Confidentiality and Privacy Policy

1. General Information

a) Introduction

Purpose of this Policy. Privacy is important to Association du diabète du Québec inc (“Company“, “We“, “Us“, “Our“). For this reason, We have implemented safeguards and sound management practices for Your Personal Information in accordance with applicable laws in Quebec and Canada.

Supplement to Terms and Conditions. This privacy policy (the “Policy“), which should be read in conjunction with Our Terms and Conditions, describes Our practices with respect to the collection, use, processing, disclosure, retention and destruction of Personal Information of persons benefiting from Our Services, visitors to this Website and its users (hereinafter “You“, “Your”).

Consent. Using Our Website https://www.diabete.qc.ca (the “Website“) or any of Our Services, You agree that We may collect, use, disclose, communicate and retain (hereinafter “Process” or “Processing“) Your Personal Information in accordance with the terms and conditions described herein. If You do not agree to abide by and be bound by this Policy, You may not visit, access or use Our Website or Services, or share Your Personal Information with Us.

Policy Limitations. This Policy does not apply to Personal Information of the Company’s employees, representatives and consultants, or any other person affiliated with the Company, or to any information that does not constitute Personal Information as defined by applicable laws in Quebec and Canada.

b) Data Protection Officer

Contact Information for the Data Protection Officer. All comments, questions and complaints regarding the Company’s Privacy Policy and practices may be addressed to Our Data Protection Officer at the following coordinates:

Telephone: 514 259-3422 ext. 228

Email: [email protected]

Address: 500-3750 Crémazie Blvd. East, Montreal (Quebec) H2A 1B6

2. Definitions

Definitions of Certain Notions and Expressions. The following notions and expressions, when they appear with a capitalized first letter in the Policy, have the meaning attributed to them hereinafter, unless otherwise implied or explicit in the text:

“Company“, “We“, “Us“, “Our“: ASSOCIATION DU DIABÈTE DU QUÉBEC INC.

“Service Provider” means any individual or entity that processes Personal Information on behalf of the Company. This includes third-party companies or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services or to assist the Company in analyzing the use of the Services.

“Cookie Banner“: pop-up window requesting Your consent to certain collection of Your Personal Information on the Website.

“Personal Information” means any information that relates to a natural person and allows that person to be identified, i.e., that directly or indirectly reveals something about the identity, characteristics (e.g., abilities, preferences, psychological tendencies, predispositions, mental abilities, character and behavior of the data subject) or activities of that person, regardless of the nature of the medium or the form in which the information is accessible (written, graphic, sound, visual, computerized or other).

“Data Protection Officer“: the person responsible for the application of this Policy, whose contact details are identified in Section 1b) – Data Protection Officer of this Policy.

“Services” refers to the Website applications, Our pages on social networks and any programs and Services rendered to You therein such as:

Operate, maintain, supervise, develop, improve and offer all the functionalities of Our Website;
Introduce you to Services, such as our Companion Program for people living with diabetes or Our training for people living with diabetes and healthcare professionals, or access resources or make purchases at the boutique;
Allow You to apply for job offers;
Allow You to make a donation or get involved;
For marketing and business development purposes, if You have previously consented to the processing of Your Personal Information for these purposes;
Answer Your questions and provide assistance when needed;
Perform Our contractual obligations to You;
Send You messages, updates and security alerts;
Detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities;
For any other purpose permitted or required by law.

“Website“: This website https://www.diabete.qc.ca

“Cookies“are text files that are installed on Your computer or mobile device. These cookies may contain information about Your search history, the web pages You visit and Your web browser.

“Process”, “Treatment”: Thisterm covers all operations that may affect or concern Personal Information, including collection, use, storage, destruction, communication or transmission.

“You“, “Your“: The persons benefiting from Our Services, the visitors to the Website and all users having recourse to the Company’s Services.

