Privacy and Personal Information Protection Policy

1. Purpose
This policy aims to ensure the protection of personal information collected, used, disclosed, retained, or destroyed by our company, in compliance with Québec’s Law 25 (formerly the Act Respecting the Protection of Personal Information in the Private Sector).

2. Collection of Personal Information
We only collect the information necessary to provide our services, including:
– Identity information (first name, last name, title, etc.);
– Contact details (email address, phone number, company name, address);
– Billing information (bank details, credit card number, etc.);
– Information related to service requests and services provided;
– Data entered in quote request or contact forms on our website;
– Client, supplier, partner, and employee information stored in our management systems;
– Recruitment-related information (résumés, work experience, references);
– Technical information related to the use of our website (e.g., IP address, browsing activity,
preferences).

3. Methods of Collection
Personal information is collected:
– By email;
– By phone;
– Through our website;
– Through our management systems;
– In the course of contractual or business relationships.

4. Consent
We collect, use, and disclose personal information only with the explicit consent of the individuals concerned, except where otherwise permitted by law.
– Consent may be given in writing, verbally, online (e.g., check box), or in any other manner that clearly establishes it.
– Individuals may withdraw their consent at any time, subject to applicable legal or contractual obligations.

5. Use of Personal Information
Personal information is used to:
– Respond to service or quote requests;
– Offer and deliver our services;
– Manage relationships with clients, suppliers, partners, and employees;
– Ensure administrative, financial, and operational follow-up;
– Comply with our legal and regulatory obligations.

We never use personal information for other purposes without consent.

6. Disclosure to Third Parties
We do not disclose personal information to third parties without consent, except where required by law or to carry out a mandate. When a transfer is necessary (e.g., subcontractors, service providers), we require such third parties to contractually agree to protect the confidentiality of the information.

Transfers outside Québec:
If personal information must be disclosed outside Québec, we conduct a Privacy Impact Assessment
(PIA) to ensure the destination jurisdiction provides adequate protection. Individuals are informed of such transfers.

7. Retention and Destruction
Personal information is retained only for the duration necessary to achieve the purposes for which it was collected. Once this period has expired, it is securely destroyed or anonymized.

Our management systems are secured and hosted in Canada or in jurisdictions that comply with Law 25 requirements.

8. Security Measures
We apply reasonable and proportionate security measures, including:
– Restricted access to management systems and emails;
– Employee awareness regarding the protection of personal information;
– Secure authentication and access control;
– Secure web hosting;
– Ongoing monitoring and regular updates of our systems.

9. Rights of Individuals
Any individual may:
– Request access to their personal information;
– Request correction or deletion of their personal information;
– Withdraw consent for future use;
– Request, subject to applicable legal provisions, the portability of their personal information (transfer to another organization).

Requests must be addressed to the Privacy Officer (see Section 11).

10. Management of Privacy Incidents
In the event of an incident involving personal information (unauthorized access, loss, breach), we undertake to:
– Maintain an incident log;
– Notify the Commission d’accès à l’information (CAI) if the incident poses a risk of serious harm;
– Notify the affected individual if they are at risk of serious harm.

11. Privacy Officer
The Privacy Officer is:

Name: Vincent Palardy
Title : Vice-président
Email : jva.prp@jvalogistique.com | Phone : 438 316-6224

The Privacy Officer is responsible for implementing and updating this policy, as well as processing
requests for access, correction, or withdrawal of personal information.

12. Updates
This policy may be updated periodically to reflect technological or regulatory changes. The date of the last update is indicated below.

Last updated: August 30, 2025