Privacy policy

 

1. What do we mean by “personal information”?

Personal information refers to information about an individual that can be used, on its own or with other information, to directly or indirectly identify them, such as their name, identification number, geolocation data, online username, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

2. Privacy Policy – Introduction

The purpose of this Privacy Policy (the “Policy”) is to inform you of CDPQ’s practices with respect to the confidentiality and protection of your Personal Information, including how we collect, use and disclose it.

This Policy applies to this Site and all our activities, unless we have provided you with a more specific policy and/or directive. CDPQ is a global investment group (the "Group") and the owner of the "Devenir entrepreneur" website.

In this Policy, any terms that are not defined in the body of the text are defined in Appendix 1.

By submitting your Personal Information to us, registering for or using this Site, or voluntarily interacting with us, you consent to our collection, use and disclosure of your Personal Information in accordance with this Policy, as revised from time to time. Our Policy sets out our standards for the collection, use, disclosure and retention of your Personal Information. As such, CDPQ is committed to protecting your Personal Information.

This Policy was developed in accordance with our policies and directives issued pursuant to Applicable Legislation.

3. Your consent

We process your Personal Information with your consent or as permitted or required by law. The approach we use to obtain your consent depends on the circumstances and sensitivity of the information collected. Therefore, subject to Applicable Legislation, your consent may be explicit or implicit. If you choose to provide us with Personal Information, we will assume that you consent to the Processing of your Personal Information as set out in this Policy.

In general, we will ask for your consent at the time your Personal Information is collected.

Once you have provided us with proof of identification, you may withdraw your consent to the Processing of your Personal Information at any time by contacting us as indicated in section 11. 

If you provide us with Personal Information about another individual, it is your responsibility to obtain that individual’s consent to allow us to process their information as set out in this Policy.

4. What types of Personal Information do we collect?

Use of cookies

Our Site uses cookies. Cookies are files that are installed on your computer’s hard drive or browser to collect information, such as your language preference, browsing history, and browser type and version. Their purpose is to optimize your experience on our Site. You can set your browser to refuse all cookies or to notify you when a cookie is sent. Instructions on how to do so are provided by each browser site.

For further information, please see our Cookies Notice.

Analytical tools and other third-party technologies

We use analytical tools and other third-party technologies, such as Google Analytics.

For further information, please see our Cookies Notice.

 

5. For what purpose and on what legal grounds do we use your Personal Information?

We may use your Personal Information and other information for the purposes set out below:

  • To respond to your questions and inquiries
  • For our legitimate interest in detecting and preventing fraud
  • To comply with our legal obligations (e.g. in the event of a complaint or an injunction)
  • Any other purpose, with your consent
  • For purposes permitted or required by Applicable Legislation

We do not use collected information to advertise third-party products and services, or to engage in targeted CDPQ advertising on third-party websites or service offerings.

6. How do we share your Personal Information?

We may share your information with our service providers. In such instances, we take steps to ensure that the rules set out in this Policy are followed, and we require service providers to maintain the confidentiality and security of your Personal Information.

We also require them to only use your Personal Information in accordance with its intended purpose. When our service providers no longer need your Personal Information for such limited purposes, we require them to destroy it.

Under certain circumstances, we may authorize our service providers to retain information for legally permitted purposes or in aggregated, anonymous or statistical form that does not identify you.

We do not allow service providers to disclose your Personal Information to unauthorized parties or use it for direct marketing purposes.

For more information about our service providers, please contact us as indicated in section 11.

Listed below are categories of third parties that may process your Personal Information:

  • Other members of CDPQ and our designated representatives Members of CDPQ who may use such information for statistical analysis and producing reports
  • Service providers who help manage our computer or back-office systems, or who provide platforms and portals for administration
  • Our Québec regulators and other enforcement agencies under Canadian, U.S., European and international law
  • Fraud prevention agencies and organizations
  • Our advisors (who may be legal representatives to you, us, or a third-party requester) and other professional services firms (including our auditors)
  • Marketing execution, webinar and customer satisfaction service providers acting on our behalf who facilitate online events, provide marketing communications, and gather feedback on our service levels from our clients
  • For information only, a list of contractors is available on request.

