top of page

Personal information protection policy and confidentiality policy

  1. Context

This policy is aimed at ensuring the protection of personal information and governing how François Dumont collects, uses, discloses, retains, and disposes of, or otherwise manages, such information. Additionally, it aims to inform anyone interested in how François Dumont handles their personal information. It also pertains to the processing of personal information collected by François Dumont through technological means.

2. Application and Definitions

This policy applies to François Dumont, including its executives, employees, consultants, volunteers, as well as anyone else who provides services on behalf of François Dumont. It also extends to the François Dumont website, www.francoisdumont.online, and all websites controlled and maintained by François Dumont.

It encompasses all types of personal information managed by François Dumont, whether it pertains to its clients, potential or current, consultants, employees, members, or any other individuals (such as visitors to its websites or others).

For the purposes of this policy, personal information is information about an individual that can directly or indirectly identify them. For example, it could include a person's name, address, email address, phone number, gender, or banking information, as well as information about their health, ethnic origin, language, etc.

Sensitive personal information is information that carries a high expectation of privacy, such as health information, banking details, biometric information, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.

In general, a person's professional or business contact information does not constitute personal information. For instance, a person's name, title, work address, work email, or work phone number. More specifically, and for the sake of precision, as per the Private Sector Personal Information Protection Act in Quebec, starting from September 22, 2023, Sections 3 (collection, use, disclosure), 4 (retention and disposal), and 6 (data security) do not apply to a person's information related to their role within a company, such as their name, title, function, as well as their work address, work email, and work phone number.

These same sections also do not apply to personal information that is considered public under the law, effective immediately upon the enactment of this policy.

3. Collection, Use, and Disclosure

In the course of its activities, François Dumont may collect various types of information for different purposes. The types of information that François Dumontmay collect, their use (or intended purpose), and the means by which information is collected are detailed in Annex A of this policy.

François Dumont will also inform individuals, at the time of collecting personal information, of any other information being collected, the purposes for which it is being collected, and the means of collection, in addition to any other information required by law.

François Dumont adheres to the following general principles regarding the collection, use, and disclosure of personal information:

Consent:

Generally, François Dumont collects personal information directly from the individual with their consent, unless an exception is provided by law. Consent may be obtained implicitly in certain situations, for example, when a person decides to provide their personal information after being informed by this policy about its use and disclosure for the purposes outlined therein (see Annex A for more details). Thus, this policy and the information it contains may be consulted by the individual at the time of collecting personal information.

Normally, François Dumont must also obtain the consent of the individual before collecting their personal information from third parties, before disclosing it to third parties, or for any secondary use of it. However, François Dumont may act without consent in certain cases provided for by law and in accordance with its provisions. The main situations in which François Dumont may act without consent are outlined in the relevant sections of this policy.

Collection:

In all cases, François Dumont only collects information if it has a valid reason to do so. Additionally, the collection will be limited to the information necessary to fulfill the intended purpose.

Please note that François Dumonts services and programs are not intended for minors, and more generally, François Dumont does not intentionally obtain personal information about minors (in such cases, information cannot be collected from them without the consent of a parent or guardian).

Collection from Third Parties: François Dumont may collect personal information from third parties. Unless an exception provided by law applies, François Dumont will seek the consent of the individual before collecting their personal information from a third party. In cases where such information is not collected directly from the individual but from another organization, the individual may inquire about the source of the information collected by François Dumont

In certain situations, François Dumont may also collect personal information from third parties without the consent of the individual if it has a serious and legitimate interest to do so, and a) if the collection is in the individual's interest and it is not possible to collect it from them in a timely manner, or b) if this collection is necessary to ensure that the information is accurate.

Additionally, François Dumont may collect personal information indirectly, notably by using:

Wix has its own terms and privacy policy, which can be consulted for more information.

Mailchimp has its own terms and privacy policy, which can be consulted for more information.

Eventbrite has its own terms and privacy policy, which can be consulted for more information.

This collection through third parties may be necessary to access certain services or programs or to otherwise do business with François Dumont. When required, François Dumont will obtain the individual's consent at the appropriate time.

Retention and Use:

François Dumont ensures that the information it holds is up-to-date and accurate at the time of its use in making a decision concerning the individual in question.

François Dumont may only use a person's personal information for the reasons stated herein or for any other reasons provided during collection. Whenever François Dumont wishes to use this information for another purpose or reason, new consent must be obtained from the individual concerned, which must be obtained expressly if it involves sensitive personal information. However, in certain cases stipulated by law, François Dumont may use the information for secondary purposes without the person's consent, e.g., when such use is clearly to the benefit of the person; when it is necessary to prevent or detect fraud; when it is necessary to assess or improve protection and security measures.

Limited Access: François Dumont must implement measures to restrict access to personal information only to employees and individuals within its organization who are authorized to access it and for whom this information is necessary in the performance of their duties. François Dumont will seek the individual's consent before granting access to any other person.

Disclosure:

Generally, and unless an exception is indicated in this policy or otherwise provided by law, François Dumont will obtain the consent of the individual concerned before disclosing their personal information to a third party. Furthermore, when consent is required and it involves sensitive personal information, François Dumontmust obtain explicit consent from the individual before disclosing the information.

