CDRQ Privacy Policy

Coopérative de développement régional du Québec (CDRQ)

Effective date : September 22, 2023

Statement of principle

The Coopérative de Développement Régional du Québec (CDRQ) is committed to respecting the confidentiality, integrity and security of the personal information it collects, processes, stores and secures in regard to your use of our services and platform. This Privacy Policy has been drawn up in compliance with the laws and regulations governing the protection of personal information. Its purpose is to define the principles and procedures that must be followed to ensure the protection of personal information, as part of the governance of the CDRQ’s activities.

1. Collection and use of Personal Information

“Personal Information” is any information about an identifiable individual, including information that can be used alone or in combination with other information to identify, contact or locate an individual. In general, Personal Information does not include business contact information, such as name, job title or professional contact information.

1.1. Limited and relevant collection

The CDRQ will only gather Personal Information that is necessary to carry out its legitimate mandates and objectives.

The Personal Information we collect may include, but is not limited to:

• Your contact information, such as your name, civic address, email address or telephone number, in order to identify you and correspond with you;
• Information about your use of our services, such as the type of service and its date of use;
• Marketing information and communication preferences, as well as your comments;
• Any other Personal Information you have provided us.

It is important to note that the CDRQ does not collect, process and/or store your financial information, such as banking or credit card information.

1.2. Consent

The CDRQ will obtain individuals’ informed consent before collecting their Personal Information, unless required by law (for example, to comply with our legal obligations, when necessary to establish, exercise or defend a legal action or judicial procedure).

1.3. Purpose of collection

Personal Information will be collected only for the specific purposes for which consent has been obtained, and will not be used for any other reason without the prior consent of the person concerned, which may include:

• Establishing and managing our business relationship with you;
• Providing and maintaining the requested services;
• Responding to your requests for information;
• Enabling business development and marketing activities, notably by informing our current and future users of our new offers, with their prior consent.

If you have agreed to receive such information, the CDRQ may send you newsletters and electronic messages (email, news items, updates and/or other written communications) about the CDRQ’s services and/or its partners’ products and/or services.

Depending on the circumstances, the CDRQ may also aggregate and anonymize your Personal Information to:

• Create statistical data that may, in turn, be used for secondary purposes (such as market research and studies on participatory financing);
• Examine trends;
• Develop knowledge about participatory financing and entrepreneurship;
• Respond to statistical requests from some of our partners;
• Develop machine-learning algorithms.

This statistical data does not include any Personal Information.

1.4. Access to Personal Information

Individuals have the right to access their Personal Information stored by the CDRQ and to request corrections, if so required.

According to the legislation in effect, your rights include the following:

• Right to be forgotten;
• Right to access or correct your Personal Information;
• Right to withdraw your consent (if applicable);
• Right to de-indexation;
• Right to data portability (i.e., the right to receive a copy of all the Personal Information that the CDRQ holds about you in a structured, commonly used and readable format).

To exercise any of these rights (insomuch as they are available), please contact the Privacy Officer.

In the course of their work, our employees may need to access your Personal Information (e.g. when you contact us or request assistance). Their access is limited to what is necessary to carry out their duties.

2. Retention and security of Personal Information

2.1. Limited retention

Personal Information will be retained only as long as necessary to fulfil the purposes for which it was collected. It will be securely destroyed or anonymized once those purposes have been fulfilled.

It should be noted that, given its mandate of supporting the development and growth of social economy enterprises, the CDRQ works with many partners in its ecosystem. Therefore, the contact information of directors, members and other partners must be kept for as long as there is an existing business connection with them.

2.2. Data security

The CDRQ has implemented appropriate security measures to protect Personal Information from unauthorized access, disclosure, alteration or destruction.

The CDRQ also endeavours to establish contractual agreements with these agents and service providers with a view to guaranteeing the confidentiality and security of your Personal Information. This may include the implementation of robust and effective security measures. In addition, the CDRQ undertakes to ensure that your Personal Information is adequately protected by technical, organizational or other appropriate legal means.

3. Communication of Personal Information

3.1. Limited disclosure

The CDRQ will only disclose Personal Information to persons or entities so authorized by law or once it has obtained the prior consent of the individuals to whom the Personal Information belongs.

Under no circumstances will the CDRQ sell or disclose your Personal Information to third parties without your consent, unless so required by law or unless a confidentiality agreement binds us to a service provider (for example, for mailings).

4. Liability and training

4.1. Liability

A Privacy Officer has been tasked with ensuring the CDRQ’s compliance with the Act Respecting the Protection of Personal Information in the Private Sector.

4.2. Training

The CDRQ provides its staff with regular training on the practices that ensure the protection of Personal Information.

5. Complaints and monitoring

5.1. Complaints

Anyone has the right to file a complaint regarding the collection, use or disclosure of their own Personal Information by the CDRQ via its website. Complaints will be handled appropriately, as per our complaints management procedure.

5.2. Monitoring

The CDRQ will conduct regular audits to ensure compliance with its privacy practices.

This Privacy Policy will be revised periodically to reflect changes in legislation or internal practices. CDRQ employees, members and partners are required to comply with the Policy.

______________________________

Bruno Éthier, Eng.

Director of Digital Transformation,

CDRQ Privacy Officer

Last updated on: September 29, 2023