Privacy & Cookie Policy
Last update: September 16, 2025
Collectionand use of confidential information
Collection of employee or future employee data
Go-Mine inc. may, if necessary, create one or more files containing confidential information concerning employees. The purpose of such files is to :
- keep contact details up to date;
- document work or training situations ;
- enable paid employees to carry out administrative tasks required or permitted by law (income tax, group insurance, etc.).
Go-Mine inc. may, if necessary, create one or more files containing confidential information concerning applicants. The purpose of creating such files is to enable Go-Mine inc. to carry out a publication, an activity or to provide a service.
Go-Mine inc. may only collect confidential information that is necessary for the purposes of the file and may only use confidential information for those purposes.
Confidential information may only be collected from the person concerned, unless that person consents to collection from another person or as authorized by law.
Data collection on company website
By accessing the company's website, Gomine.ca, you consent to the collection of the following personal information:
- Usage data;
- Name;
- Email address.
Usage data includes the following:
- Internet Protocol (IP) address of computers accessing the site;
- Web page requests;
- Referring web pages;
- Browser used to access the site;
- Access date and time.
This data is collected when the user interacts with the website and fills in a registration form.
This data can be used for :
- Provide and maintain up-to-date information on the website;
- Establish statistics on website traffic;
- Establish contact with users when they fill in a form;
- Monitor the operation of our Web site administration practices;
No data will be shared without the user's explicit consent.
Managing confidential information
Designation of the person responsible
Catherine Lajoie Filion, President of Go-Mine Inc. delegates her role as Privacy Officer.
Designated person 2025-2026
Catherine Larocque, Human Resources Manager
Access management
The Human Resources Department and the President are authorized to access any confidential information held by Go-Mine Inc. Other employees are authorized to access confidential information insofar as such access is necessary to carry out a task in the performance of their duties.
Confidentiality incident management
For legal purposes, a privacy incident is any unauthorized access, use or disclosure of personal information, as well as the loss of personal information or any other breach of its protection.
When an employee or an applicant becomes aware of a confidentiality incident, he or she must promptly inform the person responsible for protecting confidential information so that it can be entered in the Register. To do so, the employee or applicant must complete a reporting form and forward it to the Human Resources department.
The register must keep information on a confidentiality incident for a period of five years.
Must be collated in the report form:
- A description of the personal information affected by the incident or, if this information is unknown, the reasons why it is impossible to provide such a description;
- A brief description of the circumstances of the incident;
- The date or period when the incident took place (or an approximation if this information is not known) ;
- The date or period when the organization became aware of the incident ;
- The number of people affected by the incident (or an approximation if this information is not available).
The person in charge judges whether the incident presents a "serious risk of harm". The information and the measures to be taken to reduce the risk of serious harm to the persons concerned are entered in the register.
If the incident presents a serious risk of harm, the person responsible notifies the Commission d'accès à l'information and the persons concerned of any incident presenting a serious risk of harm, using the appropriate form.
Keeping confidential information
Employees who have access to personal information in the course of their duties must :
- Ensure that confidential information is kept safe from physical damage or unauthorized access;
- Ensure that all electronic documents containing confidential information, including those copied to portable storage devices, are encrypted and password-protected. Access is restricted and granted only for the time needed to complete the task;
- Keep confidential information in paper form, where appropriate, in lockable filing cabinets, and ensure that the cabinets are locked at the end of each working day. File cabinet keys should be kept in secure locations.
Files created under this policy are the property of Go-Mine inc.
Destruction of confidential information
Confidential information is retained only as long as the purpose for which it was collected has not been fulfilled, unless the individual concerned has consented otherwise. Confidential information is then destroyed in such a way that the data it contains can no longer be reconstructed.
Employee files are kept by Go-Mine inc. for a period of 6 years:
The following documents are considered personal information:
- Curriculum vitae;
- Performance evaluation;
- Employment contracts;
- Insurance documents;
- Social insurance number;
- Tax forms;
- Security incident report;
- Human resources files;
- Training registers and certification.
Disclosure of confidential information to a third party
Other than in situations where required by law and subject to the other provisions of this section 2.5, confidential information may only be disclosed to a third party after obtaining the written, manifest, free and informed consent of the person concerned. Such consent may only be given for a specific purpose and for the time necessary to achieve that purpose.
Confidential information may be disclosed without the consent of the person concerned if his or her life, health or safety is seriously threatened. In such a case, disclosure must be made in the manner least harmful to the person concerned.
