Policy Concerning Confidentiality and the Handling of Personal Information


1.1. Objective
Our Policy Concerning Confidentiality and the Handling of Personal Information sets out the ways in which we collect, use and divulge the personal and non-personal information we collect about you when you use or visit one of our platforms or facilities (online or in person).
Personal information is defined as “any information concerning a natural person which makes it possible to identify the person or distinguish one person from another (directly or indirectly.”
The goal of the present policy is to inform users of our various platforms about the personal information we collect, as well as about the following information, where relevant:

1. Personal information collected;
2. Use of information collected;
3. Sharing information collected;
4. Protecting information collected;
4. Users’ rights;
5. Policy concerning cookies on our sites.

1.2. Applicable Laws
Personal Information Protection and Electronic Documents Act (PIPEDA)

It is also in conformance with the following provincial Quebec laws, overseen by the
Commission d’accès à l’information :

  • An Act to modernize legislative provisions as regards the protection of personal information (Loi 25)
  • Act to establish a legal framework for information technology (AELFIT)

1.3. Consent
Users agree that in using our website they consent:

1. to the terms set out in the present confidentiality policy;
2. to the collection, use and storage of the information set out in the present policy.

1.4. Updates
This confidentiality policy may be modified in order to remain in conformance with the law and to take into account any changes in our process for collecting information. We recommend that users check our policy from time to time to ensure that they are informed of updates. In the event of a major change to the policy, we will inform users by e-mail.

1.5. Contact Person
If you have any questions about the present policy, do not hesitate to communicate with the person responsible for personal information:
Jean-Christophe Racette, Deputy Director
819 821-2115


2.1. Personal Information Collected Online
When you use one of our websites or consult our newsletter, personal information is collected automatically and non-automatically.

Information collected automatically
When you visit and use our site or consult our newsletter, we may automatically collect and store the following information:

1. IP address;
2. Location;
3. Links on the site on which the user has clicked;
4. Content on the site consulted by the user;
5. Date and time the site’s pages were consulted.

Information collected non-automatically
We also collect the following information when a person becom es a member or makes a donation via our website or in person:

1. First and last name;
2. Gender;
3. E-mail address;
4. Telephone number;
5. Complete address;
6. Payment information;;

2.2. Use of Personal Information Collected
Please note that we only collect information which enables us to achieve our mission. The Musée des beaux-arts de Sherbrooke is a non-profit organisation whose principal mission is to “preserve, promote and showcase the extraordinary wealth of the visual arts created in the province of Quebec and the Eastern Townships.” To carry out this mission, the MBAS relies on its members and donors, who explicitly support this mission and share its goals.

The information we collect when a user carries out certain functions on our site can be used for the following purposes, in an anonymous manner:

1. Rendering of accounts with public and private funders;
2. Producing statistics for internal use only;
3. Communicating with members and donors (soliciting donations, extending invitations, providing information, etc.)

We do not collect additional information without informing you beforehand. The personal information collected on our sites, from our newsletters and in person will be used solely for the precise purposes outlined in the present policy or indicated on the relevant pages of our sites. We do not use your information beyond what we have divulged.

2.3. Sharing Personal Information Collected
We may divulge to any MBAS employee user information which the employee reasonably needs in order to carry out the work incumbent upon them as part of their job functions and to in order achieve the objectives set out in the present policy.

Third parties
We may share information with the following third parties when a confidentiality agreement has been signed and when we have the user’s agreement:

1. Cities, municipalities and regional county municipalities (RCM);
2. Government.

We may share user information with third parties for targeting purposes in possible publicity campaigns or to analyse user behaviour or attributes. This information is collected by means of a pixel configured on Meta platforms or by means of the Google Analytics 4 tool configured on our websites. It is rendered anonymous before being shared with the partners who carry out our publicity campaigns.

These third parties are not provided with user information beyond what is reasonably required to achieve the objective of a given task.

Other sharing
We commit to not selling or sharing your information with other third parties, except in the following cases:

1. When he law requires it;
2. When it is required for any judicial procedure;
3. To prove or protect our legal rights.

If you follow one or more hyperlinks found on one of our websites, taking you to other sites not belonging to the MBAS, please note that we are not responsible and have no control over their confidentiality policies and practices.

2.4. Protecting Personal Information
All the private information stored in our system is safe and accessible only to relevant personnel. Our employees are bound by strict confidentiality agreements with respect to personal information and a violation of this agreement would result in the employee’s dismissal.
While we take every reasonable precaution to ensure that this information is secure and that users are protected, there is always a risk of prejudice. Given the many risks found in Web technologies and on the Internet, we are unable to guarantee the safety of user information beyond what is reasonably practical.
In the event a security breach is detected, the MBAS is committed to acting diligently to observe every measure required by law to contain any such incident


3.1. Users’ Rights
As a user, you have the right to view all the personal information about you we have collected. In addition, you have the right to update or correct any personal information in our possession on condition that it is acceptable with respect to the law.
You may choose to withdraw or modify your consent to the collecting and use of your information at any time, as long as it is legally acceptable to do so and you have informed us of this.

3.2. Modifying, Removing or Contesting Collected Information
If you wish your information to be removed or modified, please contact the person responsible for personal information at the MBAS:
Jean-Christophe Racette, Deputy Director
819 821-2115


4.1. Policy Concerning Cookies
A cookie is a file that is downloaded to the user’s device when visiting our site, making it possible to store and recover information relative to navigating our websites. It is important to note that the use of cookies does not make it possible to obtain personal information about the user.
Among other things, cookies make it possible to store and recover information on users’ decisions and navigation habits. We use cookies to personalise the user’s experience on our pages and to make navigating them easier.
Users may set their browser to decline cookies. In this case, users are still able to view content, but the experience will not be personalised.

Cookies which analyse traffic on our website
These are cookies which enable us to quantify the number of users and thereby to do statistical analyses of the use to which users put our services. In this way, we can study our site navigation and improve the products and services we make available to you.