Do you have questions about how we look after your data? Do not hesitate to contact us via our contact us page to let us know.
Privacy Policy
Do you have questions about how we look after your data? Do not hesitate to contact us via our contact us page to let us know.
1) OBJECTIVES
The purpose of this policy is to regulate Domaine de Rouville inc. doing business under the name Domaine International de Rouville (hereinafter “Domaine International de Rouville”) both when collecting personal information through technology including identification, location or profiling functions , only when using personal information. It requires the Domaine International de Rouville to take all necessary measures to mitigate the risks of infringement of the right to privacy of citizens, under articles 35 to 40, addressing respect for privacy, as well as to article 1525 of the Civil Code of Quebec1 on solidarity between debtors of an obligation contracted for the service or operation of the business.
2) SCOPE
This policy applies to all company personnel, and at all hierarchical levels, particularly in situations requiring communication by any technological means whatsoever. It aims to comply with Law 252 which modernizes the provisions regarding the protection of information, by making the legislative provisions more adapted to dealing with new technologies and the changes of the digital age.
3) DEFINITIONS
3.1. Law 25 regarding the protection of personal information 3.2. Intelligence
Refers to the Act to modernize legislative provisions regarding the protection of personal information3, which was assented to on September 22, 2021, with entry into force scheduled for September 22, 2022 and 2023. This law amends the Personal Information Protection Act. personal information in the private sector4.
3.2. Intelligence
The Act respecting the protection of personal information in the private sector defines this term as follows: “Personal information is any information that concerns a natural person and allows them to be identified” 5.
3.3. Responsible for the protection of personal information
Refers to the person who, within the company, has the highest authority and who must therefore ensure compliance and implementation of this policy. This role is, by default, assigned to the chief executive officer of a company, who has the possibility of partially or entirely delegating his responsibilities to the person responsible for the protection of personal information.
3.4. Profiling
Means the collection and use of personal information to evaluate certain characteristics of a natural person, in particular for the purposes of analyzing job performance, economic situation, health, personal preferences , interests or behavior of this person.
3.5. Privacy incident
By this we mean: 1° access not authorized by law to personal information; 2° the unauthorized use of personal information by law; 3° the unauthorized communication of personal information by law; 4° the loss of personal information or any other attack on the protection of such information.
4) POLICY STATEMENT
- Domaine International de Rouville undertakes to take reasonable means to: o Provide a working environment aimed at protecting and respecting the personal data of its clients;
- Mitigate the risks of violating citizens' right to privacy;
- Establish policies governing the governance of personal information and publish detailed information on its website;
- Disseminate the policy so as to make it accessible to all staff;
- In the event of a confidentiality incident, keep a log of incidents and take measures as quickly as possible to reduce the risk of harm being caused to the persons concerned;
- Notify the Commission for Access to Information (hereinafter the “Commission”) established by section 103 of the Act respecting access to documents held by public bodies and the protection of personal information7 and the persons concerned of any incident presenting a risk of serious harm;
- Disclose in advance to the Commission the verification or confirmation of identity made by means of biometric characteristics or measurements;
- Take reasonable measures to limit the risk of harm and prevent the recurrence of such accidents;
- Designate a person responsible for the protection of personal information and publish their title, as well as their contact details on their website;
- Offer the highest confidentiality of personal information by default;
- Respect the new framework applicable to the communication of personal information without the consent of the person concerned, as part of a commercial transaction or for the purposes of study, research or production of statistics.
5) NEW OBLIGATIONS TO BE COMPLIED WITH REGARDING OUTSOURCING AND CROSS-BORDER TRANSFERS
Domaine International de Rouville undertakes to:
− Indicate the categories of service providers to whom personal information may be transmitted.
− Mention that personal information could be transferred outside Quebec.
− Communicate personal information to their service providers without the consent of the individuals, provided that a written agreement providing for specific protection measures is entered into between the two parties.