As permitted by law, Go-Mine Inc. may disclose confidential information necessary to defend itself or its employees against any claim or suit brought against the company or its employees, by or on behalf of a claimant, employee, or any of their heirs, executors, assigns or transferees, including any claim brought by a claimant's or employee's insurer.
Communication of confidential information to the person concerned
Applicants and employees have the right to know what confidential information Go-Mine Inc. has received, collected and retained about them, to have access to such information and to request that it be corrected.
Go-Mine inc. must, however, restrict access to confidential information when required by law or when disclosure would likely reveal confidential information about a third party.
A request from an applicant or employee for confidential information about them must be processed within a maximum of 30 days.
Breach of confidentiality
An employee breaches his or her duty of confidentiality when :
- communicates confidential information to individuals not authorized to have access to it
; - discusses confidential information inside or outside Go-Mine Inc. where individuals not authorized to have access may overhear it;
- leaves confidential information on paper or computer medium in plain view in a place where individuals not authorized to have access to it are likely to see it;
- fails to follow the provisions of this policy.
In the event of a breach of confidentiality, appropriate disciplinary action, up to and including termination of the employment contract or any other relationship with Go-Mine Inc. will be taken against the offending party and corrective measures will be taken as necessary to prevent a recurrence.
Confidentiality incidents
Incident reporting procedure and response plan
In the event of a privacy incident involving personal information, Go-Mine Inc. will take reasonable steps to attempt to minimize the risk of harm to the individual(s) involved and to prevent any recurrence of a similar incident.
When an employee or requesting party becomes aware of a confidentiality incident, he or she contacts the person in charge using the reporting form provided for this purpose.
The responsible person identifies reasonable measures to reduce the risk of harm and to prevent further incidents.
The responsible person assesses whether the incident presents a risk of serious harm, as defined in Appendix B.
If the incident presents a risk of serious harm, the person in charge immediately notifies the Commission d'accès à l'information (CAI) using the form provided for this purpose, as well as any person whose personal information has been affected.
The person in charge keeps a log of all incidents.
The person in charge responds to CAI's request for a copy of the register, where applicable.
Content ofcommunication to data subjects
When to report
Go-Mine inc. must "diligently" notify all individuals whose personal information has been affected by a privacy incident. This notification must be sent directly to the individuals concerned. However, the Règlement sur les incidents de confidentialité provides for situations where communication may exceptionally be made by means of a public notice, such as when providing the notice is likely to represent an undue hardship for the company, or to increase the prejudice caused to the individuals concerned.
Content to be communicated
As is the case for the written notice to the CAI, the written notice to the persons concerned must contain the following elements:
- A description of the personal information affected by the incident or, if this information is unknown, the reasons why it is impossible to provide such a description;
- A brief description of the circumstances of the incident;
- The date or period when the incident took place (or an approximation if this information is not known) ;
- A brief description of the measures the organization has taken or intends to take following the incident to reduce the risk of harm;
- Measures that the organization suggests the person concerned take in order to reduce/mitigate the risk of harm;
- The contact details of the person from whom the person concerned can obtain further information about the incident.
Keeping an incident register
A register recording all incidents of confidentiality, whether minor or major, must be kept and updated.
This register may have to be forwarded to the CAI in the event of an incident posing a risk of harm deemed serious.
Recourse
If it appears that an individual's confidential information has been used in a manner contrary to a provision of this policy, the individual may file a complaint with Go-Mine's Human Resources Department, or with the President if the complaint concerns the Human Resources Director.
As provided by law, a person who has been denied access to or correction of confidential information concerning him or her may file a complaint with the Commission d'accès à l'information for review of the disagreement within 30 days of Go-Mine Inc.'s refusal to grant the request or the expiry of the deadline for responding.
Example of confidentiality incidents
The following is a non-exhaustive list of possible incidents.
- Deliberate alteration
- Accidental communication
- Deliberate communication without authorization
- Cyber attack
- Technical failure
- Accidental or deliberate destruction or disclosure without authorization
- Phishing
- Social engineering
- Loss of access to information
- Ransomware
- Information theft
Confidentiality obligation
Employees are required to sign this confidentiality agreement (Appendix A) before performing their duties or mandates with Go-Mine inc.
The obligation of confidentiality applies for the duration of an employee's relationship with Go-Mine Inc. and survives the termination of that relationship.