Privacy Policy

1. General information

1.1 Introduction

Protecting your privacy is important to Tourisme Cantons-de-l’Est (hereinafter “the Organization,” “we”, “our”). We have therefore adopted measures and sound management practices to protect and manage your personal information in accordance with applicable law.

This privacy policy (the “Policy”), which should be read in conjunction with our Website Terms of Use and any applicable Service Agreements between us and third parties describes our practices with respect to the collection, use, processing, disclosure and retention of the Personal Information of our customers, visitors and users.

By using our website cantonsdelest.com|easterntownships.org (the “Website”) or any of our Services, you agree that we may collect, use, process, disclose and retain your Personal Information in accordance with the terms described herein. If you do not agree to be bound and abide by this Policy, you are not permitted to visit, access or use our Website or Services or share your Personal Information with us.

This Policy does not apply to Personal Information of the Organization’s employees, representatives or consultants, or to any other person affiliated with the Organization, nor does it apply to any information that does not constitute Personal Information as defined by applicable law.

1.2 Privacy Officer

Questions, comments and complaints regarding the Organization’s Privacy Policy and practices may be addressed to our Privacy Officer at the following address:

Email: rprp@atrce.com
Address: 20 Rue Don-Bosco Sud, Sherbrooke, QC J1L 1W4, Canada

2. Definitions

The following words and expressions, when they appear with a first capital letter in the Policy, shall have the meaning ascribed below, unless otherwise implied or explicitly stated in the text.

“Service Provider” means any natural or legal person who processes data on behalf of the Organization. These are third-party companies or individuals employed by the Organization to facilitate the Services, provide the Services on behalf of the Organization, perform services related to the Services or to assist the Organization in analyzing how the use of Services.

“Personal Information” means any information which relates to a natural person and directly or indirectly allows that person to be identified., i.e., that directly or indirectly reveals something about the identity, characteristics (e.g., the abilities, preferences, psychological tendencies, predispositions, mental capacities, character or behaviour of the person concerned) or activities of that person, regardless of the medium or the form in which the information is accessible (written, graphic, audio, visual, digitized or other).

“Sensitive Personal Information” means personal Information which, by virtue of its nature or the context in which it is used or disclosed, is subject to a high reasonable expectation of privacy. It may include medical, biometric, genetic or financial information, for instance, or information about a person’s life or sexual orientation, religious or philosophical beliefs, trade union membership or ethnic origin.

“Privacy Officer” means the person who is responsible for the application of this Policy and whose contact information is listed in section 1.2 of this Policy.

“Services” means the Website and all related services provided by the Organization, including professional services and, where applicable, related media, print materials and online or electronic documentation.

3. Processing of Personal Information

3.1 Collection of Personal Information

Your consent to share your personal information with us

Respecting your privacy and the confidentiality of your data is of the utmost importance to the Organization. Consequently, we developed this privacy policy to set out what information we collect, how it is processed, and when we need to share it with subcontractors or third parties.

By giving your consent, you authorize the Organization to collect and process your personal information necessary to provide you with our services. Bear in mind that you remain in control of your personal information at all times and that your consent for us to collect and process your personal information may be withdrawn at any time. Rest assured that we will respect your choice in accordance with our legal obligations.

It is important, moreover, to read this Policy in conjunction with our Website Terms of Use.

During our operations, we may collect, process and use different types of Personal Information that you give us, solely as permitted by law, including the information listed below.

Via our website:

• contact information, such as your first and last name, your email or postal address, your telephone number, your favourite tourist points of interest, and the name of your company, in order to subscribe to our newsletter, enter a competition, order materials or to request tourist information;

• information collected automatically when you use the Website and our Services, including:
  • connection data and other information about your activity on the Website, such as your IP address, the pages you visited, the date and time of your visits, the browser you use, your device’s operating system, and other hardware and software information;
  • geolocation data, such as your IP address, a precise or approximate location based on your IP address or your mobile device’s GPS (depending on your device’s settings).

In the performance of tasks you entrust us with:

• contact information, such as your first and last name, email address, telephone number, address, and business number in order to create a customer account;
• information related to products or services, such as information about the services we have provided to you;
• information that you choose to provide or transmit, such as when you fill out a form, respond to surveys or contact one of our employees or representatives.

In every case, this personal information is processed in keeping with the legitimate and necessary purposes listed in section 3.2 below. In addition, we ensure that we collect and process only data and Personal Information that is strictly necessary for the purposes for which you share it with us. In the event of any subsequent use of your Personal Information, we will notify you as required by law.

