Home » Privacy policy

Privacy policy

Privacy Policy of Le Monastère

General Information

Le Monastère is committed to respecting individuals’ privacy in all its activities. Due to the nature of Le Monastère’s operations—such as ticket purchases, communications with subscribers, donors, partners, sponsors, collaborators, employees, and volunteers—the collection, use, sharing, and retention of sensitive personal information are necessary.

Privacy and access to information legislation require organizations to inform individuals and obtain their consent when collecting personal data. Additionally, they must ensure the protection of collected data. Such protection is crucial not only for individuals whose personal information is at stake but also for organizations that may be held accountable or face reputational damage due to unauthorized access, use, retention, or disclosure of personal information.

Beyond protection requirements, the law grants individuals the right to access their own information and request corrections or modifications to any inaccurate data. Furthermore, individuals can file complaints if they believe Le Monastère is not fulfilling its legal obligations.

Misuse of personal information can have serious consequences for both Le Monastère and affected individuals. Strong privacy practices are essential for sound governance, accountability, and risk management.

1.1 Objectives

This policy aims to define the framework and responsibilities regarding the following:

• Obtaining individuals’ consent for the collection, retention, use, and disclosure of their personal information;

• Ensuring that only necessary data is collected;

• Using information solely for its intended purposes;

• Verifying data accuracy and retaining it for reasonable periods;

• Granting individuals access to their collected information;

• Establishing procedures for data retention and destruction;

• Protecting data against unauthorized access, use, or disclosure.

1.2 Scope

This policy applies to all employees, volunteers, and partners who handle or collect personal information on behalf of Le Monastère.

1.3 Definitions

Individuals: Any person whose personal information is collected, used, and retained by Le Monastère in the course of its operations. This includes partners, volunteers, interns, donors, sponsors, ticket buyers, subscribers, employees, and anyone who has shared their data with Le Monastère.

Personal Information: Any data that directly or indirectly identifies an individual. For privacy laws to apply, the information must relate to, identify, or make an individual identifiable.

Examples of personal information include:

• Name

• Date of birth

• Social Insurance Number

• Home address

• Personal phone number

• Personal email address

• Medical information

• Salary details

• Banking information

• Family details

Explicit or Implicit Consent

When collecting personal information, Le Monastère must inform individuals about the purpose of data collection, the methods used, their rights to access and correct information, and their right to withdraw consent.

Implicit (or tacit) consent is assumed when an individual voluntarily provides information in a reasonable context, such as filling out a registration form, subscription, ticket purchase, or donation form.

Explicit (or express) consent is required in specific cases, such as when conducting background checks during recruitment or using an individual’s photograph in Le Monastère’s publications. Internal forms must be available for such cases.

2. Reference Principles

Le Monastère collects personal information about employees, donors, partners, sponsors, volunteers, and event participants. This information is used for fundraising, public education and awareness, service and program delivery, and managing relationships with these individuals.

2.1 Responsibility

Le Monastère is responsible for managing and protecting all collected personal data. The General Management is designated as the authority overseeing personal data protection. This role may be delegated in writing, partially or entirely, to another person.

All employees, partners, and volunteers who access, collect, or control personal information are accountable for its protection. They are bound by confidentiality obligations under this policy and applicable laws. Any breach may result in disciplinary action, including termination, expulsion of volunteers, or cancellation of partnerships.

Privacy-related provisions are integrated into agreements, governance policies, and training programs for employees, volunteers, donors, and partners.

2.2 Purpose of Data Collection

Personal information is collected to:

• Ensure efficient program and activity management, including fundraising, volunteer recruitment, and employment relations;

• Generate statistical data for strategy evaluation (anonymized when possible);

• Support decision-making while protecting both Le Monastère’s and individuals’ rights.

Le Monastère only collects necessary personal data in an honest and lawful manner.

2.3 Consent

Individuals are informed and must provide implicit or explicit consent before their personal data is collected, used, or shared—unless an exception is provided by law. To ensure transparency, Le Monastère:

• Clearly defines which data is mandatory and essential;

• Explains how collected data will be used;

• Specifies if and when data might be shared with third parties;

• Indicates whether Le Monastère will verify submitted data;

• Ensures, to the best of its ability, that data is complete, accurate, and truthful;

• Informs individuals of their legal rights to access and correct their data;

• Notifies individuals of their right to withdraw consent;

• Details any administrative penalties for providing false information.

