Privacy policy
Setting the scene
The Réseau Alternatif et Communautaire des ORganismes en santé mentale de l’île de Montréal (hereinafter RACOR) recognizes the importance of each individual’s privacy and is committed to respecting applicable data protection legislation by maintaining the confidentiality, security and accuracy of the personal information it collects and manages.
This Privacy Policy (the “Policy”) applies to all personal information collected, held, used or disclosed to third parties by RACOR.
The types of personal information that RACOR collects and processes vary according to the situation and profile of the individual: donors, members, partners, volunteers, subscribers to our newsletters and social networks, website users, employees, job applicants, participants in events, campaigns and training courses, and so on.
Scope of the policy
The scope of this policy is intended to cover the entire life cycle of personal information, from collection to destruction. It concerns all employees and stakeholders involved in the collection, processing, retention, destruction and anonymization of personal information in accordance with legal requirements and good privacy practices.
Definition
The Personal information, regardless of the medium on which it is stored or the form in which it is made available (written, graphic, sound, visual, computerized or other), is any information about a natural person that directly or indirectly allows that person to be identified.
For example, personal information includes name, gender, postal or e-mail address, telephone number, date of birth, driver’s license details, social insurance number or other financial information, donation amounts and dates, volunteer information, and so on.
Purpose of collection
In carrying out its mission, RACOR collects personal information for the following purposes:
- Meeting our legal and regulatory obligations
- Provide information on the actions and services developed by RACOR
- Provide updates on RACOR news and events, including personalized newsletters and e-mails
- Fund and promote RACOR services and events
- Recruiting employees and volunteers
- Inform members and partners about RACOR events and other engagement opportunities such as surveys, campaigns, petitions or open letters;
- Communicating with members, partners, volunteers, newsletter and social network subscribers, employees
Consent
It is possible to consent to the collection, use and disclosure of your personal information in various ways. In principle, consent must be manifest, free, informed and given for specific purposes. The duration of consent may not exceed the period required to achieve the purposes for which it was requested.
In the event of use or disclosure of personal information for purposes other than those specified in this Policy, RACOR is obliged to obtain prior consent, unless the disclosure is authorized or required by law.
Consent may be limited in time and may be withdrawn at any time under the conditions set out below in article 2.02 of this policy.
Means used
RACOR may collect information in person, by mail, by telephone, by survey and through our website. https://racorsm.org/
Personal information is collected directly from the individual when he or she registers for one of our events and/or newsletters, communicates with the organization, submits a job application or a request to become a member or volunteer.
Limit of use
RACOR is responsible for ensuring that all information is used for the purposes indicated above and is limited in quantity and type to that which is strictly necessary.
Personal information may be shared (in addition to our employees and volunteers), if necessary, with third-party service providers and/or partners. These third parties help support RACOR’s mission by providing products and services to the organization.
Certain suppliers and partners may access or process personal information in the course of providing services to RACOR. The information to which they have access is limited to that which is strictly necessary to enable them to perform their duties. As part of their commitments and responsibilities with RACOR, they take appropriate measures to ensure the confidentiality and protection of such information.
Personal information may also be disclosed to governmental, regulatory or law enforcement agencies when RACOR is required to disclose such information or if the agency believes in good faith that such disclosure is necessary to comply with applicable laws.
Personal information is normally retained only as long as necessary for the fulfillment of the purposes specified in this Policy and as required by law.
PERSONAL INFORMATION MANAGEMENT
Safety principle
Information security is an integral part of the confidentiality of personal information. For this reason, RACOR makes every effort to take security measures to ensure the protection of personal information in accordance with applicable privacy legislation.
RACOR maintains reasonable and appropriate security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
Protection methods include physical, organizational and technical measures that are regularly assessed and updated.
Retention of information
Personal information is normally retained only as long as necessary for the fulfillment of the purposes identified in this Policy and as required by law.
Individuals may withdraw their consent to the disclosure and use of their personal information at any time. A written request should be addressed to RACOR’s Privacy Officer (contact information is provided at the end of this policy).
Destruction of information
When no longer required, personal information is securely destroyed in accordance with the Act.
Personal information on paper is shredded. Digital information is removed from devices (computers, phones, tablets, external hard drives), servers and cloud tools.
Authorized person
Employees are authorized to access confidential information to the extent that such access is necessary to perform a task in the course of their duties.
Person in charge
RACOR’s General Manager is responsible for the protection of personal information. He or she ensures compliance with the law and the protection of information held by the organization.
General management also keeps a register of confidentiality incidents.
Marc Lopez, General Manager, direction@racorsm.org or 514-847-0787.
ACCESS TO PERSONAL INFORMATION
Accessibility
Subject to the exceptions set out in Division IV of the Act respecting the protection of personal information in the private sector, an individual has the right to request a copy of information concerning him or her, and if personal information concerning him or her is inaccurate, incomplete or equivocal, he or she may request that it be corrected.
Transparency
Upon request, RACOR provides information on its personal information practices. The organization also takes steps to ensure that its employees and volunteers are aware of the issues surrounding the protection of personal information, and are able to respond to inquiries about information-handling practices and communicate complaints to the Privacy Officer.
Disclosure to a third party
Other than in situations where required by law and subject to the other provisions of this article 3, confidential information may only be disclosed to a third party after obtaining the consent of the person concerned. Such consent may only be given for a specific purpose and for the time necessary to achieve that purpose.
Confidential information may be disclosed without the consent of the person concerned if his or her life, health or safety is seriously threatened. In such cases, disclosure must be made in the manner least harmful to the person concerned.
Procedure for accessing personal information
Any person whose personal information is collected by RACOR has the right to know what information is held by the organization. He or she may request access to such information and, if necessary, demand rectification of its content.
To obtain access to his or her personal information, the person concerned or an interested party must address a written request to RACOR’s Privacy Officer (contact information can be found in section 2.05 of this Policy).
Processing time
Disclosure must then be made in the manner least harmful to the person concerned. RACOR will normally respond to requests for access, rectification or withdrawal of consent within 30 days and in accordance with the time limits prescribed by the Act respecting the protection of personal information in the private sector.
All necessary assistance will be reasonably provided to data subjects or interested persons who wish to access or rectify their personal information, including clarifying exactly what they are looking for.
Written notification is provided if the personal information requested is not in the custody of RACOR or RACOR must deny the individual access to his or her personal information for legal, regulatory or other reasons.
RECOURS
Within the organization
If an individual’s confidential information is found to have been used in a manner contrary to any provision of this policy, that individual may file a complaint with RACOR’s Executive Management, or with the Board of Directors if the complaint concerns Executive Management.
Failure of the organization
As provided by law, if you are not satisfied with the way RACOR has handled your request for access or rectification of personal information, particularly in the case of no response or an unsatisfactory response, you may submit a request to the Commission d’Accès à l’Information for a review of the disagreement.
Contact us at
If you have any questions about this RACOR Personal Information Policy, or if you wish to make corrections, access your personal information, or withdraw your consent, please contact :
Marc Lopez
General Manager
RACOR Privacy Officer