3.2 Using Personal Information

As per paragraph 3.1, we only use your Personal Information if permitted to do so by law. We may use your Personal Information for the following legitimate purposes:

• to provide you with Services;
• to allow you to subscribe to our newsletter;
• to operate, maintain, oversee, develop, improve and provide all functionalities of our Website;
• to manage risk and operations;
• to comply with our obligations under applicable laws and regulations;
• to develop new Services and/or improve our Website and our Services;
• for marketing and business development purposes, if you have previously consented to the processing of your personal information for these purposes;
• to send you messages, updates and security alerts;
• to answer your questions and assist you if needed;
• to run a competition, promotion, survey or other feature of the Website or our Services;
• to gather opinions and comments related to our Services;
• to conduct research and analysis related to our company and our Services;
• to detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities;
• to establish, exercise or defend a right or legal claim;
• to send you communication materials, in accordance with the law;
• for any other purpose permitted or required by law.

Please be advised that we do not use the information we collect to draw any inferences or interpretations whatsoever.

The Personal Information we collect and store is encrypted and securely archived on Linode-Akamai’s servers located in Toronto, Ontario, Canada. Rest assured that this Personal Information is disclosed only when legally required.

3.3 Disclosure of Personal Information

We may disclose your Personal Information to our employees, contractors, consultants, agents, Service Providers and other trusted third parties who require such information to assist us in operating our Website, conducting and protecting our business or serving you, provided that such Service Providers have previously agreed, in writing, to keep your Personal Information confidential in accordance with applicable law and our Information Governance program. In addition, only those employees of our organization who need to access and process your Personal Information will have access to it, in accordance with our internal Privacy Policy.

We do not sell, trade or otherwise share your personal information to third parties, subject to certain exceptions provided by law.

3.3.1 Service providers and other third parties

Although we try to avoid sharing your Personal Information with third parties, we may enlist Service Providers to provide various services on our behalf, such as IT management and security, marketing, data analysis, hosting and storage. Here is a list of situations in which such sharing may take place:

• We use Mailchimp to collect information in connection with our newsletter. See their privacy policy;
• We use the services of Mailchimp for managing customer relations. See their privacy policy;
• We use the services of Metatracer (RCGT) to ensure our compliance with the privacy laws applicable to us. See their privacy policy;
• META for collecting information for contests and newsletters, and the exportcomments.com app;
• Random draw software (contests);
• Postmark for sharing links (digital tools);
• Servicom Yves Vallée (9169-6567 QUÉBEC INC.) for IT management and security;
• Akamai Linode for hosting and data storage;
• Dropbox for hosting and data storage;
• CrowdRiff for hosting and data storage;
• Préparations Postales de l'Estrie, Crowdchat, and the tourist information centre of Québec's Ministère du Tourisme, for tourism information;

When we disclose your Personal Information to Service Providers, we sign written contracts with them prior to any such disclosure of your Personal Information to them, and we only provide them with the Personal Information required for them to fufill their mandate. Under these contracts with our Service Providers, we are committed to ensuring adherence to the principles set out in this Policy and, further, Service Providers are required to use Personal Information in accordance with our instructions and for the sole purposes for which it was provided. In addition, these Service Providers provide us with sufficient guarantees that they will establish appropriate safeguards that are consistent with the sensitivity of the Personal Information being processed or disclosed. When our Service Providers no longer require your Personal Information, we ask them to securely destroy this data.

3.3.2 Complying with legislation, responding to legal requests, preventing harm and protecting our rights

We may disclose your Personal Information when we believe that such disclosure is authorized, necessary or appropriate, in particular:

• to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
• to protect our business operations;
• to comply with legal procedures;
• to protect our rights, our privacy, our safety, our property, yours or those of third parties;
• to allow us to pursue available remedies or limit any damages we may sustain;
• in accordance with applicable law, including laws outside your country of residence.

3.3.3 Commercial transactions

We may share, transfer or disclose your Personal Information, strictly in compliance with this Policy, in the event of a sale, transfer or assignment, in whole or in part, of the Organization or our assets (for example, as the result of or in connection with a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or other business transaction). In such an event, we will inform you before your Personal Information is transferred and becomes subject to another privacy policy.

3.3.4 Consent for Personal Information

Wherever possible, the Organization obtains consent directly from the individuals concerned for the collection, use and disclosure of their Personal Information. However, if you provide us with Personal Information about another person, you must ensure that you have duly notified them and obtained their consent to give us their information.

We will seek your express consent before using or disclosing your Personal Information for purposes other than those set out herein.

3.3.5 Retention of Personal Information

Subject to applicable law, we retain your Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, unless you consent to having your Personal Information used or processed for some other purpose. Further, our retention periods may be modified from time to time on the grounds of legitimate interests (for example, to ensure the security of Personal Information, to prevent abuse and breaches or to prosecute criminals).

You may also be assured that once the purpose for which the information was collected has been fulfilled, we will destroy or anonymize the information, in accordance with applicable legislation.

