Inn Privacy Policy

This Privacy Policy applies to the website accessible at the link https://www.marquisdemontcalm.ca (the ""Website"").

1. Who we are

For the purposes of this privacy policy (the ""Privacy Policy""), any reference to Auberge Marquis de Montcalm is deemed to include their employees, officers, directors, agents, subcontractors and other respective representatives.

When we use the expressions ""we"", ""us"", or ""our"" below, we therefore refer specifically to the Auberge Marquis de Montcalm (hereinafter referred to as the ""auberge""), as the person responsible for processing your personal information.

This Privacy Policy describes our practices regarding the collection, use, communication, sharing and management of personal information provided on the Website or otherwise collected in the context of the Inn's activities. Our Privacy Policy also describes the measures we take to protect the security of this information as well as how you can access, modify or delete your personal information. In addition to this Privacy Policy, your visit to this Website is subject to (i) our terms of use of the Website, and (ii) any other conditions of use that may be communicated to you from from time to time by the inn.

If you do not consent to the terms regarding our collection, use, disclosure, sharing and management of personal information set out in this Privacy Policy, please do not provide us with your personal information or use the Website.

2. When and how we collect your personal information

We respect your privacy and aim to minimize the collection of your data. We also aim for transparency, which is why we detail below the limited circumstances in which we may collect and process your data.

2.1. Through our direct exchanges

We collect your personal information in the context of direct exchanges between you and the Inn, more specifically in the following contexts:

• you submit a reservation request for one of our rooms to rent;
• you submit a request for products and services that we offer to all of our customers;
• you voluntarily complete the online reservation section on our Website, in particular to reserve a room or to provide us with feedback on our products or services, using an external link from our pages on social networks;
• you make a reservation on one of the reservation platforms offered by our technological partners;
• you communicate with us about the services and products we offer, including when you request a quote or request information about the Inn;
• you enter into a contractual relationship with us to obtain a product or service, in particular to fulfill our obligations towards you or to carry out follow-ups relating to the product or service intended for or reserved for you;
• you contact us for the purpose of asking a question, submitting a comment or making a complaint;
• you complete your registration for our mailing lists, email communications and messaging services, to receive news, updates, as well as promotional offers;
• you apply for a job;
• you participate in any competition and/or draws set up by the Inn;
• your application is submitted for a certificate of professional merit;
• you interact with us through social media.

2.2. By automatic technologies or interactions

When you use our Website, we collect certain types of information electronically via emails, social media accounts, online advertising, or through the use of our or a third party's technologies, including cookies, tags internet or web beacons or analytics engines. This information helps us understand the actions you take when you interact with these technologies and allows them to function properly.

We may combine this information with other information collected online, such as your browsing history. This allows us to understand how you use our Website and to carry out analyzes in order to offer you more personalized advertising and marketing campaigns. These practices include serving interest-based advertisements. To learn more about the privacy choices available to you, please see Section 9 of this Privacy Policy.

The technologies we use are:

• Witnesseswhich are small data files that are recorded and stored on your computer's hard drive to allow us to save certain information between visits to the Website, such as your access data or language preferences. Cookies allow you, among other things, to quickly log in when you visit our Website.
• Web beacons and pixel tags which are small image files containing some of your information, such as your IP address, that may be downloaded when you visit a website or open an email. This technology allows us to understand your online behavior, control our emails and provide you with advertising based on your interests. These files also allow third-party tracking tools to collect information, such as your IP address, and return it to us in an anonymous, aggregated form (that is, in a way that prevents us from identifying you personally).Aggregated information means personal information compiled and expressed in a summarized form in which no personal identifier is included.
• Web analytics tools (such as Google Analytics) that use cookies to analyze your use of our Website, create reports on user activities and provide other services associated with the use of our Website.
• Analytics engines that extract usage data from multiple sources and help manage and collect this data to use for personalization, for interest-based advertising, for content personalization, and for other methods to better understand the needs and preferences of visitors to our Website.
• Tools to protect against unauthorized use, such as Google Invisible reCAPTCHA, which collect information about computer hardware and software, such as device and application data, integrity check results, and unique identifications in line (the IP address, for example) and which sends this data to Google for analysis.

