Skip to main content

Privacy Policy and Confidentiality Policy

 

1. Introduction

Welcome to the privacy policy of Solution Maxime Drouin, a company duly registered with the Quebec Business Registry under number xxx.

We are committed to protecting your personal information and want to inform you of how we collect, use, disclose, store, and, if applicable, destroy it.

This policy also aims to inform you about the management of personal information collected by Solution Maxime Drouin through technological means.

The address of our website is: https://maxime-drouin.com.

2. Scope and Definitions

This privacy policy applies to Solution Maxime Drouin, including its officers, employees, consultants, volunteers, as well as anyone providing services on behalf of Solution Maxime Drouin. It also covers Solution Maxime Drouin’s website.

This policy applies to all types of personal information managed by Solution Maxime Drouin, including information about our clients, potential or current, our consultants, our employees, our members, our service or product providers, and any other individuals, including visitors to our website.

Under the Quebec Private Sector Personal Information Protection Act, personal information is defined as any information about an individual that can directly or indirectly identify them. This may include the individual’s name, address, email address, phone number, gender, banking information, health information, ethnic origin, language, etc.

Sensitive personal information is a special category of personal information for which there is a high degree of reasonable privacy expectation. This may include health information, banking information, biometric data, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.

In general, professional or business contact information, such as name, title, work address, work email, or work phone number, is not considered personal information.

Furthermore, in accordance with Bill 25, effective September 22, 2023, sections 3 (collection, use, disclosure), 4 (retention and disposal), and 6 (data security) do not apply to an individual’s information related to the performance of their professional duties, such as their name, title, role, as well as the address, email address, and phone number of their workplace.

These sections also do not apply to personal information that has become public under the law, as of the effective date of this policy.

3. Collection, Use, and Disclosure

In the course of its activities, Solution Maxime Drouin may collect various types of information for various purposes. The types of information that Solution Maxime Drouin may collect, their use (or intended purpose), and the means by which the information is gathered are outlined in the Appendix at the bottom of this policy and in its cookie usage policy available at the link https://website.com/cookies.

Solution Maxime Drouin will also inform individuals, at the time of collecting personal information, about any other information collected, the purposes for which it is collected, and the means of collection, in addition to other information to be provided as required by law.

Solution Maxime Drouin adheres to the following general principles regarding the collection, use, and disclosure of personal information:

Consent:

In general, Solution Maxime Drouin collects personal information directly from the individual and with their consent unless an exception is provided by law. Consent can be obtained implicitly in certain situations, for example, when the individual decides to provide their personal information after being informed by this policy about the intended use and disclosure purposes (see the Appendix for more details). Therefore, this policy and the information it contains can be accessed by the individual at the time of collecting personal information.

Normally, Solution Maxime Drouin must also obtain the consent of the individual before collecting their personal information from third parties, before disclosing it to third parties, or for any secondary use of that information. However, Solution Maxime Drouin may act without consent in certain cases provided by law and as set out by it. The main situations where Solution Maxime Drouin may act without consent are outlined in the relevant sections of this policy.

Collection:

In all cases, Solution Maxime Drouin only collects information if it has a valid reason to do so. Additionally, the collection will be limited to the necessary information required to fulfill the intended purpose. Please note that Solution Maxime Drouin’s services and programs are not intended for minors, and, in general, Solution Maxime Drouin does not intentionally obtain personal information about minors (in such cases, information cannot be collected from them without the consent of a parent or guardian).

Collection from Third Parties:

Solution Maxime Drouin may collect personal information from third parties. Unless an exception provided by law applies, Solution Maxime Drouin will seek the consent of the individuals before collecting their personal information from a third party. In cases where such information is not collected directly from the individual but from another organization, the individual may request the source of the information collected from Solution Maxime Drouin.

In some situations, Solution Maxime Drouin may also collect personal information from third parties without the consent of the individual if it has a legitimate and significant interest to do so and (a) if the collection is in the interest of the individual, and it is not possible to collect it from them in a timely manner, or (b) if the collection is necessary to ensure the accuracy of the information.

Retention and Use:

Solution Maxime Drouin ensures that the information it holds is up-to-date and accurate at the time of its use for decisions about the individuals concerned.

Solution Maxime Drouin may only use an individual’s personal information for the purposes set out in this policy or for any other purposes provided at the time of collection. When Solution Maxime Drouin wishes to use this information for another purpose or reason, new consent must be obtained from the individual, and explicit consent must be obtained if it is sensitive personal information. However, in certain cases provided by law, Solution Maxime Drouin may use the information for secondary purposes without the individual’s consent, for example:

  • When this use is clearly in the individual’s benefit;
    When it is necessary to prevent or detect fraud;
    When it is necessary to assess or enhance protection and security measures.

