1. PURPOSE

MERITEX Services Financiers Inc. (“MERITEX”) is committed to protecting the confidentiality, integrity, and security of personal information entrusted

to it in the course of its professional activities.

This Policy and Procedure for the Protection of Personal Information sets out the governance framework, principles, and practices adopted by MERITEX to ensure compliance with applicable privacy legislation, including Québec’s Act respecting the protection of personal information in the private sector, as amended by Bill 25, as well as applicable federal requirements where relevant.

2. SCOPE AND APPLICATION

This policy applies to:

• MERITEX as an organization

• Its representative(s)

• Any employee, contractor, or other authorized person acting on behalf of MERITEX It applies to all personal information collected, used, disclosed, retained, or destroyed by MERITEX in the course of providing financial and insurance services, regardless of the format in which such information is held (paper, electronic, or otherwise).

3. DEFINITION OF PERSONAL INFORMATION

For the purposes of this policy, “personal information” means any information that relates to a natural person and allows that person to be identified, directly

or indirectly.

Personal information includes, without limitation:

• Identification and contact information

• Financial information

• Insurance-related information

• Information relating to an individual’s health or lifestyle, where applicable

Certain personal information may be considered sensitive due to its nature or the context in which it is used and therefore requires enhanced protection.

4. PERSON RESPONSIBLE FOR THE PROTECTION OF PERSONAL INFORMATION

Name: Hagop Samouelian
Title: President / Independent Representative
Email: [email protected]
Telephone: 514-653-5377
Website: www.meritex.ca

The person responsible is accountable for:

• Overseeing compliance with privacy legislation and this policy

• Responding to requests for access or correction

• Addressing privacy-related inquiries and concerns

• Managing confidentiality incidents

• Ensuring this policy is reviewed and updated as required

5. COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION

MERITEX collects, uses, and discloses personal information solely for legitimate and identified purposes related to:

• The provision of financial and insurance services

• Regulatory and professional obligations

• Client relationship management and ongoing service

Personal information is:

• Collected directly from the individual, unless otherwise authorized by law

• Limited to what is necessary to fulfill the identified purposes

• Used only for those purposes or as otherwise permitted or required by law

• Disclosed only with the individual’s consent, where required, or as authorized by law

6. RETENTION AND DESTRUCTION

Personal information is retained only for the duration necessary to fulfill the purposes for which it was collected and to comply with applicable legal, regulatory, and professional obligations.

When personal information is no longer required, MERITEX ensures that it is securely destroyed, erased, or anonymized using reasonable methods

appropriate to the sensitivity of the information and the medium on which it is stored.

7. SAFEGUARDS AND SECURITY MEASURES

MERITEX implements reasonable administrative, physical, and technological safeguards to protect personal information against loss, theft, unauthorized

access, use, or disclosure.
Safeguards are proportionate to:

• The sensitivity of the information

• The purposes for which it is used

• The size and nature of MERITEX’s operations

Access to personal information is restricted to authorized persons who require such access to perform their professional duties and who are subject to confidentiality obligations.

8. ACCESS RIGHTS AND CORRECTION REQUESTS

Individuals have the right to request access to the personal information held about them and to request correction of any information that is inaccurate or

incomplete, subject to applicable legal restrictions.

Requests must be submitted to the person responsible for the protection of personal information. MERITEX may require verification of identity before responding and will respond within the timeframes prescribed by applicable law.

9. CONFIDENTIALITY INCIDENTS

A confidentiality incident occurs when personal information is accessed, used, disclosed, lost, or retained in a manner not authorized by law.

Any suspected or actual confidentiality incident must be reported promptly to the person responsible for the protection of personal information.

MERITEX will:

• Assess the nature and scope of the incident

• Take reasonable measures to reduce the risk of harm

• Document the incident

• Notify affected individuals and regulatory authorities where required by law

10. RECORD-KEEPING

MERITEX maintains records of confidentiality incidents in accordance with applicable legal requirements. Such records are retained for the prescribed period and kept in a secure manner.

These records are made available to regulatory authorities upon request, where required by law.

11. TRAINING AND AWARENESS

MERITEX ensures that any person who has access to personal information is informed of their confidentiality obligations and of the principles set out in this policy.

12. REVIEW AND UPDATES

This policy is reviewed periodically and updated as necessary to reflect changes in legislation, regulatory guidance, or MERITEX’s business practices.
The most current version of this policy is made available on MERITEX’s website.

Last Review: 08-01-2026