1. Introduction

st-charlespodiatrie.com is committed to protecting your privacy and personal information in accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25).

This privacy policy complements the consent management mechanisms (CMP) already in place on our website. The preferences you express through our consent manager are directly integrated into the processing described below. The privacy settings applied are derived from the configurations established through our organization's self-assessment via the Normi platform, in compliance with Law 25 requirements.

2. Organization Identification

These contact details also serve as the administrative point of contact for any questions regarding the protection of your personal information. You may reach out to us for clarification on our privacy practices or for any request related to your rights.

3. Data Protection Officer

The Data Protection Officer serves as the coordination point for all access, rectification, and deletion requests. They also oversee the management of privacy incidents, the conduct of internal audits, and the updating of data protection practices within the organization.

4. Personal Information Collected

The categories of personal information collected may vary depending on the features you use on our website. Some data comes directly from your interactions with our consent management platform (CMP). The categories below correspond to the options selected during our compliance self-assessment and reflect the processing actually implemented.

• Contact Information (mandatory) : Courriel, téléphone, adresse
• Identity Data : Nom, prénom, date de naissance
• Browsing Data : Pages visitées, durée, appareil
• Preferences : Langue, préférences de communication

5. Collection Methods

We collect your personal information through various means. Automatic collection is limited to elements strictly necessary for the technical operation of our services. Analytical and tracking cookies respect the preferences you have set through our consent manager. Technical logs (server logs) are used exclusively for security and diagnostic purposes and are not used for commercial purposes.

• Online forms and direct interactions with our services
• Cookies and similar technologies, according to your consent preferences
• Technical logs (server logs) for security and diagnostic purposes
• Integrated third-party services, to the extent authorized by your consent

6. Purposes of Collection

Each purpose of collection is associated with a specific legal or operational basis. Data processing is configured according to the choices expressed through our consent manager. Personalization of your experience remains strictly limited to the parameters you have authorized.

• Legal compliance : Respecter nos obligations légales
• Security and fraud prevention : Assurer la sécurité de nos systèmes
• Analytics and improvement : Améliorer nos services et notre site web
• Communication with you : Répondre à vos demandes et vous contacter
• Experience personalization : Personnaliser votre expérience
• Service delivery : Fourniture de nos services et produits
• Account management : Gestion de votre compte client

7. Disclosure to Third Parties

Our service providers and partners are selected according to rigorous security and compliance criteria for the protection of personal information. Any disclosure of information to third parties is strictly limited to the purposes described in this policy.

• Competent authorities when required by law
• government
• Service providers (hosting, payment, analytics)

8. Security Measures

The security measures implemented are proportionate to the level of sensitivity of the personal information processed. In addition to the technical measures listed below, logical and organizational access controls are applied to limit access to information to only those persons authorized within the scope of their duties. The certifications and standards mentioned reflect the practices of our hosting and infrastructure providers.

• Regular security audits
• Regular secure backups
• Staff training on data protection
• Data encryption (HTTPS, encryption at rest)
• Monitoring and intrusion detection
• Access control and secure authentication
• Incident response plan

9. Information Retention

The retention period for your personal information is determined based on the nature of the commercial or contractual relationship and applicable legal obligations. At the end of the retention period, your information is securely deleted or, where appropriate, irreversibly anonymized so that it can no longer be associated with an identifiable individual.

Retention period: 3 ans

Hosting: Canada

10. Your Rights

Under Law 25, you have the following rights regarding your personal information:

• Right of access — obtain confirmation that we hold your information and access it
• Right of rectification — have inaccurate or incomplete information corrected
• Right to erasure — request deletion of your information when legal conditions are met
• Right to portability — receive your information in a structured, commonly used technological format
• Right to withdraw consent — withdraw your consent at any time through our consent manager

Rights exercise requests are processed through a structured internal process. Depending on the nature of the request, identity verification may be required to protect your information from unauthorized access. This verification ensures that the request originates from the individual concerned or their authorized representative.

To exercise your rights, contact: info@st-charlespodiatrie.com

Response time: 30 days

11. Privacy Incident

In the event of a privacy incident involving your personal information, our organization applies a structured process comprising the following steps:

• Detection and assessment — Rapid identification of the incident, assessment of its scope, and evaluation of the risk of serious harm to the individuals concerned.
• Containment and analysis — Immediate measures to limit the impact of the incident, root cause analysis, and detailed documentation of the circumstances.
• Notification — When an incident presents a risk of serious harm, the Commission d'accès à l'information du Québec and the affected individuals are notified within a maximum of 72 hours, in accordance with Law 25.
• Remediation — Implementation of corrective measures to prevent recurrence of the incident and strengthening of security controls.

12. Complaints

Our organization favors internal resolution of any concerns related to the protection of your personal information. We invite you to first contact our Data Protection Officer to attempt to resolve the situation.

If you believe that your rights have not been adequately respected after this process, you may file a complaint with the Commission d'accès à l'information du Québec:

13. Changes to This Policy

We reserve the right to modify this privacy policy. Updates may result from technological changes in our systems, changes in the applicable legislative or regulatory framework, or the integration of new features within our consent management platform (CMP). The date of the last update will always be indicated in the header of this document. In the event of a substantial change, we will inform you through appropriate means.