Privacy policy
Confidentiality and privacy policy
Since 1987, Bâtirente has been the trusted partner of CSN unions, supporting their members’ financial wellbeing through to retirement. Bâtirente’s values include integrity, social responsibility, and excellence.
Bâtirente attaches great importance to the protection of privacy and the confidentiality of personal information collected. This Privacy Policy describes why we collect personal information, how it is processed and communicated, and how Bâtirente protects it. It also outlines how individuals can exercise their rights and choices with respect to their personal information.
Objectives
- Describe the practices and measures relating to the manner in which personal information iscollected, held, used, disclosed, or otherwise processed or disposed of.
- Describe how Bâtirente maintains confidentiality and how an individual can exercise his or her rights and choices with respect to his or her personal information.
- Ensure that all personal information collected is handled securely.
- Comply with the Act respecting the protection of personal information in the private sector.
1. Scope and application
Bâtirente attaches great importance to the protection of privacy and the confidentiality of personal information collected. This Privacy and Confidentiality Policy (the “Policy”) is governed by the Act respecting the protection of personal information in the private sector (as amended by the Act to modernize legislative provisions as regards the protection of personal information). Its purpose is to describe, in general terms, the practices and measures relating to the manner in which personal information is collected, held, used, communicated, or otherwise processed or deleted, and how Bâtirente safeguards its confidentiality. It also describes how individuals can exercise their rights and choices with respect to their personal information.
The Policy applies to all activities, products and services offered by Bâtirente. It applies to any person who is or has been: a user of its website, a member, a group leader, a job applicant, an employee, an administrator, or a committee member. In addition, it applies to personal information in the course of its activities with contacts or third parties, such as in the administration of an account, with respect to a member’s spouse, legal representative, or designated beneficiaries. The Policy also applies to personal information shared with Bâtirente by a partner entity whose products, services or activities are related or complementary to those of Bâtirente.
In some cases, at the time of collection, Bâtirente may provide further information about the processing of personal information or may set out specific terms and conditions. Bâtirente may also, in certain circumstances, obtain specific verbal or written consent for the use or disclosure of personal information, including when required by law
2. Definition of “personal information”
Personal information is any information about an identifiable natural person, regardless of the medium or form in which it is recorded: written, graphic, aural, visual, computerized, or other.
Anonymized information that cannot be associated with an identifiable individual, either directly or indirectly, does not constitute personal information. In accordance with the law, for the purposes of certain passages of the Policy, information that relates to the performa
3. Categories of personal information collected
Bâtirente limits the collection of personal information to that which is reasonably necessary to fulfill the purposes for which it was collected.
Bâtirente may collect, hold, use or disclose various information depending on the nature of an individual’s relationship with Bâtirente, including, but not limited to:
- Identification and authentication information, such as name, mailing address, social insurance number, date of birth, gender, telephone number, e-mail address, employer, occupation, employee number, marital status, signatures (handwritten, electronic, or digital), passwords and other authentication methods.
- Information related to products and services or applications, such as membership number, account balance, contributions and withdrawals, authorized account holders, information related to transactions and operations, banking or other external account information, identity of designated beneficiaries and history of communications with Bâtirente.
- Information collected for verification purposes, including money laundering, sanctions, financial crimes, and fraud prevention, such as those resulting from verifications required under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act or as part of background checks or due diligence.
- Information about activities on the Internet or other electronic networks, such as browser type, Internet service provider, referring/exit pages, pages viewed on Bâtirente’s site, responses to online surveys or consultations, or comments collected on Bâtirente’s digital platforms
4. Collection of personal information
Bâtirente collects personal information in a variety of ways, including directly from the individual concerned, from third parties and via its website, or otherwise, including where permitted by law. Bâtirente may also generate new information using information already collected.
Bâtirente may, but is not limited to, collecting personal information from the following general sources:
a. Directly from the person
Bâtirente may collect personal information directly from the person concerned or from his or her legal representative, in particular for the following activities:
- Enrolment process or account opening.
