CONTENTS

  1. Objective
  2. Scope
  3. General Provisions
  4. Collection, use and disclosure of personal information
  5. Consent
  6. Accessing, correction and safeguarding your personal information
  7. Process for the treatment of security incidents
  8. ARC Incident Response Plan

 

1. Objective

ARC Assistance and Referral Centre is committed to protecting personal information of clients and other external parties in compliance with Québec’s law 25 – an Act to Modernize legislative provisions as regards the protection of Personal Information.

Personal information is all information about an identifiable individual.

The purpose outlines standards for the collection, use, disclosure, consent and safeguarding of personal information, in accordance with legal requirements and other internal policies.

 

2. Scope

The application of this policy applies to all employees, third parties, and volunteers (including ARC Board of Directors).

 

3. General Provisions

  • The collection of personal information by ARC is carried out transparently with the free and informed consent of the user and only in cases where the information collected is necessary to provide the desired service.
  • Personal information is used only for the purposes for which it was collected, and it will not be disclosed without authorization or used for personal purposes;
  • Access to personal information will be granted only when absolutely necessary for the performance of the employee’s duties. The roles with access to personal information include: Program Coordinators (for their assigned responsibilities) and overall, the Program Manager.
  • Individuals may have access to their personal information at any time and be informed of their rights to appeal any information or request
  • Data privacy breaches will be treated without delay, and in accordance with the internal process for security incidents, while safeguarding the privacy of individuals and the security of personal information.

 

4. Collection, use and disclosure of personal information

Depending on the service offered, ARC may collect and retain any of the following information: last name, first name, mailing address, e-mail address, telephone numbers, age and gender. In addition, information relating to cultural activities, leisure activities and family status may also be collected and stored.

Our staff and consultants have the responsibility of protecting the confidentiality of the personal information they need in the course of their duties, and are required to adhere to data privacy and confidentiality policies.

ARC makes extensive use of information technology to support its processes. All personal and confidential information collected is kept in a secure environment and our administrative team manages access. We employ a password management system that allows us to easily make passwords complex and change them regularly. Whenever a service allows it, we activate multi-factor authentication to access that service. The physical versions of the documents we store are kept in locked rooms and filing cabinets at all times. Only certain members of the administration can grant access to consult a document.

We rigorously apply the necessary security measures to ensure the safety and confidentiality of personal information. However, no method of transmission over the Internet, nor any means of electronic storage, is 100% secure. We therefore cannot ensure or warrant the security of any information transmitted or provided to us, and individuals do so at their own risk. Nor can we guarantee that such information will not be accessed, obtained, disclosed, altered or destroyed as a result of a breach of our physical, technical or administrative safeguards.

Access to our activity registration sheets and individual support logs are also restricted to specific team members. The information would be used for tracking purposes by the management team.

We create a monthly backup of our membership and registration lists which will be kept for 7 years in a location accessible only to the management and administrative team.

ARC’s work of improving access to health, social, and education services to our communities is positively impacted by growing our membership and increasing participation in our programs. We collect our members’ and participants’ personal information for two primary reasons.

Firstly, ARC reaches out directly to community members to promote our services and programs. This communication is done through a mailing list and by posting on social media. We provide individual support through outreach and referrals, typically by telephone and email. ARC’ team members also offer activities that cater to a target demographic. Activity registration forms are used to collect participants’ personal information, allowing us to ensure participants fulfil registration criteria and to communicate relevant program information directly.

Secondly, ARC regularly uses demographic data such as age, gender and place of residence to encourage funders and partners to collaborate on the creation and improvement of services within the Monteregie region. ARC is, in fact, contractually obligated to report member and activity participation data to a variety of funders in order to continue receiving grants which support our programming. The demographic information we share with third parties is by default disassociated with the personal information that can identify an individual.

Access to our membership database is limited to the management team and administrative team tasked with managing our membership web service. This includes the collection and storage of personal information as well as records of payment. Membership payments are also performed through an integrated web-based service. Payment method information is not collected.

5. Consent

The collection of information by ARC is carried out transparently with the free and informed consent of the user and only in cases where the information collected is necessary to provide the desired service. In compliance with applicable laws, when collecting personal and confidential information, ARC clearly indicates the purposes for which it is collected and requests the user’s consent for its use. ARC will require new consent to use previously collected information for other purposes.

Some ARC services or activities may be intended for minors. In such cases, personal information is collected with the consent of the child’s parent or guardian. Personal information may be collected by means of forms, the website, telephone interviews, opinion surveys or questionnaires.

 

6. Accessing, correcting and safeguarding your personal information

ARC is committed to respecting your rights with respect to your information, unless otherwise required by law. You may at any time:

  • Access the personal information we hold about you.
  • Rectify inaccurate or incomplete personal information we hold about you.
  • Modify the personal information we hold about you, for example following a change in your personal situation or a change of address.
  • Request that we cease disseminating your personal information or de-index any hyperlink attached to your name giving access to information if such dissemination causes you harm or contravenes the law or a court order (right to erasure or oblivion).
  • Request to remove all personal information we hold about you from our database and other systems.

To proceed with one of these requests, please send an e-mail at [email protected] or call (514) 605-9500.

Your request must be detailed enough to allow us to identify the documents or other media containing the personal information to which you wish to have access. We may need to validate your identity and the reason for your request.

 

7. Process for the treatment of security incidents (data privacy breaches)

ARC undertakes to inform users of any incident affecting the protection of personal information as soon as possible. We will take reasonable steps to reduce the risk of harm and to prevent similar incidents from occurring in the future.

If you have reason to believe that personal information has been compromised, please contact us by e-mail at [email protected] or call (514) 605-9500.

If you have any questions, comments or complaints about this policy or its application, please do not hesitate to contact us by e-mail at [email protected] or call (514) 605-9500.

If you are not satisfied with the response you receive, you may contact the ARC Program Manager in writing at [email protected].

You may also file a complaint with the Commission d’accès à l’information:

https://www.cai.gouv.qc.ca/a-propos/nous-joindre/