We may also use and disclose your Personal Information when we believe such use or disclosure is authorized, necessary or appropriate, such as:

  • Under Applicable Legislation, including laws outside your country of residence, to comply with any legal procedure or to respond to requests from public and government authorities, including public and government authorities outside your country of residence
  • To protect our activities and those of members of CDPQ
  • To protect our rights, security or property and/or those of CDPQ members, our employees and yourself
  • To enable us to pursue available recourses and limit the damage we may incur
  • In the event of a restructuring, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our operations, brands, affiliates, subsidiaries or other assets

7. How do we retain your Personal Information?

Your Personal Information is currently hosted in Canada and the United States. For legitimate legal or commercial purposes, we may need to transfer or authorize access to your Personal Information to parties based abroad.

Moreover, where applicable, it may be hosted and processed in any country in which we or CDPQ have facilities or where we contract with service providers. In the latter case, your Personal Information may be transferred to countries other than your country of residence, which may have laws that differ from those of your country.

If such information is located outside your country of residence, it is subject to the laws of that country and may be disclosed to the governments, courts or law enforcement or regulatory agencies of that other country in accordance with its laws. Nonetheless, our practices with respect to your Personal Information will at all times be governed by this Policy and, where applicable, we will comply with the requirements under Applicable Legislation regarding the transfer of the Personal Information of the individuals concerned to a third country, such as the conclusion of standard contractual clauses.

8. How do we protect your Personal Information?

Our security measures

We have implemented physical, organizational, contractual and technological security measures that are in line with ISO standard 27001 to protect your Personal Information and other information from loss, theft, unauthorized access, disclosure, duplication, use or modification.

We have taken measures to ensure that the only employees authorized to access your Personal Information are those who have a “need to know” or whose duties reasonably require access to such information.

Despite the measures described above, no method for transmitting or hosting information is 100% secure or error-free. We therefore cannot guarantee absolute security.

If you have reason to believe that your interaction with us is no longer secure (e.g. you believe that the information you have provided to us has been compromised), please contact us immediately as indicated in section 11.

Employee roles and responsibilities

It is the responsibility of all CDPQ employees to familiarize themselves with the frameworks governing the protection of Personal Information and to process Personal Information in compliance with them, to ensure the integrity and confidentiality of information and prevent any breach of the rules regarding the protection of Personal Information.

CDPQ carries out awareness-raising and training activities for all employees to remind them of the rules and principles applicable to the protection of Personal Information.

Our retention periods

We will only use, disclose or retain your Personal Information for as long as necessary to fulfill the intended purpose of its collection and as permitted or required by law.

For further information regarding the retention period of your Personal Information, please contact us as indicated in section 11.

9. Your rights

You have various rights with respect to your Personal Information. These rights may vary depending on your geographic location and the Applicable Legislation governing the Processing of your Personal Information. This section provides you with an overview of these rights and how they may be exercised. We will take the necessary steps to ensure that your Personal Information is accurate, complete and up to date. We will not systematically update your Personal Information unless such a process is necessary.

 

Rights

Act respecting Access

GDPR

Access

You have the right to receive confirmation regarding the Processing of your Personal Information retained by CDPQ and to access it (i.e. to examine it and get a copy) without delay.

Rectification

You have the right to have any Personal Information held by CDPQ that is inaccurate or incomplete rectified without delay, and, in any event, within one (1) month of CDPQ’s receipt of the request to do so.

CDPQ further acknowledges that, given the purpose of Processing, you have the right to have your incomplete Personal Information completed, including by providing a supplementary statement.

Withdrawal of consent

You have the right to withdraw your consent to the Processing of your Personal Information at any time when such Processing is based on consent. CDPQ will follow up on the request by an individual concerned to withdraw their consent, unless CDPQ demonstrates that there are legitimate and compelling reasons for Processing it that prevail under the GDPR.

Erasure

You can have information deleted if it is out of date or is not justified by the purpose of the file.

You have the right to have CDPQ delete your Personal Information, without delay, if one of the reasons set out in the GDPR applies, particularly if the Personal Information is no longer necessary for the purposes for which it was collected or otherwise processed.

Portability

Unless this raises serious practical difficulties, you may be entitled to receive the Personal Information about you that you have provided to CDPQ in a structured and commonly used format. This information is also provided at your request to any individual or body that is legally authorized to collect such information.