- Carrying out account-related transactions, such as contributions, withdrawals, or transfers.
- Offering services and acting as an advisor in retirement matters.
- Subscribing to a newsletter or other mailing list.
- Filling out a form on the website or a survey, consultation, or comment on digital platforms.
- As part of a Bâtirente job, position, or responsibility.
A person is not required to provide Bâtirente with personal information when requested, but Bâtirente may not be able to provide certain products and services or process a request, including the inability to open an account or carry out financial planning
b. With third parties
In certain circumstances, Bâtirente may collect personal information from third parties, such as an employer, a financial institution, an information agency, a credit bureau, a group manager, a pension plan, a trustee in bankruptcy, a service provider, a public agency, or a legal representative. Bâtirente may also collect, through its members, information on another person such as his or her designated beneficiary(ies), mandatary, or spouse.
Each third party and member is responsible for ensuring and warranting that it is authorized to provide such information to Bâtirente and has obtained the informed consent of the person concerned for the collection, use and disclosure of his or her personal information when required by law.
c. Via the website
Use of the website allows Bâtirente to automatically compile certain information concerning a user profile, which may include a computer’s Internet Protocol address (or IP address), a geolocation zone, the system used, the name of the Internet service provider, the date and time a person accessed the website, the previous website visited insofar as it provided a link to the Bâtirente website, as well as the content viewed and downloaded on the Bâtirente website. To do this, the Bâtirente website, like most websites, uses tracking cookies, which are small data files that are stored on a computer when a visit is made. Use of the website is also subject to the Legal Notice – Terms of Use and other conditions posted online from time to time.
5. Use of personal information
With the consent of the individual concerned, or as permitted or required by law, Bâtirente may use personal information for the following purposes or for any other compatible or reasonable purposes, or for any other purposes specified in a consent:
a. Bâtirente’s general purposes
Bâtirente may use personal information for general corporate purposes, such as:
Provide or offer products and services or process requests
- Identify an individual and validate his or her identity.
- Ensure that personal information is accurate, complete and up-to-date before using it. However, it is the individual’s responsibility to inform Bâtirente of any changes to personal information.
- Validate the eligibility of a request.
- Provide information on products and services that may be of interest and, more generally, on saving for retirement, and evaluate requests for products or services, including determining whether or not a product or service can be offered.
- Provide retirement services and advice.
- Carry out account transactions.
- Transfer money to or from a financial institution.
- Communicate account information.
- Establish and maintain a business relationship and manage the compliance of products and services offered.
- Respond to any questions, comments, suggestions, or complaints.
- Comply with legal requirements.
Manage business activities
- Prevent errors and fraud and meet legal requirements.
- Exercise due diligence to prevent or reduce business risks, meet good governance requirements, or manage and audit business activities.
- Ensure the security of information, systems, or networks.
- Comply with legal and regulatory obligations, requirements, and guidelines.
- Inform and cooperate with competent authorities when required.
- Recover sums due.
- Respond to audits, evaluations, requests, or legal requirements.
Manage the website
- The Bâtirente website may use information to manage and facilitate its use, which may include tracking cookies and other technologies to tailor the website to preferences and to compile statistics about the consultation and use of the website in order to improve it, such as analysis tools like Google Analytics and similar technologies. Statistics may include the number of visits, the average time spent per visit, or the pages visited.
Manage the file of a Bâtirente employee, group representative, committee member, administrator or consultant
- Verify identity, background and, in some cases, academic credentials.
- Respond to requests and communicate with the candidate, current or former employee.
- Evaluate job applications.
- Conclude employment or other contracts.
- Process payroll, deductions and applicable contributions and make payment of all sums due.
- Complete group insurance or pension plan enrolment, including calculation of amounts payable on retirement or other departure.
- Manage performance or professional development.