You can remove or disable some of these technologies at any time through your browser. However, in this case you may not be able to use certain functions of our Websites. To learn more about the privacy choices available to you, please see Section 9 of this Privacy Policy.

2.3 Through third parties

We may obtain information about you from other sources, including third parties who provide services to the Inn in the course of their business.The collection of personal information made by the inn from these third parties is carried out only for the purposes described in this Privacy Protection Policy. Specifically, the Inn obtains some of your personal information from third parties in the following circumstances:

• you submit a reservation request through a technological platform operated by a third party (e.g. Booking.com or Expedia platforms);
• you submit your application for a job through a technological platform operated by a third party; Or
• you make a reservation request through a technological platform operated by a third party on our Website (e.g. Elloha platform).

3. What personal information we collect

For the purposes of this Privacy Policy, the term ""personal information"" means any information about an individual from which that person can be identified. This does not include information from which the identity has been removed (anonymous data).

We may collect, use, store and transfer different types of personal information about you. The type of personal information we may collect is described in the table below, with an indication of whether this information is mandatory or optional in connection with the Inn's operations.

We also collect, use, store and share Aggregated Information, such as statistical or demographic information. Aggregated Information may be derived from your personal information, but is not considered personal information if it does not directly or indirectly reveal your identity.For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of our Website. However, if we combine or connect Aggregated Information with your personal information to directly or indirectly identify you, we treat it as personal information which will be used in accordance with this Privacy Policy.

We do not collect any personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, nor any genetic data or biometric data for the purposes of uniquely identifying a natural person, no data concerning the health or any data concerning the sex life or sexual orientation of a natural person.

Consequences of refusing to provide certain personal information

Where we need to collect personal information by law or under a contract we have with you, if you do not provide that information when requested, we may not be able to perform the contract in question. In this case, we may have to cancel the delivery of a product or the performance of a service that you have requested from us to the extent that your refusal makes it impossible for us to perform our obligations, but we will We will inform you if this is the case at the appropriate time.

4. How we use personal information collected

We limit the collection of personal information to that which is reasonably required to fulfill the purposes for which it is collected. Most often, we will use your personal information in the circumstances described below.

• With your consent: for example, we will obtain your consent before sending you marketing communications;
• For reasons consistent with the purposes for which the personal information was collected:for example, processing your personal information when necessary to respond to your requests, perform a contract to which you are a party or to take steps on your behalf and at your request before entering into such a contract;
• For purposes strictly beneficial to you: for example, to fulfill a contractual obligation or any other obligation we have towards you;
• To the extent permitted by law and where we need to comply with a legal obligation: complying with a legal obligation means processing your personal information where this is expressly permitted by applicable privacy laws or necessary for compliance with the law. 'a legal obligation to which we are subject.

From time to time, we may use your personal information to conduct surveys in order to improve our products and services. In such cases, we will not collect sensitive personal information and the survey results will be anonymous. We do not use your personal information for automated decision-making.In the event that we conduct a survey for purposes other than those identified above or make an automated decision, a privacy statement will be provided to you before these activities take place.

Your personal information may, depending on the case, be accessible by our employees, consultants, subcontractors, based on the criterion of necessity, that is to say when access to the information is required for the purposes described in this Policy, and always according to our access management process.

5. How we disclose your personal information

5.1 Principle

Except as expressly set out in this Privacy Policy, we do not sell, rent, transfer or disclose your personal information to third parties for undisclosed purposes without your consent.

