At MTL ticket, we strongly believe in the importance of protecting the personal information of our clients, employees, applicants and suppliers (hereinafter referred to as “you” or “your”). Protecting your confidential information and respecting your privacy are important to us. We are subject to the Act respecting the protection of personal information in the private sector (“Bill 25”). As such, we are committed to taking all possible and reasonable measures to maintain the confidentiality of the personal information we collect in the course of our activities while maintaining a framework that facilitates exchanges with our customers, employees and suppliers.
In addition to meeting the requirements of Bill 25, we are also bound by the Code of Ethics of Chartered Professional Accountants ( CPA ), which imposes very strict standards of confidentiality, including professional secrecy.
Table of contents
Why do we collect personal information?
MTL ticket collects personal information solely for the purposes of its various activities and the mandates entrusted to it, or for uses consistent with these purposes; always in compliance with applicable laws.
What personal information do we collect?
The amount and type of information collected is limited to that which is necessary for the purposes identified. MTL ticket collects only what it needs.
Given the nature of its activities, MTL ticket is called upon to store a large amount of personal data. This may include, but is not limited to: last name, first name, e-mail address, social insurance number, occupation, employer, place of work, educational institution, personal affiliations, relationship to related persons, health records, membership in groups, financial situation, bank account, payment data, passwords, IP address, use of Internet sites, cookies and pixels, demographic data, geographic data, biographical data, communication preferences, balances due or receivable from various governments, eligibility for various programs or grants, all data contained on previous income tax returns, in addition to any other personal information that you or MTL ticket have deemed relevant and that you have provided to us.
Please note that if you provide us with personal information about other individuals, you must ensure that you have given those individuals appropriate notice that you are providing us with their information and that you have obtained their consent to such disclosure.
Who can access your personal information?
Your personal data is processed at our operational offices and at any other location where the parties involved in this processing (such as our service providers) are located. Only our staff and authorized suppliers may have access to your information, insofar as it is necessary for the performance of their duties.
This means that this information may be transferred to computers located outside Quebec, Canada or to other jurisdictions where data protection laws may differ from those in your jurisdiction. As a result, under certain circumstances, foreign governments, courts, law enforcement agencies or regulatory bodies may be authorized to access personal data collected and held under our control.
How is your personal information collected?
MTL ticket has adopted appropriate physical, technical and administrative security procedures to protect your personal information from unauthorized access, use or disclosure. These measures are regularly reviewed and improved to ensure optimum protection of your data.
For example, our cloud platform is hosted on private, secure servers in Canada, with built-in security measures. Our cloud technology provider is from Quebec and, what’s more, one of the few in Canada to have obtained ISO 27001 certification. To find out more about this international security standard for information security management, visit : www.iso.org.
We use password-protected and encrypted data transmission systems. Our staff has been trained in the protection of personal information, and we have contractual agreements with all our service providers. These meet the highest security standards for the protection of personal information.
We have implemented physical, organizational, contractual and technological security measures to protect your personal information against loss or theft, as well as against unauthorized access, use or transmission. For example:
- Restrict access to authorized employees and suppliers only;
- Make employees and suppliers aware of the importance of protecting personal information;
- Protect access to data by physical and technological means : :
- Access to office restricted to authorized persons;
- Fire-resistant solid doors protect access to the office;
- Non-hookable ball locks protect access to the office;
- Employee offices with lockable doors;
- Use of Canada Post services for physical shipments;
- Secure customer portal for data exchange;
- Access-protected computers;
- Passwords controlling computers, programs and transmission;
- 2-factor authentication (2FA) when available;
- Data encryption;
Like most organizations, we cannot guarantee that the protection measures we use will always be effective. No means of transmitting information over the Internet or by post, or of storing information, is perfectly secure; MTL ticket therefore cannot guarantee their absolute security.
A breach of security measures can give rise to risks such as phishing and identity theft. In such cases, we take prompt action to mitigate risks and inform you when the risk of serious harm is real or when we are required to do so by law.
It is also important to note that we cannot be held responsible for personal data that you share with other users, that you transmit to us via unsecured e-mail programs, or that you post in public areas such as our blogs. These public areas can be consulted or viewed by anyone visiting our website and are therefore not covered by this policy.
We also ask for your help in protecting your personal information. For example, if you use an account on our secure customer platform; you should only access it from a secure network, you must create unique and complex passwords, not share them with others and notify us immediately if you believe any of your passwords have been compromised.
We are committed to protecting your privacy and we collect and use personal information only with your consent and to the extent permitted or required by law.
In certain circumstances, we may collect, use or disclose personal information without your consent. This occurs when legal, medical, professional or security reasons make it impossible or impractical to obtain your consent, or when information is collected for the investigation, prevention or detection of fraud, or for law enforcement purposes.
You may withdraw your consent at any time, except where restricted by law or applicable contracts. We will inform you of the consequences of such withdrawal, including the possibility that we may not be able to supply a product or process a request. Your decision to withdraw your consent will be recorded in our files.
Retention and Destruction of personal information
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, or longer if required or permitted by applicable law.
We retain your account information for as long as required by law. You may request the deletion of your personal information by contacting the Privacy Officer listed in the next paragraph. We will do our best to comply with your request, subject always to legal requirements.
Access to and correction of personal information
We make every effort to ensure that your personal information is as accurate and complete as is necessary for the purposes of its collection, use or disclosure.
Subject to applicable laws, upon receipt of a written request from an individual and after verification of his or her identity, we will inform the individual whether we hold personal information about him or her and will disclose such information to him or her.
We may refuse a person access to his or her information in accordance with applicable laws, in which case we will give reasons for the refusal.
Any request for verification or modification of your personal data can be made informally by contacting MTL ticket staff and after identifying yourself. This is the quickest and most practical method. Our staff is trained to respond to the usual requests for verification and modification of personal data, such as changes of address, telephone number, etc.
If you feel that you need to make a formal request for access to information or a request for modification, this should be made in writing and sent to the person responsible for the protection of personal information, at the following address :
Mr. François Gamache
19, rue Le Royer Ouest, #204 Montréal, QC, H2Y 1W4
Opening hours: 9:00 to 17:00
MTL ticket’s role and responsibilities
We are responsible for personal information collected, retained, used, disclosed and destroyed in the course of carrying out our mandate. We will continue to develop policies and practices to ensure that this information is handled in strict compliance with the Act respecting the protection of personal information in the private sector.
We are also responsible for verifying our compliance with this policy and conduct periodic audits of all our programs and services.
Complaints and Concerns
Our staff and representatives are trained to respond to questions or concerns about your personal information. If you are not satisfied with the response from our employee or representative, you may contact the person responsible for privacy protection at the above address.
Last update: September 28, 2023