Policy objective
This Policy aims to ensure the protection of personal information and to govern the way in which the Corporation de la Conservation du Patrimoine de Saint-Simon-les-Mines Inc (Corporation) collects it, uses it, communicates it, keeps it and destroys it. or otherwise manages them. In addition, it aims to inform any interested person about the way in which the Corporation processes personal information.
1. Definition
1.1 Personal information: Personal information is information which concerns a natural person and which allows, directly or indirectly, to identify them: name, postal address, email address, telephone number, language or gender.[1]
1.2 Sensitive personal information: Personal information is considered sensitive when, by its nature in particular medical, biometric or otherwise intimate or because of the context of its use or communication, it gives rise to a high degree of reasonable expectation of respect of private life. This may include, for example, medical, biometric, genetic or financial information, or information about sexual life or orientation, religious beliefs or ethnic origin. [2]
1.3 Confidentiality incident: A confidentiality incident is the unauthorized access by law to personal information, the unauthorized communication of personal information by law, the loss of personal information or any other breach of protection of such information.[3]
2. Application
2.1 This Policy applies to the Corporation, which includes in particular members of staff (if applicable), the board of directors, volunteers, as well as any person who otherwise provides services for the account of the Corporation.
2.2 This Policy covers all types of personal information managed by the Corporation, whether it is information from potential or current users, consultants, staff members, members or any other persons (such as visitors to websites or other ).
2.3 Generally speaking, an individual’s professional or business contact information does not constitute personal information.
2.4 This Policy does not apply to personal information that is public by law. For example, company register, board or staff member and the following information: name, title, position, professional email address and workplace telephone number.[4]
3. Collection, possession, use and consent
3.1 In the course of its activities, the Corporation may collect different types of information for different purposes. At the time of collecting personal information, the Corporation informs the persons concerned of any information collected, the purposes for which it is collected, the means of collection and other information to be provided as required by law.
3.2 The Corporation collects only the information necessary to fulfill its intended purpose.
3.3 The Corporation may collect personal information indirectly by using third-party online registration services or via third-party service providers.
3.4 The Corporation must put in place measures to limit access to personal information only to staff members and people within its organization who have the authority to read it and for whom this information is necessary in the exercise. of their functions.
3.5 When collecting personal information, the Corporation requests authorization from the person concerned, unless an exception is provided for by law. This Policy may be consulted by the data subject at the time of collection of personal information.
3.6 The Corporation must also obtain the consent of the person concerned before collecting personal information from a third party, before communicating it to third parties or for any secondary use thereof. However, the Corporation may act without consent in certain cases provided for by law and under the conditions provided below:
• When this use is clearly for the benefit of this person;
• When necessary to prevent or detect fraud;
• When necessary to evaluate or improve protection and security measures.
3.7 The consent of the holder of parental authority must be requested for persons under 14 years of age.
4. Data security
4.1 The Corporation undertakes to put in place appropriate security measures to ensure the protection of the personal information it manages. Sensitive personal information must be subject to greater security measures and must be better protected.
4.2 The Corporation implements the necessary measures to impose constraints on the rights to use information systems so that only people who must have access to them are authorized to access them.
5. Cookies
5.1 The websites controlled by The Corporation use cookies in particular:
• To memorize visitor settings and preferences to allow monitoring of the current session.
• To know, for statistical purposes, the behavior of visitors, the content consulted and to enable the improvement of the website.
5.2 The websites controlled by the Corporation use the following types of cookies:
• Session cookies: They are stored in memory for the duration of the website visit only.
• Persistent cookies: They are kept on the computer until they expire and they are retrieved the next time you visit the site.
6. Other technological means used
6.1 Certain websites or applications of the Corporation use audience analysis tools, for example Google Analytics, in order to enable its continuous improvement. Audience analysis tools use cookies to generate statistical reports on the behavior of visitors to these websites and the content viewed.
6.2 Information from audience analysis tools is never shared by the Corporation, with the exception of suppliers involved in the management of the Corporation's sites and activities on the Internet.
6.3 The Corporation also collects personal information through technological means such as electronic forms and registration platforms.
6.4 If the Corporation collects personal information by offering a technological product or service that has privacy settings, the Corporation ensures that these settings offer the highest level of privacy by default.
7. Retention and destruction of personal information
7.1 The Corporation retains personal information for the period for which it was collected, unless a minimum retention period is required (e.g. through a memorandum of understanding).
7.2 Personal information used by the Corporation to make a decision relating to a person must be kept for a period of at least one year following the decision in question or even six years after the end of the fiscal year in which the decision was made. taken if it has tax implications, for example, the circumstances of an end of employment.
7.3 When personal information is no longer necessary, the Corporation ensures that it is destroyed or anonymized to use it for serious and legitimate purposes. The destruction of information by the Corporation must be done in a secure manner, to ensure the protection of this information.
