Global privacy and data protection policy

Scope

The present document presents ZINC's Global Privacy and Data Protection policy which applies to all personal and operational information and data held on ZINC members, sub-contractors and clients. All ZINC members must read, understand and apply it.

Purpose

While exercising its right to collect, use and disclose personal information or data for legitimate business purposes, ZINC is committed to protect, in all countries where it does business, the personal and operational information and data concerning.

• Our members;
• Our sub-contractors;
• Our clients and their operations.

in order to maintain strict rules of conduct to lower the likelihood of:

• Loss of privacy;
• atteinte à la vie privée;
• Loss of trust;
• Legal liability.

Position and Etiquette

• ZINC is committed to protect the personal information of its members as required for staffing, member management, compensation and benefits administration purposes.
• ZINC may also collect personal and operational information and data on client and client personnel, for example, in Outsourcing contracts. All client personal and operational information and data collected by ZINC will comply with the policies and procedures established by the client and/or ZINC. As well, ZINC will always respect and act in compliance with all applicable legislation.
• ZINC respects the privacy of any visitors to www.ZINC.com and does not share any personal information with third parties.

ZINC's principles for information handling practices are the following:

Accountability

The Vice Presidents responsible for a Business Unit oversee the application of this policy and take corrective action on violations and on non-compliance. ZINC members who have concerns regarding the privacy of their own, sub-contractor or client personal information should report their concerns as well as any weakness in the measures protecting such information to their manager (for client and sub-contractor personal information) or to their local Human Resources representative (for member personal information). All members must respect this Global Privacy and Data Protection Policy as well as the privacy of other ZINC members and the client's privacy policies when working at a client site.

Business Units who hold and manage client personal or operational information and data, as a result of providing services to these clients, must protect such information and data. Any violation of client personal or operational information or data, in the context of providing services to these clients, should be reported directly to the Vice-President responsible for the Business Unit safeguarding such information or data.

Identifying Purpose of Collection

Advise members, sub-contractors and clients when collecting personal information of the reason for collection, how the information will be used and any new purpose for the collection.

Consent for Collection

Obtain the member's sub-contractor's or client's written or electronic consent to the collection of information and whenever a new use of the information is identified.

Limit Collection, Use, Disclosure, and Retention

Collect only the information necessary for the identified purpose. Use and disclose information only for the purpose for which it was collected or when required by legislation and in the manner prescribed by the legislation in the jurisdiction where ZINC does business. Retain information only as long as necessary and dispose of all sensitive information in a secure manner.

Accuracy

Ensure the accuracy of theinformation collected by verifying with the individual and updating it periodically. ZINC members must notify their local Human Resources of any changes or updates that will affect their personal records.

Safeguards

Protect personal and operational information or data according to its sensitivity and as required by any applicable legislation. Sensitive personal or operational information or data is to be protected from unauthorized use, disclosure, access and modification. These safeguards apply to sensitive personal and operational information or data irrespective of the storage medium.

Such safeguards may take the form of locked filing cabinets, restricted access to information (physical and on a need-to-know basis, alarm systems or other electronic control devices, technological tools such as passwords, encryption, firewalls, anonymizing software, etc. The selection of safeguards will be done considering the sensitivity, amount and format of the information or data needing protection.
Security measures around data protection are reviewed regularly to follow the company evolution or changes in the organization.

Openness

In distributing this document, advise the members, sub-contractors and clients about ZINC's practices and the application of this policy.

Individual Access

Provide members, sub-contractors and clients access to their information held by ZINC so that they may know what information is retained. Provide the members, sub-contractors and clients an opportunity to verify the accuracy of their information and to correct any inaccuracies. Inform in writing, if access is refused, of the reasons why and of the appeal process.

No Expectation of Privacy

Subject to the applicable legislation, ZINC has the right to monitor any and all aspects of its information systems and infrastructures including, but not limited to:

• Loss of privacy;
• Instant messaging systems;
• Chat groups;
• News groups;
• E-mail sent and/or received.

Such monitoring may occur at any time, without notice, and without obtaining the user's permission.

Sanctions

Violations of this policy may result in a disciplinary action which will be proportional to the seriousness of the behavior concerned. Vice Presidents responsible for business units or corporate functions are responsible to decide on the proper course of action in case of a breach to this policy.