Privacy Policy for the Protection of Personal Information and Health and Social Services Information

1.Objective

The Act respecting access to documents held by public bodies and the protection of personal information governs the collection, use, and disclosure of personal information in a manner that recognizes the right to privacy of individuals in Quebec.

The Act respecting health and social services information establishes standards that ensure the protection of health and social services information while allowing for its optimal use and timely disclosure.

As an emergency call and health communication centre whose mission is to professionally receive and triage emergency calls from the public and various emergency responders, the Abitibi-Témiscamingue Emergency Call Centre (CAUAT) and the Abitibi-Témiscamingue Health Communication Centre (CCSAT) (hereinafter “CAUAT – CCSAT”) are required to maintain the privileged and confidential nature of the information we receive when dealing with our users.

In order to provide you with quality services, we need access to certain information about you. We ensure that our employees and professionals working at CAUAT – CCSAT manage this information with the utmost discretion and diligence, in accordance with applicable legal and regulatory requirements.

As CAUAT – CCSAT’s objective is to ensure compliance with and implementation of our legal obligations, this Privacy Policy for Health and Social Services Information explains how your information may be collected, used, or disclosed by CAUAT – CCSAT.

By providing us with personal information, you agree that it will be processed in accordance with this Policy.

2. What is personal information?

Personal information means any information relating to an identified or identifiable natural person.

3. What is health and social services information?

Health and social services information refers to any information that allows, even indirectly, the identification of a person and that meets one of the following criteria:

  • it relates to the physical or mental health of that person;
  • it relates to any material collected from that person during an assessment or treatment;
  • it relates to the health or social services offered;
  • it was obtained in the performance of a function prescribed by the Public Health Act (chapter S-2.2).

4. Roles and responsibilities

Under applicable laws, the CAUAT – CCSAT is responsible for the personal information and health and social services information in its possession or control (hereinafter collectively referred to as the “Information”).

To protect your Information, we have implemented policies, practices, and procedures related to the management of the Information we hold.

These internal policies and procedures govern the collection, use, disclosure, retention, and destruction of Information, as well as the handling of complaints and information security. They also provide the framework for conducting privacy impact assessments and for preventing and responding to potential privacy incidents.

4.1 The Director General

The Director General approves the policies and practices governing intelligence governance that the CAUAT-CCSAT must establish and implement to ensure the protection of this information. He appoints the intelligence officer and ensures that the officer can perform his duties effectively.

4.2 The information protection officer

To protect the information collected, the CAUAT – CCSAT has appointed an Information Protection Officer. With the support of the Access to Information and Privacy Committee (AIPPC) and the Information Governance Committee (IGC), the Information Protection Officer ensures compliance with applicable legislation regarding information protection. They must approve the policies and practices governing information governance. More specifically, this individual is responsible for implementing this policy and ensuring that it is known, understood, and applied. In the absence or inability of this officer, the Deputy Director will assume the duties of the Information Protection Officer on an interim basis.

4.3 The Head of Technology Products and Services (HTPS)

The CAUAT – CCSAT currently uses technological products and services. The use of such technological products and services may be further defined by any other relevant policy.

The RPST ensures compliance with applicable standards for the technological products and services used by the CAUAT – CCSAT.

The CAUAT – CCSAT designates the Information Technology and Equipment Supervisor as the person responsible for technological products and services (RPST).

At least once every two years, the RPST ensures that the technological products and services used are assessed against applicable standards, including any specific rules defined by the Information Network Manager designated by the Minister of Health and Social Services (“Minister”).

4.4 The Committee on Access to Information and the Protection of Personal Information (CAIPRI)

The CAIPRI assumes responsibility for access to documents and supports the CAUAT – CCSAT in its responsibilities and obligations regarding the protection of personal information. Specifically, the CAIPRI is responsible for the following:

  • Approving the CAUAT – CCSAT rules governing its governance of personal information;
  • Participating in Privacy Impact Assessments (PIAs) at the outset of any project involving the acquisition, development, or redesign of an information system or the electronic delivery of services that involves personal information;
  • Advising and supporting management on issues related to the protection of personal information.
  • The committee is composed of the Access to Documents Officer, the Privacy Officer, and any other individuals whose expertise is required, including, where applicable, the Information Security Officer and the Document Management Officer.

