top of page

Personal information protection policy and confidentiality policy

  1. Context

This policy is aimed at ensuring the protection of personal information and governing how Fanny Moriat collects, uses, discloses, retains, and disposes of, or otherwise manages, such information. Additionally, it aims to inform anyone interested in how Fanny Moriat handles their personal information. It also pertains to the processing of personal information collected by Fanny Moriat through technological means.

2. Application and Definitions

This policy applies to Fanny Moriat, including its executives, employees, consultants, volunteers, as well as anyone else who provides services on behalf of Fanny Moriat. It also extends to the Fanny Moriat website, www.fannyrire.com, and all websites controlled and maintained by Fanny Moriat.

It encompasses all types of personal information managed by Fanny Moriat, whether it pertains to its clients, potential or current, consultants, employees, members, or any other individuals (such as visitors to its websites or others).

For the purposes of this policy, personal information is information about an individual that can directly or indirectly identify them. For example, it could include a person's name, address, email address, phone number, gender, or banking information, as well as information about their health, ethnic origin, language, etc.

Sensitive personal information is information that carries a high expectation of privacy, such as health information, banking details, biometric information, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.

In general, a person's professional or business contact information does not constitute personal information. For instance, a person's name, title, work address, work email, or work phone number. More specifically, and for the sake of precision, as per the Private Sector Personal Information Protection Act in Quebec, starting from September 22, 2023, Sections 3 (collection, use, disclosure), 4 (retention and disposal), and 6 (data security) do not apply to a person's information related to their role within a company, such as their name, title, function, as well as their work address, work email, and work phone number.

These same sections also do not apply to personal information that is considered public under the law, effective immediately upon the enactment of this policy.

3. Collection, Use, and Disclosure

In the course of its activities, Fanny Moriat may collect various types of information for different purposes. The types of information that Fanny Moriat may collect, their use (or intended purpose), and the means by which information is collected are detailed in Annex A of this policy.

Fanny Moriat will also inform individuals, at the time of collecting personal information, of any other information being collected, the purposes for which it is being collected, and the means of collection, in addition to any other information required by law.

Fanny Moriat adheres to the following general principles regarding the collection, use, and disclosure of personal information:

Consent:

Generally, Fanny Moriat collects personal information directly from the individual with their consent, unless an exception is provided by law. Consent may be obtained implicitly in certain situations, for example, when a person decides to provide their personal information after being informed by this policy about its use and disclosure for the purposes outlined therein (see Annex A for more details). Thus, this policy and the information it contains may be consulted by the individual at the time of collecting personal information.

Normally, Fanny Moriat must also obtain the consent of the individual before collecting their personal information from third parties, before disclosing it to third parties, or for any secondary use of it. However, Fanny Moriat may act without consent in certain cases provided for by law and in accordance with its provisions. The main situations in which Fanny Moriat may act without consent are outlined in the relevant sections of this policy.

Collection:

In all cases, Fanny Moriat only collects information if it has a valid reason to do so. Additionally, the collection will be limited to the information necessary to fulfill the intended purpose.

Please note that Fanny Moriat's services and programs are not intended for minors, and more generally, Fanny Moriat does not intentionally obtain personal information about minors (in such cases, information cannot be collected from them without the consent of a parent or guardian).

Collection from Third Parties: Fanny Moriat may collect personal information from third parties. Unless an exception provided by law applies, Fanny Moriat will seek the consent of the individual before collecting their personal information from a third party. In cases where such information is not collected directly from the individual but from another organization, the individual may inquire about the source of the information collected by Fanny Moriat.

In certain situations, Fanny Moriat may also collect personal information from third parties without the consent of the individual if it has a serious and legitimate interest to do so, and a) if the collection is in the individual's interest and it is not possible to collect it from them in a timely manner, or b) if this collection is necessary to ensure that the information is accurate.

Additionally, Fanny Moriat may collect personal information indirectly, notably by using:

Wix has its own terms and privacy policy, which can be consulted for more information.

Mailchimp has its own terms and privacy policy, which can be consulted for more information.

