The Charter of the French language and its regulations govern the consultation of English-language content

Flocon vert small No snow removal in progress

PRIVACY POLICY

The Agence de mobilité durable de Montréal (hereafter the “Agence”) is committed to the protection of personal information. This Privacy Policy (hereafter the “Policy”) describes the current practices of the Agence relating to the collection, use, disclosure and retention of personal information that the Agence collects from stakeholders through its applications or website (hereafter the “Website”) or any other service, feature, tool or service delivery method developed by the Agence, collectively referred to as the “Services”. The Policy also informs stakeholders of their rights in relation to the personal information they entrust to the Agence.

1. To whom does this Policy apply?

This Policy applies to any person who accesses or uses the Services, who submits an unsolicited application on the Website or who communicates or interacts with the Agence in any other way, regardless of the means used.

By accessing or using the Services or providing their personal information to the Agence, stakeholders consent to its collection, use, disclosure and retention in accordance with this Policy. In some cases, consent may be implied, meaning authorization is presumed on the basis of the stakeholder’s action or inaction when personal information is collected. A stakeholder who does not agree with this Policy must refrain from using the Services of the Agence. The collection of personal information in accordance with this Policy may be required for the Agence to provide the requested Services; therefore, the Agence may not be able to offer these Services if the stakeholder decides not to disclose personal information to the Agence.

2. Collection of personal information

The expression “personal information” means any information that concerns a natural person and makes it possible, separately or in combination with other information, to identify that person. It may include the person’s name, contact details and email address, credit card information, telephone number and transaction history. Information that is anonymized and cannot be associated with a natural person is not considered personal information if, at all times, it is reasonable to foresee that, in the circumstances, such information no longer makes it possible, in an irreversible manner, to identify the person, whether directly or indirectly.

The Agence collects personal information that the stakeholder provides directly to it in the following situations:

  • When the stakeholder creates and uses an account on the mobile application of the Agence, it collects the stakeholder’s full name, telephone number, email address and payment data as well as transaction data, which are stored in a personalized format;
  • When the stakeholder fills out a form to obtain a permit to use an off-street parking space;
  • When the stakeholder sends the Agence a request for information relating to any product, service or activity of the Agence or when the stakeholder files a complaint or replies to any survey that the Agence may send from time to time, the Agence collects the stakeholder’s name and contact details; and
  •  When the stakeholder applies for a job with the Agence, it collects the stakeholder’s name and other information contained in the application.

The Agence also collects certain technical data when the stakeholder uses its Services, including browsing history, device’s IP address, browser type, search engine used and, for some Services, transaction history and geographic location. The Agence considers such data to be personal information if they allow the stakeholder to be identified.

3. Use of personal information

The Agence uses personal information for the following or other purposes with the stakeholder’s consent or as permitted or required by law:

  • To offer the Services and to process payment transactions related to the Services,
  • To respond to and to follow up on requests regarding the Services, questions or comments sent to it by the stakeholder;
  • To personalize and to improve the stakeholder’s experience with respect to the Services, in particular by developing new features and components;
  • To communicate with the stakeholder concerning new products and services or invitations to participate in surveys and market research;
  • To manage promotions and contests;
  • To assess the application of a stakeholder who applies for a job with the Agence; and
  • To prevent and to detect fraud and to improve the security measures of the Agence.

The stakeholder can unsubscribe from the commercial electronic messages sent by the Agence at any time by following the process described in the message received or by contacting customer service. The stakeholder may have to specify which email address is to be unsubscribed. In all cases, the Agence undertakes to process the unsubscribe request within a maximum of 10 business days.

The stakeholder may also withdraw consent to the use of personal information by the Agence for certain purposes, subject to legal or contractual restrictions. To do so, please contact the Agence at the address at the end of the Policy.

4. Disclosure of personal information

The Agence does not share personal information with third parties except in the following limited circumstances or otherwise with the stakeholder’s consent or as permitted or required by law:

  • The Agence may share certain personal information with service providers, consultants and other subcontractors who assist the Agence in carrying out mandates. Such third parties include suppliers of services for messaging (postal and electronic), payment processing, mobile applications, market research, business intelligence and data hosting.
  • The Agence may share personal information with public or government bodies that are authorized by law to obtain such information, or when the Agence has reasonable grounds to believe that such information may be useful in the context of an investigation relating to illegal activity, or to comply with a subpoena, an arrest warrant or an order from a court, a person or a competent body requiring the production of information, or to comply with the rules of a court regarding the production of records or information, or to protect the rights and property of the Agence.
  • The Agence may share personal information when necessary for the purposes of evaluating or entering into a business transaction, including the sale or transfer of assets, merger, restructuring, dissolution or a similar transaction, with the other party to the transaction in accordance with applicable legal requirements.

