We only collect and hold personal information that is needed to carry out our mission and to exercise our powers or perform our duties or functions, including for administrative purposes, whether such information is collected through technological or other means.

Such information is categorized as follows:

• Identifying and identity confirming information
• Health information
• Financial information
• Academic and training information
• Information relating to social or family status
• Work-related information

The type of personal information collected from you depends on the service provided or the activity for which the information is needed.

We ensure that the personal information kept is accurate, complete, secure and up to date.

We also ensure its integrity and, unless the Act respecting Access to documents held by public bodies and the Protection of personal information This link will open in a new window, the Act respecting the regulation of the financial sector This link will open in a new window, the laws administered by the AMF or another applicable statute confers a public character upon it, its confidentiality.

The collection of personal information enables us to communicate with you, assist you and provide services to you. It also enables us to comply with our legal obligations and ensure the smooth administrative functioning of our organization, particularly in managing its human resources.

We can only use personal information for the purposes for which it was collected, all of which relate to the AMF's mission.

Accordingly, personal information is collected by the AMF to:

• provide assistance to consumers of financial products and services, in particular by setting up consumer-oriented educational programs on financial products and services, processing complaints filed by consumers and giving consumers access to dispute-resolution services;
• ensure that the financial institutions and other regulated entities of the financial sector comply with the solvency standards applicable to them as well as with the obligations imposed on them by law with a view to protecting the interests of consumers of financial products and services, and take any measure provided by law for those purposes;
• supervise the activities connected with the distribution of financial products and services, administer the rules governing eligibility for and the carrying on of those activities, and take any measure provided by law for those purposes;
• supervise stock market and clearing house activities and monitor the securities market, in particular, by administering the controls provided by law as regards access to the public capital market, ensuring that the issuers and other practitioners involved in the financial sector comply with the obligations imposed on them by law and taking any measure provided by law for those purposes;
• supervise derivatives markets, including derivatives exchanges and clearing houses and ensure that regulated entities and other derivatives market practitioners comply with the obligations imposed by law; and
• see to the implementation of protection and compensation programs for consumers of financial products and services and administer the compensation funds set up by law.

We may not use your personal information for purposes other than those for which it was collected, unless you give your consent or in exceptional situations provided for by law.

We ensure that your consent, when required, is clear, free and informed and given for specific purposes. We use your personal information only for the purposes for which your consent is given.

When you provide personal information, you consent to its use and release for the purposes for which it was collected by the AMF.

AMF staff and other persons referred to in the Policy may have access to personal information only if the information is needed for the performance of their functions and mandates. Physical and electronic access rights are managed accordingly.

Your personal information may not be circulated internally among staff from our different administrative units or be otherwise accessible without your consent except where the information is needed for the performance of the functions of the staff member who has access to it.

Cookies

Cookies are small text files saved to a computer or mobile device. They contain information about the web browser used by visitors to a website or mobile app and the pages visited. Cookies can be enabled or disabled at any time from the visitor's web browser.

Cookies are used to ensure the smooth functioning of our website, improve its performance and propose relevant, targeted content.

For more information on this topic, refer to the Cookies section of the AMF’s website where you can manage them according to your preferences.

Social media

We are required to maintain the confidentiality of the information that is sent to us over our various platforms and the instant messaging services they offer. When that information contains personal information, we treat it the same way and protect its confidentiality and integrity using the same protective measures as we would were the information collected through official channels of communication.

Telephone, e-mail, fax, electronic form, videoconferencing and chat messaging

We may collect your personal information by telephone, e-mail or fax, or through a secure electronic form on our website (general request for information form, complaint, etc.).

If you are a current or future industry professional, we may also collect your personal information when you perform various transactions with the AMF via AMF E-Services ("E-Services").

Your personal information may also be collected by the AMF via videoconferencing and various chat messaging features.

The AMF may also collect your personal information on the websites of its Canadian Securities Administrators (“CSA”) partners, namely the National Registration Database (“NRD”)), the System for Electronic Documents Analysis and Retrieval (“SEDAR+”), the System for Electronic Disclosure by Insiders (“SEDI”), and the website of the Groupement des assureurs automobiles (“GAA”), among others, when you visit those websites in connection with your professional activities and your relationship with the AMF.

