Policy and guidelines on the use of artifical intelligence

Effective date: March 1, 2025
Version: 1.00
Policy owner: AI committee: Zineb Dina Kettani, Antoine Fournier, Olivier Nadeau
Policy owner Email: [email protected]
Next review: March 1, 2026

Table of contents

  1. Introduction
  2. Guiding principles
  3. Governance and supervision
  4. Use of AI in marketing operations
  5. Data management
  6. AI development and acquisition
  7. Risk management
  8. Training and awareness
  9. Review and updates
  10. Regulatory compliance

 

1. Introduction

Spritz, social + numérique, and POP, culture + numérique integrate artificial intelligence (AI) to optimize our marketing services and enhance customer experience. We believe in an ethical, responsible, and transparent use of these technologies, aligned with our core values of creativity, inclusion, and innovation.

This policy establishes a clear framework for AI use within our internal processes and client services while ensuring compliance with applicable laws in Quebec, particularly in data privacy and governance.

1.1 Policy objectives

This policy aims to:

  • Regulate AI use to ensure a responsible and secure approach in our marketing activities.
  • Protect personal and confidential data in compliance with applicable laws.
  • Maximize innovation through AI while upholding equity and inclusion.
  • Prevent bias and discrimination in AI technologies.
  • Ensure AI is used transparently, fairly, and securely across all operations.

This policy provides a clear framework for AI use within our divisions, ensuring alignment with applicable laws and regulations in Quebec and Canada. Spritz, social + numérique and POP, culture + numérique recognize AI’s strategic role in optimizing campaigns, automating processes, and enhancing customer experience. However, its use must be guided by principles ensuring ethical, secure, and value-aligned applications.

1.2 Scope

This policy applies to:

  • All members and employees of Spritz, social + numérique and POP, culture + numérique using or interacting with AI technologies in their roles.
  • All AI systems and tools used by the organization, whether developed internally or provided by third parties.
  • All activities involving AI, including data processing, operations management, and interactions with partners and clients.

This policy covers AI applications on both company and personal devices when used for professional purposes or connected to corporate networks, including wi-fi.

 

2. Guiding principles

  • Transparency: AI use within Spritz, social + numérique and POP, culture + numérique must be clear and open. Employees and partners must be informed about AI usage and understand how AI systems influence decisions, recommendations, or services.
  • Privacy protection: Personal or sensitive data must not be used in AI systems without explicit consent. We commit to compliance with Quebec’s data protection laws, ensuring security and confidentiality. (Our privacy policy can be found here.)
  • Human responsibility: AI is a tool to support humans, not replace them. Any significant decision or AI-generated content must be reviewed by an employee before use or publication. Employees are responsible for supervising AI systems in their daily tasks.
  • Data security: AI systems must be configured to protect data from unauthorized access, hacking, or leaks. Random audits will be conducted to ensure security protocols are in place and followed.
  • Fairness and bias prevention: AI systems used by Spritz, social + numérique and POP, culture + numérique must be developed and applied to prevent discriminatory bias and ensure fair and equitable outcomes.

 

3. Governance and supervision

  • A designated AI lead will oversee policy compliance and evolution.
  • Random audits will ensure adherence to guidelines.
  • An AI incident management protocol will be established for effective response to anomalies.

3.1 Audits and reviews

Regular audits will verify AI systems’ compliance with guidelines and laws. Any non-compliant AI usage will be promptly addressed. The AI lead will be responsible for an annual policy review. The next policy update is scheduled for February 25, 2026.

 

4. Use of AI in operations

4.1 General use

AI may be used within Spritz, social + numérique and POP, culture + numérique to enhance efficiency, creativity, and decision-making. Examples include text translation, research, and brainstorming support. These tools must be used responsibly and in line with ethical principles.

4.2 Client interactions

AI may assist in customer interactions, such as automating responses to FAQs, providing personalized recommendations, or scheduling appointments. However, all AI-generated information must be reviewed and validated by an employee before being communicated to customers.

4.3 Marketing and personalization

AI tools may personalize offers and ads based on customer preferences. However, privacy laws must be respected, and no personal data should be used without explicit consent.

