Privacy policy

Preamble

The University recognizes the importance of respecting privacy and protecting the personal information it holds.

As an institute of higher learning, we collect, use and disclose personal information for the purposes of our teaching mission. The University complies with the most rigorous standards and laws applicable to the protection of personal information.

It is in this spirit that the University has adopted a Privacy Policy concerning personal information collected by technological means (the ” Policy “). The purpose of this Policy is to explain how personal information provided in connection with the use of the University’s web sites (the ” Sites “) and its other online services and platforms (the ” Platforms “) is collected, processed and protected, and to inform any person wishing to use them of the University’s rules and practices in this regard.

By providing us with personal information through technological means, the user agrees to its processing in accordance with this Policy, and authorizes the University, its third parties and service providers, as applicable, to process his/her personal information for the purposes set out below. It is also possible to choose not to provide the requested information by not accessing the Site or the proposed Platforms.

1. Purpose

The purpose of this Policy is to inform any person using the Sites or Platforms offered by the University of the rules applicable to the protection of personal information collected by technological means.

2. Normative framework

This Policy is governed by the Act respecting access to documents held by public bodies and the protection of personal information, and must be read in conjunction with the University’s Privacy Policy.

3. Scope of application

3.1 This Policy applies to all personal information collected by technological means by the University, whether through its Site or any other Platform it uses.

3.2 External websites

The University’s Sites and Platforms contain hyperlinks to external sites. The University is not responsible for the content of these sites or their privacy practices. When a person follows these hyperlinks, he or she leaves the UdeM Sites or Platforms and the information exchanged is no longer subject to this Policy, but to that of the site or platform visited.

4. Personal information collected

The University is called upon to collect and process various types of personal information as part of its mission, for different purposes such as: admission to programs of study, internship programs, job applications, research activities, philanthropic activities, or for legal obligations.

The University only collects information that is necessary for the performance of its duties or the implementation of a program under its management. No personal information is collected by the University, on the Sites or Platforms, unless the person concerned has been previously informed of the purposes of the collection and has given his or her consent.

Personal information collected by technological means includes the following information:

  • Identity information, such as first and last names;
  • Contact information, such as address, e-mail address and telephone number;
  • School record information: academic records, school results, educational institutions attended, registration number, permanent code;
  • Medical and biological information;
  • Immigration documents;
  • Billing and financial information, such as billing address, bank account information or payment data;
  • Recruitment information, such as curriculum vitae, education and work history, and details of professional affiliations;
  • Employment and disciplinary information;
  • Identification and other background check data such as a copy of a driver’s license, passport or utility bill;
  • Pension plan data, such as financial information, beneficiary names and contact details;
  • Site and Platform usage information, such as information collected through cookies, IP address, browsing history;
  • Information for research activities;
  • Any other personal information provided. For more examples, see examples of information and documents by confidentiality level.

5. Means of collection

5.1 The University collects personal information required for its mission in the following manner:

a. Directly from the person concerned

For example, when applying for admission to a program of study, or when applying for a job, upon hiring, or in connection with donations, whether by e-mail, by filing documents on the Platforms or by other technological means.

b. Through the use of the Sites and Platforms

For example, when browsing the University’s Web Sites or using Platforms, personal information is collected through the use of cookies.

c. By geolocation

The geolocation function may sometimes be activated on the browser when using certain Platforms. It is always possible to disable geolocation by following the third-party application’s instructions.

d. From other sources

The University may need to collect personal information from other organizations (e.g. the Ministry of Higher Education) or immigration authorities.

5.2 Personal information kept by the University is collected only after the person concerned has been informed of the purpose of the collection.

Here are some examples of the means used to collect personal information:

  • As part of an application for admission;
  • When using the Sites or Platforms;
  • When browsing the Sites, through the use of cookies;
  • When registering for University e-mail communications (UdeM news);
  • When visiting one of the buildings on the various campuses, taking part in certain activities, renting equipment or participating in an event organized by the University;
  • As part of communications to formulate a comment, question or complaint, or when an event or incident occurs on one of our campuses;
  • When communicating with the Service Center by telephone or e-mail;
  • When applying for a job offered by the University.

6. Purposes for which personal information is collected

The personal information collected is used essentially for the following purposes, without being exhaustive:

For :

a. Identification of a person;

b. Information transmission;

c. Employment or training;

d. To verify a person’s eligibility for a program of study, services or products;

e. Offers of training activities, products or services;

f. Follow-up with the person concerned;

g. Statistics, studies or research;

h. Communication;

i. Digital interaction and management of the Site and other Platforms;

j. Solicitations or invitations to events.

