuring that personal data is handled responsibly, securely, and in compliance with all relevant legal requirements.

Consent: Clear, free, informed, and specific purposes are necessary for consent under the Act respecting the Protection of Personal Information in the Private Sector. It must be requested for each such purpose, in clear and simple language. In the event that the request for consent is in writing, it should be presented separately from any other information given to the individual concerned. Assistance in understanding the scope of the consent requested will be provided to the person who requests it.

The consent of a minor under 14 years of age is given by the person having parental authority or by the tutor. The consent of a minor 14 years of age or over is given by the minor, by the person having parental authority or by the tutor. Consent is valid only for the time necessary to achieve the purposes for which it was requested. Consent not given in accordance with this Act is without effect.

3.      DATA COLLECTION

We collect personal information, including names, addresses, employment history, skills, and compensation details, primarily through direct interactions, client submissions, digital platforms, and publicly available sources. We collect personal data based on the following legal bases:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.

  • Contractual Necessity: When the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.

  • Legal Obligation: When the processing is necessary for us to comply with the law.

We typically collect personal information that includes, but is not limited to:

  • Basic Personal Information: This includes names, addresses, phone numbers, email addresses, social insurance numbers and dates of birth.

  • Employment History: Past and current employment history, including job titles, job descriptions, durations of employment, and reasons for leaving.

  • Educational Background: Information about academic qualifications, institutions attended, courses studied, and any professional certifications.

  • Skills and Competencies: Specific skills, languages spoken, technical proficiencies, and other competencies relevant to employment.

  • References: Contact details of professional references and any feedback or comments they provide.

  • Compensation Details: Current and past salary information, benefits, bonuses, and other compensation-related data.

  • Feedback and Performance Data: Performance reviews, feedback from supervisors or colleagues, and any other performance-related documentation.

  • Training and Development Records: Courses attended, training sessions participated in, and any feedback or outcomes from these.

  • Personal Preferences: This might include work preferences, communication styles, or other personal insights that can help in team dynamics or organizational fit.

  • Legal Documentation: This can include work permits, visa statuses, or other documentation relevant to employment eligibility.

  • Sensitive Personal Data: In some cases, and only with explicit consent, we might collect sensitive personal data such as health information, racial or ethnic origin, or trade union membership. This is done in compliance with legal requirements and for specific, defined purposes.

Methods of Data Collection: We typically collect personal information using the following methods:

  • During consultations, interviews, or when individuals fill out forms or surveys.

  • Our clients may provide us with information about their employees or potential candidates as part of our consulting mandate.

  • Information may be collected through digital tools or platforms we use, such as online assessment tools, surveys, or HR software.

  • We might gather information from public platforms like LinkedIn, job boards, or company websites to understand an individual's professional background better.

  • As part of background checks or reference verifications, we may collect information from provided references or previous employers.

  • We may use technologies like cookies or analytics tools on our website or digital platforms to collect data related to user behavior or preferences.

  • During workshops, training sessions, or group activities, we might gather feedback, assessments, or other relevant data.

  • From communications, feedback, or responses we receive through email or other electronic communication methods.

We are committed to ensuring that your personal data remains accurate and comprehensive, tailored to its intended purpose, whether for collection, utilization, or sharing.

Our services are not designed for individuals under the age of 14. Our platform does not intentionally gather information from, or offer sign-up options to, those under this age bracket.

Should we discover that we've inadvertently collected personal details from someone under the age of 14 without appropriate parental or guardian consent, we will promptly remove such data. If you suspect we might have such information, kindly reach out to us at support@zolernahr.com.

If you're concerned that a child under 14 has shared personal details with us, please get in touch using the information in our "Contact" section or by e-mailing us at: support@zolernahr.com.

4.      USE OF PERSONAL INFORMATION

We use personal information for client onboarding, employee assessments, recruitment, training, compensation analysis, legal compliance, and client feedback, ensuring effective HR solutions.

