Privacy and Data Policy
Privacy and Data Policy
1. Context
The purpose of this policy is to ensure the protection of personal information and to govern the way PRORAM collects, uses, communicates, retains and destroys it or otherwise manages it. In addition, it is intended to inform all interested parties of the way PRORAM handles their personal information. It also covers the processing of personal information collected by PRORAM through technological means.
2. Application and Definitions
This policy applies to PRORAM, including, without limitation, its directors, employees, consultants, volunteers and any person who otherwise provides services on behalf of PRORAM. It also applies to PRORAM's website, as well as all websites controlled and maintained by PRORAM.
It applies to all types of personal information managed by PRORAM, whether it be information about its customers, potential or actual, its consultants, its employees, its members or any other person (such as website visitors or other).
For the purposes of this Privacy and Data Policy, personal information is any information about someone that directly or indirectly allows that person to be identified. Examples include name, address, e-mail address, telephone number, gender, banking information, health information, ethnic origin, language, etc.
Sensitive personal information is information pertaining to a high reasonable expectation of privacy, e.g., health information, banking information, biometric information, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc. Sensitive personal information is information about which there is a high reasonable expectation of privacy.
Generally speaking, an individual's professional or business contact information does not constitute personal information, such as an individual's name, title, address, e-mail address or business telephone number. More specifically, under Quebec's Act respecting the protection of personal information in the private sector, and as of September 22, 2023, section 3 (collection, use, communication), 4 (retention and destruction) and 6 (data security) do not apply to an individual's information relating to the exercise of a function within an enterprise, such as name, title, function, as well as address, e-mail address and telephone number at work.
These same paragraphs do not apply to personal information that is public by law, as of the effective date of this policy.
3. Collection, Use and Communication
During its activities, PRORAM may collect different types of information for different purposes. The types of information PRORAM may collect, its use (or intended purpose) and how the information is collected are, for the most part, personal information managed by PRORAM such as personal information of employees, job applicants and consultants, or prospective customers.
PRORAM will also inform individuals, at the time of collection of personal information, of any other information collected, the purposes for which it is collected and the means of collection, in addition to any other information to be provided as required by law.
PRORAM applies the following general principles to the collection, use and disclosure of personal information:
Consent:
In general, PRORAM collects personal information directly from the person concerned and with his or her consent, unless an exception is provided for by law. Consent may be implied in certain situations, for example, when the individual decides to provide his or her personal information after having been informed by this policy of the use and disclosure for the purposes indicated herein (see Appendix A for more details). Thus, this policy and the information it contains will be available to the person concerned at the time personal information is collected.
Normally, PRORAM must also obtain the consent of the person concerned before collecting his or her personal information from third parties, before communicating it to third parties or for any secondary use thereof. However, PRORAM may act without consent in certain cases provided for by law and under the conditions set forth therein. The main situations in which PRORAM may act without consent are indicated in the relevant sections of this policy.
Collection:
In all cases, PRORAM will only collect information if it has a valid reason to do so. In addition, data collection will be limited to that which is necessary to fulfill the purpose for which it is collected.
Please note that PRORAM's services and programs are not intended for minors, and more generally, PRORAM does not intentionally obtain personal information about minors (in such cases, information cannot be collected from them without the consent of a parent or guardian).
Collection from third parties. PRORAM may collect personal information from third parties. Unless an exception is provided for by law, PRORAM will seek the consent of the individual concerned before collecting personal information about him or her from a third party. If such information is not collected directly from the individual, but from another organization, the individual may request the source of the information collected from PRORAM.
In certain situations, PRORAM may also collect personal information from third parties, without the consent of the person concerned, if it has a serious and legitimate interest in doing so and a) if the collection is in the interest of the person and it is not possible to collect it from him or her in a timely manner, or b) if such collection is necessary to ensure that the information is accurate.
PRORAM may also collect personal information indirectly, in particular by using Wix to design the website, which has its own terms, conditions, and privacy policy, which can be consulted for further information.
This collection through third parties may be necessary to use certain services or programs, or to otherwise do business with PRORAM. Where required, PRORAM will obtain consent at the appropriate time.
Holding and Use:
PRORAM ensures that the information it holds is up to date and accurate at the time it is used to decide concerning the person concerned.
PRORAM may only use an individual's personal information for the purposes identified herein or for any other purposes provided at the time of collection. If PRORAM wishes to use this information for another reason or purpose, a new consent must be obtained from the person concerned, which must be obtained expressly if the information is sensitive personal information. However, in certain cases provided by law, PRORAM may use the information for secondary purposes without the individual's consent, e.g.:
-
When such use is clearly for the benefit of that person.
