POLITIQUE CONCERNANT LA PROTECTION ET L’ACCÈS AUX RENSEIGNEMENTS PERSONNELS DES MEMBRES
Effective May 11, 2021
A) LEGAL FRAMEWORK
1. This policy details the organization's application of the provisions of the Act respecting the protection of personal information in the private sector (RLRQ, c. P-39.1) as of July 1, 2020.
B) SCOPE OF APPLICATION
2. This policy applies to personal information submitted by members to the organization.
C) PERSONAL INFORMATION
3. Personal information is information about an individual that identifies the person. For example, personal information about a member includes name, gender, age, telephone number, mailing address and email address.
4. Unless authorized by the Act, no personal information shall be collected without the prior consent of the member concerned by the collection, use and disclosure of their personal information. It is agreed that a person with parental authority may consent on behalf of his or her child.
5. Where a member consents, their personal information will be used by the organization only for the purposes set out in this policy. If the member refuses to give consent, then the organization will only use the member's personal information for the purpose of communicating with them, and will not disclose the information to anyone else, except where an exception exists in the Act. In the event that a member does not indicate whether or not they consent, the mere submission of their personal information to the organization constitutes consent to the use of their personal information for the specific purposes of this policy.
6. The member may notify the organization at any time that they wish to withdraw their consent for the use and disclosure of their personal information in accordance with this policy. The member understands and agrees that this may prevent the organization from providing them with certain services.
7. The organization collects from each member concerned, electronically, verbally or in writing, the personal information that is necessary to fulfill the objectives and mandate given to the organization, which may be described as follows :
a. Communicate with members and identify their needs and expectations
b. To provide its members with products, services and information;
c. Enable affiliated organizations and suppliers to provide members with products, services and information;
d. Manage member relations;
e. Comply with legal or regulatory obligations;
8. The use of personal information is limited to the purposes described in the policy.
F) DISCLOSURE OF PERSONAL INFORMATION
9. Except as authorized by this policy and as and when permitted by law, the organization maintains the confidential nature of all personal information obtained from its members.
10. The organization may, from time to time, share its membership list with corporate partners. A nominal list includes the names, telephone numbers, mailing addresses and emails of members, if the following conditions are met:
a. The legal entity has a contract with the partner to whom it shares the name list. This contract states that the information will only be used for marketing or philanthropic prospective purposes;
b. The member has been given a meaningful opportunity to decline to have his or her personal information shared in this manner;
c. The disclosure of the name list does not otherwise violate the privacy of the member.
11. The organization may also disclose the personal information of its members to any person who is party to a service contract with the organization who has standing to know such personal information, provided that the disclosure of the personal information is necessary for the performance of its contract.
12. The organization shall ensure that any personal information provided by its members and in its possession is accurate, current and as complete as is necessary for the purposes for which the organization uses the information. If the organization discovers that the information is inaccurate, incomplete or out of date, it will contact the member to obtain the updated personal information and, if necessary, arrange for the third parties to whom the inaccurate information was provided to also correct their records.
13. The organization retains personal information only as long as necessary for the reasons it was collected. This period may be extended after the termination of the relationship between the member and the organization, but only for so long as it is necessary for the organization to contact the member, if at all. When the organization no longer requires the member's personal information, it will be destroyed, deleted, erased or converted to an anonymous form.
H. PROTECTION OF PERSONAL INFORMATION
14. The organization is committed to maintaining adequate physical, procedural and technical security at its offices and storage for personal information to prevent unauthorized access, disclosure, copying, use or modification of its members' personal information. This principle also applies to computer security, in the event that personal information is stored electronically, and to the manner in which the organization disposes of or destroys personal information.
15. Only the persons duly identified by the organization are authorized to access and process personal information entrusted by members.
16. The organization shall conduct regular audits of security procedures and measures.
I. ACCESS AND RECTIFICATION
17. Tout membre peut demander l’accès aux renseignements personnels le concernant, peut faire corriger dans un dossier qui le concerne des renseignements inexacts, incomplets ou équivoques, peut aussi faire supprimer un renseignement personnel périmé ou non justifié par l’objet du dossier.
18. The organization that holds a record of personal information about a member must, unless there is a legal contraindication, confirm the existence of the record to the member and disclose the personal information contained in the record that concerns them.
19. The organization shall respond to any request for an access or rectification of a member's file no later than thirty (30) days after receipt of the request.
20. An organization that refuses to grant a member's request for access or rectification must notify the member in writing of its refusal, explaining the reasons for the refusal and indicating what recourse the member has.
21. A member whose request for access or rectification of personal information has been denied by the organization may submit a request for a disagreement review in writing to the Access to Information Commission within thirty (30) days of the denial of the request, outlining the reasons supporting the request for a disagreement review.
22. The organization will not charge a member for verifying or correcting their personal information.
J. CHANGE IN POLICY
23. This policy is the responsibility of the organization's Board of Directors. The organization reserves the right to modify or supplement this policy at any time without notice. Any new version will be adopted and made available in a timely manner.
K. IMPLEMENTATION OF THE POLICY
This present policy will become effective upon its adoption by the Board of Directors.
To download this policy in PDF format: Click here