2.4 Use and Disclosure

Personal data is not used or disclosed for purposes other than those for which it was collected, unless required by law or with the individual’s consent. Le Monastère does not retain personal data longer than necessary for its intended use.

If prior authorization is obtained, employees’, volunteers’, donors’, and partners’ personal information (including photos and biographies) may be collected, used, and shared for Le Monastère’s activities, such as newsletters and social media content.

Personal data may be disclosed under the following conditions:

• For the purpose for which it was originally collected;

• If the individual has provided written consent (e.g., in emergency contact situations);

• If required by federal or provincial law.

Le Monastère does not rent, sell, or trade individuals’ personal data under any circumstances.

2.5 Data Retention

Personal information, references, background checks, and similar records are stored securely. Data is not retained beyond its necessary use, following relevant federal and provincial regulations.

2.6 Security Measures

Le Monastère implements security measures appropriate to the sensitivity of the data to protect it from loss, misuse, or unauthorized alteration.

Access to personal data is restricted to:

• Authorized personnel who require the information for their duties;

• Individuals to whom the data subject has given consent;

• Authorized individuals under applicable laws.

Le Monastère employs industry-standard security protocols, including password-protected systems, encrypted credit card processing, and secure networks. Regular reviews of security policies and an emergency response plan for cyberattacks are in place.

Service providers and partners must sign confidentiality agreements ensuring they handle personal data securely and lawfully.

2.7 Transparency and Data Access

Le Monastère ensures that information about its privacy policies and practices is readily available. Individuals may submit written requests to General Management to:

• Inquire about the existence and use of their personal data;

• Verify if their information has been shared with third parties;

• Request corrections to inaccurate or incomplete information.

Subject to legal and contractual requirements, individuals can refuse or withdraw consent for certain data uses by contacting Le Monastère.

2.8 Filing a Complaint Regarding Non-Compliance with Principles

Any individual may file a complaint regarding non-compliance with this policy or generally recognized principles related to privacy protection by contacting the person responsible for the protection of personal information to ensure compliance within Le Monastère.

If, at any time, an individual wishes to have their name removed from distribution or solicitation lists, they simply need to contact Le Monastère to make the request.

If Le Monastère believes that a confidentiality incident involving an individual’s personal information has occurred, it will:

• Conduct an investigation and implement any necessary measures to mitigate harm and prevent recurrence.

• Assess the risk level.

• Notify the Commission d’accès à l’information if the incident presents a serious risk of harm and, unless prohibited by law, also inform the affected individual.

• Record confidentiality incidents in a dedicated register.

2.9 Collection Through Technological Means

A specific privacy policy is available when Le Monastère collects personal information through its website or an application. Additionally, it ensures that, by default, privacy settings are set to the highest level, except for cookies.

A cookie is a piece of information sent to a web browser and stored on a computer. Users will be informed of the use of cookies and will have the option to enable or disable certain features. Cookies do not contain personal data and can be deleted at any time by users.

Responsibilities

3.1 Board of Directors

Members of the Board of Directors are responsible for:

• Approving this policy and any future amendments.

• Ensuring that proper follow-up is conducted by the person responsible for the protection of personal information.

• Monitoring the implementation of this policy with the responsible individual.

3.2 Person Responsible for the Protection of Personal Information

The person responsible for the protection of personal information must ensure that:

• All staff, partners and their personnel, and volunteers receive the necessary training and knowledge to properly apply this policy and the principles of the law.

• Measures and controls are in place to ensure the proper collection and management of personal information.

• They have the means and resources required for the proper enforcement of this policy and, if necessary, raise related concerns.

• A summary of the confidentiality incident register is presented to the Governance and Strategy Committee of the Board of Directors or, if necessary, directly to the Board.

• A report on the implementation of this policy is presented to the Board of Directors upon request, along with recommendations for necessary modifications.

For any questions or comments regarding this Privacy Policy or personal information, to exercise your rights, file a complaint, or obtain information about our policies and practices concerning service providers outside of Quebec, please contact our privacy officer by email at:

Rosalie Beauchampinfo@le-monastere.ca

The privacy officer will respond within thirty (30) days of receiving your email.

Inspired by the Privacy Policy of La Tohu.

Animation(s) ON Animation(s) OFF
Get your tickets