Request a presentationRegister

PRIVACY POLICY

May 2026

 

  1. Purpose  

ACA-Prolang, (“ACA-Prolang” or “we“) values its customers and respects your privacy, and wants to inform you of how we collect, use and disclose information. The purpose of this policy is to outline the obligations related to the protection of personal information that is collected and held by ACA-Prolang. 

This policy: 

  • sets out ACA-Prolang’s commitment to comply with Law 25, Act respecting the protection of personal information in the private sector (the Act), to protect the confidentiality, integrity, and privacy of personal information; 
  • defines the roles and responsibilities of various stakeholders in relation to the protection of personal information; and 
  • describes the rights of those wishing to access personal information held by ACA-Prolang and sets out the governing principles.  

 

2. Definitions  

For the purpose of this policy, the following definitions shall apply: 

“Individual(s)” means the person to whom the personal information relates. 

“Commission” means Commission d’accès à l’information du Québec 

“Confidentiality Incident” means:  

  • access not authorized by law to personal information; 
  • use not authorized by law of personal information; 
  • communication not authorized by law of personal information; or 
  • loss of personal information or any other breach of the protection of such information. 

“Personal Information” means any information which relates to a natural person and directly or indirectly allows that person to be identified.  

 

3. Collection of Personal Information 

3.1 Personal information that is necessary for the fulfillment of its activities is collected. 

3.2 We and our service providers may collect the following Personal Information: 

  • Name; 
  • Postal address (including billing and shipping addresses); 
  • Telephone number; 
  • Email address; and 
  • Credit and debit card number. 

3.3 Personal information is collected from an individual based on clear, free and informed consent given for specific purposes. Such consent is valid for the time necessary to fulfill the purposes for which it was requested. 

3.4 If you submit any personal information relating to anyone other than yourself, you represent that you have obtained any necessary consent from that individual for use and disclosure of that individual’s personal information as described in this policy. 

 

4. Use of Personal Information 

4.1 Personal information must be used only for the purposes of coordinating and organizing training programs, and any other processes related to the training services offered by ACA-Prolang. 

4.2 By providing ACA-Prolang with personal information for training purposes, individuals understand and agree to the use of their information on third-party platforms to deliver language services. 

 

5. Protection and Retention of Personal Information  

We implement reasonable security measures to protect the confidentiality of personal information collected, used, disclosed, retained or destroyed. These measures take into account, among other things, the sensitivity of the personal information, the purpose for which it is collected, its quantity, its distribution of the information and its medium. It should be noted that this is not an exhaustive list of all possible measures. 

          5.1 Technical measures 

  • Data encryption: All personal information will be encrypted both in transit and at rest. 
  • Access Management: Implementation of role-based access controls.  
  • Secure Storage: Personal information will be stored in secure systems and on servers located inside Quebec if possible to enhance data security and compliance with local regulations. 
  • Penetration Testing: An annual penetration test will be performed by a third party on all in-house servers and systems to bolster security 
  • Cybersecurity Training: Regular cybersecurity trainings and phishing testings will be conducted to all employees and contractors to enhance awareness against cyber threats and to prevent breaches of confidentiality  

5.2 Procedural measures 

  • Data Retention: Personal information will be retained only for as long as necessary and securely disposed of when no longer needed.  
  • Data Communication outside Quebec: A privacy impact assessment must be conducted and take into account  
  • The sensitivity of the information  
  • The purposes for which it is to be used 
  • The protection measures, including those that are contractual, that would apply to it; and  
  • The legal framework applicable in the State in which the information would be communicated, including the personal information protection principles applicable in that State 
  • Projects involving Personal Information:  A privacy impact assessment must be conducted for any project to acquire, develop, or overhaul an information system or electronic service delivery system involving the collection, use, communication, keeping or destruction of personal information.  
  • Incident Response: An incident response plan will be in place to handle a confidentiality incident and notify affected parties as required by the Act. If the incident presents a risk of serious injury, the Commission d’accès à l’information du Québec will be promptly notified. 
  • Register of Confidentiality Incident: ACA-Prolang will keep a register of confidentiality incidents, and a copy will be sent to the Commission upon request. 

 

6. Individual Rights  

6.1 Individuals have the right to access and rectify their personal information and to withdraw consent to the communication or use of the information collected. 

6.2 Procedures will be in place to address these requests in a timely manner. 

6.3 Requests by third parties for access to Personal Information must be directed to the Privacy Officer. 

 

7. Destruction and Anonymization 

Once the purposes for which personal information was collected have been fulfilled, the information will be destroyed or anonymized, subject to the time limits set out in the Act and any other legal requirements. 

 

8. Compliance and Monitoring  

8.1 Regular internal and external audits will be conducted to ensure compliance with the Act.  

8.2 Compliance Reporting: Any non-compliance incidents will be documented and reported as required. 

 

9. Policy Review and Updates  

This policy will be reviewed annually and updated as needed to ensure continued compliance with the Act. 

 

10. Contact 

Questions, comments and concerns about the privacy and use of your personal information are welcomed. Contact Privacy Officer  

in writing:  

1535 Chemin Ste-Foy, office 330, Québec, G1S 2P1  

by phone:  

418-657-2600; or 

by email:  

privacy@lesateliers.ca