4.4 Internal operations optimization

AI can optimize processes such as inventory management, resource planning, and market trend analysis. These systems must be configured to ensure data security and accuracy.

4.5 Decision support

AI can provide insights and recommendations but must not replace human judgment. Final decisions must be made by humans based on AI-generated data that has been reviewed for accuracy and relevance.

4.6 Content creation

AI may generate ideas, draft texts, or create visuals. All AI-generated content must be reviewed and approved by a human before publication.

4.7 Advertising and personalization

AI tools may optimize advertising campaigns. No discriminatory segmentation must be applied.

4.8 Analytics and reporting

AI can analyze marketing performance, but results must be interpreted and contextualized by experts.

 

5. Data management

  • AI-processed data must be protected and secured.
  • Compliance with data protection regulations is mandatory.
  • Transparency regarding data usage must be maintained for customers and partners.

 

6. AI development and acquisition

Spritz, social + numérique and POP, culture + numérique select AI tools based on rigorous ethical, security, and efficiency criteria. We use ChatGPT, Gemini, Sprout Social, BeautifulAi, and Claude to optimize operations and marketing strategies. Before integration, these tools undergo extensive testing and validation to ensure compliance with established standards. Continuous monitoring assesses their impact, identifies improvements, and anticipates potential risks.

6.1 Collaboration with third parties

If external providers develop or supply AI systems, Spritz, social + numérique and POP, culture + numérique ensure they meet the same security, ethical, and data protection standards. Contracts must clearly define each party’s responsibilities and obligations.

 

7. Risk management

7.1 Risk identification

The use of AI involves risks, particularly concerning privacy, security, and potential biases. Spritz, social + numérique and POP, culture + numérique, are committed to identifying and assessing these risks before deploying any AI systems. Each AI use case must be analyzed to ensure there are no unacceptable risks for individuals or the organization.

7.2 Incident response protocol

In the event of an issue with an AI system—such as a data breach, an error, or biased results— Spritz, social + numérique and POP, culture + numérique must respond swiftly by implementing appropriate corrective measures.

7.3 System monitoring and audits

All AI systems must be regularly monitored to ensure proper functionality and the absence of biases. Periodic audits will be conducted to ensure compliance with this policy’s guidelines and to manage risks effectively.

7.4 Continuous improvement

Spritz, social + numérique and POP, culture + numérique are committed to continuously reviewing and improving their AI systems in line with technological advancements and legislative changes. Risk management must remain a dynamic process, with regular updates to maintain compliance and security.

 

8. Training and awareness

Spritz, social + numérique and POP, culture + numérique are committed to providing clear and accessible resources for all employees, enabling them to consult best practices, ask questions, and stay informed about AI developments. Practical guides and information sheets will be available to meet teams’ specific needs.

  • All employees using AI must complete mandatory training and stay informed about best practices and technological advancements.
  • Teams will receive continuous updates on technological and regulatory developments.

 

9. Review and updates

9.1 Updates based on legislative and technological changes

Spritz, social + numérique and POP, culture + numérique, will review their AI policy and guidelines annually to ensure compliance with current laws and adaptation to technological progress. This process ensures the safe, ethical, and responsible use of AI.

In the event of significant legislative or technological changes, Spritz, social + numérique and POP, culture + numérique commit to quickly adapting this policy. These updates will be communicated to all employees and relevant partners to ensure effective compliance.

9.2 Stakeholder participation

The AI lead will regularly gather feedback from employees and partners to adjust and improve this policy. This participatory approach helps tailor the guidelines to the organization’s actual needs.

 

10. Regulatory compliance

Spritz, social + numérique and POP, culture + numérique are committed to complying with all applicable laws and regulations in Quebec and Canada regarding AI use, personal data protection, and data security. This includes, but is not limited to, the Private Sector Personal Information Protection Act and Quebec’s Law 25.

10.1 Legal supervision and audits

Periodic internal and external audits will be conducted to ensure that Spritz, social + numérique and POP, culture + numérique AI systems comply with legal and regulatory requirements. Any non-compliance will be promptly corrected to minimize legal risks and ensure full transparency with the relevant authorities.