Politique et confidentialité

Privacy Policy

1. Purpose

This policy covers:

The handling of personal information within Hôtel Levesque;

The life cycle of this information (collection, processing, sharing, storage, destruction) across its systems, employees, and subcontractors.

2. Legal considerations

Hôtel Levesque is headquartered in Rivière‑du‑Loup, Canada. Its clients are primarily from North America, with some from Europe. The organization MUST comply with provincial and federal laws as part of its privacy program.

The General Data Protection Regulation (GDPR) was used as the foundation of the company’s privacy program, aligning the policy with the strictest legal requirements applicable to personal data processing.

3. Data controller and data processor

The company’s clients are the “Data Controllers” for most of the information entered into the web application, the website, and the Opera reservation systems, or that is periodically shared with employees to deliver services.

This positions the company as a “Data Processor” for most of the information stored and processed by the organization.

Some information is collected directly by the company to facilitate security, logging, and application performance. This includes data such as IP addresses and behavior within the organization’s platform. For this information, the company acts both as Data Controller and Processor.

The organization also uses a variety of technologies and partners who may periodically act as sub‑processors.

If users have any questions or concerns about the processing and handling of their personal information, they may contact the Privacy Officer directly.

Appropriate technical and organizational measures have been implemented to protect your information and ensure that we process and safeguard it in accordance with personal data protection principles:

They MUST be:

Processed fairly and lawfully;

Obtained only for one or more specified and lawful purposes and not processed in a manner incompatible with those purposes;

Adequate, relevant, and not excessive in relation to the purposes for which they are processed;

Accurate and updated when necessary;

Processed according to the rights of the individual as defined in the following regulations: GDPR, PIPEDA, CCPA.

They MUST NOT be:

Retained longer than necessary;

Transferred outside of Canada unless an adequate level of protection of individuals’ rights and freedoms is ensured.

Appropriate technical and organizational measures MUST be in place to protect personal data against unauthorized or unlawful processing, and against accidental loss, damage, or destruction.

Any changes, updates, or controls put in place to protect your personal information will be communicated in writing to system users who process personal information.

4. Personal Information Inventory

To protect data, the company maintains an accurate inventory of all personal information collected, processed, stored, or transferred.

5. Cookie banner

Cookies are small data files stored on your device that allow a website to recognize the user’s browser. They can help a website remember the user’s preferences, session state, or track user interactions such as pages viewed, links clicked, or time spent on a page.

The company uses cookies to track various information about your use and experience on its websites — only with your consent, obtained via a cookie banner.

With your consent, we may track the following details regarding your experience:

Tracking preferences;

Authentication and security;

Session state;

Various analytics.

6. Accessing Your Personal Information

You have the right to request a copy of the personal information we hold about you and to correct any inaccuracies.

When submitting a personal information request, you are entitled to:

Know what personal data the company processes or has processed;

Know the reason(s) and purpose(s) for which your data is processed;

Know whether your personal information has been shared, and with whom, and for what purposes.

7. Process for Requesting Access

The process for submitting a personal information request is as follows:

Requests must be submitted to your organization by email.

8. How to Give, Refuse, or Withdraw Consent / Filing Complaints

Implicit consent is given to the company if:

The user accesses the services after the cookie banner has been displayed;

The user has read and accepted the publicly accessible privacy policy.

Explicit consent is refused if:

The privacy policy is not read or accepted;

The user contacts the organization to withdraw consent.

Important notes:

The company will never assume or imply consent for individuals under 16 years old.

Explicit consent can only be freely given by individuals aged 16 or over.

Children aged 13 to 16 MUST explicitly register before their information can be processed or stored, and parental or guardian consent is required.

Children under 13 will not have their personal information processed or stored by the company.

Privacy‑related complaints may be submitted to the following email address:

guillaume.lavoie@hotellevesque.com

9. Correcting Personal Information

You have the right to correct any inaccuracies in the personal information we collect.

The company allows you to correct these inaccuracies at any time.

10. Right to Be Forgotten

You have the right to request that your information be deleted and removed from our records unless a legal retention basis exists — such as financial transactions or tax requirements.

11. Breach and Leak Notification

Anyone whose personal information has been disclosed in a breach must be informed within a reasonable timeframe once the breach has been discovered and if the information was disclosed in unencrypted form.

Notification will be accelerated if the personal information presents a real risk of harm to the individual — known as sensitive information.

Potential impacts include, but are not limited to:

Physical harm

Humiliation

Damage to reputation or relationships

Job loss

Loss of business or career opportunities

Financial loss

Identity theft

Negative impact on credit records

Property damage or loss

This policy is approved by the Privacy Officer of Hôtel Levesque: