(Please note that this document is available in French only, in PDF format.)
The Web site of the Commission administrative des régimes de retraite et d’assurances (CARRA) provides information to the Internet users who wish to learn about the organization, the services it provides and the pension plans under its administration. CARRA also makes available to its clients several corporate publications, forms and e-mail boxes for easy contact.
Since consulting and using CARRA’s Web site involves voluntary or incidental transmission of various information between a user and the organization, we wish to publish the security measures we apply to ensure the protection of the information that is collected or disclosed through our Web site and the measures related to its use, disclosure, conservation and destruction.
This administrative policy aims at informing our clients about the types of information we collect through our Web site and how it is used, as well as the security measures that were implemented to ensure the protection of personal information.
Regulation respecting the distribution of information and the protection of personal information D. 408-2008 R.S.Q., c. A-2.1 c. A-2.1, r.0.2;
An Act to establish a legal framework for information technology , R.S.Q., c. C-1.1.
This administrative policy applies to the information obtained by CARRA through its Web site and it concerns any activity involving handling or using that information.
It applies to all CARRA’s personnel as well as any person who can access information covered by the administrative policy.
The source of most of the following definitions is the Grand dictionnaire terminologique of the Office québécois de la langue française.
A number made of four numbers separated by dots that provides a unique address to a computer connected to the Web and allows to locate it.
Part of an Internet name that specifically identifies the Web site of a given organization.
A small piece of information sent by a Web server to a Web browser to be read back from that browser, and that can be recovered by the server in subsequent log ins.
A cookie that is present during a browsing session but that will be deleted at log out. Session cookies are not stocked on the user’s hard disk.
A cookie that is placed in a file of the user’s computer by the browser and that can be recovered by CARRA’s server at a subsequent log in.
However, the section entitled "Services to Partners" is secured and complies with the securing of electronic services and the security protocol as described below.
The section entitled "Services to Partners" provides targeted clients with secured electronic services using an encryption method that guarantees the privacy of their personal information. These services are accessible only with a user code and a password.
When you use our on-line services, we must verify your identity by asking you certain elements of personal information (ex.: name, contact information, file number or identifier). We need them to:
The section entitled "Services to Partners" uses state-of-the-art technologies and material to ensure the security of transactional pages and to preserve the confidentiality of the data exchanged.
The security protocol that is used, SSL (Secure Socket Layers), allows to transform the information you enter into encrypted data (128-bit encryption) and to verify the identities of the parties (user and site) that are contacting each other via Internet.
Usually, secured pages are identified by a pictogram (a padlock) at the bottom of the screen. That pictogram ensures that the transmission of the user’s data is encrypted.
CARRA doesn’t place any persistent cookie on the hard disk of a visitor’s machine. However, it may temporarily place session cookies to facilitate browsing or allow the visitor to keep certain display parameters for all the duration of the visit, for example. Those cookies are automatically deleted at log out.
You can always deactivate the cookie acceptance function with your browser’s options. However, this could prevent you from accessing certain on-line services or advanced functionalities.
As soon as you access the site www.carra.gouv.qc.ca, information is automatically exchanged between your computer and the server of CARRA’s Web site, without your intervention. However, you cannot be identified personally (ex.: name, telephone, address) with that information.
It is gathered solely for the technological requirements of using the Internet and for statistical purposes and includes:
Collecting that information is required so that the server may send you a file that is compatible with the material you use.
CARRA keeps the information it needs to obtain statistics concerning the number of visitors to its site, the pages most frequently accessed, the technology used, referring sites and the country of origin of its visitors. The information is never used to make a list of users.
CARRA’s site does not collect personal information without the visitor’s consent.
The transmission of personal information by e-mail is not secured. This is why CARRA recommends that you don’t provide personal information, such as your social insurance number, by e-mail since it cannot guarantee confidentiality outside the organization. CARRA does the same by not replying by e-mail to questions involving personal information or confidential data.
For the same reasons, you cannot send a completed form via the Internet site of CARRA. Moreover, a form must be signed by the person who is claiming a benefit or a service from CARRA.
E-mails are processed by CARRA with the same measures of confidentiality as regular mail. Nevertheless, if a visitor sends personal information by e-mail, CARRA will conclude that the visitor has given his consent. However:
Our site provides links to the sites of certain Québec government bodies, the federal government and a few private organizations.
When you click on those links, the sites you access open in a new window. Please note that the information exchanged automatically between your computer and the server of the new site is not subject to CARRA’s policy on privacy, but to the policy of the new site you access.
Roles and responsibilities are distributed as follows:
President and chief executive officer
Person in charge of the security of information
The Director of Legal Affairs and Person in charge of the Act respecting Access to documents held by public bodies and the Protection of personal information. In this capacity, this person is also responsible for compliance with the rules set out in this policy on privacy.
A complaint related to the non-compliance with this administrative policy may be filed to the following address:
Responsable de l’accès aux documents
et de la protection des renseignements personnels
Commission administrative des régimes de retraite et d’assurances
475, rue Saint-Amable
Québec (Québec) G1R 5X3
Person in charge of the security of information: review this administrative policy when needed.
Present an annual summary of complaints to the management committee.