4.5 Committee on Intelligence Governance (CGR)

The CGR’s role is to support the highest-ranking official within the organization in fulfilling their responsibilities related to health and social services information.

The committee reports to the highest-ranking official within the CAUAT-CCSAT. It is composed of the Information Protection Officer, the Head of Technological Products and Services (RPST), and any other individuals whose expertise is required, including, where applicable, the person responsible for document management.

4.6 Employees, consultants and service providers

CAUAT-CCSAT employees, health professionals with access to Information, consultants, service providers or any person otherwise involved in the management of such Information must ensure its protection and comply with this Policy, as well as the directives put in place at CAUAT-CCSAT that are relevant to the performance of the employment, mandate or service contract.

5. Disclaimer

By providing us with information about others in connection with our services, you are responsible for ensuring that the collection, use, disclosure, and retention of the information you hold and provide to us comply with applicable laws and regulations. As part of our service provision, you warrant that the employee, representative, attendant, or agent who communicates with CAUAT – CCSAT or who is identified for CAUAT – CCSAT to communicate with you has the authority to know the information. Under no circumstances will CAUAT – CCSAT be liable for any failure to comply with applicable laws regarding information in our users’ possession or control, and you agree to indemnify CAUAT – CCSAT against any complaint, action, or claim against CAUAT – CCSAT related to the information you have provided to us.

6. The information we collect

As part of its activities, the CAUAT – CCSAT must collect certain information. This includes, in particular, the following information:

  • Contact information (name, address, email, or telephone number);

  • Information relating to our users or on their behalf, or that we produce in the course of providing our services, and that meets the definition of personal information or health and social services information;

  • Information relating to marketing and communication preferences;

  • Information relating to the use of our website, including technical information on visits, IP address, operating system, pages visited and requests, connection information, or any other information collected through cookies, log files, or other similar tools, including for service improvement and statistical purposes;

  • Information relating to employee recruitment, such as resumes, professional or academic history, disciplinary, ethical, criminal, or penal history, and any other information relevant to potential recruitment;

  • Employee information required to enter into and perform their employment contract and to comply with applicable employment laws, including information collected by the CAUAT – CCSAT for employee file purposes;

  • Any other information necessary to comply with our legal, regulatory, or contractual obligations.

7. Ends

The CAUAT – CCSAT will document the purposes for which information is collected. The CAUAT – CCSAT will only collect the information necessary for these purposes. Information may be collected orally or in writing.

In the course of its activities, the CAUAT – CCSAT collects, uses, and discloses information primarily to provide services to its users, including:

  • To initiate and maintain a relationship with the user, provide them with services, and fulfill our legal and contractual obligations;

  • To ensure our professional and ethical obligations;

  • To update, improve, and manage our databases, document management systems, and website;

  • To develop and manage our activities;

  • To recruit and review applications from prospective employees;

  • To enter into and execute employment contracts with our employees and comply with applicable employment laws and regulations;

  • To detect and protect ourselves against errors, negligence, breaches of contract, acts of fraud, theft, and other illegal activities, and to comply with our insurance obligations;

  • To comply with our legal and regulatory obligations;

  • Any other purpose necessary for the activities of CAUAT – CCSAT and to which you have consented.

8. Consent

We do not collect, use, or disclose any personal information without the individual’s consent, unless authorized or required by applicable laws and regulations. CAUAT – CCSAT limits the collection of information to what is necessary to fulfill the purposes for which it is collected.

Furthermore, we restrict access to your information to only those individuals who have the authority and the need to access it, and only for a specific purpose. The following categories of individuals may have access to your information:

  • Employees responsible for or dedicated to handling calls;Employees dedicated to call quality assurance;

  • The operations supervisor;

  • Employees responsible for handling complaints;

  • Human resources employees;

  • The IT and equipment supervisor;

  • Management;

  • The external accountant (contract and network access);

  • Third parties identified in Section 9 of this Policy.

