KIROUAC FAMILY ASSOCIATION INC.
Adopted by the Board of Directors
February 17, 2024
1. Introduction
The right to privacy is guaranteed by the Charter of Human Rights and Freedoms and the Civil Code of Québec. In addition, the protection of personal information is governed by the Act respecting the protection of personal information in the private sector.
This policy establishes a procedure for the management of personal information by the Kirouac Family Association in order to collect, hold, conserve, use and communicate personal information on its members, volunteers and administrators in accordance with the law.
The President is responsible for the protection of personal information within the Association and is accountable for the application of and compliance with this policy by all representatives of the Kirouac Family Association.
In this respect, the person in charge posts the present policy on the Association's website (www.familleskirouac.com) and makes it available for consultation by members, volunteers or directors.
2. Objectives
The purpose of this policy is to inform members, volunteers and directors of the Association of the principles it applies in managing the personal information it holds on them.
It also sets out the rules of conduct that the Association requires of its members, volunteers and directors when they have access to personal information held on others by the Association.
In applying this policy, the Association adheres to the following principles:
- To collect only the personal information required for the proper management of its activities;
- Inform the persons concerned of their rights, particularly with regard to complaints, and obtain their consent when required by law;
- To ensure the security and confidentiality of the personal information it holds on others, by controlling its retention and destruction.
3. Definition of personal information
Personal information is information about a natural person that enables that person to be identified. Such information is confidential and must be treated as such.
For the Association, personal information includes members' residential addresses, telephone numbers, e-mail addresses and portrait photos.
4. Collection of personal information
The Association collects personal information for the purposes of its activities. Personal information may be collected by means of forms on the Association's website, by telephone interview, by paper form or by any interaction between individuals and the Association and/or its representatives.
When collecting personal information, the Association retains only that which is necessary for its proper operation. The Association must be able to justify, if necessary, why it requires any personal information.
The Association collects personal information from the individual concerned. It may, however, collect personal information from a third party without the consent of the person concerned, if the collection is intended to ensure the proper functioning of the Association and its activities.
Information that is already, or becomes, known to the public (information on websites or social media profiles) may also be collected by the Association without the need to inform the person concerned. In this case, however, the Association undertakes to collect such information in a reasonable and discerning manner.
5. Protection of personal information
Physical files containing confidential information are kept in a filing cabinet or in a dedicated location by the Association's President and/or Treasurer.
Computer files containing personal information are stored on two external hard drives and kept in two separate locations.
The persons who have access to personal information when required for the performance of their duties are members of the Board of Directors and volunteers working for the Association.
The Association requires that all directors and volunteers agree to abide by this policy and to maintain the confidentiality of personal information.
6. Responsibility for the policy
The President of the Association is responsible for the protection of personal information within the Association in accordance with section 3.1 of the Act respecting the protection of personal information in the private sector.
The President is responsible for maintaining an incident log in the event of any breach of this policy.
The President ensures that all directors and volunteers are fully aware of this policy.
The President can be reached at the following e-mail address:
[email protected]
7. Use of personal information
The personal information referred to in section 3 of this policy collected by the Association is used or disclosed solely for the purposes of the Association's activities, unless the individual concerned consents to another use or the law requires the information to be provided for another purpose.
Although genealogical information is not subject to the Act respecting the protection of personal information in the private sector, the Association considers dates of birth to be confidential personal information if the person is not deceased. After a person's death, the Association is free to publish this information along with other genealogical information.
Photos of people attending Association activities are not considered confidential. In such cases, the persons featured in the photos are deemed to have given their consent to their publication.
In all other cases of photo publication, the persons appearing in the photos are considered to have given their consent to publication when the photos have been sent to the Association by the persons themselves. In the case of a third party appearing in one of these photos, we consider that the person who sent the photo first obtained permission from this third party for the photo to be published.