- Ensure health and safety compliance, provide surveillance, prevent violence, handle complaints, or manage administrative, disciplinary, or legal measures.
- Appoint or recommend the appointment of a director, officer, or committee member.
b. For continuous improvement purposes
Bâtirente may use personal information to enhance the customer experience and improve or develop the range of products and services, including website usage. This may include generating statistics to understand and assess interests and needs. Where required by law, Bâtirente will use de-identified or anonymized information for these purposes.
c. For marketing purposes
Bâtirente may use personal information to provide personalized content, products, and services and to decide what offers or promotions to provide on its digital platforms.
Bâtirente may also use personal information to communicate with its members or others, for example, by e-mail, telephone, text messaging, mail or online, regarding any products, services, recommendations, special offers, promotions, contests, or events that may be of interest to them. Bâtirente includes in electronic commercial messages an unsubscribe procedure allowing any person to no longer receive them. This does not apply to communications about products held by Bâtirente or administrative communications required for the proper management of the file in question or made in accordance with the law.
6. Communication to other persons or organizations
Bâtirente may disclose personal information to its service providers, including its agents, service providers or consultants and other organizations in accordance with applicable law. Service providers that may receive personal information include, but are not limited to, consulting companies, human resources management companies, training companies, account, or tax statement preparation companies, mailing and courier companies, scanning companies, document storage companies, cloud or other data hosting providers, IT software, maintenance and consulting providers, annual meeting attendance systems, including vote counting, trust companies and archiving services.
When Bâtirente communicates personal information to third parties such as agents or service providers, we contractually stipulate, in accordance with the law, that the personal information communicated must only be used for the purposes of fulfilling the contract, and that it must benefit from reasonable safeguards given, for example, its sensitivity, use or quantity. Such third parties may be required to demonstrate reasonable assurance that information security and data protection controls are sufficient in this regard.
In addition, Bâtirente may disclose personal information where permitted or required by law, for example:
- With governments, governmental bodies or agencies, law enforcement agencies when required by law, as in the case of disclosure for tax purposes to the Canada Revenue Agency or Revenu Québec, or in securities matters to the Autorité des marchés financiers.
- With individuals or organizations, fraud prevention agencies, regulatory or governmental bodies or agencies, database or registry operators used to verify information provided against existing information, or insurers, financial institutions to validate eligibility, detect or eliminate financial abuse, fraud and criminal activity, protect Bâtirente’s assets and interests, assist in internal and external investigations of potentially illegal or suspicious activities, or manage, defend or settle actual or potential losses related to the foregoing. For these purposes, personal information may be aggregated with data belonging to other individuals and may be subject to data analysis.
In all cases, Bâtirente does not sell the personal information entrusted to it in the course of its activities.
7. Choices regarding the use of personal information
An individual may, in some cases, choose how Bâtirente handles his or her personal information.
a. Modification of communication preferences
A person may choose not to receive commercial or promotional messages from Bâtirente by e-mail by clicking on the unsubscribe link in the correspondence sent.
Despite this choice, Bâtirente may communicate with an individual regarding a product held or a request made, or for administrative communications necessary for the proper management of the file in question in accordance with the law.
Bâtirente will process any change in preferences, generally within ten (10) business days of the request.
b. Modification of browser settings on a device
It is possible to erase cookies from the hard drive of a computer or mobile device, to block the creation of tracking cookies or to receive a warning before a cookie is stored, and an individual can remove or deactivate some of these technologies at any time through his or her browser. However, in the event of removal or deactivation, certain functionalities of the website and digital platforms may no longer be functional or accessible
Please refer to your browser instructions or help screen to learn how to block, delete and manage tracking cookies on your computer or mobile device.
c. Limiting collection, use and disclosure of personal information
For situations other than those described above, an individual may withdraw consent to the collection, use and disclosure of personal information in accordance with the Policy at any time upon reasonable written notice to Bâtirente, subject to legal or contractual restrictions.
