Confidentiality and privacy policy
Approved by the Board of Directors on November 9, 2023
Foreword
This policy deals with the management and protection of information deemed confidential within the Halte–garderie La Pirouette. In particular, it deals with information concerning its members in good standing, members of the Board of Directors, staff members and volunteers.
It applies to relations between all persons, whether administrators, donors, staff members, volunteers, members, partners or any other person working or present on the various premises of the Halte-garderie La Pirouette.
- To ensure the privacy of individuals and the security of personal information held by Halte-garderie La Pirouette, both physically and electronically;
- To establish guidelines for the exchange of information both inside and outside the organization’s premises.
Context
In a context where new provisions are coming into force to govern the protection of personal information and privacy (Bill 25), Halte–garderie La Pirouette wishes to revise its confidentiality and protection of personal information policy with a view to keeping up to date and protecting the privacy and integrity of everyone connected with its organization.
1. Definitions
Personnal information: Any information relating to a natural person that allows, directly or indirectly, that person to be identified.
Confidentiality: The act of limiting or prohibiting others from having access to private information obtained in the performance of the organization’s duties.
2. Commitments of the Halte-garderie La Pirouette
La Halte-garderie La Pirouette is committed to the principles of:
Consent – We will only collect your personal information if you give us permission to do so via a consent form.
Responsability – Assume responsibility for the path of the information you provide and undertake to handle it using methods that will protect its confidentiality.
Openness – Commits to acting transparently in the management of your personal information by informing you of its policy, having you sign a consent form and undertaking to notify you in the event of a privacy incident.
In concrete terms, La Halte-garderie La Pirouette undertakes to :
- Ensure the security and confidentiality of information obtained;
- Implement mechanisms to protect confidential information;
- Ensure that complaints are handled confidentially;
- Collect only necessary or useful data;
- Apply the confidentiality policy in accordance with its values.
3. Standards of discretion
Any person who, within the Halte-garderie La Pirouette, has exchanges that are not related to the performance of his or her duties must act with discretion. As such, they must :
- Respect the privacy of others;
- Not divulge confidential information obtained within the organization;
- Guard the sensitive information of those who confide in them;
- Act in accordance with the organization’s values.
4. Confidentiality standards
Any person within the Halte-garderie La Pirouette who obtains confidential information in the course of his or her duties is required to respect the confidentiality of such information.
An exception is made in certain cases where it is essential for the persons employed to be able to exchange certain information for better intervention. In such cases, the persons concerned must also maintain the confidentiality of the information exchanged.
5. Information exchange standards, record keeping and security measures
5.1. Exchanging information outside the Halte-garderie La Pirouette
The Board of Directors, management, volunteers and employees must not discuss files, people or decisions specific to the organization with outsiders or persons not concerned.
If this is not possible, ensure that the person concerned is not identified, and that discussions take place in a place conducive to confidentiality.
If this is the case, ensure that telephone conversations dealing with confidential information are not overheard by other people.
5.2. Exchange of information within the Halte-garderie La Pirouette
The organization agrees to :
- Limit exchanges of information to employees during team meetings, and to do so in a secure area (e.g., office with closed door);
- Avoid discussing files, people or decisions outside these times. If this is not possible, make sure you do not identify the person concerned, and discuss in a place that ensures confidentiality;
- Ensure that telephone conversations dealing with confidential information are not overheard by others.
5.3. Rules governing record-keeping
The organization agrees to :
- Record only true, relevant and necessary information;
- Avoid noting personal comments, thoughts or perceptions and stick to the facts reported by the person concerned or observed by the employee him- or herself.
5.4. Security measures to limit access to information
5.4.1. Offices
- Lock the office door at the end of the day or in case of absence;
- Keep files in a safe place in compliance with the organization’s standards.
5.4.2. Filing cabinets
- Secure filing cabinets containing members’ and employees’ files, as well as those containing personal information, outside office hours or in the absence of their managers.
5.4.3. Computers and other equipment
- Lock computer screens at lunchtime or when absent;
- Change passwords (server, computer, voicemail or other) as required;
- Secure the computer system;
- Ensure website security;
- Ensure contingency plan: report confidentiality incidents to the Commission d’accès à l’information du Québec.
5.4.4. Procedures for storing and destroying confidential files
In addition, Halte-garderie La Pirouette undertakes to :
- Identify an expiration date (retention period) for personal information that may become useless over time;
- Ensure that closed files are shredded by a member of the work team or the Board of Directors at the end of the retention period;
- Destroy all other confidential documents in the same way.
6. Privacy Officer
Management, Isabelle Boisvert, is responsible for the protection of personal information (RPRP). In the event of absence, the Chair of the Board of Directors will be the person in charge.
To contact the Privacy Officer: admin@lapirouette.org or call 514-527-4828.
The Privacy Officer will contact you within thirty (30) days of receipt of the e-mail or message.
The Privacy Officer is responsible for:
- Implementing and enforcing the Privacy Policy and any other policies or procedures relating to the protection of personal information;
- Maintaining an up-to-date inventory of personal information collected;
- Receive requests, comments or complaints relating to the protection of personal information and deal with them efficiently and within a reasonable time;
- Maintain an up-to-date register of privacy incidents, if any, and apply the ensuing procedures;
- Implement training on the protection of personal information for those concerned (employees, Board members, volunteers, where applicable).
7. Personal rights
7.1. Conditions of access, rectification and withdrawal
7.1.1. Access and rectification rights
Once we have properly identified you, you may request access to the personal information we hold about you, as permitted or required by law. In some cases, a written request from you may be required.
If there are any changes to be made to your personal information, it is preferable to contact us promptly in order to keep your file and our databases up to date.
7.1.2. Right of objection and withdrawal
We are committed to offering you the right to object to and withdraw your personal information:
- The right of opposition is understood to be the possibility offered to the individuals concerned to refuse that their personal information be used for certain purposes mentioned in this policy;
- The right of withdrawal is understood to be the possibility offered to the individuals concerned to request that their personal information no longer appears, for example, on a mailing list.
To exercise these rights, you may contact the person responsible for the protection of personal information directly and inform him or her of your request.
8. Terms of application
The management of the Halte-garderie La Pirouette is responsible for the implementation and application of the privacy policy.
Administrators, management, employees and volunteers are required to fill out a commitment form as soon as this policy comes into effect.
In the event of non-compliance with the confidentiality policy by management, the Board of Directors must intervene.
9. Effective date
This policy comes into effect on November 9, 2023 following its adoption by the Board of Directors. It may be modified at any time after analysis. The modification must respect the values and regulations of the Halte-garderie La Pirouette.