Eventbrite has its own terms and privacy policy, which can be consulted for more information.

This collection through third parties may be necessary to access certain services or programs or to otherwise do business with Fanny Moriat. When required, Fanny Moriat will obtain the individual's consent at the appropriate time.

Retention and Use:

Fanny Moriat ensures that the information it holds is up-to-date and accurate at the time of its use in making a decision concerning the individual in question.

Fanny Moriat may only use a person's personal information for the reasons stated herein or for any other reasons provided during collection. Whenever Fanny Moriat wishes to use this information for another purpose or reason, new consent must be obtained from the individual concerned, which must be obtained expressly if it involves sensitive personal information. However, in certain cases stipulated by law, Fanny Moriat may use the information for secondary purposes without the person's consent, e.g., when such use is clearly to the benefit of the person; when it is necessary to prevent or detect fraud; when it is necessary to assess or improve protection and security measures.

Limited Access: Fanny Moriat must implement measures to restrict access to personal information only to employees and individuals within its organization who are authorized to access it and for whom this information is necessary in the performance of their duties. Fanny Moriat will seek the individual's consent before granting access to any other person.

Disclosure:

Generally, and unless an exception is indicated in this policy or otherwise provided by law, Fanny Moriat will obtain the consent of the individual concerned before disclosing their personal information to a third party. Furthermore, when consent is required and it involves sensitive personal information, Fanny Moriat must obtain explicit consent from the individual before disclosing the information.

However, there are situations where disclosure of personal information to third parties is necessary. Personal information may be disclosed to third parties without the consent of the individual concerned in certain cases, including but not limited to the following:

Fanny Moriat may disclose personal information, without the consent of the individual concerned, to a public body (such as the government) that collects it in the exercise of its duties or the implementation of a program it manages.

Personal information may be transmitted to its service providers to whom it is necessary to disclose the information, without the person's consent. For example, these service providers may be event organizers, subcontractors designated by Fanny Moriat for the execution of mandates in programs administered by Fanny Moriat, and cloud service providers. In these cases, Fanny Moriat must have written contracts with these providers specifying the measures they must take to ensure the confidentiality of the personal information disclosed, that the use of this information is only for the purpose of executing the contract, and that they cannot retain this information after its expiration. Furthermore, these contracts must stipulate that the providers must notify Fanny Moriat's privacy officer (as indicated in this policy) of any violation or attempted violation of confidentiality obligations regarding the disclosed personal information and must allow this officer to conduct any related verification of confidentiality.

If necessary for the conclusion of a business transaction, Fanny Moriat may also disclose personal information, without the consent of the individual concerned, to the other party to the transaction and subject to conditions provided by law.

Disclosure Outside Quebec: Personal information held by Fanny Moriat may be disclosed outside of Quebec, for example, when Fanny Moriat uses cloud service providers whose servers are located outside Quebec or when Fanny Moriat deals with subcontractors located outside the province.

 

4. Retention and Destruction of Personal Information

Unless a minimum retention period is required by law or applicable regulations, Fanny Moriat will retain personal information only for the duration necessary to achieve the purposes for which it was collected.

Personal information used by Fanny Moriat to make a decision about an individual must be retained for a period of at least one year following the decision in question or even seven years after the end of the fiscal year in which the decision was made if it has tax implications, such as employment termination circumstances.

At the end of the retention period or when personal information is no longer necessary, Fanny Moriat will ensure:

● Their destruction, or ● Their anonymization (meaning they no longer, in an irreversible manner, identify the person and it is no longer possible to establish a link between the person and the personal information) for legitimate and lawful purposes.

The destruction of information by Fanny Moriat must be done securely to ensure the protection of this information.

This section may be supplemented by any policy or procedure adopted by Fanny Moriat regarding the retention and destruction of personal information, if applicable. Please contact Fanny Moriat's privacy officer (as indicated in this policy) for further information.

 

5. Responsibilities of Fanny Moriat

In general, Fanny Moriat is responsible for the protection of the personal information it holds.

