Privacy policy

The City of Québec invites anyone concerned to read its Privacy and Information Security Policy to learn the rules that it applies and that govern its staff and agents with regard to the protection of personal and confidential information and information security.

1. Policy Objective

This policy demonstrates the City of Québec’s commitment to information security and the protection of personal and confidential information.

    1. The City of Québec is a public body subject to the Act respecting Access to documents held by public bodies and the protection of personal information (RSQ, chapter A-2.1) and the Act to establish a legal framework for information technology (RSQ, chapter C-1.1).

    1. This policy defines how the City protects personal and confidential information and contains standards for collection, use, communication, conservation, right of access, and rectification.

2. Policy Orientations

2.1 Protection of personal and confidential information

The City, which considers it paramount to protect privacy and the personal and confidential information that it collects and retains, is committed to compliance with the provisions, values, and fundamental principles established by applicable legislation. It ensures to implementimplementation of the measures necessary to guarantee transparency and respect for the confidentiality of the information that it is provided with to it when services are requested.

2.2 Information security

The City undertakes to implement a set of technological, organizational, human, legal, and ethical measures to ensure the security of information, notably:

  • Information availability, where information is accessible in a timely manner, as required by authorized individuals

  • Information integrity, where information is not destroyed or altered in any way without authorization, in accordance with the City’s retention schedule, and the medium bearing such information provides the desired stability and durability

  • Information confidentiality, where disclosure of information is limited only to authorized individuals

  • Identification and authentication to confirm, when required, the identity of an individual or the identification of a document or device

  • Irrevocability to ensure that an action, exchange, or document is clearly and undeniably attributed to the entity that generated it

  • Compliance with legal, regulatory, or business requirements to which the City is subject

3. Definitions

3.1 Personal information

Any information that involves an individual and can identify him/her, subject to any exceptions provided by applicable laws. Such information may be of a personal nature, such as the individual’s address, phone number, health status, lifestyle, or financial situation.

3.2 Confidential information

Any information that involves a building or corporate body and relates to information that its author or owner deems confidential due to its financial, commercial, or strategic nature, unless applicable laws in the public sector provide, by way of exception, that such information held by the City is public.

3.3 Information security

Protection resulting from all security measures that are implemented to ensure the confidentiality, integrity, and availability of the information that the City holds based on the sensitivity and value of such information, the risks to which it is exposed, and the obligations to which it is subject.

4. Consent and the Collection and Retention of Personal and Confidential Information

4.1 Consent and collection method

The City collects information in a fully transparent manner with the free and informed consent of users and only in cases where the information collected is required to provide a desired service.

In accordance with applicable laws, when the City collects personal and confidential information, it clearly indicates the purposes for which the information is being collected and requests the user’s consent to use such information. The City must obtain consent again to use previously collected information for another purpose.

Some of the City’s services or activities may be intended for minors. In such cases, personal information is collected with the consent of the child’s parents or representative.

Information is collected primarily through forms, the City’s website, telephone conversations, opinion surveys, and questionnaires.

4.2 Collected information

Depending on the service provided, the City may collect and retain any of the following information: last name, first name, mailing address, electronic address, telephone numbers, fax number, credit card number, driver’s license number, social insurance number, health insurance number, and date of birth. Information relating to cultural or recreational activities or family circumstances may also be collected and retained.

4.3 Collection of technical information during use of the website or online services

The City collects technical information such as IP addresses, pages visited, requests, dates and times of connection, the type of Web browser or computer system used, or and names of website domains used to link up to the site.

When Web users use online services are or visit the website, the City or its agent may also store certain information on their computers in the form of cookies or similar files. Cookies help retain certain information on use of the website or an online service. By targeting the interests and preferences of Web users, cookies enable the City to improve its service delivery and the client experience. Cookies may be required to meet the technological or security requirements of Web browsing or to enable an online service to run smoothlyproperly.

Most Web browsers allow Web users to delete cookies from their computer’s hard drive, block cookies, or receive a warning before cookies are set. Web users who refuse cookies will nevertheless have access to the site, but browsing may be affected and some services may not be available.