Zolerna HR Consulting Services shall only collect, use, and disclose personal information that is necessary for the purposes for which it is collected. Personal information is collected by us for a variety of reasons, such as:

a)       Client Onboarding: To understand the specific needs and requirements of our clients, which includes contact details, organizational structure, and other relevant business information.

b)      Employee Assessments: Gathering data related to employee performance, skills, competencies, and feedback to provide comprehensive HR solutions.

c)       Recruitment Services: Collecting resumes, references, employment histories, and other relevant data to assist clients in their hiring processes.

d)      Training & Development: Understanding employee educational backgrounds, skills, and areas of interest to design and recommend appropriate training programs.

e)      Compensation Analysis: Gathering data on employee salaries, benefits, and other compensation-related information to provide competitive compensation recommendations.

f)        Organizational Surveys: Conducting surveys to understand employee satisfaction, workplace culture, and other organizational health indicators.

g)       Legal Compliance: Collecting necessary information to ensure that our clients remain compliant with local, provincial, and federal employment laws.

h)      Client Feedback: Gathering feedback from clients to improve our services and offerings.

i)        Communication Purposes: Contact details to facilitate communication between Zolerna and its clients.

j)        Contractual Obligations: Information required to fulfill our contractual obligations to clients, such as billing details and service agreements.

5.      DATA SHARING & DISCLOSURE

At Zolerna HR Consulting Services, we recognize the importance of maintaining the confidentiality and security of the personal information we collect. We share personal data with third parties only when necessary for the purposes outlined in this policy. All third parties are required to comply with relevant privacy laws and implement robust data protection measures. We may share data with categories of third parties such as consultants, subcontractors, and legal authorities, each bound by confidentiality agreements.While we are committed to safeguarding this data, there are specific circumstances under which we might share this information:

  • Collaboration with Consultants: We may collaborate with other consultants to provide comprehensive HR solutions. In such cases, we might share relevant data with these consultants. However, any consultant with whom we share information has signed a strict confidentiality agreement with us, ensuring the protection and privacy of the shared data.

  • Subcontractors: In instances where we engage subcontractors to assist in fulfilling our mandates, it might be necessary to share specific data with them. These subcontractors are bound by the same stringent data protection standards as we are.

  • Legal Obligations: We may disclose personal information if required by law or in response to legal processes, law enforcement requests, or to protect the rights, property, or safety of Zolerna HR Consulting Services, our clients, or the public.

Consent Management:Consent is obtained through explicit and informed agreements, separate from other terms and conditions. We will seek your explicit consent for each specific purpose in clear and simple language. For minors under 14, consent will be obtained from a parent or guardian.

Explicit Consent: Apart from the above scenarios, we will not share, sell, or disclose personal information without obtaining explicit consent from the concerned individual or entity.

We take all necessary precautions to ensure that any data shared is done securely and only with parties who are committed to maintaining its confidentiality and security.

6.      DATA RETENTION & DESTRUCTION

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once the retention period expires, we securely delete or anonymize the data. Our data retention practices are guided by the following principles:

Duration of Retention: Personal information is retained only for the duration required to fulfill the purposes for which it was collected or as mandated by legal, regulatory, or contractual obligations. Once this period expires, the data is securely deleted or anonymized.

Criteria for Determining Retention Periods:

a)       Purpose of Collection: The primary factor determining the retention period is the specific purpose for which the data was collected. For instance, data collected for project-based mandates might be retained until the completion of the project and any subsequent follow-up period.

b)      Legal and Regulatory Requirements: Certain laws or regulations may require data to be retained for specific periods. We adhere to these requirements diligently.

c)       Contractual Obligations: Agreements with clients or other parties might specify data retention periods. We honor these contractual terms.

d)      Operational Necessity: In some cases, data might be retained for longer periods due to operational needs, such as ongoing client relationships or for historical reference.

e)      Regular Review: We conduct regular reviews of the data we hold to determine its relevance and necessity. Data that is no longer required, and which is not bound by other retention criteria, is securily disposed of.