Fanny Moriat's privacy officer is the organization's Director of Operations. They are generally responsible for ensuring compliance with applicable legislation regarding the protection of personal information. The privacy officer must approve policies and practices governing the governance of personal information. Specifically, this individual is responsible for implementing this policy and ensuring that it is known, understood, and enforced. In the absence or inability to act of the privacy officer, Fanny Moriat's president will assume the duties of the privacy officer.

Fanny Moriat staff members with access to personal information or otherwise involved in its management must ensure its protection and adhere to this policy.

The roles and responsibilities of Fanny Moriat employees throughout the life cycle of personal information may be specified by any other Fanny Moriat policy in this regard, if applicable.

 

6. Data Security

Fanny Moriat is committed to implementing reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium, and sensitivity of the information. This means that information classified as sensitive (see the definition in Section 2) must be subject to more extensive security measures and better protection. Specifically, and in accordance with what was previously mentioned regarding limited access to personal information, Fanny Moriat must implement necessary measures to restrict the rights of use of its information systems so that only employees who require access are authorized to do so.

7. Access, Correction, and Withdrawal of Consent Rights

To exercise their rights of access, correction, or withdrawal of consent, the individual concerned must submit a written request for this purpose to Fanny Moriat's privacy officer, using the email address provided in the following section.

Subject to certain legal restrictions, individuals can request access to their personal information held by Fanny Moriat and request its correction if it is inaccurate, incomplete, or ambiguous. They can also demand the cessation of the dissemination of personal information concerning them or that any hyperlink attached to their name allowing access to this information by technological means be delisted when the dissemination of such information contravenes the law or a court order. They can do the same, or demand that the hyperlink allowing access to this information be reindexed, when certain conditions provided by law are met.

Fanny Moriat's privacy officer must respond in writing to these requests within 30 days from the date of receiving the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In such cases, the response must indicate the remedies available under the law and the deadline for exercising them. The privacy officer must assist the requester in understanding the refusal if necessary.

Subject to applicable legal and contractual restrictions, individuals concerned may withdraw their consent for the communication or use of the collected information.

They may also request from Fanny Moriat what personal information has been collected from them, the categories of people within Fanny Moriat who have access to it, and its retention period.

 

8. Complaint Handling Process

Receipt

Anyone wishing to file a complaint regarding the application of this policy or, more generally, the protection of their personal information by Fanny Moriat, must do so in writing by addressing the complaint to Fanny Moriat's privacy officer, using the email address provided in the following section.

The individual must provide their name, contact information, including a phone number, as well as the subject and reasons for their complaint, providing sufficient detail for it to be evaluated by Fanny Moriat. If the complaint filed is not sufficiently precise, the privacy officer may request any additional information deemed necessary to evaluate the complaint.

Processing

Fanny Moriat commits to treating all complaints received confidentially.

Within 30 days of receiving the complaint or receiving all additional information deemed necessary and required by Fanny Moriat's privacy officer to process it, the privacy officer must evaluate it and provide a reasoned written response by email to the complainant. This evaluation will determine whether Fanny Moriat's processing of personal information complies with this policy, any other policies and practices within the organization, and applicable legislation or regulations.

In cases where the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons justifying the extension of the deadline, the progress of the complaint processing, and the reasonable time required to provide a final response.

Fanny Moriat must maintain a separate record for each complaint received. Each record contains the complaint, the analysis, and supporting documentation for its evaluation, as well as the response sent to the complainant.

It is also possible to file a complaint with the Commission d'accès à l'information du Québec or any other oversight organization responsible for enforcing the law related to the subject of the complaint in matters of personal information protection.

However, Fanny Moriat encourages anyone interested to first contact its privacy officer and await the conclusion of the processing by Fanny Moriat.

9. Approval

This policy is approved by the privacy officer of Fanny Moriat, whose business contact information is as follows:

Privacy Officer:

Fanny Moriat 3980 rue de Rouen apt 3 Montreal QC H1W 1N3 Canada fannyrire@hotmail.com

For any requests, questions, or comments regarding this policy, please contact the privacy officer via email.