3. Personal Data Processing

3.1 Collection of Personal Information

3.1.1 Collection Methods

Various Means. We collect Your Personal Information through Our Website or other technological means in a variety of ways:

Automatically. When You connect to Our Website, the device You use to connect will communicate Personal Information to Us;
Electronic Forms. By completing and sending Us one of Our electronic forms;
Communicated Emails. By emails that You communicate to Us using one of the email addresses available on Our Website;
Cookies. By cookies, including the cookies identified on Our Cookie Policy; and
Partners. By third parties who collect Your Personal Information on Our behalf, as identified in Section 3.2 – Collection of Personal Information by a Third Party of this Policy.

Profiling, Identification or Location. Our Website has functions that enable us to profile Your activities on Our Website, to identify You and to locate You. These functions are used by third parties identified in Section 3.5 – Communication and Transfer of Personal Information through the use of cookies. We disable these functions by default. You can activate them via the Cookies Banner.

3.1.2 Personal Information Collected

Categories of Information Collected. In the course of Our activities, We may collect and process various types of Personal Information, including the information listed below:

Identifying information and Your contact details, including Your first and last name, Your postal address, Your email address and Your telephone number;
Demographic information, such as Your age or place of residence.

Technical or numerical information, including connection information and other information about Your activities on the Website, such as Your IP address, the pages You consulted, the time and date of Your visits, Your number of connections, Your domain name, the address of the referring site (if You access the Website from another site), the type of browser You use, the operating system of Your device and other hardware and software information;
Your consent to the use of certain cookies on Our Website and to the disclosure or use of Your Personal Information;
Information necessary for the provision of Our Services, such as information concerning the Services We have rendered or are rendering to You;
Information that You choose to provide or transmit to Us, for example, when You fill out an online form, respond to solicitations or surveys, or communicate with one of Our employees or representatives;
Financial information about your activities while using the Website and Our Services, such as credit card numbers when You make commercial transactions online;
Geolocation information such as Your IP address, a precise or approximate location determined from Your IP address or Your mobile device’s GPS (depending on Your device’s settings); and
Connection and other information about Your activities on the Website, such as Your IP address, the pages You visit, the time and date of Your visits, the number of connections, the type of browser You use, the operating system of Your device and other hardware and software information.

Limiting Processing to Necessary and Legitimate Purposes. In each case, Personal Information is processed in accordance with the legitimate and necessary purposes listed in Section 3.4 – Use of Personal Data below.

3.2 Collection of Personal Information by a Third Party

Third Parties Collecting Personal Information on Our Behalf. For example, Stripe, WP Engine, Meta, LinkedIn, WordPress, Eudonet, Microsoft, UniversiD may collect Personal Information on Our behalf:

In order to communicate to Us any application for a job vacancy with Us, including information relating to Your previous employment (CV, cover letter), Your contact details and any other information You share with Us for this purpose;
In order to communicate any information You have shared with Us in the “Contact Us” form available on Our Website, including Your contact information and any other information You share with Us so that We can provide You with a Service;
To register for a course or program;
In order to provide You with a Service and to allow You to make a payment/donation.

3.3 Refuse a Collection

Withholding Consent. Unless the Law or Your contractual obligations provide otherwise, You may refuse or withdraw Your consent to certain specific uses or disclosures of Your Personal Information:

By not entering Your Personal Information in Our electronic or paper forms when the provision of such information is indicated as being optional;
By selecting “decline” in the Cookie Banner; or
By communicating a request to Our Data Protection Officer at the coordinates identified in Section 1b) of this Policy.

Measures Offered to Refuse Means of Collecting Personal Information. You may also provide Us with Your Personal Information by means other than through technological means such as Our Website. You may provide Us with the following:

By email;
By telephone; or
In person.

3.4 Use of Personal Information

Purposes of Personal Information. We may use Your Personal Information for the purposes described below:

Operate, maintain, supervise, develop, improve and offer the functionalities of Our Website;
To present and provide Our Services as described in Section 2 – Definitions;
Evaluating a job application;
Allow you to make a donation;
Allow you to participate in research (research programs);
Allow you to participate or apply to competitions for research funding or grants;
Allow you to retain our Services and carry out transactions in connection with our Services;
Perform Our contractual obligations to You;
Develop, improve and offer new Services;
Send messages, updates, security alerts;
For marketing and business development purposes, if You have previously consented to the processing of Your Personal Information for these purposes;
Answer Your questions and provide You with assistance if needed;
Carry out research, analysis and statistics related to Our Company and Our Services;
Detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities; or
For any other purpose imposed or permitted by applicable law.