5.2. Exceptions

We may transfer personal information in the following cases:

• Third-party providers:we may share all types of personal information identified in Section 3 above with third parties that provide services to the Inn, such as online reservation services, accounting services, payment processing services, communications services electronic (marketing), advertising services or analytics services (for example, tracking the effectiveness of our marketing campaigns and analyzing the use of our Website), online training services. These third parties are only authorized to use your personal information for the purpose of providing these services to the Inn and are not authorized to use your personal information for their own internal purposes.
• External partners: we may disclose your personal information to an external partner when you make a request for information, registration or participation in other activities offered in collaboration between the Inn and this external partner. In all cases, the name of the partner to whom your personal information will be disclosed will be mentioned in the information provided to you relating to the activity in question.
• Judicial purposes:we may disclose your personal information when requested or required for legal purposes. More specifically, the Inn and its third-party providers may disclose your personal information in response to a search warrant or other request or order consistent with law, or to respond to an investigative agency in the event of a violation of a agreement or breach of law, or as otherwise required or permitted by law. We may also disclose personal information as necessary for the purpose of asserting or exercising legal claims or asserting a defense against such claims, or for the purpose of preventing actual or suspected losses or to avoid personal injury or property damage.
• Sale, transfer of activities or other transactions:we may share your personal information with another entity if we sell or transfer assets as part of a business transaction or as part of a merger, a change in our corporate incorporation or organizational structure, or any other legal transaction relating to the legal form of the inn. In the event the transaction is completed, your personal information will remain protected by applicable privacy laws. In the event that the transaction is not completed, we will require the other party not to use or disclose your personal information in any way and to completely delete such information in accordance with the applicable laws.
• Other permitted reasons: Applicable laws may permit or require the use, sharing or disclosure of personal information without consent in specific circumstances (for example, when investigating and preventing illegal activities, including the fraud, or to assist government and law enforcement agencies).These circumstances include situations permitted or required by law or necessary to protect our business, employees, customers or others. In such a case, we will only share personal information reasonably necessary.

Our Website may contain links to other sites that are not owned or operated by us. Additionally, links to our Website may appear on third party websites on which we advertise. Except as provided herein, we will not disclose your personal information to these third parties without your consent. We provide the user with links to third party websites as a convenience. These links are not intended as an endorsement or recommendation of the linked sites. Linked websites have separate and independent privacy statements, notices and terms of use which we encourage you to read carefully.We have no control over these websites and therefore cannot be held responsible for how the organizations that operate these linked websites may collect, use, disclose, obtain or otherwise process your personal information.

6. Transfers of Personal Information to Other Countries

Your personal information will be accessible from Canada. In some cases, your personal information may be transferred or stored outside of Canada. We will take all steps reasonably necessary to ensure that any personal information transferred outside of Canada is treated securely and benefits from an adequate level of protection in accordance with applicable data protection laws. However, the laws of the destination country may not provide the same level of protection as the privacy laws in force in Canada.

7. Protection and processing of your personal information

7.1. How we protect your personal information

We have established and apply administrative, technical and material security measures aimed at protecting your personal information in our custody and control, against unauthorized access, use, modification and communication, among other things:

• We limit our employees' technological and physical access to your personal information by implementing an access management process;
• We carry out security audits, intrusion tests and vulnerability tests of internal and external networks in order to identify any vulnerabilities and correct them;
• We regularly offer training to our employees on personal information security issues;
• We have adopted an Information Security Policy and a Cyber Threat Protection and Cybersecurity Incident Reporting Directive which are communicated to all our employees.

Security measures also apply when we dispose of or destroy your personal information, so that everything is done in a confidential and secure manner. Additionally, we use reasonable measures to ensure that our service providers protect your personal information, regardless of where it is used or stored.

7.2. Access and processing of personal information

We provide access to your personal information to our employees, contractors and third party vendors (each, a ""Representative"") to the extent they need access to fulfill the specific roles we have assigned to them. During the retention period of your personal data, our Representatives are required to maintain the confidentiality of your personal information. They are also responsible for adhering to the administrative, technical and physical safeguards required to protect your personal information. They must also comply with the policies and practices designated in this Privacy Policy.