7.4 The Corporation maintains an inventory of all types of personal information, including the purposes of collecting information and the locations of retention for all stakeholders and updates it on a regular basis according to the evolution of its activities.
8. Right of access, rectification and withdrawal of consent
8.1 To assert their rights of access, rectification or withdrawal of consent, the person concerned must submit a written request to this effect to the person responsible for the protection of personal information of the Corporation, at the email address indicated at the responsibility section of the Corporation.
8.2 Data subjects may request access to their personal information held by the Corporation and request its correction if it is inaccurate or incomplete. They may also demand the cessation of the dissemination of personal information concerning them or that any hyperlink attached to their name allowing access to this information by technological means be deindexed, when the dissemination of this information contravenes the law or to a court order. They can do the same, or even require that the hyperlink allowing access to this information be reindexed, when certain conditions provided for by law are met.
8.3 The Corporation's person responsible for the protection of personal information must respond in writing to these requests within 30 days of the date of receipt of the request. Any refusal must be reasoned and accompanied by the legal provision justifying the refusal. In these cases, the response must indicate the remedies under the law and the time limit for exercising them. The manager must help the applicant understand the refusal if necessary.
8.4 Subject to applicable legal and contractual restrictions, data subjects may withdraw their consent to the communication or use of the information collected. They can also ask the Corporation what personal information is collected from them, the categories of people within the Corporation who have access to it and their retention period.
9. Responsibilities of the Corporation
9.1 The person responsible for the protection of personal information of the Corporation is Francis Paquet. He is responsible for implementing this policy while general management ensures that it is known, understood and applied. In the event that these responsible persons are absent or unable to act, the person acting as general manager is responsible for the protection of personal information. If it is impossible for an interim person to fill these functions, the person serving as president of the Corporation is responsible for the protection of personal information.
9.2 Staff members and people with access to personal information must be able to identify where personal information is located, ensure its secure storage and ensure its destruction when requested.
9.3 For any request, question or comment within the framework of this Policy, please contact the person responsible by email: Francis Paquet, email patrimoine.adm@gmail.com.
10. Handling complaints
10.1 The Corporation undertakes to ensure that the responsible person treats any complaint received confidentially.
10.2 Any person who wishes to make a complaint relating to the application of this Policy must do so in writing by contacting the person responsible for the protection of personal information of the Corporation, at the email address indicated in the responsibility section of the Corporation.
10.3 The individual must indicate his name, email address and a telephone number to contact him, as well as the subject, reasons and relative details of his complaint, so that it can be evaluated by the Corporation. If the complaint made is not sufficiently precise, the person responsible for the protection of personal information may request any additional information that he or she deems necessary to be able to evaluate the complaint.
10.4 The person responsible for the protection of personal information has thirty (30) days to assess the nature of the complaint and formulate a written response by email to the complainant. This evaluation aims to determine whether the processing of personal information by the Corporation complies with this Policy, any other policies and practices in place within the organization and the applicable legislation or regulations.
10.5 In the event that the complaint cannot be processed within this period, the complainant must be informed of the reasons justifying the extension of the deadline, of the progress of the processing of his complaint and of the reasonable time necessary to be able to provide him with a definitive answer.
10.6 The Corporation must create a separate file for each complaint addressed to it. Each file contains the complaint, the analysis and documentation supporting its assessment, as well as the response sent to the person who made the complaint.
11. Publication and updating
This Policy is published on the Corporation's website. The update is carried out every three years or when the Board of Directors of the Corporation deems it necessary.
12. Entry into force and modifications
Adopted on November 27, 2023
[1]Definition taken from the video offered by the Coopérative de développement régional du Québec
https://www.youtube.com/watch?v=NBKTPIeyIzo
[2] Definition taken from the Quebec government website:
https://www.quebec.ca/politique/travailler-politique/travailler-travail-publique/services-employes-etat/conformite/protection-des-renseignements-personnels /definitions-concepts/lexicon
[3] Definition taken from the Quebec government website:
https://www.quebec.ca/politique/travailler-politique/travailler-travail-publique/services-employes-etat/conformite/protection-des-renseignements-personnels /definitions-concepts/lexicon
[4]Definition taken from the Government of Quebec on the website:
https://www.quebec.ca/politique/travailler-politique/travailler-entreprises-publique/services-employes-etat/conformite/protection-des-renseignements- personal/definitions-concepts/lexicon
The Corporation for the Conservation of the Heritage of Saint-Simon-les-Mines Inc. is a non-profit organization whose objective is to Protect, Enhance and animate the heritage of Saint-Simon-les-Mines, through the rich history of stronghold of Cumberland and its Anglican chapel.