CONFIDENTIALITY AND PRIVACY POLICY

At Symmes Inn Museum, we attach great importance to protecting the personal information of our visitors, employees and representatives. In accordance with the law on the protection of personal information in the private sector, we are committed to preserving the confidentiality of personal information collected in the course of our activities. The purpose of our privacy policy is to inform you about our practices regarding the collection, use, disclosure, retention and protection of your personal information. By providing us with your personal information, you agree to the terms of this policy and authorize us to process your information in accordance with it.

  1. Consent

1.1 Commitment to the protection of privacy

We are committed to protecting the privacy of our users. We collect and use personal information only with their explicit consent and in compliance with applicable laws.

1.2 Acceptance of the terms of our policy

By accessing our website www.symmes.ca or by providing us with personal information, you agree to the terms of our privacy policy. This includes your consent to the collection and use of your personal information in accordance with this policy.

1.3 Right to withdraw consent

You have the right to withdraw your consent at any time. However, this is subject to certain legal or contractual restrictions. We will inform you of the possible consequences of such withdrawal, such as the impossibility of supplying certain products or processing certain requests. Your decision to withdraw will be recorded in our files.

  1. Collection of personal information

2.1 We collect personal information through various means, such as:

  • E-mails and communications with our customer service department
  • Online forms (membership)
  • Social media
  • Cookies and similar technologies on our website

2.2 We may also collect information via third parties, such as: 

  • A customer satisfaction survey company that collects feedback on our products or services such as Survey Monkey.
  • An online payment service provider to process financial transactions such as Zeffy.
  • A digital marketing company analyzing user behavior on our website such as Google Analytics.

2.3 We may use advanced technologies to collect personal information, in particular to identify, locate or profile our visitors (for example, to create visitor profiles). However, we are committed to protecting the privacy of our visitors:

  • Responsible use of technology: We use these technologies only to improve our services and better understand the needs of our visitors.
  • Enabling features: By default, these functions are disabled to protect data confidentiality. Our visitors always have the choice of whether or not to activate these features according to their preferences.

We are committed to being transparent about the use of these technologies and to respecting our visitors’ privacy choices.

  1. Types de renseignements personnels collectés

3.1 We collect various types of data, including but not limited to:

  • Personal identifiers (name, postal address, e-mail address, telephone number)
  • Technical or numerical information (IP address, online activities)
  • Demographic data (age, ethnic origin, nationality, place of residence)

3.2 Children’s privacy

We do not knowingly collect or solicit personal information from children under the age of 14. By using our website, you represent that you are at least 14 years of age. If you are under 14, please do not attempt to send us any personal information. If we discover that we have inadvertently collected personal information from a user under the age of 14, we will attempt to delete that information from our files and records immediately. We also encourage website users under the age of 14 to ask their parents or guardians for permission before sending any information about themselves over the Internet.

If you believe that a child under the age of 14 has provided us with personal information, please contact us using the details provided in the following section.

  1. Use of personal information

4.1 We use your personal information for a range of essential activities:

  • Answering inquiries: To respond effectively to your requests and inquiries.
  • Transaction management: To process payments and issue receipts for completed transactions.
  • Registrations and participations: To manage your registrations for events, training, newsletters, downloads from our website, or participation in webinars.
  • User experience enhancement: Operation, maintenance and improvement of our website, personalization of your online experience, and provision of requested services and information.
  • Marketing communications: Sending relevant information, special offers and news, with the option to unsubscribe at any time.

These uses are intended to enhance your experience with our services and to facilitate efficient interaction with our organization.

4.2 We offer various options to allow you to control and limit the collection of your personal information. These options include:

  • Communication choice: You can choose to receive our communications by email by subscribing to our newsletter.
  • Cookie management: Our site allows you to refuse or customize the use of cookies. Please note that blocking certain cookies may affect the accessibility and functionality of our site.
  • Granular consent: In the majority of situations, when we collect information for specific purposes, you have the opportunity to consent only to certain uses of your data.

It is important to note that some of these options may limit your access to all the features of our service. For example, by refusing certain cookies, some parts of our website may not function as intended.