The CAUAT – CCSAT analyzes annually the relevance of the categories of people identified above.

9. Information sharing

As part of its activities, CAUAT – CCSAT may share information with certain third parties for the purposes set out in section 7 of this Policy. These third parties may include:

  • Healthcare professionals and healthcare facilities;

  • Providers of recruitment, payroll, insurance, benefits, disability, or other services necessary for the conclusion and performance of the employment contract;

  • Government and regulatory authorities when required by applicable law or when necessary for the provision of our services;

  • Providers of data hosting, billing, and online payment services;

  • Providers of services related to the use of our website (hosting, security, cookies);

  • The Regional Medical Director (RMD) for analytical purposes;

  • The First Line Access Point (FLP);

  • The fire department, pre-hospital emergency and ambulance services, and the Sûreté du Québec (Quebec Provincial Police) for investigative purposes, when required by applicable law, or when necessary for the provision of our services.

In the course of its activities and for the purposes stated above, CAUAT – CCSAT may work with partners or third parties located outside Quebec to carry out certain specific mandates. Therefore, some of your information may be transferred to another country and subject to the laws of that jurisdiction.

CAUAT – CCSAT ensures the protection of the Information in its custody, including Information entrusted to a service provider, whether located in Canada or abroad.

Our Information protection policies and practices require an agreement with the service provider to ensure compliance with their obligation to maintain the confidentiality and security of the Information entrusted to them. This includes implementing robust and effective security measures, as well as prohibiting the disclosure of your Information to third parties.

10. Disclosure of information for public safety purposes or for the purposes of prosecuting an offence

In accordance with applicable laws, the CAUAT – CCSAT may disclose information it holds to protect an identifiable person or group of persons when there is reasonable cause to believe that a serious risk of death or serious injury, related in particular to a disappearance or an act of violence, including attempted suicide, threatens that person or group, and that the nature of the threat creates a sense of urgency. The information may then be disclosed to the person(s) exposed to this risk, their representative, or any person likely to provide assistance.

The CAUAT – CCSAT may also disclose information it holds to the Director of Criminal and Penal Prosecutions or to a person or group that, under the law, is responsible for preventing, detecting, or suppressing crime or offences when the information is necessary for the purposes of a prosecution for an offence under a law applicable in Quebec.

Information held by the CAUAT – CCSAT may be disclosed to a police force when necessary for the planning or execution of an intervention tailored to the characteristics of an individual or the situation, in either of the following cases: (1) the police force intervenes, at the request of the CAUAT – CCSAT, to provide assistance or support within the framework of the services it provides to an individual; (2) the CAUAT – CCSAT and the police force act in consultation or partnership within the framework of combined psychosocial and police intervention practices.

The CAUAT – CCSAT ensures, however, that only the information necessary for the purposes of the communications described above is disclosed.

11. Training

The CAUAT – CCSAT ensures that its staff and the professionals who work there, including students and interns, participate in the training and awareness activities required to protect intelligence. To raise awareness among staff members,

mandatory training on intelligence protection is provided upon hiring. Existing employees and staff members receive regular training on this topic.

The CAUAT – CCSAT ensures that the individuals mentioned above update their knowledge of intelligence protection annually.

12. Privacy Factors Assessment (PIA)

Conducting a Privacy Impact Assessment (PIA) is a preventative measure aimed at better protecting personal information and respecting the privacy of individuals. It involves considering factors that could have positive or negative consequences on the privacy of the individuals concerned. A PIA demonstrates that the CAUAT – CCSAT has fulfilled all its obligations regarding the protection of personal information and that all necessary measures have been taken to effectively protect this information.

The CAUAT – CCSAT conducts a PIA in particular in the following situations:

  • Before undertaking a project to acquire, develop, or redesign an information system or electronic service delivery system that involves personal information;

  • Before disclosing information for study, research, or statistical purposes;

  • Before disclosing personal information outside of Quebec.

In conducting a privacy review, the CAUAT – CCSAT takes into account, in particular, the sensitivity of the information concerned, the purpose of its use, its quantity, its distribution and its medium, as well as the measures proposed to protect personal information.