The Agence ensures the storage of personal information in Quebec or, when that is not possible, in Canada. However, information transferred, stored, accessed or used by service providers may be outside Canada (particularly in Europe and the United States) and may, therefore, be subject to the laws of those countries, including any law allowing government authorities to access it. Before disclosing any personal information to a third party, the Agence requires, through a contract, that such third party take the necessary measures to reasonably protect the information, in accordance with the privacy practices detailed below.

5. Cookies and similar technologies

The Agence uses cookies to collect certain technical information when the stakeholder visits the Website. Such information does not directly identify the stakeholder and is used to improve the content of the Website and to facilitate access to it. It may be stored on the servers of service providers outside Quebec and may, therefore, be subject to the laws of such countries, including any laws allowing government authorities to access it. The Agence uses Google Analytics, which allows it to see information about user activities, including pages viewed, source and time spent on the Website. The information is de-identified and displayed as numbers, which means it cannot be used to identify the user. The stakeholder can deactivate the use of Google Analytics by visiting the Google Analytics opt-out page.

6. Retention of personal information

The Agence strives to ensure that the personal information it holds remains reliable, accurate, complete and up-to-date and to protect the confidentiality and security of its databases. The Agence retains personal information only for the period reasonably necessary to fulfill the purposes identified in this Policy or any other purposes referred to during collection, or as permitted or required by applicable law. Personal information that is no longer necessary for the stated purposes is destroyed or anonymized in accordance with applicable law, so that it can no longer identify the stakeholder, directly or indirectly.

Only the employees of the Agence and, where applicable, those of its suppliers, who need access to stakeholders’ personal information in the course of their duties, may access such personal information. The Agence ensures that those who need access to stakeholders’ personal information have been trained to handle such information appropriately and in accordance with its security protocols and strict confidentiality standards. The Agence is committed to using commercially reasonable efforts to prevent the loss, misuse, unauthorized disclosure, modification or destruction of personal information.

7. Privacy measures

The Agence has adopted governance rules regarding personal information to ensure the protection of such information throughout its lifecycle. Depending on the volume and sensitivity of the information, the purposes for which it is used and the format in which it is retained, the Agence implements a combination of privacy measures, including the following:

  • The establishment of a committee on access to information and privacy protection and the designation of a Privacy Officer who ensures that the Agence complies with applicable laws regarding the protection of personal information;
  • Internal policies and procedures that define the roles and responsibilities of employees throughout the information lifecycle and ensure that only employees who need to see such information in the context of their duties have access to it;
  • Training and awareness activities for employees regarding privacy protection and information security;
  • High-level security measures to protect the personal information the Agence holds against loss or unauthorized use, including through network address translation, compliance with card industry data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS), and password protection;
  • A process for processing complaints and requests from individuals regarding the processing of personal information by the Agence;
  • Specific protection measures when personal information is collected or used in surveys;
  • A process by which the Agence strives to protect personal information disclosed or retained by third parties under contractual agreements by requiring such third parties to adhere to privacy protection and security methods and to implement mechanisms that are, at the very least, equivalent to those the Agence uses. For example, the Agence generally requires its service providers to limit their use and retention of personal information to what is necessary to provide their services and to notify the Agence in the event of a violation or attempted violation of any obligation relating to the confidentiality of information communicated. The Agence also tries to monitor and to verify their compliance with these requirements in various ways.

8. Access to personal information and rectification

Stakeholders may request access to their personal information and its rectification, modification or deletion. They can also obtain more information about how the Agence collects, uses and discloses their personal information, subject to the limits prescribed by law. Stakeholders can write to the Privacy Officer to make a request at This email address is being protected from spambots. You need JavaScript enabled to view it. 

When the Agence receives such a written request, it will disclose to the stakeholder the personal information the Agence holds concerning the stakeholder, unless legal restrictions apply. The Agence will also rectify, modify and delete any personal information if it is inaccurate, incomplete or ambiguous or if its collection, disclosure or retention is not authorized by law, and it will notify any third party of the necessary modifications, unless such statutory exceptions do not apply.

9. Hyperlinks to other services

The Services may include hyperlinks to websites that are not operated or overseen by the Agence. This Policy does not apply to personal information collected on such websites, and the Agence urges stakeholders to review any privacy policy posted on a site they visit before using the website or providing their personal information.

Please note that this Policy does not cover personal information collected by the device (or its manufacturer) on which the stakeholder installed the service.

10. Modification of the Privacy Policy

This Policy is accessible through the Services, among other means. The Agence may make changes or additions to the Policy at any time; therefore, the Agence encourages the stakeholder to review it periodically. If changes are made to the Policy, the Agence will notify the stakeholder by changing the effective date above. If the Agence makes material changes, the stakeholder will receive a notice in accordance with applicable laws.

11. Contact the Agence

Stakeholders can contact the Privacy Officer to exercise their rights and to inform the Agence of their concerns, questions or comments regarding its practices for processing personal information at: This email address is being protected from spambots. You need JavaScript enabled to view it. 

In the event of inconsistency, the French version of this policy shall take precedence over any other version.

Version history: October 10, 2024, August 31, 2023, June 26, 2020, October 4, 2019