Skip to Content

ML Solutions Privacy Policy


1. Objective of the Privacy Policy


The purpose of this policy is to define the measures and practices implemented by ML Solutions to ensure the protection of personal information collected, held, used, and disclosed in the course of its activities. The policy aims to:


  • Protect clients and business partners personal information from unauthorized access, misuse, loss, or improper disclosure.
  • Govern the processes of collecting, retaining, using, disclosing, and disposing of personal information in compliance with applicable laws, including the Private Sector Privacy Act (P-39.1).
  • Ensure transparency in the management of personal information and enable individuals to exercise their rights to access, rectification, and withdrawal of consent.
  • Maintain legal compliance with personal information governance obligations while implementing security measures appropriate to the sensitivity of the data processed.


2. Roles and Responsibilities


At ML Solutions, the responsibility for personal information protection rests with Marie-Lou Mailloux-Desrochers, the company's President, who also serves as the Privacy Officer. Her responsibilities includes:


  • Ensuring compliance with the Private Sector Privacy Act (P-39.1).
  • Overseeing the collection, use, retention, and disposal of personal information to protect it at every stage of its lifecycle.
  • Responding to access and rectification requests and ensuring transparency in data management practices.
  • Addressing complaints related to personal information protection and taking appropriate measures in case of confidentiality incidents.
  • Publishing the contact details of the Privacy Officer on the company’s website under the Contact section. 


ML Solutions’ governance approach is tailored to the nature of its activities and the size of the company, utilizing evolving practices based on its growth.


3. Retention of Personal Information


ML Solutions adheres to strict rules regarding the retention of personal information:


  • Retention Period: Information is kept only as long as necessary for its intended purpose,varying according to the data type and legal obligations.
  • Secure Disposal: When no longer needed, personal information is securely destroyed or anonymized in accordance with best practices.
  • Technical security measures includes: data encryption, firewalls, physical access controls, and regular backups to protect personal information.


4. Access Management Process


ML Solutions implements stringent controls to ensure that only authorized individuals can access personal information, based on their roles and company needs. This includes:


  • Access Controls: Limiting access to those with a legitimate need for the information.
  • Authentication and Authorization: Employing secure authentication methods and appropriate authorization levels.
  • Access Logs: Logging all access to personal information for traceability and auditing purposes.


5. Technical Security Measures


ML Solutions implements the following technical measures to protect personal information throughout its lifecycle:


  • Data Encryption: Encrypting stored data to prevent unauthorized access.
  • Firewalls and Network Access Controls: Limiting access to systems to authorized users.
  • Regular Backups: Regularly backing up critical data to prevent loss.
  • Physical Access Controls: Restricting facility access to authorized personnel. For SaaS-hosted data, service providers ensure appropriate security measure.


6. Review and Update Processes


ML Solutions regularly reviews its protection measures and compliance with current laws to ensure  they are up to date with technological, regulatory, and business needs.


  • Periodic Reviews: Privacy policies are reviewed annually or following significant changes in the company's activities or legislation.
  • Updating Practices: Security measures and governance practices are adjusted according to new threats and legal recommendations, including changes under Law 25.
  • Documentation: All revisions or updates are documented and approved by the Privacy Officer to maintain clear traceability.


7. Incident Mitigation Procedures


ML Solutions has a rigorous process in place to identify, contain, and address confidentiality incidents. Steps includes:


  • Incident Identification and Assessment: Quickly identifying and assessing security incidents to determine their severity and potential impact.
  • Internal Communication: Promptly informing the Privacy Officer to take necessary measures.
  • Containment Measures: Immediately isolating compromised systems or disabling access to prevent further damage.
  • Damage Repair: Taking corrective actions to secure data and prevent incident recurrence.


8. Incident Response Procedures


ML Solutions has established procedures to respond effectively to confidentiality incidents:


  • Notification to Affected Individuals: Promptly informing individuals when there is a serious risk, as required by law.
  • Reporting to Authorities: Notifying the Quebec Commission for Access to Information or other competent authorities if the breach poses a serious threat.
  • Documentation and follow-up: Each incident is recorded in an incident log, including details of the incident, actions taken, and investigation outcomes.
  • Post-incident evaluation: After each incident, a thorough assessment is conducted to improve existing procedures and prevent similar incidents from occurring in the future.


9. Complaint Handling


ML Solutions provides a transparent process for handling complaints about the management of personal information. Individuals can file complaints if they believe their personal information has been mishandled:


  • Filing Complaints: Complaints can be submitted in writing or via email to the Privacy Officer, using contact details available on the company’s website.
  • Complaint Review: Each complaint is thoroughly reviewed, and corrective measures are identified if necessary.
  • Response: A written response, including the review results and actions taken, is provided to the complainant within a reasonable time frame.
  • Follow-up: Ensuring the resolution is effective and satisfactory for all parties involved.


Privacy Officer Contact Information


For any questions, access requests, rectifications, or complaints regarding the management of personal information, please contact:


Marie-Lou Mailloux-Desrochers

President of ML Solutions

Email: ml@ml-solutions.ca

Phone : 514-616-3496

Share Your Concerns with Us 

Complaint Form Law 25
Submit