13. Security measures

Given the confidential nature of the information it holds, CAUAT – CCSAT implements security measures to ensure the protection of information collected, used, disclosed, stored, or destroyed, in accordance with applicable legislation.

CAUAT – CCSAT uses the necessary tools, including administrative, technical, and physical measures, to limit the risk of incidents. For example, to ensure the security of your information, we employ the following security measures:

  • SSL/TLS protocol;

  • Access management — authorized personnel;

  • Access management — data subject;

  • Two-factor authentication;

  • Network monitoring software;

  • Data backup;

  • Username/password;

  • Password management software;

  • Firewall

The CAUAT – CCSAT annually assesses the compliance and effectiveness of its security measures to protect the information it holds.

The CAUAT – CCSAT conducts a monthly analysis of access to, and all other uses and disclosures of, the information it holds, particularly to identify situations that do not comply with applicable standards and, where necessary, to take appropriate action.

14. Privacy Incident

Any confidentiality incident is handled in accordance with the Confidentiality Incident Management Policy in the event that CAUAT-CCSAT Information is involved.

In accordance with applicable laws, CAUAT-CCSAT maintains a register of confidentiality incidents.

If the confidentiality incident presents a risk of serious harm to the individuals concerned, CAUAT-CCSAT promptly notifies them, as well as the Access to Information Commission and the Minister, as appropriate.

15. Information update

It is important that you inform us of any changes to your Information so that we can update our records. These changes may be communicated to the Privacy Officer.

To ensure the smooth operation of our business, we also take reasonable steps to ensure that your Information is accurate, complete, and up-to-date. We may ask you to update your Information, contact details, or preferences from time to time, and each publication, invitation, and notice includes an option, either via a link or a printed copy, allowing you to opt out of receiving them in the future.

16. Information retention and destruction

We will retain Information only for as long as necessary for the purposes outlined in this Policy and to comply with our legal and regulatory obligations.

At the end of the applicable retention period or when the Information is no longer needed, CAUAT – CCSAT will ensure its destruction.

Information is destroyed securely to ensure its protection. CAUAT – CCSAT retains proof of all Information destruction.

17. Web Site

For the purposes of our business activities, we operate a website. The personal information we collect on the website https://cauat.ca/ is collected in particular to respond to your request, for example when you provide your name, email, address in the form provided for this purpose in the Contact Us section of the website.

Use of cookies

A cookie is a small data file created by your browser and placed on your computer, mobile device, tablet, or other device when you use your browser to visit an online service. Cookies allow websites to remember certain information about you to facilitate your access and navigation within our sites. Cookie files can only be read by the website that sends them to your computer.

We use certain cookies on the site, including for:

  • Remembering your settings and preferences, such as your province or language;

  • Producing statistical compilations (popularity of our site’s pages, average number of pages visited, and average time each user spends on the site) to improve our services;

  • Analyzing our performance to learn more about the features our users appreciate and those that may require some adjustments.

Please note that the use of cookies only allows you to be identified as a user and does not recognize you by your name or address.

Google Analytics

The CAUAT – CCSAT uses Google Analytics to analyze the browsing behavior of visitors to its website. This is a website traffic and usage analysis tool provided by Google Inc. (Google). By using this tool, the CAUAT – CCSAT can obtain the following information:

  • Number of website visitors;

  • Browser type, language, and operating system used;

  • Screen resolution;

  • Service provider name;

  • Date, time, and duration of visits;

  • Country/province from which the site is accessed;

  • Age/gender;

  • Pages viewed;

  • Traffic source;

  • Interests;

  • Search terms within the website (search fields).

The information collected by Google Analytics is used to analyze the use of the CAUAT – CCSAT website and to produce statistical reports on visitor activity. You can find more information about Google Analytics here.

Disabling cookies

You can prevent our website’s personalization features from being enabled by disabling cookies in your browser. You can do this by changing your browser or mobile device settings.

However, if you choose to disable cookies, some pages or sections of our website may not display correctly, or some features may not be available.