3.5 Access, Disclosure and Transfer of Personal Information

Access and Disclosure. We may transfer, disclose or otherwise make available Your Personal Information to Our employees and Service Providers who need to know that information in order to operate Our Website, provide Our Services, conduct Our business or serve You.

3.5.1 Access to Personal Information Within the Company

Limiting Access to Personal Information. Your Personal Information is only accessible to Our directors, employees or representatives who require access to Your Personal Information in order to perform their duties. As such, Your Information may be accessible to:

Our Data Protection Officer;
Our IT services;
Our customer service;
Our sales services;
Our billing services;
Our advertising services; and
Our human resources (when applying for a job).

3.5.2 Disclosure of Personal Information

Safeguards for Disclosure to Third Parties. We will only disclose Your Personal Information to Our Service Providers if they have previously agreed in writing to maintain the confidentiality of Your Personal Information in accordance with applicable laws and Our Information Governance Program through the implementation of various safeguards and information governance measures. These measures are proportionate to the sensitivity of the Personal Information processed or communicated. Without limitation, Our Service Providers may only use Your Personal Information in a confidential manner in accordance with Our instructions and only for the purposes for which it was provided. Furthermore, We only provide Our Service Providers with the Personal Information that is necessary for the performance of their mandate or contract, and We require such Service Providers to destroy the Personal Information in an appropriate manner upon termination of the contract or as soon as its use is no longer necessary.

Our Service Providers. Although We try to avoid sharing Your Personal Information with third parties, We may use Service Providers to perform various services on Our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below certain cases in which such sharing may take place:

We use Google Analytics to analyze the website’s audience, compile statistics and converse with customers and prospects. See their privacy policy;
We use Byscuit to manage the Website cookies. See their privacy policy;
We use Pay Safe to make payments and pre-payments for Our Services and products. See their privacy policy;
We use Google Ads to analyze the audience for Our Services, compile statistics and converse with customers and prospects. See their privacy policy;
We use the services of the LinkedIn social network to communicate about Our Services and products. See their privacy policy.
We use Microsoft 365 and Microsoft Azure to store Our documents. See their privacy policy;
We use YouTube to present Our products and Services. See their privacy policy;
We use Facebook services to communicate about Our activities and to present Our products and Services. Read Meta’s privacy policy;
We use the services of Eudonet CRM. Read their privacy policy;
We use the services of Vortex Solution for the hosting and administration of Our Website;
We use Veeam to store our documents in archival copy. See their privacy policy;
We use Metatracer to ensure Our compliance with the privacy laws that apply to Us. See their privacy policy.

3.5.3 Communication Outside Quebec

Disclosure of Personal Information Outside Quebec. We may communicate Your Personal Information outside of Quebec and mandate an entity located outside of Quebec to collect, use or retain Your Personal Information on Our behalf.

Safeguards When Communicating Outside Quebec. Before disclosing Your Personal Information to third parties outside Quebec, We conduct a privacy impact assessment to evaluate the risks that may affect the security of Your Personal Information. This assessment also identifies appropriate security measures to reduce or eliminate these risks. The communication will then be subject to a written agreement binding these third parties to respect such measures.

