Introduction
Sunbelt is committed to protecting the personal information entrusted to us.
This policy describes our practices for managing and protecting personal information and confidential information concerning data and information related to the activities of website users.
The policy covers the entire life cycle of personal information, from collection to destruction, in accordance with legal requirements and good privacy practices.
Management and use
General definitions
Privacy
Confidentiality is defined by the International Organization for Standardization as “ensuring that information is accessible only to those to whom access is authorized”.
Confidential information
Any information that must be treated with discretion and confidentiality, but that does not explicitly identify an individual.
Some work tools provide necessary support for intervention with members and are not intended to be passed on, but could be used to support the drafting of formal reports, which would themselves become personal information.
Personal information
For the purposes of this policy, personal information is that which relates to a natural person and allows that person to be identified. It is confidential and cannot be communicated without the consent of the person concerned or the authorized person.
Personal information differs from professional information about an individual in the performance of his or her duties, which is public information and is not considered confidential.
Data collection
Information collected
The following is a non-exhaustive list of the personal information collected by Sunbelt and the purpose for which it is collected. Only relevant and necessary information related to the organization’s mission or required by law is collected.
- Contact information: name, telephone number, mailing address and e-mail address to contact a member, family, resource, volunteer, etc.
- Bank details: as needed for computer payments, donations and employee records.
- Date of birth: to mark anniversaries or for the Registraire des entreprises du Québec.
- Medical, functional autonomy and behavioral information: essential for the safety of members and employees during activities.
- Network: to coordinate services between the various players in the support network surrounding a member (e.g. curator, professional, other organization, etc.).
- Criminal record: to provide an extra measure of security for members who are vulnerable adults.
Collection methods
With consent
Personal information is collected with manifest, free, informed consent given for specific purposes, unless the applicable law provides for an exception to this principle.
Manifest
Consent must be clearly conveyed.
Free
Consent must be given without constraint.
Illuminated
The individual must be sufficiently informed to understand the scope of his or her consent.
Given for specific purposes
For the duration necessary to achieve the purposes for which consent was initially requested.
The form of consent may vary according to circumstances and the type of information collected. It is ideally explicit (verbal or written), but can also be implicit (reasonably inferred from an action or inaction). Refusal to disclose personal information to the organization may hinder the provision of the requested service.
To the person concerned
Personal information is collected directly from the person concerned, for example by telephone, e-mail or via the newsletter registration form on the website.
Usage
Confidentiality and discretion
Any person in possession of personal or confidential information within Sunbelt is required to respect the confidentiality of such information. This information is shared only when necessary and relevant, and with discretion and respect for the person concerned.
In this regard, all persons must:
- respect people’s privacy;
- know how to keep sensitive information from people who confide in her;
- not divulge personal or confidential information obtained within Sunbelt.
Sharing
In the course of their duties, people involved with Sunbelt may need access to personal or confidential information, but such access must be necessary and justified.
In-house
- Contact details: these are available to the work team for communicating with the appropriate and authorized persons.
External
Personal information is disclosed outside Sunbelt only with consent and for intervention in the context of the mission. Should such a situation arise, only the information that is relevant and necessary to this intervention will be disclosed, unless otherwise specified by applicable law.
Some of Sunbelt’s third parties are Mailchimp and Calendly.
These third parties, as well as third parties whose hyperlinks can be found on the Sunbelt Web site, have their own privacy policies – for more information, please contact them directly. Sunbelt will not sell or market the personal information collected.
Safety measures
Sunbelt protects the personal information entrusted to us against loss, theft, unauthorized access or use. The means used are administrative, technical and physical.
The following is a non-exhaustive list of the security measures taken by Sunbelt.
- Ensure that information exchanges take place in a place that is conducive to confidentiality.
- Storage facilities, whether paper or digital, are adequately secured.
- Employees are regularly trained in good data security practices and the importance of established procedures.
- The list of personal information collected is up to date, and the degree of sensitivity of each item has been established.
Storage and destruction
Personal information is retained only as long as necessary for the purposes for which it was collected, in accordance with applicable laws. Obsolete or inactive information is destroyed.
- Retention: secure storage of personal information for the required length of time.
- Deletion: action of completely erasing data, making it unavailable and irretrievable.
- De-indexing: removal of information from search engines, making it less visible, but still indirectly accessible.
Storage/hosting
The personal information we collect is stored in secure environments, whether in paper or digital form, in accordance with legal requirements and best data protection practices.
Retention: Personal information is stored securely for the period necessary to fulfill the purposes for which it was collected. Access to this information is strictly limited to authorized employees who require access to perform their duties in connection with our services.
Digital hosting: Digital data is hosted on secure servers located in professional data centers. We take technical and organizational measures to protect this data from unauthorized access, disclosure, alteration or destruction.
