Herencia - Logo black
Réserver

Compliance with Quebec Law 25

Compliance with Quebec Law 25 – Protection of Personal Data

Last updated: 14/03/2025

1. Introduction

At Herencia, we are committed to complying with Quebec’s Law 25, which regulates the protection of personal data in the private sector. This policy describes how we collect, protect, and process the personal data of our customers and visitors.

2. Data Protection Officer (DPO)

In accordance with Law 25, we have designated a Data Protection Officer (DPO), who is responsible for ensuring compliance with this regulation.

Officer: Leonardo Ricardo Silverstein Pacheco

3. Personal Data Collected

We collect and process only the personal information strictly necessary to manage our services, including:

  • Email address: Only from users who voluntarily subscribe to our newsletter.

  • Name, email address, and/or phone number: Only when the user makes a reservation on our website.

4. Purpose of Data Processing

The collected information is used exclusively for:

  • Reservation Management: Confirmations, modifications, or communications related to reservations.

  • Marketing Communications: Only for users who have given explicit consent.

  • Service Improvement: Analysis of interactions to optimize the user experience on our website.

We do not use personal data for any other purposes without the user’s explicit consent.

5. Privacy Impact Assessment (PIA)

When we implement new technologies or systems that process personal data, Herencia is committed to conducting a Privacy Impact Assessment (PIA) to ensure data security and compliance with Law 25.

6. Data Security and Protection

We have implemented appropriate security measures to protect personal information from unauthorized access, loss, or improper disclosure.

  • Restricted access: Only authorized personnel can access personal data.

  • Data encryption: We apply security protocols to protect stored information.

  • Risk assessments: We regularly review our security practices to comply with Law 25.

  • Incident log: We maintain a documented record of any security incidents that may affect user privacy.

7. Consent and User Rights

Consent

Users must provide explicit consent for Herencia to collect and use their personal data. This consent will be requested through a clear notice on the website, informing them of the intended data use.

User Rights

Under Law 25, users have the following rights regarding their personal information:

  • Access their personal data and obtain information about its use.

  • Correct inaccurate or incomplete information.

  • Withdraw consent for the use of their data at any time.

  • Request the deletion of their personal data.

To exercise these rights, users can contact us via [contact email].

8. Confidentiality Incident Notification

In the event of a security breach that could cause serious harm to users, Herencia will immediately notify the Commission d’Accès à l’Information (CAI) and the affected individuals, as required by Law 25.

Additionally, an internal process will be implemented to document and mitigate the effects of any security incident.

9. Data Transfers Outside Quebec

If, at any point, user personal data needs to be transferred outside Quebec, Herencia is committed to conducting a prior assessment to ensure that the receiving jurisdiction provides an adequate level of data protection, in accordance with Law 25.

If we work with external service providers (such as MailerLite or others), we will ensure that they comply with applicable privacy regulations.

10. Changes to This Policy

We may update this policy at any time to reflect changes in our practices or applicable legislation. We recommend reviewing this page periodically.

📍 Herencia – Latin Restaurant in Montreal
📍 3925-2 Montée Saint-Hubert, Longueuil, Québec, Canada
📞 +1 (514) 518-2008

If you have any questions about this policy or compliance with Law 25, please contact us.