To learn more about retention periods for Personal Information, please contact our Privacy Officer using the contact information in section 1.2 of this Policy.

4. Your rights

As a data subject, you may exercise the rights set out below by contacting our Privacy Officer by email or regular mail using the contact information listed in section 1.2 of the Policy:

• You have the right to be informed about the Personal Information we hold about you and to request a paper copy of the documents containing your Personal Information, subject to certain exceptions under applicable law;
• You have the right to have the Personal Information we hold about you rectified, amended and updated if it is incomplete, equivocal, out of date or inaccurate;
• You have the right to withdraw or change your consent to the collection, use, disclosure or retention of your Personal Information by the Organization at any time, subject to applicable legal and contractual restrictions;
• You have the right to ask us to stop disclosing your Personal Information and to de-index any link attached to your name that provides access to this information if such disclosure contravenes the law or a court order;
• You have the right to file a complaint with the Commission d’accès à l’information (Québec’s (access to information commission), subject to the conditions set out in the applicable law.

• In order to have your request processed, you may be asked to provide an appropriate piece of identification or to identify yourself in some other way.

We encourage all our customers to keep their personal information with us up to date. Since the services we offer to customers may vary depending on the accuracy of this data, it is essential for us to have an accurate understanding of your situation.

5. Security measures

The Organization has established a combination of physical, technological and organizational security measures to ensure adequate protection of the confidentiality and security of your personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. These measures include encryption, access control, segregation of duties, and internal audit, among others.

Here are some of the various measures adopted:

• Our Website uses the SSL (Secure Sockets Layer) protocol to ensure a secure connection between your device and our server;
• Our Website and its hosting server are equipped with a firewall;
• Our Website is equipped with network monitoring software. The Organization’s employees have read this Policy and have agreed to adhere to it and to safeguard the confidentiality of the Personal Information of our potential and current customers. Further, each of our employees agrees to follow and adhere to a data governance policy applicable to the Organization’s entire staff;
• As noted in section 3.3, we have established measures to restrict access to Personal Information to those individuals who have a valid reason to consult, process, disclose or otherwise use your information;
• As noted in section 3.3, subcontractors and third parties who do business with the Organization and with whom we may need to share your Personal Information have previously agreed to protect the confidentiality and privacy of such information;
• When the purpose for which your Personal Information was collected has been fulfilled and we no longer need to retain it, the Organization will destroy or anonymize this data, subject to applicable law.

Despite all the measures described above, we cannot guarantee the complete security of your Personal Information. If you have reason to believe that your Personal Information is no longer protected, please contact our Privacy Officer immediately using the contact information listed in section 1.2 above.

6. Changes to this Privacy Policy

We reserve the right to revise this Policy at any time, subject to applicable law. If we make any changes, we will post the revised Privacy Policy and update the last modified date in the “Version History” table of the Privacy Policy. In the event of a major change, we will also notify you by email when the new version of our Policy comes into force. If you do not agree to the updated terms of the Privacy Policy, please do continue to use our Website and Services. If you choose to continue using our Website or Services after the new version of our Policy becomes effective, your use of our Website and Services will be governed by the new version of the Policy.

7. Links to third-party websites

From time to time, our Website may include references or links to third-party websites, products or services (“Third-Party Services”). These Third-Party Services, which are not operated or controlled by the Organization, are governed by privacy policies that are completely separate from and independent of our own. Consequently, we have no responsibility for the content and activities of these sites. This Policy applies only to the Website and the services we provide. This Policy does not extend to Third-Party Services.

Limitation of liability

The Organization undertakes to take all reasonable steps to ensure a level of confidentiality and security of Personal Information consistent with the technological standards for its sector of activity.

Notwithstanding the foregoing, you hereby state that you understand and acknowledge that no computer system offers absolute security and that there is always a degree of risk involved in transmitting Personal Information over the public network that is the internet.

You agree that the Organization cannot be held responsible or liable for any breach of confidentiality, hacking, virus, loss, theft, misuse or alteration of Personal Information transmitted or hosted on its systems or those of a third party. You also waive any claim in this respect, except in the event of gross negligence or willful misconduct on the part of the Organization. Accordingly, you agree to indemnify and hold harmless the Organization and its officers, directors, affiliates and business partners from and against any and all damages of any kind, whether direct or indirect, incidental, special or consequential, arising out of or in connection with the use of your Personal Information.

If your Personal Information is involved in a breach of confidentiality or security that is likely to pose a high risk to your rights and freedoms, you will be notified of the breach as soon as possible and the Organization will take the necessary measures to preserve the confidentiality and security of your Personal Information.

8. Contact us

If you have any questions, comments, requests or concerns regarding this Privacy Policy, please address them to our Privacy Officer using the contact information listed in section 1.2 of this Policy.