  1. Sharing and disclosure of personal information

5.1 Personal information collected by our organization is accessible to specific categories of our staff and to certain partner organizations, for the purpose of providing our products and services in an efficient manner. For example:

  • Customer Service Department: Accesses contact information to respond to requests.
  • Marketing department: Uses data for advertising campaigns and market research.
  • Payment service providers: Access financial information for transaction processing. We use the Zeffy platform.
  • Personal information and data security officers: Access information to ensure security and data protection against unauthorized access or cyber attacks.
  • Legal consultants: Use data to ensure compliance with applicable laws and regulations.
  • Research and development partners: Access certain data to collaborate on new innovations or product/service improvements (example: Société des musées du Québec).
  • Collection agencies: In cases of non-payment, certain information may be shared with external collection agencies.

We ensure that this information is used exclusively for the stated purposes and in a confidential manner. Data transfers outside Quebec are carried out within the framework of international collaborations, while ensuring adequate protection of information in accordance with the laws in force.

  1. Links to other websites

 

6.1 Our website may contain links to third-party websites.

 

When you follow these links, you leave our website. Information exchanged at that point is no longer subject to our privacy policy. We recommend that you read the privacy statements of other websites you visit before providing any information.

 

 

  1. Security of personal information

7.1 Security measures for the protection of personal information

  • To ensure the security and confidentiality of personal information, Symmes Inn Museum adopts rigorous security measures, including both physical and technological aspects. Here are a few concrete examples:
  • Physical security: Use of security lock systems for access to offices, cabinets and filing cabinets, installation of surveillance cameras, and restricted access to areas where personal data is stored. Only authorized employees have access to filing cabinets.
  • Access controls: Restrict access to personal data to authorized employees only. Use of a secure password manager to protect data.
  • Staff training: Regular staff awareness of data security best practices.
  • Monitoring and intrusion detection: Systems in place to monitor any suspicious activity and detect potential intrusions.
  • Disaster recovery plans: Drawing up plans to rapidly restore data in the event of an incident such as a breakdown or cyber attack.

These measures are designed to protect personal information from unauthorized access, use or disclosure, and to maximize its integrity and confidentiality. While we make every effort to protect your personal data, it is important to keep in mind that no method of transmission over the Internet or method of electronic storage is 100% secure. We therefore cannot guarantee their absolute security.

7.2 Commitment of staff and Board of Directors

Each employee, director, volunteer, independent contractor or ad hoc advisor working on our Board of Directors’ committees undertakes to respect the personal information we collect. In addition, these individuals undertake to maintain the confidentiality of information specific to our activities and not to divulge it or use it for personal gain or for the benefit of others. This commitment exists from the moment the employee, director, volunteer, independent contractor or ad hoc consultant takes up his or her post, and continues indefinitely.

  1. Retention and destruction of personal information

 

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use it to the extent necessary to comply with our legal obligations, to resolve disputes and to enforce our legal policies.

 

We will also retain usage data for internal analysis. This data is generally retained for a shorter period, unless it is used to enhance the security or improve the functionality of our website, or we are legally obliged to retain it for longer.

 

  1. Your rights

9.1 Recognizing and respecting your rights

As part of our privacy policy, we recognize and respect the fundamental rights of individuals affected by the personal information we hold. These rights include:

  • Right of access: Individuals have the right to see the personal information we hold about them. For example, a visitor may ask to see the data collected about them.
  • Right of rectification: If information is inaccurate or incomplete, data subjects may request that it be updated.
  • Right to lodge a complaint: In the event of concerns about the processing of their data, individuals may lodge a complaint in accordance with our established process.

Subject to applicable laws, upon receipt of a written request from an individual and after verification of his or her identity, we will inform the individual whether we hold personal information about him or her and will disclose such information to him or her.

We may refuse an individual access to his or her information in accordance with applicable laws, in which case we will give reasons for our refusal.

To facilitate these rights, the contact details of our Privacy Officer are clearly indicated for any questions or concerns. These measures ensure that individuals can exercise their rights with confidence and transparency.

 

  1. Policy changes

This policy may be updated to reflect changes in our practices or legal requirements. Changes will be posted on our website. We encourage you to review this Privacy Policy regularly to stay informed of any changes.

 

  1. Contact

 

Any requests or questions regarding this privacy policy may be sent to the person responsible for the protection of personal information at the following address:

 

  • By e-mail: symmes.direction@gmail.com
  • By mail: 1 rue Front, C.P. 311, Gatineau, QC. J9H 5E6 819-568-5828

 

 

Policy effective date: September 20, 2024

Last update: September 20, 2024