Context
The COGIRES Group is divided into three (3) different entities, namely Hôtel Château Laurier Québec, Hôtel Château Bellevue, Le Georges V – Banquet and Catering Services, Inc. (including Le Croquembouche bakery). Each of our entities operates in different sectors, but shares a common commitment to excellence and privacy. The different entities also share the same Privacy Officer and the same computing equipment.
The protection of personal information and the management of privacy incidents are societal issues that the COGIRES Group considers seriously. This is why the COGIRES Group diligently complies with the requirements of Law 25 and therefore adheres to the definitions related to it. The term “Privacy Incident” is defined as any access, use or disclosure of Personal Information unauthorized by law, as well as the loss of Personal Information or other breach of protection of Personal Information.
In addition, the term “Personal Information” is defined as any information, taken alone or in combination with other available information, about an individual that identifies him or her, such as information about his or her financial situation, lifestyle or health. However, the name of an individual, as well as his or her professional contact information, such as title, address, telephone number and professional email address, are not Personal Information subject to Law 25.
Personal Information must be protected regardless of the nature of its medium and regardless of its form: Written, graphic, audio, visual, computerized or otherwise.
Accountability
The COGIRES Group is responsible for all Personal Information in its possession or management, including Personal Information received directly—for example from COGIRES customers and staff.
The COGIRES Group adheres to good cybersecurity practices by conducting, together with its IT partner, a holistic and rigorous cybersecurity program based on the NIST Cybersecurity Framework. A cyber risk assessment of the company’s IT assets was conducted, as well as a cyber risk management strategy aimed at implementing a series of mitigation measures to protect IT assets, including Personal Information.
The COGIRES Group has also assigned a Privacy Officer and delegated certain cybersecurity responsibilities to its IT partner through a range of managed cybersecurity services. The cybersecurity program executed in partnership with an IT firm ensures the protection of privacy and Personal Information on behalf of the COGIRES Group. A publication was also made on the website and the staff were informed of the existence of the Privacy Policy and the Governance Policies and Practices Regarding Personal Information, as well as the role everyone should play in ensuring the privacy of all guests and team members.
For questions about the practices of the COGIRES Group on the matter, contact the Privacy Officer via email at confidentialite@vieuxquebec.com or by phone at 418-522-3848 ext. 1633.
Purposes for Which Personal Information Is Collected
The COGIRES Group collects, uses and discloses Personal Information about team members to comply with laws, regulations and professional standards, to provide benefits, to administer performance management tools, to administer, manage, monitor and enforce the programs and policies of the COGIRES Group and its relations with its employees, and, generally, to establish, manage or terminate bonds of employment or association.
The COGIRES Group may also collect and use Personal Information about individuals who apply for employment with the company in order to assess the possibility of hiring.
The COGIRES Group may also collect and use Personal Information belonging to customers in order to be able to offer the best possible service during a present or future stay.
Personal Information may be collected without notice or consent, to the extent permitted by law.
Consent
The COGIRES Group ensures that it obtains the valid consent of the individuals concerned before collecting, using or disclosing their Personal Information, except as authorized or required by law.
Collection Limits
The COGIRES Group collects by legitimate and legal means only Personal Information that it may reasonably deem necessary to meet its legal obligations, offer its services and carry out its business activities.
Limitation of Use and Disclosure
The COGIRES Group uses and discloses your Personal Information only for the purposes for which it has obtained your consent, or as permitted or required by law. If the COGIRES Group requires the need to use or disclose Personal Information about an individual for a purpose not previously reported, the COGIRES Group will first seek the consent of the individual concerned, unless the law requires or permits the use or disclosure of Personal Information without the consent of the individual.
The COGIRES Group retains your Personal Information for as long as necessary to fulfill the identified purposes except as permitted or required by law. All human resources files and other records that contain Personal Information about the employees of the COGIRES Group are destroyed when such information can no longer reasonably be considered necessary for legal, regulatory or administrative purposes.
The COGIRES Group does not sell Personal Information to third parties and does not use or disclose Personal Information for purposes other than those for which it is collected, unless the COGIRES Group obtains the express consent of the individual concerned, in an emergency (i.e., to protect the life, health or property of a person) or as required by law.
Accuracy
In order to ensure that the Personal Information collected is relevant to the purposes for which it is used, the COGIRES Group makes reasonable efforts to maintain the integrity of the Personal Information of individuals and to update it regularly.
Individuals to whom the collected Personal Information relates must communicate in writing to the Privacy Officer to make a request for rectification.
Safety Measures
The COGIRES Group is committed to protecting your Personal Information by implementing its cybersecurity program based on the NIST Cybersecurity Framework. The COGIRES Group adheres to good cybersecurity practices by conducting a holistic and rigorous cybersecurity program based on the NIST Cybersecurity Framework. A cyber risk assessment of its IT assets has been completed and will be reviewed on a regular basis, and a cyber risk management strategy has been developed to define and implement a series of risk mitigation measures to protect IT assets including Personal Information.
Transparency
The COGIRES Group may make available to interested persons, upon request, information on its Privacy Policy and on its Governance Policies and Practices Regarding Personal Information.
The COGIRES Group also undertakes to respond to any request for information related to its policies and practices for the management of Personal Information, submitted in writing to the Privacy Officer.
Access to Personal Information
The individuals concerned have the right to examine their Personal Information in the possession of the COGIRES Group and to obtain a copy of it. For this purpose, they must contact the Privacy Officer.
