Privacy

Sutton Cemeteries Inc. / Cimetières Sutton inc.

Privacy Policy

1. PREAMBLE

Sutton Cemeteries Inc. is a non-profit organization under the Canada Not-for-Profit Corporations Act (hereinafter referred to as the “Corporation”) that operates and maintains cemeteries in the Brome-Missisquoi Municipal Regional County. The Corporation understands the importance of respecting the confidentiality of information disclosed to it. Because of the nature of its activities, the Corporation recognizes that it is essential to provide a framework for the protection of personal information through this policy, in order to ensure the protection of privacy, and in accordance with applicable legislative requirements.

2. SCOPE OF APPLICATION

This policy applies to all members, volunteers, directors and employees of the corporation. The protection of personal information held by the corporation is an obligation that applies to all persons authorized to handle such information within the organization.

3. PURPOSE

The purpose of this policy is to define the Corporation's guiding principles with respect to the protection of the personal information it collects, uses, communicates and retains in the course of its activities.

4. DEFINITION

a. “Personal Information”

Personal information is information that directly or indirectly identifies a natural person. The personal information collected by the Corporation includes, but is not limited to, the following: first name, last name, mailing address, e-mail address, telephone number and date of birth.

b. “Sensitive personal information”

Personal information is sensitive if it requires a high degree of reasonable attention to privacy. Such sensitive personal information would include any financial information collected by the corporation or other sensitive information such as social insurance numbers.

5. COLLECTION OF PERSONAL INFORMATION

The Corporation collects only the personal information required for its activities. It undertakes to use personal information only for the purposes for which it was requested and for which an individual has consented to provide it to the Corporation. In the event that the Corporation needs to use personal information for purposes other than those for which an individual had initially given consent, the Corporation undertakes to obtain new consent. Personal information is collected notably through the website, forms and telephone or face-to-face interviews. The purpose of collecting personal information is to provide quality services to our customers.

The collection of personal information is a transparent process and requires the manifest, free and informed consent of each individual from whom it is collected. Consent must be explicit for the collection of sensitive personal information. Consent will be required except in exceptional situations provided for by law. The Corporation requires the consent of a parent or legal guardian to collect personal information from a person under the age of eighteen (18).

6. USE OF PERSONAL INFORMATION

Personal information will be used to:

• 
  Verify a person's identity
  

• Collect basic family history of deceased
  

• Respond to enquiries about persons buried in the cemetery
  

• Send informative e-mails
  

• Make or receive payments
  

• Improve service
  
  

7. COMMUNICATION

The Corporation may communicate personal information to third parties with the consent of the person concerned. However, it should be noted that there may be certain situations provided for by law which allow personal information to be communicated without the need to obtain consent. The third parties with whom the Corporation may be required to communicate personal information are as follows: the Governments of Québec and Canada, as well as external auditors.

8. RETENTION

Information is retained in a secure environment for the period initially agreed upon or for any period necessary to comply with legal obligations, enforce agreements or resolve disputes, unless a longer retention period is required or permitted by law.

The Corporation takes reasonable steps to ensure the currency, accuracy and integrity of personal information.

9. RIGHT OF ACCESS, RECTIFICATION, WITHDRAWAL AND DESTRUCTION

Any individual may access his or her personal information and request that it be rectified, withdrawn or destroyed. Any such request must be made in writing to the Privacy Officer (see section 14).

As required by law, the Privacy Officer will respond to any user's request for access or rectification within 30 days of receipt of the request.

In the interest of transparency and upon request, the corporation undertakes to provide the following information:

• 
  The personal information it holds about the person making the request
  

• A list of the categories of people who have access to personal information
  

• The length of time for which personal information is kept
  

• The contact details of the person responsible for the protection of personal information.
  
  

This information will be transmitted in a structured, commonly used technological format, as required by law.

It should be noted that when information is deleted or modified, a copy of the personal information present in our files prior to the modification or deletion is retained for the time required to comply with legal and tax obligations.

10. DESTRUCTION AND ANONYMIZATION

Personal information is destroyed or made anonymous at the end of its life cycle, either when the purpose for which the information was collected has been fulfilled or as provided by law.

11. INFORMATION SECURITY

All personal information collected is kept in a secure environment. In addition, only authorized corporate representatives have access to all personal information. They are required to comply with this policy.

Please note that the security of data transmitted over the Internet or a wireless network cannot be guaranteed. It is therefore important to know that, despite the Corporation's best efforts to protect personal information, there are certain risks beyond its control.

12. LINKS TO OTHER SITES

The Corporation's Web site contains hyperlinks to other sites. This policy does not apply to those other resources. When you leave the corporation's web site, please refer to the privacy policy of the site you are visiting.

13. PRIVACY INCIDENT

In the event of a privacy incident, the Corporation will take reasonable steps to minimize any harm that may result and will take appropriate measures to prevent a similar incident in the future. The Corporation undertakes to inform the persons concerned if there is a reasonable risk of harm as a result of the incident or if notification is otherwise required by law.

In the event of an incident that could cause serious harm, the Commission d'accès à l'information will be notified as required by law. The Corporation undertakes to keep a register of confidentiality incidents, which may be communicated to the Commission d'accès à l'information upon request.

14. PERSON RESPONSIBLE FOR THE APPLICATION OF THE POLICY

The Privacy Officer is the President of the Corporation.

If you have any questions, concerns, requests or complaints regarding this policy, please contact the Privacy Officer at the following e-mail address:

cimetieressuttoncemeteries@gmail.com

15. UPDATING

In order to improve the policy and keep pace with changing privacy standards, the policy will be updated as required. Any changes must be consistent with the corporation's values and by-laws.

16. EFFECTIVE DATE

This policy takes effect upon adoption by the Board of Directors.

This document was last updated on December 12, 2024.