Privacy Policy

CADLA is committed to protecting the personal information it holds. Personal information is confidential unless otherwise provided by legislation. Anyone with access to personal information held by CADLA must take the necessary steps to ensure its protection and confidentiality. This policy and its related procedures outline the measures to mitigate the risks of a privacy incident, determine its handling if necessary, and prevent similar incidents in the future.

1. INFORMATION COLLECTION FOR BUSINESS RELATIONSHIPS AND SERVICES PROVIDED

In the course of its services to clients or marketing efforts, CADLA collects certain information that may include personal data. This information may be voluntarily disclosed by the individuals concerned during our communications or through technological applications (forms, emails, applications, etc.). This information is used to provide or propose services/products.

By submitting this information to CADLA or using technological means from our website, social networks, or any services or applications offered by CADLA, you consent to the collection and use of this information.

CADLA strives (and only when necessary for its activities) to share or transmit this information solely to trusted partners who have been verified to apply satisfactory security and confidentiality measures. Whenever possible, all information is stored on Quebec-based or at least Canadian servers.

Anyone has the right to obtain details of the information held about them and request its correction if necessary.

2. INFORMATION RETENTION AND DESTRUCTION

Anyone can request details about the methods of retaining personal information held about them, as well as the list of individuals with access to it, the purpose of its use, and the retention period after which the information will be destroyed.

3. PRIVACY INCIDENTS AND PROCEDURE

The procedure outlined below specifies the steps to follow when CADLA has reasonable grounds to believe a privacy incident involving personal information it holds has occurred (or has been confirmed), in accordance with the Act Respecting the Protection of Personal Information in the Private Sector, chapter P-39.1, and the Regulation Respecting Privacy Incidents.

4. DEFINITIONS

The definitions applicable to this procedure, which may be supplemented by any other regulations, policies, directives, or procedures referencing it, are as follows:

Privacy Incident: Unauthorized access, use, or communication of personal information under the law, as well as its loss or any other form of breach of protection.

Examples include: 

  • A hacker infiltrates a system;
  • Someone uses personal information from a database they access as part of their job to impersonate another person;
  • A communication containing sensitive information is mistakenly sent to the wrong person;
  • Documents containing personal information are lost or stolen;
  • Someone accesses a personal information database to alter it.

Personal Information: Any information about an individual that allows them to be identified. A person’s name alone is not considered personal information. However, when associated or combined with other information about the same person, it becomes personal information.

Examples of personal information include:

  • A person’s name and date of birth;
  • Social Insurance Number;
  • Credit card number;
  • Health insurance number;
  • Medical or financial information;
  • A person’s name and personal phone number;
  • A person’s name and home address.

Sensitive Personal Information: Personal information is considered sensitive when, due to its nature (e.g., medical, biometric, or otherwise intimate) or the context of its use or disclosure, it warrants a high degree of privacy protection.

Examples include medical, biometric, genetic, financial information, or details about ethnic origin, political beliefs, sexual orientation, or religious convictions.

5. PROTECTION OF PERSONAL INFORMATION

CADLA implements appropriate and reasonable security measures to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification under the law. Only personnel who absolutely need access to personal information for their duties are authorized to do so.

Personnel members of CADLA or those working on its behalf must:

  • Take reasonable efforts to minimize the risk of unintentional disclosure of personal information;
  • Take special precautions to ensure personal information is not monitored, overheard, viewed, or lost when working outside CADLA offices;

and

  • Take reasonable measures to protect personal information while traveling from one location to another.

6. REPORTING A PRIVACY INCIDENT

Anyone to whom CADLA communicates personal information (colleagues, suppliers, partners, experts, including subcontractors) must report when they have reasonable grounds to believe a privacy incident involving personal information held by CADLA has occurred. Reports must be made without delay to the person responsible for personal information protection.

CADLA personnel who have reasonable grounds to believe a privacy incident involving personal information has occurred must notify their supervisor.

Serious incidents involving a significant number of people or sensitive information that may cause substantial harm must be reported to the Commission d’accès à l’information promptly.

7. PERSON RESPONSIBLE FOR PERSONAL INFORMATION: ROLES AND RESPONSIBILITIES

The person responsible for personal information protection at CADLA can be reached at:

  • Daniel Dupuis
  • Email: Daniel@affaireslaval.com
  • Phone: (514) 908-1489

Their role includes:

  • Contributing to the implementation of privacy incident management processes;
  • Maintaining the privacy incident register, documenting incidents, and ensuring follow-up on their handling;
  • Maintaining the complaints register, documenting complaints, and ensuring follow-up on their handling;
  • Contributing to privacy incident risk analyses to identify threats and vulnerabilities and implementing appropriate solutions.