10. Publication and Modifications

This policy is published on the website of www.fannyrire.com by Fanny Moriat, as well as on all websites controlled and maintained by Fanny Moriat, to which this policy applies, regarding the personal information collected therein. This policy is also disseminated through any means suitable for reaching individuals concerned.

Fanny Moriat must also do the same for any modifications to this policy, which must also be subject to notice to inform individuals concerned.

*Note: Please be aware that the use of the masculine gender is for the purpose of making this policy more readable and easier to understand.

Annex A

Here is a non-exhaustive list of the types of information that Fanny Moriat may collect, their use or purpose, as well as the means by which the information is collected. This includes, but is not limited to, the following elements.

 

Please note that most of the personal information managed by Fanny Moriat pertains to employees, job applicants, and consultants. For the other categories of individuals indicated in the table below, the information provided is, in most cases, professional or business-related in nature (see Section 2 on professional contact information). It should also be noted that in the majority of cases, Fanny Moriat collects the professional title/position of individuals, the name of the organization, and/or the organization's address (see Section 2 on professional contact information).

Relationship with Fanny Moriat, Services, Programs, etc.

Type of Personal Information

End of Collection / Uses

Method of Collecting Information (Means)

 

Either of these pieces of information, when necessary:

Used for:

Can be collected:

Clients

  • name

  • phone number,

  • email,

  • banking information (when necessary),

  • language,

  • postal code.

​Establish and manage customer relationships (and establish a means of communication), Provide a service (e.g., sales),

Collect information as part of a program. Note that it may be necessary to share the information provided with the targeted program,

Respond to inquiries about the cybersecurity ecosystem or any other information request,

Register clients for events organized by Fanny Moriat,

Determine the preferred language of communication,

Ensure payment of costs related to services or programs,

Subscription to Fanny Moriat's newsletter and seminars,

Provide training.

​​

Job applicants and employees

  • name,

  • phone number,

  • email,

  • banking information,

  • social insurance number,

  • date of birth,

  • address.

  • communication management with the candidate or employee,

  • ensuring payroll system functionality.

  • via email,

  • via phone.

​​​

Consultants

  • name,

  • phone number,

  • email,

  • banking information,

  • address.

  • communication management with the consultant,

  • Invoicing.

  • via email (directly or through an attached document: Word, PDF, etc.).

​​

Service Providers

  • name,

  • phone number,

  • email,

  • banking information,

  • language.

  • management of mandates,

  • payment of invoices,

  • knowledge of languages in which they can provide services through web forms integrated into a website controlled by Fanny Moriat via email.

Members (individuals and organizations)

  • name,

  • phone number,

  • email,

  • banking information,

  • language.

  • Membership registration,

  • Future communications,

  • Invoicing,

  • registration for activities organized by Fanny Moriat,

  • surveys,

  • building Fanny Moriat's databases on member expertise,

  • knowledge of languages in which they can provide services and the preferred communication language.through web forms integrated into a website controlled by Fanny Moriat or other technological form platforms (e.g., Mailchimp, Microsoft Forms) from third parties (e.g., Eventbrite and Events.com for banking information).

Fanny Moriat Network (ecosystem actors)

  • name,

  • phone numer,

  • email,

  • Banking information (when necessary).

  • language.

  • futures communications

  • Registration for activities organized by Fanny Moriat,

  • Surveys,

  • Building databases for future communications and knowledge of network expertise,

  • Knowing the preferred communication language.

  • through web forms integrated into a website controlled by Fanny Moriat and other form platforms or technological tools (e.g., Mailchimp, Microsoft Forms)

  • from third parties (e.g., Eventbrite and Events.com for banking information).

 

Fanny Moriat Partners

  • name,

  • phone number,

  • email,

  • banking information (when necessary).

  • establishing partnerships (partnership agreement signatures),

  • collaboration.

  • via email (directly or through an attached document or other type of form).

September, 16th 2023

bottom of page