However, the withdrawal of consent may affect Bâtirente’s ability to offer or provide products and services to an individual or to respond to a request. In certain circumstances, legal or contractual requirements may prevent an individual from withdrawing consent.
8. Personal information protection measures
Bâtirente maintains policies and practices that provide a framework for its governance of personal information and ensure its protection throughout its life cycle. Depending on the volume and sensitivity of the information, the purposes for which it is used and the format in which it is stored, Bâtirente implements a combination of measures to protect personal information, including:
- Designation of a privacy representative who ensures Bâtirente’s compliance with applicable privacy legislation.
- Internal policies and procedures that define the roles and responsibilities of employees throughout the information life cycle and determine which employees or other authorized persons may access information assets and for how long.
- Sensitivity and ongoing training on confidentiality and data security for employees.
- If information is collected or stored electronically, technical security measures such as encryption, firewalls, anti-virus software and similar measures.
- Procedures for receiving, investigating, and responding to complaints or inquiries about Bâtirente’s information handling practices, including those relating to any incident involving personal information.
- Contractual and other measures to ensure that service providers with whom Bâtirente shares personal information maintain adequate security measures.
However, as no mechanism offers flawless security, a degree of risk is always present.
9. Retention of personal information
Bâtirente retains personal information (physical or electronic records) only as long as necessary to provide products or services or respond to requests, manage its business activities, and comply with its legal and regulatory obligations. When no longer required, personal information is securely destroyed or anonymized.
10. Transfer of personal information outside Quebec
In general, personal information is held (data at rest) in Canada, whether in Quebec or in another province. Notwithstanding the foregoing, it may also be held in any country in which Bâtirente service providers operate and to the extent necessary for the performance of their functions or services.
Thus, some Bâtirente service providers may access, use, or store personal information outside Quebec. In such a situation, the safeguards described in Section 8 apply, but the fact remains that personal information so disclosed may be subject to the laws of a foreign state, including any laws permitting or requiring disclosure to the government, government agencies, courts, and law enforcement agencies of that state.
11. Request for access, rectification, modification or deletion or complaint regarding personal information
Subject to certain legal exceptions, any person may have access to personal information concerning him or her, request corrections to be made to inaccurate information and request the rectification or deletion of his or her personal information if its collection, use, communication, or retention is not authorized by law. Any person may also file a complaint concerning the protection of personal information.
12. Changes to the policy
Bâtirente may, at its sole discretion, make changes to the Policy. Any modification will take effect at the time it is posted on our website. In compliance with the law, additional terms and conditions may apply. By continuing to deal with Bâtirente after the new version of the Policy has been posted, any person will be deemed to have accepted the changes made to the Policy, subject to any other requirements that may apply. It is each person’s responsibility to ensure that he or she has read and understood the Policy and any changes to it.
13. Contact details
Any general questions relating to confidentiality and the protection of personal information can be submitted as indicated below:
- by phone at 514 525-5740 ext. 2041
- by mail: 2175 De Maisonneuve Blvd. East, suite 203, Montréal (Québec) H2K 4S3
With the exception of certain special cases, all requests for access, rectification, modification, deletion, or complaint must be submitted in writing to the person responsible for the protection of personal information as indicated below:
- by email at administration@batirente.com
- by mail: 2175 De Maisonneuve Blvd. East, suite 203, Montréal (Quebec) H2K 4S3
The person responsible for the protection of personal information responds diligently to any request addressed to him, generally, within 30 days of receipt of the written request. If the person responsible cannot respond, in whole or in part, to a request presented to him, he will give the reason to the requester.
Policy updates and review
In accordance with the provisions of the Act respecting the protection of personal information in the private sector (as amended by the Act to modernize legislative provisions as regards the protection of personal information), the Policy has also been approved by the person responsible for the protection of personal information in Bâtirente. The application and revision of the Policy are under its responsibility. The minimum revision frequency is every three (3) years or more frequently if necessary.