3.5.4 Complying with Legislation, Responding to Legal Requests, Preventing Harm and Protecting Our Rights

Specific Disclosures of Your Personal Information. We may disclose Your Personal Information when We believe such disclosure is authorized, necessary or appropriate, including:

To respond to requests from public and government authorities, including public and government authorities outside Your country of residence;
To protect Our business;
To comply with legal proceedings;
To protect Our rights, the privacy of Our employees, officers and directors, Our security and Our property;
To protect Your privacy and Your rights, or the privacy and rights of third parties;
To enable Us to pursue available remedies or limit the damages We may suffer; and
When it is compliant or mandatory according to applicable laws, including laws outside Your country of residence.
- Commercial Transaction

Possibility of Commercial Transactions. We may share, transfer or communicate, in strict compliance with this Policy and the provisions of the Act respecting the protection of personal information in the private sector, RLRQ c P-39.1 (the “Private Sector Act“) and the Act to modernize legislative provisions respecting the protection of personal information, LQ 2021, c 25 (the “Law 25“, assented to on September 22, 2021), Your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of the Business or Our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or any other business transaction, including in connection with the negotiation of such transactions). In such a case, We will inform You before Your Personal Information is transferred and is governed by another privacy policy.

3.6 Consent

Consent for Collection, Use or Disclosure of Personal Information. Unless otherwise required by law, the Company obtains Your consent to the collection, use and disclosure of Your Personal Information. However, if You provide Us with Personal Information about other persons, You must ensure that You have duly notified them that You are providing Us with their information in addition to obtaining their consent to such disclosure.

Consent Requirements. We will seek Your manifest, free, informed and purposeful consent before using or disclosing Your Personal Information for purposes other than those set out herein. We will also seek Your express consent whenever sensitive Personal Information is involved in any of the Company’s processing activities. We will ask for Your consent for each specific purpose in clear and simple terms, separate from any other information provided to You.

BY USING OUR WEBSITE, TRANSMITTING YOUR PERSONAL INFORMATION BY EMAIL OR USING AN ONLINE FORM, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY.

Refusal to Use the Website. If You do not consent, please stop using the Website. Except where otherwise provided by law, You may withdraw Your consent at any time upon reasonable notice. Please note that if You choose to withdraw Your consent to the collection, use or disclosure of Your Personal Information, certain features of Our Website may no longer be available to You or We may no longer be able to offer You some of Our services.

3.7 Retention of Personal Information

Retention of Personal Information. Subject to applicable law, We retain Your Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, unless You consent to Your Personal Information being used or processed for another purpose.

Additional Information. To obtain more information about the periods during which Your Personal Information is kept, please contact Our Data Protection Officer using the contact details provided in Section 1b) – Data Protection Officer of this Policy.

4. Your Rights

List of Rights. As a data subject, You may exercise the rights set out below by contacting Our Data Protection Officer in writing at the contact information provided in Section 1b) – Data Protection Officer of the Policy. Please note that We may ask You to verify Your identity before responding to any of these requests.

You have the right to be informed of the Personal Information We hold about You, its use, disclosure, retention and destruction, subject to exceptions provided by applicable law;
You have the right to access Your Personal Information, to request a copy of the documents containing Your Personal Information, subject to the exceptions provided by applicable law, and to obtain, if applicable, additional details on how We use, communicate, store and destroy it by communicating a written request to Our Data Protection Officer at the coordinates identified in Section 1b) – Data Protection Officer for this Policy;
You have the right to have the Personal Information We hold about You rectified, amended and updated if it is incomplete, equivocal, out of date or inaccurate by sending a written request to Our Data Protection Officer at the contact information identified in Section 1b) – Data Protection Officer for this Policy;
You have the right to withdraw or modify Your consent to the collection, use and communication of Your Personal Information collected (as identified in Section 3.1 – Collection of Personal Information of this Policy) at any time, subject to applicable legal and contractual restrictions;
You have the right to ask Us to stop disseminating Your Personal Information and to de-index any link attached to Your name which gives access to this information if such dissemination contravenes the law or a court order;
You have the right to request that Your Personal Information be communicated to You or transferred to another organization in a structured and commonly used technological format;
The right to be informed of any privacy incident concerning Your Personal Information that could cause You serious harm. To this end, we maintain a register of all privacy incidents and assess the harm they may cause; and
You have the right to file a complaint with the Commission d’accès à l’information, subject to the conditions set out in the applicable law.

