1. PREAMBLE

Carke Inc. is a non-profit organization formed under Part III of the Québec Companies Act (hereinafter referred to as the “Corporation”) serving the population of Lac-Brome, West Bolton and Brome Village by supporting social, cultural and recreational projects of a capital nature. The Corporation understands the importance of respecting the confidentiality of information disclosed to it. Because of the nature of its activities, the Corporation recognizes that it is essential to provide a framework for the protection of personal information through this policy, in order to ensure the protection of privacy, and in accordance with applicable legislative requirements.

‍

2. SCOPE OF APPLICATION

This policy applies to all members, volunteers, officers and directors of the corporation. The protection of personal information held by the corporation is an obligation that applies to all persons authorized to handle such information within the organization.

‍

3. PURPOSE

The purpose of this policy is to define the Corporation's guiding principles with respect to the protection of the personal information it collects, uses, communicates and retains in the course of its activities.

‍

4. DEFINITION

a. “Personal Information”

Personal information is information that directly or indirectly identifies a natural person. The personal information collected by the Corporation includes, but is not limited to, the following: first name, last name, mailing address, e-mail address, telephone number and date of birth.

b. “Sensitive Personal Information”

Personal information is sensitive if it requires a high degree of reasonable attention to privacy. Such sensitive personal information would include any financial information collected by the corporation or other sensitive information such as social insurance numbers.

‍

5. COLLECTION OF PERSONAL INFORMATION

The Corporation collects only the personal information required for its activities. It undertakes to use personal information only for the purposes for which it was requested and for which an individual has consented to provide it to the Corporation. In the event that the Corporation needs to use personal information for purposes other than those for which an individual had initially given consent, the Corporation undertakes to obtain new consent. Personal information is collected notably through the website, forms and telephone or face-to-face interviews. The purpose of collecting personal information is to provide quality services to our customers.

The collection of personal information is a transparent process and requires the manifest, free and informed consent of each individual from whom it is collected. Consent must be explicit for the collection of sensitive personal information. Consent will be required except in exceptional situations provided for by law. The Corporation requires the consent of a parent or legal guardian to collect personal information from a person under the age of eighteen (18).

‍

6. USE OF PERSONAL INFORMATION

Personal information will be used to:

• Verify a member's or director’s identity
• Send promotional communications
• Send informative e-mails
• Solicit and collect donations
• Receive and respond to funding requests
• Improving our service

7. COMMUNICATION

The Corporation may communicate personal information to third parties with the consent of the person concerned. However, it should be noted that certain situations provided for by law allow personal information to be communicated without the need to obtain consent. The third parties with whom the Corporation may communicate personal information are as follows: the Governments of Québec and Canada, as well as external auditors, if applicable.

‍

8. RETENTION

Information is retained in a secure environment for the period initially agreed upon or for any period necessary to comply with legal obligations, enforce agreements or resolve disputes, unless a longer retention period is required or permitted by law.

The Corporation takes reasonable steps to ensure the currency, accuracy and integrity of personal information.

9. RIGHT OF ACCESS, RECTIFICATION, WITHDRAWAL AND DESTRUCTION

Any individual may access his or her personal information and request that it be rectified, withdrawn or destroyed. Any such request must be made in writing to the Privacy Officer (see section 14).

As required by law, the Privacy Officer will respond to any user's request for access or rectification within 30 days of receipt of the request.

In the interest of transparency and upon request, the corporation undertakes to provide the following information:

• The personal information it holds about the person making the request
• A list of the categories of people who have access to personal information
• The length of time for which personal information is kept
• The contact details of the person responsible for the protection of personal information.

This information will be transmitted in a structured and commonly used technological format, as required by law.

It should be noted that when information is deleted or modified, a copy of the personal information present in our files prior to the modification or deletion is retained for the time required to comply with legal and tax obligations.

‍

10. DESTRUCTION AND ANONYMIZATION

Personal information is destroyed or made anonymous at the end of its life cycle, either when the purpose for which the information was collected has been fulfilled or as provided by law.

‍

11. INFORMATION SECURITY

All personal information collected is kept in a secure environment. In addition, only authorized corporate representatives have access to all personal information. They are required to comply with this policy.

Please note that the security of data transmitted over the Internet or a wireless network cannot be guaranteed. It is therefore important to know that, despite the Corporation's best efforts to protect personal information, there are certain risks beyond its control.

‍

12. LINKS TO OTHER SITES

The Corporation's Web site may contain hyperlinks to other sites. This policy does not apply to those other resources. When you leave our web site, please refer to the privacy policy of the site you are visiting.

‍

13. PRIVACY INCIDENT

In the event of a privacy incident, the Corporation will take reasonable steps to minimize any harm that may result and will take appropriate measures to prevent a similar incident in the future. The Corporation undertakes to inform the persons concerned if there is a reasonable risk of harm as a result of the incident or if notification is otherwise required by law.

In the event of an incident that could cause serious harm, the Commission d'accès à l'information will be notified as required by law. The Corporation undertakes to keep a register of confidentiality incidents, which may be communicated to the Commission d'accès à l'information upon request.

‍

14. PERSON RESPONSIBLE FOR THE APPLICATION OF THE POLICY

The Privacy Officer is the Secretary of the Corporation.

If you have any questions, concerns, requests or complaints regarding this policy, please contact the Privacy Officer at the following e-mail address: fredenns@icloud.com

‍

15. UPDATING

In order to improve the policy and keep pace with changing privacy standards, the policy will be updated as required. Any changes must be consistent with the corporation's values and by-laws.

‍

16. EFFECTIVE DATE

This policy is effective as soon as it is adopted by the Board of Directors.

This document was last updated on June 18, 2024.

‍

‍

‍