-
When necessary to prevent or detect fraud.
-
When necessary to evaluate or improve protection and safety measures.
Limited access: PRORAM shall implement measures to limit access to personal information only to the employees and individuals within PRORAM's organization who have a right to know the information and for whom the information is necessary in the performance of their duties. PRORAM will seek the consent of the individual before granting access to any other person.
Communication:
Generally, and unless an exception is indicated in this policy or otherwise provided for by law, PRORAM will obtain the consent of the person concerned before disclosing his or her personal information to a third party. In addition, where consent is required and where sensitive personal information is involved, PRORAM will obtain the individual's express consent prior to disclosing the information.
However, disclosure of personal information to third parties is sometimes necessary. Thus, personal information may be communicated to third parties without the consent of the person concerned in certain cases, including, but not limited to, the following:
PRORAM may communicate personal information, without the consent of the person concerned, to a public body (such as the government) which, through one of its representatives, collects it in the exercise of its powers or the implementation of a program under its management.
Personal information may be transmitted to service providers to whom it is necessary to communicate the information, without the consent of the individual. For example, these service providers may be event organizers, PRORAM subcontractors designated to carry out mandates in PRORAM-administered programs, and cloud service providers. In these cases, PRORAM must have written contracts with these suppliers that specify the measures they must take to ensure the confidentiality of the personal information communicated that the use of this information is made only within the framework of the execution of the contract and that they may not retain this information after its expiry. In addition, these contracts must provide that suppliers must notify PRORAM's Privacy Officer (indicated in this policy) of any breach or attempted breach of confidentiality obligations concerning the personal information communicated and must allow this officer to carry out any verification relating to this confidentiality.
If necessary for the purpose of concluding a commercial transaction, PRORAM may also communicate personal information, without the consent of the person concerned, to the other party to the transaction and subject to the conditions provided by law.
Disclosure outside Quebec: It is possible that personal information held by PRORAM may be disclosed outside Quebec, for example, when [company name] uses cloud service providers whose server(s) are located outside Quebec or when PRORAM deals with subcontractors located outside the province.
Additional Information on the Technologies Used:
Use of cookies
Cookies are data files sent to the visitor's computer by their Web browser when they visit a website and can be used for several purposes.
The websites controlled by PRORAM use cookies, in particular:
To memorize visitors' settings and preferences, e.g., for language selection, and to enable tracking of the current session.
For statistical purposes, to track visitors’ behaviour and content, and to help improve the website.
The websites controlled by PRORAM use the following types of cookies:
Session cookies: These are temporary cookies that are stored only for the duration of your visit to the website.
Persistent cookies: These are kept on the computer until they expire and are retrieved the next time the site is visited.
Some cookies may be disabled by default and visitors may choose whether to enable these functions when visiting PRORAM websites.
It is also possible to activate and deactivate the use of cookies by changing the preferences in the settings of the browser used.
Google Analytics
The PRORAM website may use Google Analytics to allow its continuous improvement. Google Analytics makes it possible to analyze how a visitor interacts with a website. Google Analytics uses cookies to generate statistical reports on the behaviour of visitors to these websites and the content consulted.
Information from Google Analytics will never be shared by PRORAM with third parties.
You can install an Opt-out browser add-on to deactivate Google Analytics.
Other technologies Used
PRORAM may also collect personal information through technological means such as a Web form integrated into the website, controlled by Wix.
4. Retention and Destruction of Personal Information
Unless a minimum retention period is required by applicable law or regulation, PRORAM will retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected.
Personal information used by PRORAM to decide about an individual must be kept for a period of at least one year following the decision in question or even seven years after the end of the fiscal year in which the decision was made if it has tax implications, for example, the circumstances of a termination of employment.
At the end of the retention period or when personal information is no longer required, PRORAM will ensure to:
-
Destroy it or anonymize it (i.e., the data no longer irreversibly identify the individual and it is no longer possible to establish a link between the individual and their personal information) and use it for serious and legitimate purposes.
The destruction of information by PRORAM must be done in a secure manner to ensure the protection of this information.
This section may be supplemented by any policies or procedures adopted by PRORAM regarding the retention and destruction of personal information, if any. Please contact PRORAM's Privacy Officer (identified in this policy) for further information.
5. PRORAM's Responsibilities
In general, PRORAM is responsible for protecting the personal information it holds.