7.3 Computer incident response plan

In the event of a security breach, i.e. if your personal information is lost, disclosed without your authorization or becomes accessible to an unauthorized person, we will notify you of such a breach if it results in a real risk of harm. For example, a real risk of harm includes bodily harm, humiliation, loss of professional opportunities, financial loss, or identity theft. If the breach creates a real risk of harm, we will inform you directly as soon as possible. If we cannot notify you directly, we will notify you of the breach through a public communication. We will provide you with the information necessary to understand the significance of the security breach and take steps to reduce the risk of harm that may result. We will also report the security breach to the government and any other organizations that we believe can reduce the risk of harm that may result from the breach.We keep a record of all security breaches. Following a security breach, the Inn investigates its causes and reviews the protective measures in place to prevent a recurrence.

7.4 Retention of personal information

We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or to comply with legal requirements.

7.5 Internal training and privacy awareness program

Our Representatives are informed of this Privacy Policy before having access to your personal information and undertake to protect its confidentiality and to comply with the procedures and policies set out therein. In addition, we provide training programs to our Representatives to raise awareness of our obligations under applicable privacy laws and our internal data governance processes.These training programs are available on an ongoing basis to allow our Representatives to stay up to date on industry standards.

7.6 Responsibilities of the Privacy Officer

We have designated a Privacy Officer who is responsible for overseeing matters relating to this Privacy Policy and who is responsible for the protection of personal information within the Inn. If you have any questions or comments regarding how we process your personal information, including requests to exercise your rights, or if you wish to request access to, update or correct your personal information in our possession, please contact our Privacy Officer as indicated below:

Attention: Mme Thanh-Hoa Bui, owner
Telephone: 819-822-6679
Postal address: 797, rue Général-De Montcalm, Sherbrooke (Québec) J1H 1J2
Email: chef@marquisdemontcalm.com

Our Privacy Officer is also responsible for handling any privacy complaints you may have in relation to how the Inn handles your personal information. Our Privacy Officer will handle each complaint as follows:

• contact the complainant in writing to acknowledge receipt of the complaint;
• investigate the complaint and assess its merits when the privacy officer has sufficient information; And
• respond to the complaint in writing specifying the Inn's privacy practices in relation to the complaint.

8. Your rights regarding your personal information

You have the rights detailed below with respect to your personal information:

• Request access to your personal information: this allows you to receive a copy of the personal information we hold about you.
• Request correction or update of personal information we hold about you: This allows you to correct or update incomplete, inaccurate or out-of-date data we hold about you. However, we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal information: This allows you to ask us to delete or remove personal information where there is no good reason for us to continue processing it. Please note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Request transfer of your personal information to you or a third party: We will provide you, or a third party of your choice, with your personal information in a commonly used, structured, machine-readable format. Please note that this right only applies to automated information.

If you would like to exercise any of the rights set out above, please contact our Privacy Officer using the contact details provided in Section 7.6 of this Privacy Policy.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).

If you wish to exercise any of the above rights, we may need to ask you for specific information to enable us to confirm your identity and thus allow you to access your personal information (or exercise your other rights). . This is a security measure to ensure that personal information is not disclosed to a person who does not have the right to receive it. We may also contact you to request additional information regarding your request in order to expedite our response.

We will respond to all legitimate requests within twenty (20) days.

9. Changes to Privacy Settings

Electronic communications:You may at any time request that your name be removed from our mailing lists for promotional or commercial electronic communications by unsubscribing from our emails.

Cookies: You can block the use of cookies by activating the corresponding setting in your browser.

Targeted Advertising: You can opt out of receiving personalized advertising from third-party advertisers and ad networks.

10. Changes to the privacy policy

This Privacy Policy is regularly reviewed and may be updated from time to time to reflect changes in applicable laws or our personal information practices. The amended Privacy Policy will be posted on the Website. We will process your personal information in accordance with the Privacy Policy in its most recent version.

11. To communicate with us

If you have any questions regarding this Privacy Policy, you can contact our Privacy Officer using the contact details provided in Section 7.6 above.