Limited Access: Solution Maxime Drouin must implement measures to restrict access to personal information only to employees and individuals within its organization who have the authority to access it and for whom the information is necessary in the performance of their duties. Solution Maxime Drouin will seek the consent of the individual before granting access to anyone else.

Disclosure:

Generally, and unless an exception is indicated in this policy or otherwise provided by law, Solution Maxime Drouin will obtain the consent of the individual before disclosing their personal information to a third party. Moreover, when consent is required, and when it is sensitive personal information, Solution Maxime Drouin must obtain the explicit consent of the individual before disclosing the information.

However, disclosure of personal information to third parties is sometimes necessary. Thus, personal information may be disclosed to third parties without the individual’s consent in certain cases, including, but not limited to, the following:

– Solution Maxime Drouin may disclose personal information, without the consent of the individual, to a public agency (such as the government) that collects it in the exercise of its powers or the implementation of a program under its management.

– Personal information may be transmitted to service providers who need to receive the information without the individual’s consent. For example, these service providers may be event organizers, subcontractors designated by Solution Maxime Drouin to carry out mandates in programs administered by Solution Maxime Drouin, and cloud service providers. In these cases, Solution Maxime Drouin must have written contracts with these providers indicating the measures they must take to ensure the confidentiality of the personal information disclosed, that the use of this information is only for the execution of the contract, and that they cannot retain this information after its expiration. In addition, these contracts must stipulate that the providers must notify Solution Maxime Drouin ‘s responsible for personal information protection (indicated in this policy) of any breach or attempted breach of confidentiality obligations regarding the disclosed personal information and must allow this responsible to conduct any related verification.

– If it is necessary for the conclusion of a commercial transaction, Solution Maxime Drouin may also disclose personal information, without the consent of the individual, to the other party to the transaction and subject to the conditions provided by law.

Disclosure Outside Quebec:

Personal information held by Solution Maxime Drouin may be disclosed outside Quebec, for example, when Solution Maxime Drouin uses cloud service providers whose servers are located outside Quebec or when Solution Maxime Drouin deals with subcontractors located outside the province.

Additional Information on Technologies Used:

Use of Cookies

Cookies are data files transmitted to a visitor’s computer by their web browser when they visit a website and can serve various purposes. They are commonly referred to as cookies. Solution Maxime Drouin’s website uses cookies, and all information about these files is described in the cookie usage policy available at this address: https://siteweb.com/cookies.

Other Technological Means Used:

Solution Maxime Drouin also collects personal information through technological means such as web forms integrated into its website (e.g., its contact form, newsletter registration form, etc.), online questionnaires on its platforms and applications, and other form platforms or tools. If Solution Maxime Drouin collects personal information by offering a technological product or service with privacy settings, Solution Maxime Drouin must ensure that these settings provide the highest level of privacy by default (cookies are not covered).

4. Retention and Destruction of Personal Information

Unless a minimum retention period is required by applicable law or regulations, Solution Maxime Drouin will retain personal information only for the period necessary to fulfill the purposes for which it was collected.

Personal information used by Solution Maxime Drouin to make a decision regarding an individual must be retained for a period of at least one year following the decision in question, or even for seven years after the end of the fiscal year in which the decision was made if it has tax implications, such as employment terminations.

At the end of the retention period or when personal information is no longer needed, Solution Maxime Drouin will ensure:

  • Either to destroy it, or
  • Anonymize it (i.e., it no longer allows, in an irreversible manner, the identification of the individual, and it is no longer possible to establish a link between the individual and the personal information) for legitimate and significant purposes.

The destruction of information by Solution Maxime Drouin must be carried out securely to ensure the protection of this information.

This section may be supplemented by any policy or procedure adopted by Solution Maxime Drouin regarding the retention and destruction of personal information, if applicable. Please contact Solution Maxime Drouin’s responsible for personal information protection (as indicated in this policy) for further information.

5. Responsibilities of Solution Maxime Drouin

In general, Solution Maxime Drouin is responsible for the protection of the personal information it holds.

The person responsible for the protection of personal information at Solution Maxime Drouin is the Director of Operations of the organization. He or she must, in general, ensure compliance with the applicable legislation concerning the protection of personal information. The responsible person must approve policies and practices governing the governance of personal information. Specifically, this individual is responsible for implementing this policy and ensuring that it is known, understood, and applied. In the absence or inability to act of this responsible person, the President of Solution Maxime Drouin will assume the functions of the person responsible for the protection of personal information.

Members of the Solution Maxime Drouin staff who have access to personal information or are otherwise involved in its management must ensure its protection and adhere to this policy.

The roles and responsibilities of Solution Maxime Drouin employees throughout the lifecycle of personal information may be specified by any other Solution Maxime Drouin policy in this regard, if applicable.

