Privacy policy

1. Preamble

The confidentiality and security of your personal information is a priority for us. The INRS Foundation is committed to protecting your personal information and privacy.

Whether obtained through our web platform or in an oral exchange, the personal information communicated will only be used for the purposes of carrying out our organisational mission and in compliance with applicable laws. To this end, here are the details of our privacy policy.

2. Objective

This policy describes how we collect, use, protect and communicate your personal information. It also explains how you can request access to this information or have it amended. In addition, at the end of this policy, you will find various tools enabling you to limit the use we may make or allow to be made of your personal information, in the context of our activities, in particular the solicitation of donations.

3. Scope

This policy applies to our donors, employees, volunteers, members of the Board of Directors or any other person from whom we obtain personal information in the course of carrying out our mission or a mandate entrusted to us by a duly authorized representative.

This privacy policy applies to all of our activities, including those on our website at (for example, when you make an online donation, register for an activity or browse or view information on our site). However, this policy does not apply to websites operated by third parties over whom we have no control. If you follow a link to a third party site (for example, if you go to a partner’s site), the privacy policy of that third party site will apply. We are not responsible for the privacy policies, procedures or practices of these third parties. We invite you to read their policies before submitting personal information to these third-party sites.

By providing us with your personal information, registering for one of our activities, using our web platform or voluntarily interacting with us, you consent to our collection, use and disclosure of certain of your personal information as set out in this Privacy Policy.

4. Types of personal information and their uses

4.1 What is personal information?

Personal information is defined by the Act as any information relating to a natural person that enables that person to be identified, directly or indirectly. For example, a name, postal address, e-mail address and banking information may constitute personal information.

Only the personal information required to fulfil our mission and communicate with you is collected. Under no circumstances, except those that may be provided for by law, will we communicate your personal information or information relating to your donations to any person, company or other organisation, unless it is one of our suppliers and the information is provided in the context of carrying out our activities and our mission. For example, we may collect the following information:

4.1.1 Identity information

With reference to our governance policy, identity information includes identity and contact data:

  • Required | These details are needed to fill in the forms on the platform:
    • Full name (name and surname)
    • Email address
    • Mailing address
    • Salutation
    • Gender
  • Optional | This data is not collected as it is not required:
    • Phone number
  • If applicable | This data is only collected in specific cases:
    • Login (username for login area)
      Professional experience and references (if you are applying via our platform)
      Any information requested by the organisation via the dynamic forms
      Any comments submitted to the organisation

Here are the reasons why we collect this data:

  • Process your donations and issue tax receipts;
  • Provide you with the information you request;
  • Create, complete or modify your file at your request;
  • Respond to comments or questions;
  • Communicate with you in an appropriate manner;
  • Evaluate your application for employment or volunteer work;
  • Invite you to take part in our events, campaigns and other activities related to the Foundation’s mission.

4.1.2 Information relating to transactions (donations and orders)

Transaction-related information is needed to process your donations and orders placed on our web platform. Here is the data collected for this purpose:

  • Required | These details are necessary to complete any transaction:
    • Required data for the identity information listed above;
      Transaction amount (donation and order);
      Method of payment (credit card, bank transfer, deduction at source, cheque, etc.);
      Financial information :
      Credit card: type of card, last 4 digits, expiry date and name of cardholder;
      Bank transfer: currency used;
      Deductions at source: employee pay period.
      Destination of donation (campaign) or distribution of donation (if applicable);
      Type of donation (monetary, in-kind, etc.);
      Product(s) purchased.
  • If applicable | These data are collected only in specific cases or on an optional basis:
    • Comments related to a donation;
      Information about the persons to be notified in the case of an “In honour of” or“In memoriam” donation.

Here are the reasons why we collect this data:

  • Complete your transaction (donation or order);
  • Issue tax receipts;
  • Track the progress of recurring donations;
  • Process your payment information using our payment gateway;
  • Enable us to notify the right person of donations made to “In Honour of” or “In Memoriam.”