Objection

N/A

You may have the right to object at any time, on grounds pertaining to your particular situation, to the Processing of your Personal Information based on the public interest or legitimate interest of the Processing officer, including profiling.

CDPQ will follow up on the request unless it is demonstrated that there are compelling legitimate grounds for the Processing that prevail over the interests, rights and freedoms of the individual or that the Processing is necessary for the establishment, exercise or defence of CDPQ’s legal claims.

Restriction

N/A

You may have the right to restrict the Processing of your Personal Information under certain circumstances. This means that the individual concerned may restrict how CDPQ uses their Personal Information when one of the following conditions set out in the GDPR applies:

Right in the event of the use of an automated decision system

In some cases, you may request information about how any automated decision system is used and the impact it may have on you.

How to submit an application 

To exercise your rights, you must submit a written request to the Privacy Officer. Please note that for identification purposes, you may be asked to provide a copy of an appropriate piece of identification following a request to exercise a right. 

The person making the request is encouraged to fill out the request form according to the template developed by CDPQ. CDPQ will respond as soon as possible, but within a maximum of one (1) month from receipt of all relevant information.

For more information about your rights and how to exercise them, please contact the Privacy Officer at [email protected].

You may also contact the competent authority for the protection of Personal Information.

Complaints

Any individual who has reason to believe that there has been a violation of the applicable laws or this Policy, or who wishes to complain about CDPQ’s practices for Processing Personal Information, is invited to submit a written complaint to [email protected] 

10. Third-party websites and services

This Policy does not apply to websites, products or services provided by third parties. We are not liable for such third parties’ privacy practices and encourage you to review their privacy policies before using their websites, products or services.

11. Contact us

Should you have any questions about our Conditions of Use and our Policy or regarding CDPQ’s privacy practices in respect of this Site or to exercise your rights, please contact:

CDPQ’s designated Privacy Officer:

Claude Mikhail
Director, Administrative Law
Tel.: +1-514-847-8005

The Assistant Data Protection Officer appointed to assist the Privacy Officer in ensuring compliance with the GDPR:

Alexander Chmel
Senior Director, Legal Affairs, Europe and Asia-Pacific
CDPQ London
Tel.: + 44-20-7024-8173

12. Updates

CDPQ’s Personal Information Access and Privacy Committee reserves the right to amend this document at any time and make the new version available on the Site. Such changes, amendments, additions or repeals are effective upon issuance of a notice of modification which may be communicated by posting on the Site or by any other means of transmission.

Your continued use of the Site after such notice will constitute: (a) an acknowledgement of the new terms of the Policy and (b) an agreement to be bound by and comply with them.

Appendix 1: Definitions

 

For the purpose of this Policy:

CDPQ” refers to the Caisse de dépôt et placement du Québec, Espace CDPQ, its international offices, including CDPQ Paris, CDPQ London, CDPQ Brazil, CDPQ Singapore, CDPQ Sydney, CDPQ Mexico, CDPQ US and its management subsidiaries, including CDPQ Private Equity Inc., CDPQ Private Equity Inc., CDPQ Fixed Income Inc. and CDPQ Global Infrastructure Inc.

Laws respecting the protection of personal information” or “Applicable Legislation” refer to any laws, regulations, recommendations or notices applicable to matters relating to the protection of Personal Information including, to the extent applicable, the Personal Information Protection and Electronic Documents Act (the “PIPEDA”), the Act respecting Access to documents held by public bodies and the Protection of personal information (the “Act respecting Access and the Protection of personal information”), the European Union’s General Data Protection Regulation (the “EU GDPR”), the United Kingdom’s GDPR and Data Protection Act 2018 (collectively, the “UK GDPR”) (the EU GDPR and the UK GDPR are collectively referred to as the “GDPR”), and any other laws, regulations, recommendations or notices that supersede, supplement, amend, extend, re-enact or codify the Applicable Legislation respecting the protection of personal information.

“Processing” or any conjugation of the verb “process” refers to any operation or set of operations carried out with or without the use of automated processes and applied to data or sets of Personal Information (collection, use, recording, retention, modification, consultation, communication, dissemination, reconciliation, erasure, destruction, etc.).

Privacy Officer: In connection with its activities, CDPQ has designated a person responsible for the protection of Personal Information.

“Siterefers to CDPQ’s “Devenir entrepreneur” website (Resources to get started | Devenir Entrepreneur).