Concordia holds Personal Information that is provided so that it can carry out its mission including study and work.
The University may also collect and/or share Personal Information for purposes other than study or work. In such cases, the collection and use of such information is subject to consent by the individuals concerned, unless a legal exception to such consent exists.
Concordia is committed to using your Personal Information for the purposes for which it was collected and will treat such information confidentially. As such, University personnel are expected to:
a) access only the Personal Information necessary to perform their duties;
b) use such Personal Information only in the course of their duties;
c) not disclose any Personal Information that comes to their knowledge in the course of their duties unless duly authorized to do so;
d) place this Personal Information only in the files intended for the accomplishment of their duties;
e) keep such Personal Information only in the records required for the performance of their duties;
f) only allow authorized persons have access to the Personal Information;
g) protect access to Personal Information in their possession or to which they have access with a password;
h) dispose of all wastepaper by shredding or via confidential recycling if it contains Personal Information;
i) promptly inform the appropriate designated individual(s) of any situation or irregularity that could compromise in any way the security, integrity or confidentiality of Personal Information, including a possible Privacy Incident;
j) at the end of their employment or contract, not retain any Personal Information collected or transmitted in the course of their duties and maintain their obligation of confidentiality.
Concordia may share your Personal Information with a third-party service provider as part of a service agreement. In such instances, the University will impose certain contractual obligations on the service provider to ensure that the Personal Information that is provided is treated securely and confidentially.
Concordia may share your Personal Information with third parties where it is legally required to do so (e.g., government entities). Otherwise, Personal Information is shared with third parties only when express consent is provided by the individual.
Communication of Personal Information without the consent of individuals, pursuant to a legal exception, is recorded in the appropriate registers.
For further information:
- Consult the University’s Privacy Notices.
Members of the community may request to receive a copy of the Personal Information that the University holds concerning them.
- For University personnel who wish to access their employment-related documents, these shall be accessed directly via Carrefour or they may address a request directly to Human Resources.
- For students who wish to access documents related to their enrolment, these shall be obtained directly via the Student Information System (SIS) or they can address their requests to the various units that provide services to students, including the Birks Centre, Student Accounts, Counselling and Psychological Services, the Access Centre, or academic departments.
- Requests by third parties for access to the Personal Information of a member of the community must be made in writing and addressed to the Privacy Officer. Written requests must be sent to the following email address: firstname.lastname@example.org.
In instances where members of the community realize that the information that Concordia holds concerning them is inaccurate, incomplete or incorrect, they may make the changes on their student or employee portals.
If the required changes cannot be effected via the appropriate portals, individuals may write to the Privacy Officer informing of the changes that need to be made. Where necessary, the Privacy Officer will coordinate with the relevant department(s) or unit(s) to address the request for correction.
When a member of the University community becomes aware of or is informed of a Privacy Incident involving Personal Information including any unauthorized release or access to Personal Information, they should promptly advise their supervisor and/or the Privacy Officer via email at email@example.com or by filling out an Incident Register form.
Articles 67.2.1 to 67.2.3 of the Act respecting Access to documents held by public bodies and the Protection of personal information, chapter A-2.1 (the “Act”) provide that researchers may request access to Personal Information held by the University for research purposes. Such requests must be submitted to the Privacy Officer and a Privacy Impact Assessment (PIA) will be conducted. If the PIA concludes that Personal Information may be disclosed for this purpose, the University shall enter into an agreement with the researchers that contains the statutory requirements and any additional measures identified in the PIA.
The person responsible for the Protection of Personal Information at the University is the Secretary-General, who is also the Privacy Officer. For all inquiries related to the protection of Personal Information at the University, individuals are encouraged to contact us by email at firstname.lastname@example.org or by telephone at 514-848-2424, ext. 2640.
The Protection of Personal Information is a shared responsibility, and members of the University community have a responsibility to ensure that the Personal Information that they collect, share and store conforms, at all times, with relevant policies and procedures in place at the University.