Destruction: At the end of the appropriate retention period, or at the request of the individual concerned, personal information is securely destroyed. Personal information on paper is shredded, while digital information is deleted in such a way that it cannot be recovered or reconstituted.
Request for deletion: If an individual wishes to have his or her personal information deleted from our systems before the end of the usual retention period, he or she may make a request by following the procedure described in the “Request for access” section.
Destruction
If no specific request is made to Sunbelt, the procedure for destroying personal information is as follows: a destruction schedule is established based on the retention period for each category of personal information, and destruction is carried out in such a way that the personal information cannot be recovered or reconstituted.
- Personal information on paper is shredded.
- Digital personal information is removed from devices (computers, phones, tablets, external hard drives), servers and cloud tools.
If you wish to destroy personal information outside the destruction schedule, please follow the access request procedure below and indicate the reason why deletion or de-indexation is requested.
Access request
Submitting an access request
To access personal information, the person concerned or the authorized person must submit a written request to the company’s Privacy Officer identified at the end of this policy.
The request may be sent by e-mail or regular mail, and must contain sufficient information to validate the identity of the person making the request as well as the information sought.
Possible information to be obtained is as follows:
- the personal or confidential information collected from the person concerned or the authorized person;
- the categories of persons who have access to this personal information within the organization;
- how long personal information is kept.
Sunbelt is responsible for ensuring the portability of personal information that will be transmitted, i.e. transmitting it in a structured and commonly used technological or printed format, such as photocopies or scanned documents.
Processing your request
For security reasons, the company will verify the identity of the person making the request in a reasonable manner before granting the request, which will be processed within thirty (30) days of receipt.
Before releasing personal information, the person in charge will examine the information to ensure that it does not contain any third-party information that is confidential or likely to infringe other rights.
Once the verifications have been completed, the information will be communicated within a reasonable timeframe by electronic means, secure postal mail or in person.
If an access request is incomplete or excessive, the Privacy Officer will contact the person concerned or the authorized person for additional information or clarification. Requests that are abusive, excessive, unjustified or subject to legal restrictions will be refused.
All steps in the access request process must be recorded accurately and completely.
Handling complaints
If the person making the request is dissatisfied with the response to the access request, he or she may contact the Privacy Officer again.
Complaints may be sent by e-mail or regular mail, and must contain sufficient information to identify the complainant and the reason for the complaint.
Complaints that are frivolous, defamatory or without obvious merit will be rejected.
The Privacy Officer conducts a thorough investigation by gathering evidence, interviewing the parties involved and collecting all relevant documents, while maintaining the confidentiality of information related to the complaint.
Appropriate solutions are then presented as soon as possible, such as coercive measures, financial compensation or any other action required to satisfactorily resolve the complaint.
Once the complaint has been resolved, the Privacy Officer provides a written response to the complainant, summarizing the measures taken and the proposed solutions.
All steps in the complaint handling process must be recorded accurately and completely.
If dissatisfaction persists following these steps, the complainant may contact the Commission d’accès à l’information directly.
Security incident management
Sunbelt is responsible for keeping a formal register and for implementing the following procedures and obligations in the event of an incident affecting the confidentiality of personal information.
Incident handling
The person responsible for protecting personal information takes cognizance of the privacy incident and determines the level of risk of harm (sensitivity of the information concerned, apprehended consequences of its use, likelihood that it will be used for harmful purposes).
If the analysis determines that the risk is critical or serious, the Privacy Officer notifies the Commission de l’accès à l’information and the persons concerned by the incident.
If the analysis determines that the risk is significant, minor or negligible, the Privacy Officer initiates work to reduce the risk and prevent a similar incident from occurring in the future.
In case of doubt or uncertainty, the Commission d’accès à l’information will be contacted for specific guidelines.
Modification and acceptance
Modification conditions
This privacy policy can be consulted at any time at sunbeltlaval.ca.
Sunbelt may modify it in order to ensure its compliance with current legislation. Please consult this privacy policy regularly for any updates.
Acceptance of the privacy policy
By browsing the site, you acknowledge that you have read and understood this privacy policy and agree to its terms, particularly with respect to the collection and processing of personal information and the use of cookies.
Contactez Us
If you have any questions about this privacy policy, you can contact us :
- By email: laval@sunbeltcanada.com
- By phone: 450-669-2945
The person responsible for personal information is Bernice Ting. All requests or complaints regarding personal information should be sent by mail to the following address: laval@sunbeltcanada.com
Protection of personal information Officer
- Bernice Ting, Vice-President at Sunbelt
- Address: 3994A Boul. Saint-Martin O. Laval, QC H7T 1B8
- Email: laval@sunbeltcanada.com
- Phone number: 450-669-2945