Notwithstanding the provisions of the third paragraph of this article concerning photos appearing on the Association's Web site, any person may request in writing that a photo in which he or she appears be removed from the Association's Web site. The person responsible for the Association's privacy policy will inform the person of his or her decision within thirty (30) days of receipt of the request.
In the event of refusal, the person in charge will give reasons in writing to the person concerned within the same thirty (30) day period, and inform him or her of his or her right to contest the decision before the Commission d'accès à l'information. Failure to respond to a request for withdrawal within this period, the Association is deemed to have refused to acquiesce, in which case the interested party may apply to the Commission d'accès à l'information to assert his or her rights.
8. Retention and destruction of personal information
The personal information referred to in section 3 of this policy is retained until the expiry of a period of non-renewal of membership in the Association exceeding five (5) years. However, an individual may request that such information be destroyed prior to the expiry of this period. In such a case, the Association will destroy the information immediately.
In the specific case of photographs, they are kept indefinitely in the Association's archives, with the identification of their author and/or source if this information was provided to the Association.
Unless otherwise specified at the time the photos are sent to the Association, or subsequently, they may be used by the Association for its various activities. However, the Association undertakes to respect copyrights and to mention the source of these photos when this information is indicated in its archives.
9. Request for rectification of personal information
At the written request of the person concerned, the Association will rectify inaccurate or incomplete information, as the case may be, in the person's file.
It is the responsibility of individuals who have provided personal information to notify the Association of any changes to that information. The Association cannot be held responsible for any failure to carry out a request for rectification when it should have been made.
10. Disclosure of personal information to a third party
However, the Association may disclose personal information to a third party if that third party is :
- The attorney of the person concerned, or the Attorney General if the information is required for the purposes of a prosecution for an offence under a law applicable in Quebec.
- An organization and/or person in charge of a mailing to its members on behalf of the Association.
11. Definition of a privacy incident
In accordance with the Act respecting the protection of personal information in the private sector, a confidentiality incident can take the following forms:
- Access to personal information not authorized by law;
- Unauthorized use of personal information;
- Unauthorized disclosure of personal information;
- The loss of personal information or any other breach of the protection of such information.
12. Process in the event of a confidentiality incident
In the event of an incident involving personal information, the Association will follow the procedures set out in the Act respecting the protection of personal information in the private sector and its related regulations. When an incident presents a risk of serious prejudice, the Commission d'accès à l'information (CAI) and the persons concerned by the incident will be notified as quickly as possible following knowledge of the incident, insofar as the situation permits.
If third parties need to be contacted in order to mitigate the damage that may result from the incident, the person responsible for protecting personal information will ensure that only the information required for this purpose is communicated, and that the name of the person called and the date and time of the intervention are recorded. An incident log will be maintained by the Privacy Officer.
By transmitting personal information to the Association, it is understood that the persons concerned understand that the Association deploys best work practices and protection mechanisms in order to limit the possibility of any incident, leak or misuse of personal information. However, the Association cannot guarantee infallible security in every conceivable scenario.
If a data subject becomes aware that an incident involving his or her personal information may have occurred within the Association, he or she should contact the person responsible for the protection of personal information, using the contact details set out in section 6 of this policy. Complaints/reports are processed within a maximum of thirty (30) days after they are filed.
13. Non-application of the policy
When a person concerned leaves the Association's website for any other website linked to the Association's website, this policy no longer applies. Please refer to their policy, if applicable.
When a law, regulation or court order compels the Association to transmit personal information, it is understood that the Association cannot guarantee the level of confidentiality and security instituted by the person or government to whom the information is transmitted.
14. Changes to the policy
Any changes to this policy will be posted on the Association's website.
15. Adoption and entry into force of the policy
This policy was adopted and came into force on February 17, 2024.
contact information
KIROUAC FAMILY ASSOCIATION INC.
3782, Chemin Saint-Louis, Quebec (Quebec)
Canada G1W 1T5
Last update : May 7, 2024