6) SPECIFIC INFORMATION TO BE MADE AVAILABLE TO THE PUBLIC
When collecting personal information, Domaine International de Rouville undertakes to make available, in simple and clear terms:
− The objectives of the collection;
− The means of collection;
− Rights of access and rectification;
− The right of the person to withdraw their consent to the use of the information collected.
7) ASSESSMENT OF PRIVACY FACTORS
Domaine International de Rouville undertakes to carry out an evaluation with regard, in particular, to:
− Any information system acquisition, development and overhaul project;
− Electronic provision of services involving the collection, use, communication, retention or destruction of personal information.
8) RESPONSIBILITIES OF THE PERSONAL INFORMATION PROTECTION MANAGER
His responsibilities include: −
Implementation and publication of policies and practices relating to the protection of personal information;
− Carry out privacy impact assessments;
− Implement privacy requirements.
9) RESPONSIBILITIES OF SERVICE PROVIDERS (THIRD PARTIES)
Suppliers undertake to:
− Describe measures taken to guarantee the confidentiality of personal information obtained;
− Certify to use the information obtained only for the purposes of providing services and not to retain this information after the expiration of the contract;
− Inform the Privacy Officer without delay of any violation or attempted violation of the confidentiality of the information and allow the Privacy Officer to carry out any verification relating to confidentiality requirements.
10) NEW RIGHTS GRANTED TO INDIVIDUALS REGARDING THEIR PERSONAL INFORMATION:
The person who collects personal information from the person concerned must, upon collection and subsequently upon request, inform them:
− The purposes for which this information is collected;
− The means by which the information is collected;
− Rights of access and rectification provided for by law;
− Their right to withdraw their consent to the communication or use of the information collected.
In the event of collection of personal information by a technology which makes it possible to identify, locate or carry out profiling of the persons concerned, Domaine International de Rouville must inform them in advance so that they can give informed consent to such collection. and explain to them how to enable such features once they have given consent.
11) CONSENT NOT NECESSARY
Personal information may, however, be used for another purpose without the consent of the person concerned in the following cases only:
− When its use is for purposes compatible with those for which it was collected;
− When its use is clearly for the benefit of the person concerned;
− When its use is necessary for the purposes of preventing and detecting fraud or evaluating and improving protection and security measures;
− When its use is necessary for the purposes of supplying or delivering a product or providing a service requested by the person concerned;
− When its use is necessary for study, research or statistical production purposes and it is depersonalized.
12) MINORS UNDER 14 YEARS OF AGE
Obtaining consent from the holder of parental authority or guardian for the collection, use or communication of personal information concerning a minor under 14 years of age is non-negotiable.
13) RULES FOR COMMUNICATION OF PERSONAL INFORMATION TO FACILITATE THE MOURNING PROCESS
Domaine International de Rouville undertakes to respect the right to be forgotten, in particular by considering a request for written access or rectification made by a data subject.
APPENDIX 1 – PERSONAL INFORMATION PROTECTION MANAGER DESIGNATED BY THE EMPLOYER
Domaine International de Rouville
− will ensure that the designated responsible person will be duly trained and have the necessary tools at their disposal for processing and following up on the complaint or report;
− will free up working time so that the designated responsible person can carry out the functions assigned to them.
The following person is designated to act as responsible for the application of the Personal Information Protection Policy of Domaine International de Rouville:
ISABELLE LACOSTE, deputy director of Domaine de Rouville inc.
This responsible person must mainly:
− Inform staff about the company's policy regarding the protection of personal information;
− Receive complaints and reports;
− Recommend the nature of the actions to be taken to stop the harassment;
− Carry out privacy impact assessments;
− Implement privacy requirements.
Commitment of the responsible person
I hereby declare my commitment to respect this policy and I assure that my intervention will be impartial, respectful and confidential.
Isabelle Lacoste
Deputy Director
isabelle@domaineinternationalderouville.com