PRORAM's Privacy Officer is the organization's Director of Operations. In general, he or she is responsible for ensuring compliance with applicable legislation concerning the protection of personal information. The person in charge must approve the policies and practices governing the governance of personal information. More specifically, this person is responsible for implementing this policy and ensuring that it is known, understood and applied. In the event of the absence or inability to act of the Privacy Officer, the President of PRORAM will assume the duties of the Privacy Officer.
PRORAM employees who have access to personal information or are otherwise involved in its management must ensure its protection and comply with this policy.
The roles and responsibilities of PRORAM's employees throughout the life cycle of personal information may be specified by any other PRORAM policy in this regard, if applicable.
6. Data Security
PRORAM is committed to implementing reasonable security measures to ensure the protection of personal information under its control. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium and sensitivity of the information. This means that information that may be considered sensitive (see definition in section 2) will require more stringent security measures and greater protection. In particular, and in line with what was mentioned above concerning limited access to personal information, PRORAM must put in place the necessary measures to impose constraints on the rights of use of its information systems so that only employees who need to have access to them are authorized to do so.
7. Rights of Access, Amendment and Withdrawal of Consent
To exercise his or her right of access, rectification or withdrawal of consent, the person concerned must submit a written request to that effect to PRORAM's Privacy Officer, at the e-mail address indicated in the following section.
Subject to certain legal restrictions, individuals may request access to, and correction of their personal information held by PRORAM if it is inaccurate, incomplete or equivocal. They may also request that PRORAM cease disseminating personal information about them, or de-index any hyperlink attached to their name allowing access to this information by a technological means, when the dissemination of this information contravenes the law or a court order. They may do the same or require that the hyperlink providing access to this information be reindexed, when certain conditions provided for by law are met.
PRORAM's Privacy Officer must respond to such requests in writing within 30 days of receipt of the request. Any refusal must be substantiated and accompanied by the legal provision justifying the refusal. In such cases, the response must indicate the remedies available under the law and the deadline for exercising them. If necessary, the person in charge must help the applicant understand the refusal.
Subject to applicable legal and contractual restrictions, data subjects may withdraw their consent to the disclosure or use of the information collected.
They may also ask PRORAM what personal information is collected from them, what categories of people at PRORAM have access to it and how long it is kept.
8. Complaints Handling Process
Reception
Any person who wishes to make a complaint regarding the application of this policy or, more generally, regarding the protection of his or her personal information by PRORAM, must do so in writing by contacting PRORAM's Privacy Officer at the e-mail address indicated in the following section.
The individual will be asked to provide his or her name, contact information, including a telephone number, as well as the subject and reasons for the complaint, in sufficient detail to enable PRORAM to assess the complaint. If the complaint is not sufficiently precise, the Privacy Officer may request any additional information he or she deems necessary to assess the complaint.
Processing
PRORAM undertakes to process all complaints received confidentially.
Within 30 days following receipt of the complaint or following receipt of all additional information deemed necessary and required by PRORAM's Privacy Officer to process it, the latter shall evaluate it and deliver a reasonable written response by e-mail to the complainant. The purpose of this assessment will be to determine whether PRORAM's handling of personal information complies with this policy, any other policies and practices in place within the organization, and applicable legislation or regulations.
If the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons for the extension, the progress made in processing the complaint and the reasonable time required to provide a definitive response.
PRORAM must keep a separate file for each complaint it receives. Each file contains the complaint, the analysis and documentation supporting its assessment, as well as the response sent to the person who filed the complaint.
You may also file a complaint with the Commission d'accès à l'information du Québec or any other privacy oversight body responsible for the application of the law concerned by the subject of the complaint.
However, PRORAM invites any interested party to first contact its Privacy Officer and wait until PRORAM has completed its processing.
9. Approval
This policy is approved by PRORAM's Privacy Officer, whose business contact information is as follows:
Responsible for the protection of personal information:
Vittoria Lepanto
4048 Dagenais West
Laval, Quebec H7R 1L2
Tel: 450-664-0524
Fax: 450-664-5187
For all requests, questions or comments regarding this policy, please contact the person in charge by e-mail.
10. Publication and modifications
This policy is published on PRORAM's website, as well as on all websites controlled and maintained by PRORAM, to which this policy applies, with respect to the personal information collected therein. This policy is also disseminated by any means suitable for reaching the people concerned.
PRORAM must also do the same for all amendments to the present policy, which must also be notified to the people concerned.