5. Questions and Complaints

Complaint Process. You may address any complaints regarding Our practices and policies for the protection of Your Personal Information by contacting Our Data Protectoin Officer using the contact information identified in Section 1b) – Data Protection Officer.

Questions. You may also contact Our Data Protection Officer with any questions regarding this Privacy Policy using the contact information identified in Section 1b) – Data Protection Officer.

Necessity to Identify You. In order to process Your request, You may be asked to provide an appropriate identification document or to identify Yourself in some other way.

6. Cookies and Similar Technologies

Use of Cookies. Cookies are small text files that are stored on Your device or browser. They make it possible to collect certain information when You visit the Website, including Your preferred language, the type and version of Your browser, the type of device You are using and Your device’s unique identifier. While some cookies are deleted after Your browser session ends, other cookies are retained on Your device or browser to enable Your browser to be recognized the next time You visit the Website. We use cookies and other similar collection technologies such as Pixels (collectively “Cookies“) to help Us operate, protect and optimize the Website and the Services We offer. Cookies do not harm Your device and cannot be used to retrieve Your Personal Information.

Possible Browser Settings. You can set Your browser to notify You when Cookies are set on Your visit to the Website, so that You can decide in each case whether to accept or reject the use of some or all Cookies. Please note that disabling Cookies on Your browser may adversely affect Your browsing experience on the Website and prevent You from using some of its features.

Control File Types

First- and Third-Party Cookies: Whether a Cookie is “first-” or “third-party” refers to the domain that places the Cookie.

First-Party Cookies are those placed by a website that is being visited by the user at that time (for example, the Cookies placed by Our website domain).
Third-Party Cookies are Cookies placed by a domain other than that of the website visited by the user. If a user visits a website and another entity places a Cookie through that website, it would be a Third-Party Cookie.

Persistent Cookies: these remain on a user’s device for the period specified in the cookie. They are activated each time the user visits the website that created that particular Cookie.

Session Cookies: these cookies enable website operators to link a user’s actions during a browser session. A browser session begins when a user opens the browser window and ends when the user closes the browser window. Session Cookies are created temporarily. Once You close the browser, all Session Cookies are deleted.

Categories of Cookies. In general, the Website uses Cookies to distinguish You from other users of the site. This helps Us to provide You with a good experience when You browse the Website and also allows Us to improve it. The Cookies We may use on the Website can be categorized as follows:

Strictly Necessary
Performance
Functionality
Target

Some Cookies may fulfil more than one of these purposes.

Strictly Necessary Cookies allow you to move around the website and use essential functions such as secure areas. Without these Cookies, we cannot provide the requested services.

We use these Strictly Necessary Cookiesto:

Identify You as being connected to the Website and authenticate You;
Ensure that You connect to the correct Service on the Website when We make changes to its operation;
For safety purposes.

If You prevent the use of these Cookies, We cannot guarantee the performance of the Website or the security of the Website during Your visit.

Performance Cookies collect information about how You use the Website, for example which pages You visit, and whether You encounter any errors. These Cookies do not collect any personally identifiable information and are only used to help Us improve the operation of the Website, understand the interests of Our users and measure the effectiveness of Our advertising.

We use Performance Cookiesto:

Carry out web analysis: provide statistics on how the Website is used
Affiliate tracking: provide feedback to affiliates that one of Our visitors has also visited their site.
Obtain data on the number of Website users who have consulted a product or Service.
Help us improve the Website by measuring errors that occur.
Test different Website designs.

Some of Our performance cookies are managed for Us by third parties.

Functionality Cookies are used to provide services or to memorize parameters in order to improve Your visit.

We use Functionality Cookiesforpurposes such as:

Remember the settings You have applied, such as layout, text size, preferences and colors
Remember if We have already asked You if You would like to take a survey
Remember if You have used a specific item or list on the Website to avoid repeating it
Show You when You are connected to the Website
To supply and display embedded video content

Some of these Cookies are managed for Us by third parties.

Targeting Cookies are used to track Your visit to the Website, as well as other websites, apps and online Services, including the pages You have visited and the links You have followed, enabling Us to display targeted advertising to You on the Website.