The information collected may include:

• your name
• your e-mail address
• your mailing address
• your telephone number
• your driver’s licence number
• your profile data
• your account settings or payment information (by electronic fund transfer or pre-authorized debit)

Your credit card payment information is not kept by the AMF or its partners but rather by accredited payment providers that adhere to the Payment Card Industry Data Security Standard of the PCI Security Standards Council.

We treat your electronic messages with the same concern for confidentiality as your mail. However, the AMF does not encourage exchanging your personal information over e-mail or chat messaging unless the channel is sufficiently secure.

The AMF may record telephone calls or videoconference meetings to ensure service quality.

During on-line training, exams or tests, the camera or microphone on your computer may need to be activated to ensure process transparency and integrity. In such a situation, this is disclosed to you beforehand so you can give your consent. Subject to the exceptions provided by law, your image or voice is consequently not recorded without your presumed or explicit consent, as the case may be, during your interactions with the AMF.

Personal information that you send by telephone, videoconferencing or e-mail or when completing a secure electronic form on the AMF’s website is used only to the extent that the information is needed to follow up on your message or request.

If you subscribe to the AMF’s E-mail Info or any other electronic media available on the AMF website, you must provide your e-mail address. Your address is used solely to send regular information e-mails on the activities of the AMF or its partners. You may unsubscribe from them at any time.

Survey

The AMF may conduct a survey, after examining the need for and ethical aspect of it, on elements such as the quality of its services in order to more clearly identify public, industry or staff expectations.

All AMF surveys are optional and anonymous. If you choose to answer the survey, you do not have to provide any sensitive personal information that would allow you to be identified.

Your survey answers are personal information, however, as they reveal your opinion. Our survey forms are therefore secure, and the collected data, whether stored on servers inside or outside Québec, is treated confidentially by enabling the “anonymous response” function in the survey settings. This makes it impossible to link you to your answers.

When the AMF administers a survey through an external service provider, it ensures that the provider applies appropriate protective measures to the personal information collected so that your information remains confidential.

Video-surveillance and other monitoring measures

We use video-surveillance as a preventative measure to ensure visitor and staff safety and keep our premises secure.

Signs indicating the presence of video-surveillance cameras are posted in relevant areas, including the reception areas of the AMF's offices in Québec City and Montréal and the exam room waiting area.

We safeguard the captured images, as they constitute personal information enabling the recognition of individuals captured on film.

Likewise, in order to ensure the sound management of our resources and the protection and security of information, we may carry out monitoring actions via certain work tools and through security-related measures. These monitoring actions are controlled and carried out in accordance with parameters set by the applicable law and our organization’s policies and directives.

Your consent to the collection of your personal information and its use and release for the purposes for which the information was collected is implicit when you provide your personal information initially when communicating with us in writing, verbally, or otherwise.

You may refuse the collection, use and release of your personal information by the AMF at any time. You may also withdraw consent at any time even when consent is presumed.

In any case, you may refuse or withdraw your consent, verbally or in writing, when the information is collected or after it is collected by contacting the Corporate Secretariat and Legal Affairs branch by e-mail at [email protected].

We may refuse to provide you with a service or reply to your request if you refuse or withdraw your consent to the collection, use or release of your personal information when the information is necessary in order to provide the service or reply to your request.

Even where consent is withdrawn, we may, depending on the circumstances and where necessary, preserve the personal information collected from you in accordance with the AMF’s retention schedule approved by the Bibliothèque et Archives nationales du Québec (“Retention Schedule”) for the purposes of communicating with you and ensuring the traceability of your interactions with the AMF.

We may not release your personal information to a third person without your consent except in the situations set out in the Act respecting Access to documents held by public bodies and the Protection of personal information This link will open in a new window, the Act respecting the regulation of the financial sector This link will open in a new window or the sector-based statutes administered by the AMF.

Moreover, staff may release or allow the release of information only if they are authorized to do so by the AMF and if the legal and normative framework permits it based on the nature of the information concerned.

When your personal information is shared externally, we ensure that it is communicated through secure channels (courier services, e-mail or information sharing platforms). We also ensure that your released personal information is appropriately protected by the third persons receiving it.