Secure Disposal: Once the retention period expires, and the data is no longer required, we ensure it is securely deleted or, where appropriate, anonymized, so it can no longer be linked to specific individuals.We employ secure data destruction methods such as digital data wiping, cryptographic erase, physical shredding and Incineration to ensure personal data is irreversibly destroyed and cannot be reconstructed or retrieved.

We conduct regular reviews of our data destruction methods to ensure they comply with the latest regulatory standards and best practices. This ensures that all data destruction activities are performed securely and effectively.

We maintain detailed records of all data destruction activities and regularly review our processes to ensure compliance with Quebec's Law 25 and other relevant data protection regulations

By adhering to these principles, we ensure that personal information is not retained indefinitely and that it is kept only for durations that respect both individual privacy and our operational requirements.

7.      DATA SECURITY

In order to protect your security, we utilize two-factor authentication and employ the strongest available browser encryption. All of our data is stored on Microsoft OneDrive, ensuring a robust and secure cloud storage solution. Personal data is shared exclusively through secure links, ensuring controlled access. While our employees have access to the data for operational purposes, they are bound by strict confidentiality agreements. A breach of this agreement would result in the employee's termination.

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times, and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

8.      RIGHTS OF DATA SUBJECTS

We recognize and respect the rights of individuals whose personal data we process. As a data subject, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request access to your personal data that we hold. This includes information about how we process it, the categories of data we hold, and the recipients or categories of recipients to whom the data has been disclosed.

  • Right to Correct: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request corrections or amendments to such data.

  • Right to Delete: Under certain circumstances, you have the right to request the deletion of your personal data. This is also known as the 'right to be forgotten'.

  • Right to Object: You have the right to object to the processing of your personal data for specific purposes, especially if such processing is based on our legitimate interests or for direct marketing.

  • Right to Withdraw Consent: If our processing is based on your consent, you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Process for Exercising These Rights:

  • Submission of Request: To exercise any of the above rights, please submit a written request to our Data Protection Officer. Ensure that you provide sufficient information to allow us to identify you and understand the nature of your request.

  • Verification: For security reasons, we may ask for additional information to verify your identity before processing your request.

  • Response Time: We aim to respond to all valid requests within one month. However, it might take longer if the request is particularly complex or if you have made multiple requests. In such cases, we will notify you and keep you updated.

9.      THIRD-PARTY LINKS AND SERVICES

We strive to provide comprehensive solutions and resources for our clients and users. As part of this commitment, our website, documents, or communications might contain links to or recommendations for third-party websites, products, or services. We would like to clarify the following regarding these third-party references:

  • Disclaimer: While we may provide links to or recommendations for third-party websites or services, it's essential to understand that these third-party entities operate independently of Zolerna HR Consulting Services. We do not have control over their content, products, services, or privacy practices. Therefore, any interactions or engagements you have with these third parties are strictly between you and the respective third party, and Zolerna HR Consulting Services is not responsible or liable for any loss, damage, or issues arising from such interactions.

  • Review Third-Party Privacy Policies: We strongly encourage you to review the privacy policies and terms of service of any third-party websites or services you visit or engage with. This will provide you with a clear understanding of how these entities collect, use, and protect your personal information.

  • Due Diligence: While we aim to recommend only reputable third-party services, it's always a good practice to conduct your own due diligence before engaging with any third-party entity or using their services.

10.  COOKIES AND TRACKING

A cookie is a small file, stored on a user's hard drive by a website. Its purpose is to collect data relating to the user's browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience. We use the following types of cookies on our Site:

Analytical cookies: Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc.

11.  CHANGES TO THE POLICY

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy, we will update the "Effective Date" at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.

12.  CONTACT INFORMATION

If you have any questions, concerns or complaints, you can contact our Data Protection Officer:

Elissa Shorrock, CRHA

Founder and Senior HR Consultant

By Email: elissa.shorrock@zolernahr.com

By Telephone: (514) 944-5448

Updated on May 30, 2024