We may use Targeting Cookies to:

Display targeted ads on the Website
Improve the way we deliver personalized ads, content and measure the success of advertising campaigns on the Website.

Consent to Cookies. All Cookies require Your consent. We ask for Your consent before placing them on Your device. You can give Your consent by clicking on the appropriate button on the banner displayed to You. If You do not wish to give Your consent, or if You wish to withdraw Your consent to any Cookies at any time, You will need to delete, block or disable Cookies via the Cookie banner or available settings options, or via your browser settings. Please note that disabling Cookies may adversely affect Your browsing experience on the Website and prevent You from using some of its features.

List of Cookies

Technical name		Objective	Session/Persistent	Type
__cf_bm	.3cx.com	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	30 minutes	.
wpml_current_language .3cx.com 30 minutes Ce cookie est utilisé pour faire la distinction entre les humains et les bots. Ceci est bénéfique pour le site Web, afin de faire des rapports valides sur l’utilisation de leur site Web.	www.diabete.qc.ca	This cookie is used to track the language preference for the user	session

7. Security Measures

Objectives of Our Security Measures. We have implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of Your Personal Information against loss, theft or any unauthorized access, infringement, disclosure, reproduction, communication, use or modification. These measures include:

Administrative Measures. On the administrative front, the adoption of a series of measures, policies and procedures as part of the implementation of our Information Governance program, including:
Control access, disclosure, retention, de-identification, including destruction or anonymization of Personal Information;
Determine the roles and responsibilities of Our employees throughout the life cycle of Personal Information and documents;
Establish procedures for intervention and response in the event of a confidentiality incident;
Oversee the process for requests and complaints relating to the protection and handling of Personal Information.
Technical Measures. On a technical level, the use of several means such as:
The use of a secure server and Secure Socket Layer (SSL) technology;
Encrypting Our databases and the databases of Our service providers;
Limiting access privileges to Personal Information in accordance with Section 3.5.1 – Access to Personal Information Within the Company;
The use of backup systems;
The use of network monitoring software;
Use of a firewall system;
The use of encryption and segregation of duties, access controls and internal audits.

Incomplete List of Masures. Given the public nature of this Policy, we have not provided an exhaustive list of the measures we are implementing.

Impossibility of Guaranteeing a Complete Absence of Risk. Despite the measures described above, We cannot guarantee the absolute security of Your Personal Information. If You have reason to believe that Your Personal Information is no longer secure, please contact Our Data Protection Officer immediately using the contact details set out in Section 1b) – Data Protection Officer above.

8. Changes to this Privacy Policy

Right to Change this Policy. We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, We will post the revised version of the Privacy Policy and update the date in the footer of the Privacy Policy. We will notify You prior to the effective date of the new version of Our Policy. If You do not agree to the new terms of the Privacy Policy, please do not continue to use Our Website and Services. If You continue to use Our Website or Services after the new version of Our Policy becomes effective, Your use of Our Website and Services will be governed by the new version of the Policy.

9. Links to Third Party Websites

Responsibility for Third Party Websites. From time to time, We may include on Our Website references or links to websites, products or services provided by third parties (“Third Party Services“). These Third Party Services, which are not operated or controlled by the Company, are governed by privacy policies that are entirely separate from and independent of Ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Website and the Services we offer.

10. Individuals Under 14 Years of Age

Consent of Minors Under the Age of 14. We do not knowingly collect or use Personal Information from people under the age of 14. If You are under the age of 14, You must not provide Us with Your Personal Information without the consent of Your parent or guardian. If You are a parent or guardian and You become aware that Your child has provided Us with Personal Information without consent, please contact Us using the contact details set out in Section 1b) above to request that We delete that child’s Personal Information from Our systems.

11. Applicable Laws

Laws of Quebec and Canada. The laws of Canada and Quebec, excluding its conflict of law rules, will govern this agreement and Your use of the Website. Your use of the Website may also be subject to other local, provincial, national or international laws.