4.1.3 Information relating to web browsing

When you visit a website, whether the Foundation’s or any other, the computer systems automatically record certain information. In some cases, it is possible to avoid collecting this information, and in others we have no way of doing so. Here are the types of information collected and why they are collected:

  • Connection address (IP);
  • Information about your device;
  • Date and time of actions taken on the platform;
  • Information collected by cookies.

To find out more about the use of cookies, read the Cookies Policy.

4.2 How is personal information collected?

Personal information is collected when the following actions are taken:

  • Make a donation or purchase.
  • Subscribe to a newsletter to receive information;
  • Participate in a benefit activity or fundraising campaign;
  • Become a volunteer, employee or partner of the organisation;
  • Apply for a job or volunteer position;
  • Communicate with the organisation by telephone, email or via social media;
  • Create an account or log in via the web platform;
  • Enter information on the web platform.

4.3 To whom is personal information disclosed?

As part of the operation of our web platform, we may authorise one of our suppliers to use your personal information, strictly for the purposes of helping us carry out our operations. In such cases, we take steps to ensure that the rules set out in this privacy policy are complied with and require such suppliers to maintain the confidentiality and security of your personal information. We also require them to use your personal information only for the purposes for which it was provided. At the end of their mandate, when our suppliers no longer need your personal information for these limited purposes, we require them to destroy it.

Your personal information will not be sold or exchanged with other organizations or companies. Below is a non-exhaustive list of our suppliers:


Their role in the web platform

(formerly Bambora)

Payment gateway and acquirer


Payment gateway and acquirer


IT provider and email service (donnamail)


Hosting and servers


Email services




Ticketing service


Donation and donor management software


Audience analysis service


Payroll deduction pledge form


Ticketing service


5. Data hosting

The servers hosting the Donna platform and its databases are located in Quebec or France, depending on where our customers come from. Only the payment gateways and acquirers (Bambora and Stripe) are located outside Quebec, although they remain in Canada or France for European customers. However, personal information remains permanently governed by the Loi modernisant des dispositions législatives en matière de protection des renseignements personnels in Quebec and the RGPD in France.

6. Retention of personal information

Personal information and other information obtained via the web platform (donations, purchases, contact details, etc.) are kept for as long as is necessary for the purposes described in this policy and in the data retention, destruction and anonymisation policy in compliance with legal obligations.

7. Protection of personal data

Granular access to personal information is provided on a need-to-know basis only. This means that only authorised and qualified personnel who need to consult your personal information in the performance of their duties have access. However, no security measure is absolute or fully guaranteed. If you have reason to believe that access to your personal information is not secure, contact us immediately using the contact details in “How to contact us?” section.

7.1 Rights concerning personal information

You may access the personal information we hold about you free of charge and, if applicable:

  • Request rectification, as permitted or required by law;
  • Request the deletion of out-of-date or unjustified information;
  • Provide written comments.

To do so, you may contact us (see “How to contact us?” section). However, to prevent abuse, the Foundation reserves the right to impose administrative charges.

Finally, to update your personal information, please contact us as soon as possible(see “How to contact us?” section).

7.2 Withdrawing your consent

You may at any time withdraw your consent to the use, communication and retention of personal information or other information collected about you by the INRS Foundation in the course of our exchanges or actions on the web platform. This withdrawal may be total, but we may no longer be able to offer you certain services, such as issuing tax receipts, or it may concern certain types of transactions or their frequency. To do this, you can contact us (see “How to contact us?” section).

8. Policy update

Should we make significant changes to this policy, for example, to comply with new legal requirements, we will notify you in advance so that you can make an informed choice about your use of our services. We will make the new version of the policy available to you on the website or otherwise, indicating the date of the last update. If you have provided us with your contact details, we will send you a notice of the change.

9. How to contact us?

If you have any questions or comments about this policy or the protection of your personal information, please contact our Privacy Officer at the following address:

Privacy Officer

For general questions about this web platform, you can also write to us via the ticket desk:

You may also write to us at the following address:

Fondation de l’INRS
385, rue Sherbrooke Est
Montréal (Québec)  H2X 1E3

Our Privacy Officer is responsible for responding to requests for access or rectification, information and any complaints you may have regarding our practices with respect to your personal data.

For more information about the Foundation’s policy on the management and protection of personal information, please consult the Publications section of this site.