However, there are situations where disclosure of personal information to third parties is necessary. Personal information may be disclosed to third parties without the consent of the individual concerned in certain cases, including but not limited to the following:

François Dumont may disclose personal information, without the consent of the individual concerned, to a public body (such as the government) that collects it in the exercise of its duties or the implementation of a program it manages.

Personal information may be transmitted to its service providers to whom it is necessary to disclose the information, without the person's consent. For example, these service providers may be event organizers, subcontractors designated by François Dumont for the execution of mandates in programs administered by François Dumont, and cloud service providers. In these cases, François Dumont must have written contracts with these providers specifying the measures they must take to ensure the confidentiality of the personal information disclosed, that the use of this information is only for the purpose of executing the contract, and that they cannot retain this information after its expiration. Furthermore, these contracts must stipulate that the providers must notify François Dumont's privacy officer (as indicated in this policy) of any violation or attempted violation of confidentiality obligations regarding the disclosed personal information and must allow this officer to conduct any related verification of confidentiality.

If necessary for the conclusion of a business transaction, François Dumont may also disclose personal information, without the consent of the individual concerned, to the other party to the transaction and subject to conditions provided by law.

Disclosure Outside Quebec: Personal information held by François Dumont may be disclosed outside of Quebec, for example, when François Dumont uses cloud service providers whose servers are located outside Quebec or when François Dumont deals with subcontractors located outside the province.

 

4. Retention and Destruction of Personal Information

Unless a minimum retention period is required by law or applicable regulations, François Dumont will retain personal information only for the duration necessary to achieve the purposes for which it was collected.

Personal information used by François Dumont to make a decision about an individual must be retained for a period of at least one year following the decision in question or even seven years after the end of the fiscal year in which the decision was made if it has tax implications, such as employment termination circumstances.

At the end of the retention period or when personal information is no longer necessary, François Dumont will ensure:

● Their destruction, or ● Their anonymization (meaning they no longer, in an irreversible manner, identify the person and it is no longer possible to establish a link between the person and the personal information) for legitimate and lawful purposes.

The destruction of information by François Dumont must be done securely to ensure the protection of this information.

This section may be supplemented by any policy or procedure adopted by François Dumont regarding the retention and destruction of personal information, if applicable. Please contact François Dumont's privacy officer (as indicated in this policy) for further information.

 

5. Responsibilities of François Dumont

In general, François Dumont is responsible for the protection of the personal information it holds.

François Dumont's privacy officer is the organization's Director of Operations. They are generally responsible for ensuring compliance with applicable legislation regarding the protection of personal information. The privacy officer must approve policies and practices governing the governance of personal information. Specifically, this individual is responsible for implementing this policy and ensuring that it is known, understood, and enforced. In the absence or inability to act of the privacy officer, François Dumont's president will assume the duties of the privacy officer.

François Dumont staff members with access to personal information or otherwise involved in its management must ensure its protection and adhere to this policy.

The roles and responsibilities of François Dumont employees throughout the life cycle of personal information may be specified by any other François Dumont policy in this regard, if applicable.

 

6. Data Security

François Dumont is committed to implementing reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium, and sensitivity of the information. This means that information classified as sensitive (see the definition in Section 2) must be subject to more extensive security measures and better protection. Specifically, and in accordance with what was previously mentioned regarding limited access to personal information, François Dumont must implement necessary measures to restrict the rights of use of its information systems so that only employees who require access are authorized to do so.

7. Access, Correction, and Withdrawal of Consent Rights

To exercise their rights of access, correction, or withdrawal of consent, the individual concerned must submit a written request for this purpose to François Dumont's privacy officer, using the email address provided in the following section.

Subject to certain legal restrictions, individuals can request access to their personal information held by François Dumont and request its correction if it is inaccurate, incomplete, or ambiguous. They can also demand the cessation of the dissemination of personal information concerning them or that any hyperlink attached to their name allowing access to this information by technological means be delisted when the dissemination of such information contravenes the law or a court order. They can do the same, or demand that the hyperlink allowing access to this information be reindexed, when certain conditions provided by law are met.

François Dumont's privacy officer must respond in writing to these requests within 30 days from the date of receiving the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In such cases, the response must indicate the remedies available under the law and the deadline for exercising them. The privacy officer must assist the requester in understanding the refusal if necessary.

Subject to applicable legal and contractual restrictions, individuals concerned may withdraw their consent for the communication or use of the collected information.

They may also request from François Dumont what personal information has been collected from them, the categories of people within François Dumont who have access to it, and its retention period.

 

8. Complaint Handling Process

Receipt

Anyone wishing to file a complaint regarding the application of this policy or, more generally, the protection of their personal information by François Dumont, must do so in writing by addressing the complaint to François Dumont's privacy officer, using the email address provided in the following section.

The individual must provide their name, contact information, including a phone number, as well as the subject and reasons for their complaint, providing sufficient detail for it to be evaluated by François Dumont. If the complaint filed is not sufficiently precise, the privacy officer may request any additional information deemed necessary to evaluate the complaint.

