Confidentiality and Use of Personal Information Policy
1. Introduction
The Villa Maria Fund understands and respects the importance of the personal information it handles as part of our activities and services. We have developed this Confidentiality and Use of Personal Information Policy (the “Policy”) to explain how we collect, use, keep, and communicate information concerning an individual and allow, directly or indirectly, to identify that person, like you. This Policy also describes your rights regarding the protection of your personal information and the means by which to exercise them.2. Who is responsible within Villa Maria for managing the handling of my personal information?
We are responsible for the personal information that we handle. We have appointed a person in charge of the protection of personal information (“PCPPI”) to supervise our conforming to the applicable legislation regarding protection of personal information, and to assist you should you have any questions concerning the same issue.
3. What is the contact information of our PCPPI?
For questions and/or comments about this Policy or the handling of your personal information, please contact the following person:
Marc-André Normandin
Director and Person in charge of the protection of personal information
Villa Maria Fund
4245 Decarie Boulevard
Montreal, Quebec
Canada H4A 3K4
Email: normandinm@villamaria.qc.ca
Telephone: (514) 484-4950, extension 7204
The following responsibilities rest with the PCPPI:
- cooperate with the Board of administration of the Villa Maria Fund for the updating of this Policy, any accompanying directives and of any other policy, notice or procedure relative to personal information;
- be the point of contact regarding demands addressed to the Villa Maria Fund relative to the protection of personal information, and ensure the handling of those demands.
4. What kind of personal information do we process?
The Villa Maria Fund may be required to process the following personal information:- identity and contact information: including your name, physical and electronic address, telephone number, date of birth, civil status, passport number, health insurance card number, educational and career pathways, or your tax status;
- employee file: including all pre-hiring information such as your CV, diplomas, reference letters, track record, all information stemming within the context of your employment such as your evaluations, your medical file; and personal information regarding your beneficiaries, and all post employment information;
- financial and payment information: including you bank account number and address and other relevant information for the processing of payments and fraud prevention, including credit/debit card numbers, your account statement and other related billing information;
- related information: including photos and video or audio content, your networks, social involvement, professional affiliations and family ties;
- profile and usage information: including passwords to access our website or platforms or password protected services, your communication preferences and information on how you are using our website, including the services that you have consulted or which you have researched, the pages response time, download errors, visit time of particular pages and interaction information (such as scrolling, clicks, rollovers). To know more on our use of cookies or similar technologies, please consult our Cookie Policy which you can access on our website;
- technical information: including information collected while visiting our website, IP (internet Protocol) address, login data, browser type and version, device type, time zone adjustment, types and versions of browser plug-ins, and operating systems and platform;
- physical access information: with details of your visits on the premises of our establishment;
- sensitive personal information: information that, due to its medical, biometric or otherwise intimate nature, or the context of its use or communication, entails a high level of reasonable expectation of privacy, for example the student’s image or voice, information relative to aid and prevention services offered by internal providers (drug addiction, sexuality, anxiety, family problems, conflicts, etc.), adapted path information for students with special needs.
5. For what purposes do we process your personal information?
The Villa Maria Fund processes the information that you communicate to us to manage our organization and to plan, coordinate and provide our services and for the conduct of our business, to administer and perform our activities, including fulfilling our obligations under any agreement between you and us. We only process the information necessary for that purpose. If we must use your personal information for purposes other than those described herein, we will obtain your consent beforehand, except under the circumstances listed in Section 9 below. The purposes for which we process your personal information are the following:- to fulfill any obligation arising from a concluded or eventual contract between you and us or to take any measure relative thereto, with you or your organization, including:
- to hire you as an employee or consultant;
- to provide and manage our services or other services or solutions, in accordance with your instructions or those of your organization;
- to run and manage our relationship with you, including accounting;
- to process payments, invoicing, and collecting;
- to the extent necessary to carry on our activities and pursue our legitimate interests, in particular:
- to provide our services and address any questions or concerns regarding our services;
- to ensure the monitoring and supervision of our employees;
- to analyze and improve our services and communications, including our activities on our website, and to monitor compliance with our policies and norms;
- to manage the access control to our premises and for security purposes;
- to ensure the security of our communications and other systems and to prevent and detect security threats, frauds and criminal or malicious activities;
- for insurance purposes;
- to collect information on your preferences in order to personalize and improve the quality of our communications with you;
- as needed to carry on promotional activities;
- as required to comply with our legal obligations or institute proceedings, in particular:
- to protect our rights and our safety and those of third parties;
- to comply with legal requirements and court orders;
- to institute proceedings and submit a defense within the context of court proceedings, arbitration or similar procedure;
- to communicate this information to consultants assisting us to conform to legal, accounting or safety requirements;
- as otherwise authorized by law.
- legal, medical or security reasons make it impossible to obtain your consent;
- The Villa Maria Fund is authorized or obliged to do so in accordance with the applicable legislation.
