Last updated: [2025-04-15]

1. Purpose

This policy is intended to ensure the protection of personal information collected, used, retained, or disclosed by Nasci Biologie Médicale Inc. (hereinafter “Nasci”) in the course of its operations. It outlines our commitments and the measures we have put in place to respect the privacy of our patients, collaborators, and partners.

2. Scope

This policy applies to all personal information collected by Nasci, whether in written, electronic, verbal, or other form, from:

• patients and donors,
• healthcare professionals,
• research or business partners,
• and any other individuals whose information we hold in the course of our operations.

3. Definition

Personal information is any information relating to an identifiable individual, either directly or indirectly.

4. Information Collection

We collect only the information necessary to:

• provide reliable and high-precision medical laboratory services;
• ensure appropriate clinical follow-up;
• develop our research projects with scientific rigor and ethical compliance;
• comply with legal, regulatory, and contractual obligations.

Information is collected transparently, with the informed consent of the individuals concerned.

5. Use of Information

Personal information is used solely for the purposes for which it was collected, unless specific consent has been obtained for another use or where permitted or required by law.

6. Disclosure of Information

We do not disclose personal information to third parties without the consent of the individuals concerned, except:

• to authorized healthcare professionals;
• to partner laboratories when required for analysis or research (under confidentiality agreements);
• to competent authorities if required by law.

7. Retention and Destruction

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal and professional requirements. It is then securely destroyed.

8. Security

Nasci implements technical, administrative, and physical security measures to protect personal information against loss, theft, unauthorized access, disclosure, or alteration. Our security measures include:

• access controls for computers, systems, and digital records;
• firewalls and network security tools to prevent intrusions;
• professional antivirus software with regular monitoring and updates;
• encryption of sensitive data transmitted electronically;
• strong password policies (minimum length, multi-factor authentication);
• regular data backups to secure servers;
• employee training on confidentiality and digital best practices;
• mandatory confidentiality agreements for all staff and external collaborators.

9. Access and Correction

Any individual may request access to their personal information held by us and request correction if the information is incomplete, inaccurate, or ambiguous. These requests must be directed to our Privacy Officer (see section 11).

10. Consent

Consent is generally required for the collection, use, or disclosure of personal information. It must be informed, freely given, and specific to the intended purpose. It may be withdrawn at any time, subject to legal or contractual obligations.

11. Privacy Officer

For any questions, complaints, or access requests, please contact:

Name: Lyne Massicotte
Title: Privacy Officer
Email: [email protected]
Address: 794 Fréchette Street, Suite 101, Longueuil, QC
Phone: 514-316-1518

12. Policy Updates

This policy may be modified at any time to reflect legislative changes or internal practices. The current version is always available on our website or upon request.