When your personal information is released outside Québec, the AMF ensures that the information receives protection equivalent to what is afforded in Québec.

The protection of your personal information is a priority for us. We protect both physical and technological access to the information.

The AMF's information security governance draws from the government directive regarding information security This link will open in a new window (in French only) and is intended to meet the expectations set out in the AMF’s Guideline on Information and Communications Technology Risk Management.

Use of AMF E-Services (“E-Services”) requires your authentication through either the Québec government’s digital solution or a recognized third-party authentication platform in order to guarantee secure access and ensure the protection of your personal information that is shared via such services.

Registration for the government’s authentication service requires that you provide personal information, including:

• your social insurance number
• your date of birth
• the number on your most recent notice of assessment

Such authentication helps ensure that your information is exchanged with us in a secure manner.

Prevention: We anticipate and assess major risks that could occur with respect to the protection of personal information in order to prevent, in accordance with best practices, risks or incidents that could affect the confidentiality or integrity of the information we hold.

Protection: We take such security measures as are necessary to ensure the protection of the personal information created, collected, used, communicated and kept and as are reasonable given the sensitivity of the information, the purposes for which it is to be used, the quantity and distribution of the information and the medium on which it is stored, up to the time the information is destroyed in accordance with the AMF's Retention Schedule.

When the purposes for which your personal information was collected or used have been achieved, we may, instead of destroying the information, anonymize it so it may be used for public interest purposes, subject to the Archives Act This link will open in a new window. Anonymization is irreversible, making it no longer reasonably possible for you to be directly or indirectly identified.

We have adopted a process for managing security incidents, including confidentiality incidents, to ensure that they are handled appropriately, security loopholes are closed if necessary, and any potential damage is mitigated. In cases of incidents involving a serious risk of harm to yourself, we ensure that both you and the Commission d’accès à l’information du Québec are notified in a timely manner and in accordance with the applicable legal framework.

To provide AMF staff with a common understanding of the scope of and obligations under the governance rules regarding personal information, we post the relevant policies, management frameworks, directives, guides and procedures on our intranet, together with related internal communications campaigns.

We also offer training and awareness activities to staff, at the beginning of their employment and on a regular basis thereafter.

We publish timely reminders to empower staff to learn more about the right of privacy, develop good practices for identifying information security threats, including cybersecurity threats in the context of remote work, and adopt behaviours necessary for the protection of the personal information they hold in connection with their functions.

In addition, AMF staff are required to renew an annual undertaking to comply with the applicable code of ethics and professional conduct, which sets obligations with respect to confidentiality.

In its annual management report, the AMF reports on the training and awareness activities it offers in the areas of information security and the protection of personal information.

You may refuse the collection, use and release of your personal information by the AMF. You may also withdraw your consent at any time.

You may refuse or withdraw your consent, verbally or in writing, when the information is collected or after it is collected by contacting the Corporate Secretariat and Legal Affairs branch by e-mail at [email protected].

Note that the AMF may refuse to provide a service to, or reply to a request of, a person who refuses or withdraws their consent to the collection, use or release of personal information when the information is necessary in order to provide the service or reply to the request.

You have access to personal information concerning you and may, if such information is inaccurate, incomplete or equivocal, or if collecting, communicating or keeping it are not authorized by law, request that the information be corrected.

Such requests must be sent to the person in charge of access to documents and the protection of personal information at:

Benoit Longtin, Assistant Corporate Secretary
A/S Gestion de l’information
Autorité des marchés financiers
800, rue du Square-Victoria, bureau 2200
Montréal (Québec) H3C 0B4
Telephone: 1 877 525-0337
Fax: 514 873-3090
E-mail: [email protected]

However, the AMF may restrict or refuse access to a document or information that it holds, particularly if it is required to do so by law.

Complaints relating to non-compliance with this Policy or other AMF governance rules with respect to the protection of personal information may be sent by e-mail to [email protected] or by mail to:

Direction générale du secrétariat et des affaires juridiques
Autorité des marchés financiers
800, rue du Square-Victoria, bureau 2200
Montréal (Québec)  H3C 0B4

We ensure that every complaint received is handled in a confidential manner.