6. Data Security

Solution Maxime Drouin is committed to implementing reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium, and sensitivity of the information. This means that information that can be classified as sensitive (see the definition provided in section 2) will require more significant security measures and better protection. In particular, and in accordance with what has been mentioned previously regarding limited access to personal information, Solution Maxime Drouin must implement necessary measures to impose restrictions on the rights of use of its information systems so that only employees who need access are authorized to do so.

7. Rights of Access, Rectification, and Withdrawal of Consent

To exercise their rights of access, rectification, or withdrawal of consent, the data subject must submit a written request to the responsible party for the protection of personal information at Solution Maxime Drouin. This can be done by completing the dedicated form provided in this policy, which is available in the Annex.

Subject to certain legal restrictions, data subjects may request access to their personal information held by Solution Maxime Drouin and request corrections if the information is inaccurate, incomplete, or ambiguous. They may also demand the cessation of the dissemination of personal information that concerns them or that any hyperlink associated with their name that allows access to this information through technological means be delisted when the dissemination of this information violates the law or a court order. Similar requests can be made, or they may demand that the hyperlink allowing access to this information be relisted when certain conditions stipulated by the law are met.

The responsible party for the protection of personal information at Solution Maxime Drouin must respond in writing to these requests within 30 days of receiving the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In such cases, the response must indicate the legal remedies available and the time frame for exercising them. The responsible party must assist the requester in understanding the refusal if necessary.

Subject to applicable legal and contractual restrictions, data subjects can withdraw their consent to the communication or use of the information collected. They can also request that Solution Maxime Drouin disclose what personal information has been collected from them, the categories of individuals within Solution Maxime Drouin who have access to it, and the duration of its retention.

8. Complaint Handling Process

Receipt

  • Anyone wishing to file a complaint regarding the application of this policy or, more generally, the protection of their personal information by Solution Maxime Drouin must submit their complaint in writing to the Data Protection Officer of Solution Maxime Drouin. To do so, they may use the provided form, available in this policy as an Annex.
  • The individual should provide their name, contact information for follow-up, including a phone number, and clearly state the subject of their complaint along with the reasons for it. The complaint should contain sufficient details to allow for its evaluation by Solution Maxime Drouin. If the complaint is not sufficiently precise, the Data Protection Officer may request any additional information deemed necessary for evaluating the complaint.

Processing

  • Solution Maxime Drouin is committed to handling all complaints in a confidential manner.
    Within 30 days of receiving the complaint or, if necessary, within 30 days of receiving all additional information required by the Data Protection Officer of Solution Maxime Drouin to process the complaint, the Data Protection Officer must assess the complaint and send a written, reasoned response to the complainant, typically by email. This assessment aims to determine whether Solution Maxime Drouin’s handling of personal information complies with this policy, other policies and practices within the organization, as well as applicable legislation or regulations.
  • If the processing of the complaint cannot be completed within this timeframe, the complainant should be informed of the reasons for the extension, the status of the complaint processing, and a reasonable timeframe needed to provide a definitive response.
  • Solution Maxime Drouin must create a separate file for each complaint received. Each file should contain the complaint, the analysis, and supporting documentation, as well as the response sent to the complainant.
  • It is possible to file a complaint with the Access to Information Commission of Quebec or any other regulatory body responsible for the enforcement of the law relevant to the subject of the complaint.
    However, Solution Maxime Drouin encourages all concerned individuals to first contact their Data Protection Officer and wait for the completion of the processing by Solution Maxime Drouin before seeking the intervention of a regulatory body.

9. Approval

This policy is approved by the Data Protection Officer of Solution Maxime Drouin, whose business contact information is as follows:

Data Protection Officer:

  • Maxime Drouin
    Solution Maxime Drouin
    1175 Rue Lomer Gouin,
    Québec QC G1N 1T3

    Courriel : contact@maxime-drouin.com
    Numéro de téléphone : (418) 687-4711

For any requests, questions, or comments regarding this policy, please contact the Data Protection Officer via email.

10. Publication and Amendments

This policy is published on the Solution Maxime Drouin website, as well as on all websites controlled and maintained by Solution Maxime Drouin, to which this policy applies, in relation to the personal information collected there. This policy is also disseminated through any means suitable for reaching the individuals concerned.

Solution Maxime Drouin must do the same for any amendments to this policy, which must also be the subject of a notice to inform the individuals concerned.

*Note: Please be aware that the use of the masculine gender is for the purpose of simplifying this policy and making it easier to read.

Version History

Version

Effective Date

Changes Since Last Version

1.0

September 20, 2023

None, Initial Version.

Appendix

Below is a non-exhaustive list of data categories that Solution Maxime Drouin may collect, along with the purposes of this collection and the methods of collecting this information. This list includes, but is not limited to, the following elements.

