1. Acceptance and amendments
When the Visitor decides to access and use the Caisse’s Internet site (hereinafter the “Site”), he accepts CDPQ’s practices regarding the processing of and the measures to safeguard his personal information (hereinafter the “Policy”). It is therefore important for the Visitor to read the Policy to understand his rights and responsibilities. The Visitor agrees, in particular, to the gathering and use of his personal information by CDPQ in accordance with the Policy, it being understood that CDPQ complies with prevailing legislation in personal information matters.
The Visitor agrees and acknowledges that CDPQ reserves the right, at any time, to amend, change or update the Policy and the Visitor agrees to be bound by such amendments, changes or updates. The Visitor’s use of the Site after any amendment such amendment constitutes his agreement to be bound by and to comply with accept the Policy thus amended and to be bound by it. Consequently, it is the Visitor’s responsibility to verify if there have been any amendments to the Policy by referring to the date they were last modified, which is found below.
If the Visitor does not accept this Policy or, as the case may be, the Policy as amended from time to time, CDPQ does not authorize the Visitor to access or use the Site, and he should stop accessing and using the Sitehe should not use the Site.
2. Personal information
Subject to the Policy, CDPQ does not gather any personal information about the Visitor unless he, at his sole discretion, decides to provide such information voluntarily. The Visitor is free to access and use the Site, subject to the Terms of Us, without personal information being collected. However, if the Visitor wishes to receive information from CDPQ or to have his name added to CDPQ’s mailing list, the Visitor must disclose certain information, particularly his e-mail address, so that CDPQ’s server can respond to his request or, as the case may be, send him the requested information. This other information is also gathered so as to enable and manage the Visitor’s inclusion on CDPQ’s mailing list (including, in particular, the modification of the parameters of his inclusion on or deletion of his name from the mailing list), to facilitate the communication of relevant information to Visitors and for better knowledge of their profiles. This information is strictly confidential and will not be used for commercial prospection.
CDPQ handles and retains personal information in complete confidentiality, pursuant to applicable laws. CDPQ only uses personal information to the extent provided for by applicable laws.
The Visitor can access the personal information he provides to CDPQ and notify CDPQ to update, change or delete certain information that CDPQ gathered during his visit, by sending an e-mail to [email protected] or by answering messages sent to him because of his inclusion on CDPQ’s mailing list.
CDPQ applies adequate security measures to protect personal information. Where it deems it appropriate, CDPQ uses encryption or authentication tools, or both, as well as other means to protect certain personal information derived from the Web and kept on its servers. The Visitor acknowledges and agrees that the e-mail messages that he sends to CDPQ can be tampered with before they reach CDPQ’s servers.
Personal information, electronic or other, gathered by CDPQ is not disclosed to any one, except CDPQ’s Representatives who need such information to discharge a duty associated with the fulfillment of the purposes set out in this Policy. The Visitor agrees and acknowledges that CDPQ is also authorized to use, disclose or communicate the Visitor’s personal information to the extent provided or required by law, including pursuant to court orders or to execute a contract granted to a supplier. In such a case, confidentiality clauses shall ensure that personal information is adequately protected.
CDPQ retains personal information based on the applicable retention schedule at CDPQ.
3. Information automatically exchanged
Even though the Visitor can access and visit the Site without informing CDPQ who he is and without revealing information about himself, in accessing the Site there is an automatic exchange of information between the Visitor’s computer, smart phone, electronic tablet or other Device on which the Site can be accessed (each a Device) and CDPQ’s server. This exchange of information does not enable CDPQ to identify the Visitor, his name or e-mail address. However, this exchange, among other things, enables CDPQ to obtain the Internet domain name that the Visitor used to access the Site (for instance, “xcompany.com” where the Visitor uses a private Internet access account, or “university.edu” where the Visitor accesses through a university), the Visitor’s IP address (IP stands for Internet Protocol, a single number assigned to the Visitor’s Deviceyour computer when it is connected to the Internet and which enables documents intended for you to be downloaded without mistake), the type of browser and the operating system used by the Visitor to access the Site, the date and time the Visitor accessed the Site, the pages he visited and, where the Visitor accesses the Site from another site, then, this site’s address (referent site).
The operating system of CDPQ’s Site can automatically gather this information about the Visitor’s visit to the Site by means of cookies. Cookies are small bits of information stored by the Visitor’s Internet browser on his Device’s computer’s hard drive that enable CDPQ to recognize the Visitor when he accesses its Site. When the Visitor surfs the Internet, a cookie is used for the purposes described above.