6. How do we collect your personal information?
We collect your personal information when you communicate with us verbally or in writing, or when you use our portal. We can also collect your personal information when you enroll at Villa Maria College, when your child(ren) enroll at Villa Maria College, when you are hired at Villa Maria College, when you register for events and communications, when you make a donation to our organization, regardless of the form of your donation, when you register as a volunteer for our organization, or when we provide services to you.
7. What happens if I do not provide my personal information?
When we must collect personal information pursuant to the law or in order to process your instructions or execute an eventual agreement or an existing contract with you, and you do not provide that personal information when asked for, we could be unable to execute your instructions or fulfill the contract entered into or which we are trying to conclude with you, in which case we will then inform you of this hindrance.
8. What is the extent of the personal information that we require?
We limit the personal information that we handle to what is necessary to manage our activities and carry out our educational mandate.
Do we share your personal information?
The Villa Maria Fund could share your personal information in the following circumstances and with the following recipients:- avec les membres de notre équipe professionnelle qui en ont besoiwith the members of our professional team who need it to ensure our service;
- confidentially with third parties for the purpose of collecting your comments on our service, of assisting us to measure our performance, to improve and promote our services;
- with government departments;
- with financial institutions;
- with courts of law, law enforcement agencies, regulatory bodies, government representatives, lawyers or other parties, when reasonably necessary to make, substantiate or contest a legal claim, or for a confidential out-of-court dispute resolution process;
- with service providers that we retain at the national level or abroad (for example shared services centers), to process on our behalf personal information in any of the above-mentioned circumstances and only in accordance with our instructions.
10. How long do we keep your personal information?
Since the duration of the period of time the personal information will be kept varies depending on the nature of the information and our applicable legal obligations, we keep a retention schedule of personal information. We invite you to contact our PCPPI for any question that concerns you.
11. How do we guarantee the exactness of your personal information?
The Villa Maria Fund makes reasonable efforts to ensure that your personal information is retained in such a way that it is as exact, complete, and up-to-date as possible. Unless necessary, we do not regularly update your personal information. In order to assist us update your information and ensure its accuracy you must inform us without delay of any change in the information that you provide us.
12. How do we protect your personal information?
The Villa Maria Fund is committed to protecting the confidentiality, integrity, and availability of your personal information. We take security measures that are common in the non-profit sector and adapted to the sensitivity of the information, including physical, organizational, and technological measures. Composed among these measures are the restricted access to offices, the training of personnel, the restricted access to information on the basis of the need-to-know principle, the use of passwords and our well-defined internal policies and practices.
As regards the information that you can communicate to us via our website or portal, and despite all the measures put in place, the transmission of data via the internet always carries a risk. Although we normally have recourse to encryption using Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”), it is your responsibility to ensure with your browser that the connection is encrypted, and that the SSL safety certificate is valid and reliable before you transmit information to us.
13. What are your rights?
In addition to what the law provides in this regard, if you have questions or concerns about the way in which we handle your personal information please discuss it with our PCPPI whose contact information appears in Section 3 above. More often than not, your concerns will thus be resolved quickly.
You may also a) submit a request for access to the personal information we process about you, or b) request correction or deletion of your personal information if it is incorrect or no longer relevant.
And you have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. You will be informed of the implications of such withdrawal.
14. How do we resolve your concerns?
Reports, concerns, complaints, or incidents that come to our attention and call into question a conduct likely to contravene this Policy shall be treated confidentially inasmuch as possible. However, the disclosure of some information may be necessary to adequately respond to the matters thus raised, facilitate the investigation, and implement solutions if required.
15. Process for reporting incidents and hierarchical assistance
We take any potential or real breach of personal information seriously.
You can express your concerns regarding the handling of your personal information directly to our PCPPI whose contact information appears in Section 3 above.
The PCPPI will call upon the appropriate level of management for assistance to solve the problem.
16. Prohibition of reprisals
We will not take reprisals against a person who, in good faith and on reasonable grounds, raises questions or concerns regarding personal information.
17. Monitoring mechanisms/supervision
On access to information and the protection of personal information the Villa Maria Fund’s Board of administration conducts periodical reviews of incidents and problems signaled through the process for reporting incidents and hierarchical assistance, this in order to identify and solve systemic problems.
18. Roles and responsibilities
The Villa Maria Fund must ensure that its employees fully comply with the law, this Policy and with any accompanying directives.
19. The law prevails
The provisions of the law regarding the collection, keeping, use and communication of personal information take precedence over this Policy.
20. Coming into effect and amendment of this Policy
This Policy comes into effect on January 12, 2024, and replaces all previous versions.
The Villa Maria Fund reserves the right to interpret this Policy at its sole discretion.
The protection of personal information legislation continues to evolve and, consequently, we can amend this Policy occasionally, at our sole discretion, without forewarning you nor engaging our responsibility towards you or any other person. The processing of your personal information shall be governed by the version of this Policy that will be in effect at that time and for which a notice of amendment will then be published on the Villa Maria Fund website.