Appendix A – Privacy Policy (External Publication)

1- Context

The trust of our customers and employees being a priority, Mory has established this privacy policy to ensure the protection of the integrity of your personal information. Mory places great importance on everyone’s right to privacy.

For the above reason, Mory complies diligently with the requirements of Law 25 and therefore adheres to the obligations related thereto. The term “privacy incident” is defined as any access, use or communication not authorized by law of personal information, as well as the loss of personal information or any other breach of its protection.

In addition, the term “personal information” is defined as any information,  taken alone or in combination with other available information,  about an individual that allows that person to be identified, such as information about his or her financial situation, lifestyle or health.

However, an individual’s name, as well as their professional contact information, such as their title, address, telephone number and professional email address, are not personal information.

Personal information must be protected regardless of the nature of its medium and whatever its form: written, graphic, audio, visual, computerized or other.

2- Our responsibility

Mory is responsible for all personal information in its possession or management, including personal information we receive directly – for example, from our customers and staff.

Mory  adheres to cybersecurity best practices by conducting, in conjunction with our IT partner, a cyber risk management strategy aimed at applying a series of mitigating measures to better protect our personal information.

We have also assigned a Privacy Officer and delegated certain cybersecurity responsibilities to our IT partner through a service offering related to Law 25. The execution of this service offering ensures the protection of privacy and personal information on behalf of Mory. We have also published on our website and informed our staff of the existence of our Privacy Policy and our  Governance Policies and Practices with respect to Personal Information , as well as the role that each must play in ensuring the protection of the personal information of our customers and members of our team.

If you have any questions regarding our privacy practices, please do not hesitate to contact the Privacy Officer at  info@moryinc.com  or 418 885-9804.

3- Purposes of collecting personal information

Mory collects, uses and discloses personal information about its team members in order to comply with laws, regulations and professional standards; to provide them with benefits; to administer performance management tools; to administer, manage, monitor and enforce Mory’s programs and policies and its relations with its employees; and, generally, to establish, manage or terminate employment or association relationships.

Mory may also collect and use personal information about individuals who apply for employment with us. In the event that we are not currently hiring or that your job application is not considered for any other reason, the information you send us will be destroyed.

Mory may collect and use personal information from its current and future customers in order to be able to offer its services to them, in particular in order to be able to complete orders received and necessary transactions.

Personal information may be collected without the knowledge or consent of the individuals concerned, to the extent permitted by law.

4- Consent

Mory ensures that it obtains the consent of the persons concerned before collecting, using or disclosing personal information, except in cases authorized or required by law. Mory also ensures that its requests for consent comply with  the guidelines for valid consent  developed by the Commission d’accès à l’information.

5- Limits of collection

Mory  collects by legitimate and legal means only the personal information that it can reasonably deem necessary to be able to meet its legal obligations and offer its services.

6- Limiting use and disclosure

Mory uses and discloses your personal information only for the purposes for which it has obtained your consent, or as permitted or required by law. If Mory requires the use or disclosure of personal information about an individual for a purpose that has not been previously identified, Mory will first seek the consent of the individual concerned, unless the law requires or permits the use or disclosure of personal information without obtaining the individual’s consent.

We retain personal information for as long as necessary to fulfill the identified purposes except as authorized or required by law. All records containing personal information about Mory employees and customers are destroyed when such information can no longer be reasonably considered necessary for legal, regulatory or administrative purposes.

7- Accuracy

In order to ensure that the personal information collected is relevant to the purposes for which it is used, Mory makes reasonable efforts to maintain the integrity of individuals’ personal information and to make corrections when necessary.

Individuals concerned by the personal information collected should contact the Privacy Officer in writing to make a request for rectification in the event that a change is required to their personal information held by the company.

8- Transparency

Mory may make available to interested persons upon request information on its  Privacy Policy  and its  Policies and practices for the governance of personal information . Mory also undertakes to respond to any request for information submitted in writing to the Privacy Officer concerning questions related to  its policies and practices for the management of personal information.

9- Access

The persons concerned have the right to examine the personal information in our possession and to obtain a copy. To do so, they should contact the Privacy Officer.

The right to access personal information is subject to certain legal restrictions, and we will take reasonable steps to verify the relevance of the request and the identity of an individual before granting access.

In most cases, requesters will receive a response within 30 days. If an individual has any concerns regarding access, we encourage them to contact the Privacy Officer at  info@moryinc.com  or 418-885-9804.

10- Complaints

We understand the importance of protecting the privacy and personal information of individuals. If you have any questions or concerns about your privacy and personal information, and the role we play in this regard, please contact our Privacy Officer at  info@moryinc.com  or 418 885-9804.

Mory has implemented a procedure for receiving and handling complaints regarding this policy and its personal information handling practices. An individual about whom Mory has personal information may complain about non-compliance with this policy.  Any complaint regarding the protection of personal information should be sent to the Privacy Officer at the address above.  In most cases, requesters will receive a response within 30 days.

If an individual is not satisfied with Mory’s response to a complaint or with Mory’s policies and practices regarding the handling of personal information, he or she may file a complaint with the Commission d’accès à l’information du Québec on the Commissioner’s website at  https://www.cai.gouv.qc.ca/a-propos/nous-joindre/ .

11- Other documents relating to law 25

Several other documents have been created in accordance with the new requirements of Law 25. The following documents were written in collaboration with the cybersecurity team of our IT provider:

• Privacy Policy and Governance Practices :This document may be made available upon request to any person requesting it.

• Privacy Incident Response Plan: This document is available upon request to any employee or interested party.

12- Policy Update

This policy should be reviewed every three years. It should also be updated when there are any substantial changes to legislation or regulatory requirements.