If the Visitor does not want CDPQ to gather information about his visit, he can, at his sole discretion, configure his browser so that it warns him when he receives a cookie or to prevent such cookies from being sent.
CDPQ uses this information to gagegauge the number of Site visits by Visitors as well as the different pages they view, the average time that Visitors spend on the Site, and to compile other statistics on Visitors to the Site in general. With this information, CDPQ can also verify the Site’s performance for system administration purposes to make the Site easier and more user-friendly and to relay certain overall processed information to Representatives for whom the transmission of such information is necessary to perform their duties.
To collect and analyze certain information, CDPQ uses Google Analytics on the Site. For more details on how the information collected is used by Google, please visit Google Privacy & Terms.
4. General provisions
For the purposes of this Policy, the word “Representatives” includes CDPQ, affiliates of CDPQ and their respective directors, officers, employees, consultants and agents.
For the purposes of this Policy, the word “Visitor” means the person who, in fact, browses the Site as well as the person who authorizes the use of the Device computer or, as the case may be, the browsing equipment.
4.2 Entire agreement
The Policy covers the entire agreement between the Visitor and CDPQ regarding CDPQ’s processing and use of the Visitor’s personal information and supersedes the prior written or verbal agreements between the Visitor and CDPQ with regard to the subject matter hereof.
In the event of discrepancy between the different two (2)linguistic versions of the Policy, the French version takes precedence.
Section titles herein are used solely for easy reading purposes and may not be used to interpret the sections.
The masculine gender is used for easy reading purposes and includes the feminine.
4.4 Applicable law
This Policy is governed by the laws of the Province of Québec, the laws of Canadian, and any applicable legislation on personal information protection, notwithstanding any principle governing conflicting laws. The Visitor agrees to be bound by and to comply with the aforementioned laws. In addition, the Visitor who accesses or uses the Site from another jurisdiction shall be responsible for ensuring that his access and use is legally permitted in that jurisdiction and he agrees to comply with local laws, to the extent that they apply to the Visitor. In the event of any dispute related to this Site or to the Conditions, the Visitor accepts the exclusive jurisdiction of the courts of the Province of Québec and the Federal Court of Canada. The Visitor agrees not to initiate any action or proceeding anywhere other than in Montréal, Québec (Canada) with regard to such a dispute.
In the event of discrepancy between one of the conditions rules set out in the Policy and a specific condition rule set out on a page of the Site in relation to particular personal information, the specific condition rule shall take precedence.
4.5 General Data Protection Regulation
The General Data Protection Regulation (“GDPR”) is a European Union regulation to strengthen and standardize personal data protection for all its residents. In carrying out its activities, la Caisse may process Personal Data subject to the GDPR. La Caisse aims to comply with the requirements of the GDPR.
Personal Data is any information relating to an identified or identifiable physical person.
a) Data controller
b) Purposes of the processing
La Caisse agrees to collect Personal Data only for determined, explicit and legitimate purposes, and to process the data in a way that is consistent with these purposes.
La Caisse is likely to process Personal Data when performing human resource management activities.
To process Personal Data, la Caisse always relies on the explicit consent of the Data Subject, on compliance with a legal obligation, on the execution of a contract to which the Data Subject is party, or on carrying out legitimate interests.
c) Recipients, transfer and storage
Authorized employees of la Caisse are the recipients of Personal Data. La Caisse may use subcontractors to process all or part of Personal Data, to the extent necessary to accomplish their tasks in compliance with previously provided instructions.
La Caisse processes and stores Personal Data in a secure environment for the period necessary to achieve the purposes for which the Personal Data was collected.
Because of the international scope of la Caisse’s activities, some Personal Data may be transferred outside the European Union to a subsidiary or the parent company. Such a transfer can only take place if the data are adequately protected, in compliance with European legislation.
d) Rights of the Data Subject
- The Data Subject has certain rights regarding the processing of their Personal Data:
- The right to request access to their Personal Data;
- The right to request that their Personal Data be rectified;
- The right to request, for legitimate reasons, the erasure or restriction of their Personal Data;
- The right to object to the processing of their Personal Data.
To exercise one or more of these rights, the Data Subject must contact the Data Protection Officer (DPO), by e-mail at: [email protected].
All rights reserved to the CDPQ
Last update: May 22, 2018