Please note that most of the personal data managed by Solution Maxime Drouin concerns employees, job applicants, and consultants. Regarding other categories of individuals mentioned in the table below, the data collected is primarily of a professional or business nature (see section 2 on professional contact information). It should be noted that in most cases, Solution Maxime Drouin also collects the job title or professional function of individuals, the name of the organization, and/or the organization’s address (see section 2 on professional contact information).

Recipients and collected data

Customers or Visitors

  • Name
  • Phone number
  • Email address
  • Mailing address
  • Shipping address
  • Banking data (if necessary, offline)
  • Language
  • IP address
  • Browser type or user agent

Use

  • Establish and manage customer relationships (and obtain a means of communication)
  • Knowledge of the preferred language for communication
  • Provision of services/products online and offline
  • Collect information within a program
  • Respond to information requests
  • Payment of costs related to services or programs
  • Customer registration for events organized by Solution Maxime Drouin
  • Subscription to Solution Maxime Drouin’s newsletter, seminars, or training
  • Provision of training (webinars, business opportunities, etc.)
  • Management of comments on a blog post or product. Data entered in the comment form, as well as the IP address and browser user agent, are collected to help us detect unwanted comments.

Methods of Collection

  • Via web forms integrated into the website managed by Solution Maxime Drouin, spaces for leaving comments, online questionnaires accessible on its platforms and applications, as well as other technological data collection platforms or tools.
  • By email (directly or through an attached document or other form)
  • Through the purchase of products, activities, or services online in the e-commerce store
  • From third parties (e.g., PayPal, donation collection, social networks such as Facebook, online sales with WooCommerce (the website does not store your banking data)

Recipient and collected data

Job Applicants and Employees

  • Name
  • Phone number
  • Email address
  • Banking data
  • Social insurance number
  • Date of birth
  • Address

Usage

  • Management of communications with job applicants or employees
  • Ensure the operation of the payroll system

Methods of Collection

  • Via web forms integrated into the website managed by Solution Maxime Drouin, spaces for leaving comments, online questionnaires accessible on its platforms and applications, as well as other technological data collection platforms or tools.
  • By email (directly or through an attached document or other form)

Recipient and collected data

Service Providers

  • Name
  • Phone number
  • Email address
  • Banking data
  • Knowledge of languages in which they can provide services
  • Language

Usage

  • Management of mandates
  • Payment of invoices

Methods of Collection

  • By email (directly or through an attached document or other form)
  • From third parties (e.g., PayPal, donation collection, social networks such as Facebook, online sales with WooCommerce (the website does not retain your banking data)

Other Choices Possible

Consultants:

Name
Phone number
Mailing address
Email address
Banking information

Uses:

  • Managing communications with consultants
  • Invoicing

Service Providers:

Name
Phone number
Email address
Banking information
Knowledge of languages in which they can provide services
Language

Uses:

  • Managing mandates
  • Payment of bills

Members (individuals and organizations):

Name
Phone number
Email address
Banking information
Language

Uses:

  • Membership registration
  • Future communications
  • Registration for activities organized by Solution Maxime Drouin and for cybersecurity expertise portals
  • Knowledge of languages in which they can provide services and their preferred language for communication

Additional Information and Suggestions

Comments on the Website

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to check if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture will be visible to the public next to your comment.

Media

If you upload images to the website, we recommend avoiding uploading images with GPS location data in EXIF. Visitors to the website can download and extract location data from these images.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the same way as if the visitor had visited that other website.

These websites may collect data about you, use cookies, embed third-party tracking tools, and track your interactions with such embedded content if you have an account connected to their website.

Use and Transmission of Your Personal Data

If you request a password reset, your IP address will be included in the reset email.

Data Storage Durations

If you leave a comment, the comment and its metadata are stored indefinitely. This allows us to automatically recognize and approve any subsequent comments instead of holding them in a moderation queue.

For accounts that register on our website (if any), we also store the personal data provided in their profile. All users can see, edit, or delete their personal information at any time (except for their username). Site managers can also see and modify this information.

Where Your Data is Sent

Visitor comments may be checked through an automated spam detection service.

Privacy Suite for WordPress

This website uses the Privacy Suite for WordPress by Complianz to collect and record consent based on the browser and device. For this feature, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, please refer to the Complianz Privacy Statement.

LiteSpeed Cache System

This site uses caching to facilitate faster response times and a better user experience. Caching potentially stores a copy of every web page displayed on this site. All cache files are temporary and are never accessible to third parties unless required for technical support from the cache extension provider. Cache files expire based on a schedule set by the site administrator but can be easily purged by the administrator before their natural expiration, if necessary. Please see https://quic.cloud/privacy-policy/ for more details.

Solution Maxime Drouin