The right to access Personal Information is subject to certain legal restrictions, and the COGIRES Group will take reasonable steps to verify the relevance of the request and the identity of individuals before granting such access.
Should an individual have any concerns about access, he or she can contact the Privacy Officer via email at confidentialite@vieuxquebec.com or by phone at 418-522-3848 ext. 1633. Apart from a few exceptions, applicants will receive a response within thirty (30) days.
Complaint Processing Procedure
The COGIRES Group knows that it is important to ensure the protection of privacy and Personal Information. If you have any questions or concerns about privacy and Personal Information, and the role the COGIRES Group plays in this regard, contact the Privacy Officer via email at confidentialite@vieuxquebec.com or by phone at 418-522-3848 ext. 1633.
The COGIRES Group has established a procedure for receiving and processing complaints about this Policy and about its Personal Information handling practices. An individual about whom the COGIRES Group has personal information may complain about non-compliance with this Policy. Any privacy complaint should be directed to the Privacy Officer at the address above. Apart from a few exceptions, applicants will receive a response within thirty (30) days.
If an individual is dissatisfied with the COGIRES Group’s response to a complaint or the COGIRES Group’s policies and practices regarding the processing of Personal Information, he or she may file a complaint with the Commission d’accès à l’information du Québec on the Commissioner’s website at www.cai.gouv.qc.ca.
Policy Update
The COGIRES Group undertakes to review this Policy every three (3) years. It will also need to be updated whenever there are any substantial changes to legislation or regulatory requirements.
IMPLIED CONSENT TO COLLECTION OF PERSONAL INFORMATION (Booking Confirmation)
The purpose of this document is to inform you that you have the right to refuse to consent to Groupe Cogirès* collecting, retaining, using and disclosing specific personal information about you for the purpose of providing services to you.
*Groupe Cogirès includes all of the following companies: Hôtel Château Laurier Québec, Hôtel Château Bellevue, Traiteur Le George-V, Espace Événementiel du MMVQ et Le Croquembouche Pâtissier et traiteur.
TYPE OF INFORMATION COLLECTED
Identity information (name, surname, address, age, designation, telephone number, email address, etc.)
Financial information (banking information, amounts owed by a customer, a customer’s credit card number, etc.)
CONSENT TO DIFFERENT PURPOSES FOR COLLECTING INFORMATION
Groupe Cogirès uses the personal information covered by this consent document for one or more of the following purposes:
Reservation(s) of room(s)
Provision of hotel services to you
Promotional communication
DISCLOSURE TO A THIRD PARTY
Personal information collected for the foregoing purposes may be disclosed to these third parties, external to the organization for statistical purposes, survey, and clientele analysis.
PERIOD OF VALIDITY OF CONSENT
This consent is valid for a period of 7 years, after which Groupe Cogirès may request an extension of consent or withdraw it according to the method defined in the company’s personal information retention and destruction policy.
IMPLIED CONSENT
I confirm that I have taken the time to read this form and authorize Rematek to collect, hold, use, and
provide any information you need for my application
If you do not agree to the terms of collection mentioned above, please notify us as soon as possible at confidentialite@vieuxquebec.com so that we can take action and destroy any information that may have already been collected. Your silence or inaction on this matter will be considered implied consent.
ANNEX
ADDITIONAL INFORMATION TO THE CONSENT REQUEST
PROTECTION OF PERSONAL INFORMATION
We only collect personal information that is necessary for the purposes listed above. In addition, only those individuals who need access to it to complete the purposes for which the information was collected have access to it.
The consent given by means of this document may be withdrawn at any time, for all purposes or partially. It is also possible for the owner of the information collected to request a change to his or her information.
MEANS BY WHICH INFORMATION IS COLLECTED, USED OR DISCLOSEDPersonal information is collected, used and disclosed in a secure manner and only in connection with the specific purposes and disclosures identified at the time of the consent request. Technological security measures and procedures are in place to prevent unauthorized access, thereby ensuring the confidentiality and integrity of your personal information.
CATEGORIES OF INDIVIDUALS WITH ACCESS TO PERSONAL INFORMATION COLLECTED
Access to this information is limited to individuals who require this data to complete specific tasks, ensuring responsible and secure use of personal information.
COMMUNICATION OUTSIDE QUEBEC
When personal information is shared outside of Québec, a privacy impact assessment is systematically conducted. This approach aims to protect data subjects, from the collection to the destruction of data, by putting in place adequate protection measures. The objective is to ensure compliance with privacy obligations and to avoid any potential issues such as confidentiality incidents, litigation or damage to the image of the organization or the individual concerned.
RIGHTS OF INDIVIDUALS AFFECTED BY THE COLLECTION OF PERSONAL INFORMATION The consent given through this document may be withdrawn at any time, for all purposes or in part. It is also possible for the owner of the information collected to make a request for rectification of his information when he deems that it is no longer accurate. In addition, any person has the right to make an access request to be informed of the information that is held by the company.
Finally, an individual for whom we hold personal information has the right to make a complaint about the way we handle his or her personal information.
If you have any questions or concerns about your privacy and personal information, and the role we play in doing so, please contact our Privacy Officer, Ms. Marie-Pierre Lebel, at confidentialite@vieuxquebec.com . You can also find our privacy policy on our website at https://www.hotelchateaulaurier.com/confidentialite/.