In the event of a privacy incident, the person responsible handles the incident and collaborates with any other relevant individuals based on the incident’s nature.
At this title, they:

  • Assess the risk of harm and determine its severity. This evaluation considers the sensitivity of the information involved, the potential consequences of its use, and the likelihood that it will be used for harmful purposes.
  • Notify, with diligence, the person whose personal information is affected by the incident, when there is a risk of significant harm, except when such notification would hinder an investigation by a person or an organization responsible under the law for preventing, detecting, or suppressing crime or offenses. This notification must include the following details:
  1. A description of the personal information affected by the incident, or, if this information is unknown, the reason justifying the inability to provide such a description;
  2. A brief description of the circumstances of the incident;
  3. The date or period when the incident occurred, or if unknown, an approximation of this period. A brief description of the measures the organization has taken or intends to take following the incident to reduce the risk of harm;
  4. The measures suggested by the organization to the person affected to mitigate the risk of harm or reduce its impact;
  5. The contact information for the person to obtain more details about the incident.
  • Inform, where applicable, any person or organization that could reduce the risk, providing only the necessary personal information for this purpose.
  • Notify, with diligence and in writing, the Commission d’accès à l’information of the incident when there is a risk of significant harm. The notice must include the following details:
  1. The company name (CADLA) and its Quebec enterprise number under the Act respecting the legal publicity of enterprises;
  2. The name and contact details of the person to contact at CADLA regarding the incident;
  3. A description of the personal information affected by the incident, or, if unknown, the reason justifying the inability to provide such a description;
  4. A brief description of the circumstances of the incident and, if known, its cause;
  5. The date or period when the incident occurred or, if unknown, an approximation of this period;
  6. The date or period during which CADLA became aware of the incident;
  7. The number of persons affected by the incident, including those residing in Quebec, or approximations if these numbers are unknown;
  8. A description of the factors leading CADLA to conclude that there is a risk of significant harm to the affected individuals, such as the sensitivity of the information, potential malicious uses, anticipated consequences, and the likelihood of its harmful use;
  9. The measures CADLA has taken or plans to take to notify the individuals concerned, along with the date or expected timeframe for the notifications;
  10. The measures CADLA has taken or plans to take following the incident to reduce risks or mitigate harm and prevent similar future incidents, along with the timeframe for implementation;
  11. If applicable, a note specifying that a person or organization outside Quebec with similar responsibilities to the Commission d’accès à l’information has been notified of the incident.
  • Inform, where applicable, CADLA’s insurers.
  • Record the privacy incident in the designated register.
  • Provide a copy of the register to the Commission d’accès à l’information upon request.

8. PRIVACY INCIDENT REGISTER

CADLA must maintain a privacy incident register.

8.1 – Retention Period for Register Information

The information contained in the register must be kept up to date and retained for the longer of the following two periods: a minimum of five years after the date CADLA became aware of the incident, or the period required by any government authority or law and regulation.

8.2 – COMPLAINTS REGISTER AND HANDLING

CADLA must maintain a register of complaints and their handling.

9. Retention Period for Register Information

The information contained in the register must be kept up to date and retained for the longer of the following two periods: a minimum of five years after the date CADLA became aware of the incident, or the period required by any government authority or law and regulation.

10. EFFECTIVE DATE

This policy and its procedures came into effect on September 22, 2023.

11. CONTACT US

If you have any questions regarding our privacy policy, wish to exercise your rights mentioned above, file a complaint, or update your personal information, please contact our privacy officer as follows:

By email: Daniel@affaireslaval.com
By mail: 1555, boul. de l’Avenir, Suite 306 Laval (QC) H7S 2N5

Last revision: September 22, 2023

🚨Black Friday🚨
50% de rabais sur la domiciliation
En savoir plus!

Our additional services

TLC Pro : Notre partenaire en comptabilité et impôts

Accounting services

Legal Services

Nivii : notre partenaire en marketing numérique

Marketing services

Contact Us

Interested in renting an office or conference room in the heart of downtown Laval at the Cité de l’Avenir? For more information, don’t hesitate to contact us.



    Contact Us!

    ADDRESS

    1555, boul. de l’Avenir, Suite. 306
    1565, boul. de l’Avenir, Suite. 206
    Laval (QC) H7S 2N5 

    Phone: (450) 663-3743

    Reach Us:
    Facebook Linkedin
    © 2025 Centre d'Affaires de l'Avenir Inc. All rights reserved. | Politique de confidentialité
    Internet Marketing by Nivii, Web Agency
    Scroll to Top