7. Category of persons having access to personal information

7.1 Communication within the University

Access to personal information is limited to those staff members or consultants who require access in the course of their duties. Staff and consultants are committed to protecting the confidentiality of the personal information they need to perform their duties.

7.2 Communication to third parties

The University may need to share personal information with third parties as part of its mission:

a. To various government departments and agencies

For example, to create and validate a matricule, to obtain academic results, for scholarship or financial aid purposes, for immigration purposes, for investigation and audit purposes, or for law enforcement purposes.

b. To other entities

For example, for internship purposes, to manage admissions and produce statistics (BCI) or for access to practice, to professional orders for membership purposes.

c. To researchers for research purposes approved by a UdeM ethics committee.

For example, a researcher may request access to personal information held by UdeM without obtaining the consent of the individuals concerned to use it for study or research purposes. Certain conditions must be met, including the completion of a privacy impact assessment and the signing of an agreement.

d. To suppliers, subcontractors and partners

The University may share personal information with suppliers, subcontractors and external partners, including the following:

  • Third-party providers of web site services, application development, hosting, maintenance and other services. The University limits the information provided to these third-party service providers to that which is reasonably necessary for them to perform their functions. Contracts with these service providers require them to maintain the confidentiality of such information.

Suppliers, subcontractors and partners with access to personal information in the custody or control of the University are informed of this Policy and other applicable policies and guidelines to ensure the security and protection of personal information. They agree in writing to comply with all applicable policies, directives and laws.

The University may also disclose certain personal information it holds to comply with a court order, law or legal process, including responding to any governmental or regulatory request, in accordance with applicable laws.

8. Refusal to collect personal information

The provision of certain personal information is mandatory, particularly in connection with applications for admission or employment. Refusal to provide the personal information required in these situations will result in a halt to the application or hiring process.

9. Safety measures

Security measures are in place to ensure the confidentiality and security of personal information, such as network security controls, encryption and other physical or administrative measures.

a. Restricted access

Access to personal information is restricted to those whose duties require it.

All personal information is stored in secure locations and on servers controlled by UdeM, located either in its buildings or in the offices of its service providers.

b. Technological tools

Secure data networks are protected by industry-standard firewall and password protection systems.

The technological infrastructure hosting sensitive data, including personal information, is protected by security controls in line with industry best practice.

The workstations of employees likely to process personal information are encrypted.

Personal credit card information is processed using industry-standard encryption and security procedures.

Access to applications containing personal information requires two-factor authentication.

c. Staff supervision

A member of staff may only have access to personal information when such access is necessary for the performance of his or her duties, in which case only access to the necessary personal information is permitted.

All staff must sign a confidentiality agreement.

Any staff member who may have access to personal information must undergo training in privacy and cybersecurity.

d. Supervision of partners and service providers

Contracts with third parties contain clauses on confidentiality, delivery or destruction of documents containing personal information.

Third parties are required to notify us of any risks to the confidentiality of personal information.

10. Technological means available for consulting or rectifying a data subject’s personal information

The technological means available to consult or rectify personal information vary. Any person concerned may consult or rectify personal information by contacting one of the units listed on the website: https: //vie-privee.umontreal.ca/exercer-vos-droits/

11. Access and rectification rights

Under certain circumstances and in accordance with applicable privacy laws, an individual has the following rights:

3.2 Access rights

The person concerned has the right to access his or her personal information held by the University. Subject to applicable law and, where applicable, the payment of a monetary sum, the individual may thus receive a copy of the personal information held by the University and certain other information concerning him or her.

3.3 Right of rectification

The person concerned has the right to request rectification of any incomplete, inaccurate or ambiguous personal information held by the University.

12. Person responsible for the application and revision of the Policy

For any questions or complaints relating to the Policy, or to exercise the rights of the persons concerned, please contact the Privacy Officer:

Alexandre Chabot
General Secretary
[email protected]

13. Communication outside Quebec

Personal information is usually held in Quebec or another Canadian province, but the University may use the services of suppliers, organizations or partners located outside the country. In the event that the University must share personal information with these suppliers, organizations or partners, the University will ensure that the protection and confidentiality of this information meets its own requirements, and these suppliers, organizations or partners will be asked to contractually agree to comply with and respect these requirements.

14. Entry into force

This policy is effective and was updated on June 25, 2024.

Find this privacy policy on the Université de Montréal website: https: //vie-privee.umontreal.ca/confidentialite/

    
    		

Site under construction

Welcome to the Center for Innovative Biomedicine (CIB) website. This site is still under construction, but will be available soon. As a result, not all buttons are clickable yet. Thank you for your understanding.