Links to websites

It is important to understand that this Policy does not apply to other third-party websites that may be accessed via links on our website. We are not responsible for any third-party websites, their content, or accessibility. Therefore, any personal information you transmit through these websites is subject to their respective privacy policies. It is your responsibility to review these policies to ensure the protection of your personal information.

18. Rights relating to information and complaints handling processes

Right of access, rectification, withdrawal of consent, restriction

Subject to applicable laws and regulations, individuals who wish to access, correct, or withdraw their consent held in our records may submit a written request directly to the person responsible for information protection at the following contact information:

Information Protection Officer

Marie-Noëlle Morin
General Manager
100 rue Taschereau Est C.P. 220, Rouyn-Noranda (Québec) J9X 5C3
819 764-5171, poste 230

Subject to applicable legal and contractual restrictions, individuals who receive confirmation that their personal information is held in a file may request that the file be corrected if it is inaccurate, incomplete, or ambiguous, or if its collection, disclosure, or retention is not authorized by law.

The CAUAT-CCSAT’s Information Protection Officer must respond in writing to these requests within twenty (20) days of the date of receipt for information covered by the Act respecting access to documents held by public bodies and the protection of personal information, or within thirty (30) days of the date of receipt for information covered by the Act respecting health information and social services.

Subject to applicable legal and contractual restrictions, an individual may restrict access to their health and social services information held by the CAUAT – CCSAT by stipulating that a specific stakeholder, or someone belonging to a category of stakeholders they designate, may not access one or more pieces of information they identify. The right to restrict access may also apply to a spouse, a direct ascendant, a direct descendant, or a researcher. In such cases, the CAUAT – CCSAT’s Information Protection Officer must respond within thirty (30) days of receiving the request. The Information Protection Officer also ensures that the individual requesting a restriction is adequately informed of the potential consequences and risks associated with exercising the right to restrict access.

Any refusal must be justified and accompanied by the legal provisions that support the refusal. In such cases, the response must indicate the available legal remedies and the deadlines for exercising them. The responsible party must assist the requester in understanding the refusal, if necessary.

If you have any questions or concerns regarding the protection of your information and our role, please contact our Information Protection Officer, whose contact information is provided above.

Complaints handling process

Anyone wishing to file a complaint regarding the application of this Policy or, more generally, the protection of their Information by CAUAT – CCSAT must do so in writing, addressed to the Information Protection Officer at the email address provided in the preceding subsection.

The complainant must include their name, contact information (including a telephone number), and the subject and grounds for their complaint, providing sufficient detail to allow for its evaluation. If the complaint is not sufficiently specific, the Information Protection Officer may request any additional information deemed necessary to assess the complaint.

The CAUAT – CCSAT is committed to treating all complaints received confidentially.

Within forty-five (45) business days of receiving the complaint, or upon receipt of any additional information deemed necessary and required by the Privacy Officer to process it, the Privacy Officer must assess the complaint and provide the complainant with a reasoned written response by email. This assessment will determine whether the CAUAT – CCSAT’s processing of personal information complies with this Policy and applicable legislation or regulations.

If the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons for the extension, the status of the complaint’s processing, and the reasonable time required to provide a final response.

The CAUAT – CCSAT must create a separate file for each complaint it receives. Each file contains the complaint, the analysis and supporting documentation, and the response sent to the complainant.

It is also possible to file a complaint with the Commission d’accès à l’information du Québec (Quebec Access to Information Commission) or any other privacy oversight body responsible for enforcing the relevant legislation.

However, the CAUAT – CCSAT encourages all interested parties to first contact their privacy officer and wait for the processing to conclude.

19. Sanctions

All CAUAT-CCSAT staff are required to comply with this Policy and any other document, directive, procedure, or policy derived from it. Staff who fail to comply are subject to disciplinary action, up to and including dismissal. Consultants, suppliers, and business partners who fail to comply with this Policy are subject to contractual measures and penalties, up to and including termination of the contract. Additional training and awareness sessions may also be provided as needed.

20. Changes to our policy

CAUAT – CCSAT reserves the right to modify or supplement this Policy at any time, in particular to meet new requirements or to update it.

Update : March 2025