Privacy policy

Catalys health is committed to protecting your personal information, to being transparent about the information it holds about you and to respecting the legal provisions set out in Quebec and Canadian laws.

The purpose of this policy is to explain clearly how we collect and process your personal information.

The data collected enables us to better carry out our mission on a daily basis. Your personal information will not be used without your consent for purposes other than those for which it was collected or in accordance with applicable laws.

If you have any questions about this policy, please contact the Catalys Santé Privacy Officer using the contact details at the end of this policy.

Catalys Health is committed to obtaining your manifest, free and informed consent to the collection, use and conservation of your personal information.

Personal information is any information about an individual from which that person can be identified. It does not include data from which the identity has been removed, i.e. anonymous data. We may collect, use, store and transfer different types of personal information about you, which we have grouped together as follows:

• The identity data includes first name, surname, title, customer number, date of birth and gender;
• The contact details include address, billing address in the event of a transaction, e-mail address, organisation, position held, telephone number(s), emergency contacts;
• The socio-demographic data include household type, main source of income, income, type of accommodation, reason for using services, ethnic origin, citizenship, family members, language spoken, health information (special diet, disability), level of education;
• Payment and purchase data includes payment card details (credit or debit). Donation data includes details of donations made by and for you and other details of donations and services you have made or obtained from us;
• The marketing and communication data includes your preferences for receiving marketing communications from us and our third parties, as well as your communication preferences. This also includes the fact that we may make a record of conversations we have had with you in person and/or communications you have sent to Catalys Health. This helps us to manage our relationship with you and to ensure that you only receive communications that are relevant and tailored to your preferences;
• The technical data includes Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technologies on the devices you use to access our website or social media;
• Usage data includes information about how you use our websites and services;
• Data related to job and internship applicants includes all data you have submitted to us through a job or internship application with Catalys Santé.
• Any other personal information that we have not requested (such as personal information that you voluntarily provide to us in an email or by sharing your comments through our website or on our social media or contained in an event registration, service usage or donation campaign form).

We will collect your personal information using a number of tools. Forms, mobile applications, social networks and face-to-face contacts.

When you use our services, register for or participate in an activity or event, interact with Catalys Health via email, social media, telephone or in person, we store the personal information you give us, such as your name, email address, mailing address, telephone number or other necessary information. We also keep a record of your purchases and your communications with us.

When you interact with our website or social media, we may automatically collect technical data about your equipment, actions and browsing patterns. We collect this personal data using cookies and other similar technologies. We use a consent platform that complies with Canadian consent standards on our website.

Our website contains hyperlinks to other sites. When you leave our website using one of these links to access other sites, you will be subject to the security and privacy policies of those sites.

We occasionally receive information about you from third parties, as described below:

• Analysis providers such as Google Analytics;
• Advertising networks such as Facebook and Google AdWords;
• Search information providers such as Google;
• Publicly accessible information about you.

The servers of these suppliers hosting data may be located outside Quebec or outside Canada.

Catalys Health collects personal information by fair and lawful means and limits the collection to personal information required for the following purposes:

• Compile data relating to our services, activities and impact in order to improve our services, prepare applications for funding and grants, produce reports, present in various communications tools or submit to various studies, surveys or polls;
• To communicate with you periodically in writing, orally or electronically in order to keep you informed of news concerning Catalys Santé or of any information likely to be of interest to you;
• Process your invoices and prepare your official receipts, in compliance with the CRA's requirements for processing medical receipts;
• Establishing and maintaining our relationship with you, understanding your needs and adapting our approach to serve you better;
• To use data analysis to improve our website, social media, marketing and communications with you;
• Carrying out a job staffing process;
• Comply with regulatory and legal requirements.

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations.

In determining the appropriate retention period for personal data, we take into account the amount, nature and sensitivity of the personal data, the potential risk of harm arising from the unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of achieving those purposes by other means, as well as applicable legal requirements.

Your personal information will be kept for a minimum of 5 years following the last activity, i.e. the last purchase or service rendered by our company, as required by our legal obligations.

We have put in place appropriate safeguards (both in our procedures and in the technology we use) to ensure that your personal information is as secure as possible.

We will ensure that any third parties we use to process your personal information do the same and that they only process your personal information on our instructions. Third parties will also be subject to a duty of confidentiality. Catalys Santé does not exchange, rent or sell personal information to third parties for commercial purposes.

Catalys Santé employees are authorized to access personal information only when they need it and for the purposes for which it was collected.All employees must sign a charter attesting that maintaining confidentiality is a prerequisite to maintaining their employment status with Catalys Santé.Employees are aware of the importance of maintaining the confidentiality of personal information, and particular care is taken in the disposal and destruction of personal information to prevent unauthorized parties from gaining access to it.

Catalys Santé undertakes to take the following actions when a confidentiality incident occurs:

• Record the incident in the Personal Information Incident Register to keep a precise record of what happened;
• Inform the CAI (Commission d'accès à l'information) in the event of an incident involving personal information;
• Communicate information about the incident to the persons concerned within a period of time deemed reasonable, depending on the risk and the sensitivity of the personal information concerned;
• Continuously review and improve the protection measures in place to ensure that your personal information is as secure as possible.

Catalys Santé offers you the possibility to request access to your personal information, to request the correction of your personal information and to request the deletion of your personal information (right to be forgotten). Please note that we will not always be able to respond positively to your request for erasure if there are specific legal grounds, which will be provided to you following your request. To exercise any of the rights listed above, please use the contact details at the end of this policy.

Catalys Santé offers you the possibility to limit or cancel the communications you receive from Catalys Santé. To modify or withdraw your consent, please use the contact information at the end of this policy.

Requests for access to personal information are processed within 30 working days of receipt of the formal request. Requests are free of charge.

Please check this section of our website regularly for any changes to our privacy policy.

From time to time, we may use personal information collected for emerging or additional purposes and, if so, we will amend this Privacy Policy to include those emerging or additional purposes and obtain your consent through your continued use of our services.

Please contact us if you have any questions about any aspect of this privacy policy, and in particular if you wish to object to any processing of your personal information that we carry out for our legitimate organisational interests.

If you have any questions about the protection of personal data, please contact our Data Protection Officer, Ms. Chantal Keough, by email at [email protected]