You can view the official version of Quebec’s Law 25 here.
Termly makes updates to the policy generators to reflect changes in data privacy laws that may impact our users. When an update occurs, we send Termly users an email with information about the changes. It is your responsibility to implement the appropriate updates as needed in your Termly Dashboard.
Section 1: Quebec’s Law 25
1.1 Key changes
On September 22, 2023, additional requirements outlined by Quebec’s Law 25 come into effect.
Quebec’s Law 25 applies to businesses that process the personal information of residents in Quebec, whether the business is based in Quebec or not.
If your business falls under this law, the key changes to be aware of include:
Provide transparency and an opt-in mechanism for cookies and other tracking technologies.
Implement a framework for the governance of personal information, including
(1) The keeping and destruction of the information;
(2) Define roles and responsibilities of the members of its personnel throughout the life cycle of the information;
(3) Provide a process for dealing with complaints regarding the protection of the information.
Conduct a Privacy Impact Assessment (PIA) for any project to acquire, develop, or overhaul an information system or electronic service delivery system involving collecting, using, communicating, keeping, or destroying personal information.
Set out contractual agreements for communicating personal information to third parties.
Respond to requests for the right to access, correct, or erase personal information, de-index any hyperlink attached to a person’s name, and not be subject to automated decision-making.
Anonymize or destroy personal information once its collection purpose has been achieved.
If you want your policy to be compliant with Quebec’s Law 25, log into your Termly Dashboard and follow these steps in the generator.
First, select Yes for the question, “Do you have users in Canada?”
See an example in the screenshot below.
Next, assign a Data Protection Officer if you have not already done so.
See a sample of this question in the screenshot below.
Next, provide a service for your customers to submit data privacy requests, including to access, correct, and delete their personal information.
See an example of this question in the screenshot below.
Finally, click PUBLISH to update your policy.