Processing

François Dumont commits to treating all complaints received confidentially.

Within 30 days of receiving the complaint or receiving all additional information deemed necessary and required by François Dumont's privacy officer to process it, the privacy officer must evaluate it and provide a reasoned written response by email to the complainant. This evaluation will determine whether François Dumont's processing of personal information complies with this policy, any other policies and practices within the organization, and applicable legislation or regulations.

In cases where the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons justifying the extension of the deadline, the progress of the complaint processing, and the reasonable time required to provide a final response.

François Dumont must maintain a separate record for each complaint received. Each record contains the complaint, the analysis, and supporting documentation for its evaluation, as well as the response sent to the complainant.

It is also possible to file a complaint with the Commission d'accès à l'information du Québec or any other oversight organization responsible for enforcing the law related to the subject of the complaint in matters of personal information protection.

However, François Dumont encourages anyone interested to first contact its privacy officer and await the conclusion of the processing by François Dumont.

9. Approval

This policy is approved by the privacy officer of François Dumont, whose business contact information is as follows:

Privacy Officer:

François Dumont

5382 rue Paul Pau

Montréal QC H1K 2N1 Canada

dumont-francois@videotron.ca

 

For any requests, questions, or comments regarding this policy, please contact the privacy officer via email.

10. Publication and Modifications

This policy is published on the website of www.francoisdumont.online by François Dumont, as well as on all websites controlled and maintained by François Dumont, to which this policy applies, regarding the personal information collected therein. This policy is also disseminated through any means suitable for reaching individuals concerned.

François Dumont must also do the same for any modifications to this policy, which must also be subject to notice to inform individuals concerned.

*Note: Please be aware that the use of the masculine gender is for the purpose of making this policy more readable and easier to understand.

Annex A

Here is a non-exhaustive list of the types of information that François Dumont may collect, their use or purpose, as well as the means by which the information is collected. This includes, but is not limited to, the following elements.

 

Please note that most of the personal information managed by François Dumont pertains to employees, job applicants, and consultants. For the other categories of individuals indicated in the table below, the information provided is, in most cases, professional or business-related in nature (see Section 2 on professional contact information). It should also be noted that in the majority of cases, François Dumont collects the professional title/position of individuals, the name of the organization, and/or the organization's address (see Section 2 on professional contact information).

Relationship with François Dumont, Services, Programs, etc.

Type of Personal Information

End of Collection / Uses

Method of Collecting Information (Means)

 

Either of these pieces of information, when necessary:

Used for:

Can be collected:

Clients

  • name

  • phone number,

  • email,

  • banking information (when necessary),

  • language,

  • postal code.

​Establish and manage customer relationships (and establish a means of communication), Provide a service (e.g., sales),

Collect information as part of a program. Note that it may be necessary to share the information provided with the targeted program,

Respond to inquiries about the cybersecurity ecosystem or any other information request,

Register clients for events organized by François Dumont,

Determine the preferred language of communication,

Ensure payment of costs related to services or programs,

Subscription to François Dumont's newsletter and seminars,

Provide training.

Job applicants and employees

  • name,

  • phone number,

  • email,

  • banking information,

  • social insurance number,

  • date of birth,

  • address.

  • communication management with the candidate or employee,

  • ensuring payroll system functionality.

  • via email,

  • via phone.

​​

Consultants

  • name,

  • phone number,

  • email,

  • banking information,

  • address.

  • communication management with the consultant,

  • Invoicing.

  • via email (directly or through an attached document: Word, PDF, etc.).

Service Providers

  • name,

  • phone number,

  • email,

  • banking information,

  • language.

  • management of mandates,

  • payment of invoices,

  • knowledge of languages in which they can provide services through web forms integrated into a website controlled by François Dumont via email.

Members (individuals and organizations)

  • name,

  • phone number,

  • email,

  • banking information,

  • language.

  • Membership registration,

  • Future communications,

  • Invoicing,

  • registration for activities organized by François Dumont,

  • surveys,

  • building François Dumont's databases on member expertise,

  • knowledge of languages in which they can provide services and the preferred communication language.through web forms integrated into a website controlled by François Dumont or other technological form platforms (e.g., Mailchimp, Microsoft Forms) from third parties (e.g., Eventbrite and Events.com for banking information).

François Dumont Network (ecosystem actors)

  • name,

  • phone numer,

  • email,

  • Banking information (when necessary).

  • language.

  • futures communications

  • Registration for activities organized by François Dumont,

  • Surveys,

  • Building databases for future communications and knowledge of network expertise,

  • Knowing the preferred communication language.

  • through web forms integrated into a website controlled by François Dumont and other form platforms or technological tools (e.g., Mailchimp, Microsoft Forms)

  • from third parties (e.g., Eventbrite and Events.com for banking information).

 

François Dumont Partners

  • name,

  • phone number,

  • email,

  • banking information (when necessary).

  • establishing partnerships (partnership agreement signatures),

  • collaboration.

  • via email (directly or through an attached document or other type of form).

September, 20th 2023

bottom of page