4.4 Purpose of collecting information

When the City collects and retains personal and confidential information, its objective is to offer users secure, personalized service in accordance with applicable laws and its security rules. The City uses the personal, confidential, or technical information that it collects for the following purposes:

  • Verify the identity of users

  • Ensure that users and the City are protected against fraud and false statements

  • Offer personalized service delivery

  • Determine eligibility for services offered by the City

  • Monitor requests for services made to the City and its agents

  • Communicate information about services and programs in effect to residents who desire it

  • Compile statistics

  • Improve available services

5. Right of Rectification, Withdrawal, and Destruction

Residents may request to have their information corrected, destroyed, or no longer used for the purposes for which they wereit was collected.

To do this, they must contact the department involved or their borough office.

In accordance with the Archives Act (RSQ, chapter A-21.1), information is retained for the period provided for on the City’s retention schedule and classification plan and then destroyed.

In accordance with applicable laws, the City of Québec undertakes to comply with any request to withdraw, rectify, or destroy information, subject to legal obligations to the contrary.

6. Information Security

The City uses information technology extensively to support its business processes in order to offer service delivery consistent with its service statement.

All collected personal and confidential information is retained in a secure environment. The City staff and its agents are required to respect the confidentiality of information. The City implements appropriate, useful, and necessary security and access management measures based on the sensitivity of the information processed. Only individuals who require access to personal and confidential information to perform their duties can access this information do so.

The City integrates technological innovations to ensure the confidentiality, integrity, and availability of transactions and information in its various modes of service delivery.

7. Responsibility of Users

7.1 Users are responsible for the information that they provide to the City of Québec and for maintaining the confidentiality of their identification and authentication information (user codes, access codes, passwords, access cards, etc.). The City may not be held liable for unauthorized use caused by users.

7.2 Users must also ensure that the system or equipment they use to transmit or receive information from the City is sufficiently secure, and must exercise vigilance.

The City may not be held liable for unauthorized access to information resulting from negligence or vulnerabilities present in the equipment or systems of users.

7.3 In the event that the confidentiality of their information becomes compromised or their identities are stolen, users must notify the City as soon as possible by contacting the department involved or their borough office.

The City does not solicit residents by email or otherwise to obtain personal or confidential information about them. In case of doubt, users are urged to contact their borough office.

8. Restrictions on Access to Services

The City reserves the right to destroy users’ accounts without notice, at its sole discretion, at any time. The City also reserves the right to restrict users’ access in whole or in part to applications offered by the City. The City may not be held liable for such suspensions, cancelations, or restrictions.

9. Incident Reports

The City undertakes to inform users of incidents that affect the protection of personal information.

10. Links with Other Sites

The City of Québec website contains hyperlinks to other sites. Information exchanged on such sites is not protected by this privacy and security policy, but is subject to the policies of the external sites.

The City is not responsible for the content of such sites and does not endorse them. The City may not be held liable for any damage of any nature whatsoever that results from the navigation or use of such sites.

11. Employees in Charge of Policy Enforcement

The City of Québec employee in charge of access to information and the protection of personal information is responsible for ensuring compliance with the policy component regarding the protection of personal and confidential information.

The City of Québec employee in charge of digital information security is responsible for ensuring compliance with the policy component regarding the security of digital information.

12. Additional Information, Comments, or Complaints

Residents who have any questions, comments, or complaints about this policy or its enforcement can contact their borough office.

Residents who are not satisfied with a response they receive may contact the City of Québec employee in charge of access to information and the protection of personal information in writing:

Julien Lefrançois
Division Director
Manager, Access to Documents and
the Protection of Personal Information
Clerk’s Office and Archives Department
City of Québec
2 rue des Jardins
Suite RC-05
Québec City, Québec
G1R 4S9
Phone: 418-641-6411, ext. 4917
Fax: 418-641-6357

Adopted on: November 26th 2014
Resolution: CE-2014- 1887