This policy addresses the way Montreal Dermatology Research Institute (“MDRI”) processes and protects information. This policy does not apply to information that it is processed under a contract. The processing of such information is governed by such contracts and other relevant privacy notices.
You might be provided with a privacy notice or policy provided to you for a specific purpose. If that is the case, the terms of such more specific policy, notice or contract will control your interaction with MDRI, to the extent that such policy, notice or contract conflicts with this policy.
“Information” is any information the MDRI collects or process, including, but not limited to:
- Information that identifies an individual, including personal, sensitive or health information.
- Contact details.
- Survey data.
- Professional and/or educational credentials.
- Transaction and/or financial information.
- Usage, online activity or device identifiers.
- Any other information required by law or needed to achieve the purpose it was collected for.
MDRI will only collect, use and disclose your Information with your consent, except where otherwise permitted or required by law.
You may withdraw your consent to MDRI’s collection, use and disclosure of your Information at any time, subject to legal or contractual restrictions and reasonable notice.
The withdrawal of your consent does not affect the lawfulness of such processing that occurred before its withdrawal.
MDRI only collects the Information that you volunteered to MDRI and your information will be used only for the purpose for which it is collected. You will always be informed when we need to collect your Information and the reason why we need it.
You are not required to give MDRI any of your Information, but MDRI will not be able to provide you with its services or address your requests without it.
Your Information may be collected, upon your consent when you, among other instances:
Contact MDRI to get more information about or to apply for a grant.
- Apply for a job with MDRI.
- Ask for information on the services MDRI provides.
- Contract with MDRI.
- Any other instance where MDRI needs to collect Information.
MDRI does not knowingly collect Information from minors, and MDRI does not use any information upon discovering that it has been provided by a minor.
MDRI will not sell nor make your Information available to any third party.
Your Information is kept confidential and secure and is not disclosed to any 3rd parties without your consent, unless required by law.
MDRI has a Privacy Officer who is responsible for ensuring that your personal information is collected, used, disclosed (shared) and retained in compliance with applicable privacy regulations.
You may access and verify the accuracy of your personal information upon written request. Once your identity is verified, MDRI will respond to your request to access, update, or delete your Information.
Your Information is kept for as long as necessary to accomplish the purposes it was collected for. The period your Information is kept may extend beyond the end of your relationship with MDRI. Also, a longer retention period may be required for safety reasons or by law.
Information will be retained: (i) for as long as necessary to accomplish the purpose it was collected for; (ii) for the timeframe you consented; (iii) until you withdraw your consent for MDRI’s processing of Information; or (iv) for the legally required period, as applicable.
Information will be transferred to subcontractors working on MDRI’s behalf, as necessary to accomplish the purpose your Information was collected for.
Should any international transfers be made, they will follow the applicable legislation in order to ensure your information is protected. This includes ensuring adequate safeguards, under GDPR (General Data Protection Regulation 2016/679) for Information transferred outside of Europe.
MDRI has a procedure in place in order to receive and respond to complaints or inquiries about its policies and practices relating to the handling of Information, as well as for the withdrawal of your consent or for the exercise of any right granted under an applicable law. Please contact us, at the address or email below:
Montreal Dermatology Research Institute
Attn: Privacy Officer
P.O. Box 42023, Montreal, QC H2T 0A4
This policy may be amended or modified, from time to time, as permitted by applicable laws and regulations. Changes made to our privacy practices will apply to all the Information that MDRI holds.
Despite communicating with MDRI for any concerns or questions you may have about the processing of your Information, you have the right to file a complaint with your local data protection authority.
We shall collaborate with any requests for information from such authorities, in order to resolve the issue as promptly as possible.
California Consumer Privacy Act of 2018 (CCPA)
When collecting or processing Information from California residents, MDRI will comply with the terms of CCPA.
This section does not apply to individuals who provide MDRI with information as representatives of their business (whether sole proprietor or otherwise), who provide information in their business capacity.
- Information. Consumers can request information about the Information that is has been collected about them and how we have used and shared their Information during the past 12 months.
- Access. Consumers can request a copy of the Information that it has been collected about them over the past 12 months. In certain cases, we are not permitted by the CCPA to provide you with certain sensitive information in response to an access request, such as your social security or driver’s license number.
- Deletion. Subject to the exceptions listed in the CCPA, Consumers can ask MDRI to delete the personal information that has been collected from them.
General Data Protection Regulation 2016/679 (GDPR)
- If you live in Europe and MDRI collects or processes your Information you have, among other rights, the right: (i) to access, update or delete your information; (ii) to obtain a copy of your information; (iii) to port you information in a structured, commonly used and machine-readable format, and have the right to transmit those data to another data controller.
- If you wish to exercise any of these rights, contact our Privacy Officer as indicated in Contact, hereto.
- You also have the right to file a complaint with the relevant supervisory data protection authority, according to Article 77 of the GDPR, in particular in the Member State of your residence, place of work or place of alleged infringement of the GDPR.
DATA COLLECTED BY AUTOMATIC MEANS
Several technologies can be used on our website to make them more user-friendly, efficient and reliable. These technologies may include an automatic data collection by ourselves or by third parties on our behalf. In general, these data do not contain personal details about the user. These technologies include, in particular, cookies, Adobe Flash cookies and analytics software.
A visit to one of our websites causes the browser to send data to our server. This data is automatically collected and stored by us or by others on our behalf. This data may include, in particular:
- IP address of the visitor
- the date and time of visit
- the referral URL (the website from which the visitor came)
- pages visited on our website
- information on the browser used (type and browser version, operating system, etc.)
The following links provide detailed information on the most popular browsers:
Internet Explorer: http://support.microsoft.com/gp/cookies/en
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Web Beacons and links trackers
Web beacons (also called “pixel tags” and “healthy GIF”) contain graphic symbols that the user cannot see. The links trackers or similar technology consist of a few lines of code instruction and can be incorporated into our website or our application (mobile). With Cookies, they are mostly used for statistical analysis. This technology can also be used to monitor traffic patterns on websites or to find out if an email has been received and opened, and if a response was given to it.
The term “cybermetrics” means a method of collecting and evaluating the behavior of Web site visitors or (mobile) applications. The latter includes the analysis of traffic patterns in order, for example, to determine the frequency of visits to certain parts of a Web site or application (mobile) or to find out what information and services most interest our visitors. To do this, we essentially use clickstream data and other techniques described above. The cybermetric data are managed by Google Analytics. You can find more information on the treatment of data by Google Analytics cybermetrics developed below.
Cybermetric Data Processing By Google Analytics
The cybermetric services used on our website and our (mobile) applications are provided by Google Analytics (www.google.com/analytics). This means that when you visit our website, a Google Analytics cookie is placed on your computer or mobile device unless the settings of your browser do not allow these Cookies (see 2.1.2 above).
Furthermore, when you visit our website, cybermetric data described previously in Chapter 1 – including “clickstream data,” the data provided by “web beacons and links trackers”, and the information stored in cookies Google Analytics – Google Analytics will be sent to be analyzed to MDRI.
Google Analytics operates as an agent of MDRI, which means only MDRI determines the purposes for which the data are used and that Google Analytics cannot disclose information to third parties (unless required to do so by law or by a court decision).
please contact firstname.lastname@example.org