Privacy Policy

Policy on the protection of the personal information of Aéroports de Montréal customers

1. PURPOSE AND SCOPE

This Privacy Policy applies to the personal information we collect about you when you communicate with ADM through our website, in person at YUL Montréal–Trudeau International Airport, or through any other interaction you may have with us.

Respect for privacy is important for Aéroports de Montréal (“ADM”). This Policy on the protection of the personal information of ADM’s customers (the “Policy”) is designed to comply with Canadian privacy laws and is intended to describe the practices followed by ADM with respect to the collection, use, management and disclosure of personal information concerning ADM’s customers. This Policy applies to personal information collected through our website at www.admtl.com (“website”), as well as in person at YUL Montréal–Trudeau International Airport.

If you are located in the European Economic Area or in Switzerland, please refer to the Additional Terms for Customers Located in the European Economic Area and Switzerland that apply to you in addition to the provisions of this Policy.

The Policy applies to personal information held by, or under the control of, ADM, including information disclosed to third parties for storage or processing purposes. However, the Policy does not apply to personal information that relates to employees of ADM, for whom a separate policy has been adopted.

2. DEFINITIONS

The following terms should be understood in the broad sense. “Personal information” includes all information about an identifiable individual. Information that is grouped together or made anonymous is not considered personal information.

«Personal information»: Information about a natural person that makes it possible, directly or indirectly, to identify that person, regardless of the nature of the media on which it is held and the form in which it may be accessed. Information about a legal person such as a company or corporation is not personal information. Personal information that is anonymized and/or aggregated and cannot be associated with an identifiable individual is not considered personal information.

«Customer»: A person who uses or requests the use of ADM products, services or facilities, including our website and any other communication or information-exchange applications or platforms.

«Third party»: A natural or legal person other than ADM, its employees or its customers.

3. DATA PROTECTION OFFICER

ADM's Vice President, Legal Affairs and Corporate Secretary, as Data Protection Officer, is responsible for ensuring compliance with and implementation of this policy and the rights and obligations under applicable law.

The Data Protection Officer’s contact information is as follows:
800 Leigh-Capreol Place
Suite 1000
Dorval, Quebec H4Y 0A5
Email: privacy@admtl.com

4. COLLECTION OF PERSONAL INFORMATION

We usually collect personal information directly from you, for example when you visit our facilities or use our services, our website or our Wi-Fi network. We may also automatically collect personal information about you when you visit us in person or via our website. Whenever possible, we use anonymized and/or aggregated information.

The information you provide to us directly: In most circumstances, ADM collects personal information from you when you visit our facilities or use our services, our website and/or our Wi-Fi network. You will therefore know when we collect this information. Specifically, we may collect personal information from you in the following situations:

  • We may collect information about your identity, such as your first and last name, home address, phone number, and e-mail address, when you ask us for information, or contact us in person or through our website (for example, when you book a parking space), when you subscribe to our newsletter, when you use our website or our Wi-Fi network.
     
  • We may collect financial information about you and your purchases, such as the payment method used and the value of the goods and services purchased, for example when you use our parking lots.
     
  • We may collect information about you when you create an account in the Careers section of our website and submit your application to ADM.

Information collected automatically: In some cases, we may automatically collect information that does not necessarily identify you as an individual; for example, we may collect the following types of information:

  • Video surveillance. ADM uses video surveillance and recording systems within its facilities. These systems are necessary to ensure the security and protection of customers, employees and third parties, to prevent theft or loss, and for investigation purposes following an incident or an accident on site, and are intended to be reasonable, in particular in view of the nature of the activities carried out by ADM. This collection is subject to applicable privacy laws, and the information collected may be disclosed in limited circumstances, as described in the Sharing of Personal Information section of this Policy.
     
  • Browser, device and technical information: When you visit or use our website and/or use our Wi-Fi network, we may collect technical information electronically (for example, through cookies). This information may include details about your visit or use, including the IP address of your device or computer, and the browser you used to access our website or Wi-Fi network, your operating system, screen resolution, location, browser language settings, site visited right before, searched keywords (if you used a search engine), the number of pages viewed as well the information you have entered and the advertisements you have seen. We may also collect information about your gender, age group and interests, but such information is always aggregated and not associated with any particular identifiable individual. For information about how to limit the type of information we collect, use or disclose about you when you visit and/or use our website or our Wi-Fi network, please see the Right to Withdraw Your Consent section of this Policy.
     
  • Google Analytics: We use Google Analytics, which allows us to view information about users’ online activities, including, without limitation, the pages viewed, the source and the time spent on our website. This information is de-identified and displayed as figures, which means that it is not possible to trace them back to specific individuals. You can opt out of Google Analytics by going to the Google Analytics opt-out web page.
     
  • Google AdWords: We use the Google AdWords remarketing tag to promote ADM on the Internet and place ads on third-party websites (including Google) for people who have already visited our website. The Google AdWords remarketing tag will display ads based on the parts of our website that you have visited by installing a cookie on your browser. This may mean that we advertise to former visitors who did not perform any action on our website or it may be in the form of an advertisement on the Google search results page or on a website that is part of the Google Display Network. This cookie does not make it possible to identify you or access your computer or mobile device.
     
    The cookie is only used to tell other websites which page you have visited on our website, so that they show you ads related to that page. If you do not want to participate in our Google AdWords remarketing campaign, you can opt out of ad customization by changing Google’s ad settings.
     
  • Geolocation data:  When you use our Wi-Fi network, we may collect location data.
     
  • Traffic and device count: We may use cameras and other technologies in our facilities to conduct anonymous video analytics and anonymous traffic analyses. These practices allow us to track the number of people at a specific location and estimate certain demographic data, such as gender and age, but do not allow us to identify or store photos or videos of individuals. We may also track devices that have accessed our Wi-Fi network on an anonymous basis for similar purposes. We may use statistical data about traffic at our facilities to help us manage these premises, and we may share this statistical information with our business partners, including advertisers.
     
  • Social networks: If you sign into our Wi-Fi network using a social media account such as Facebook, LinkedIn or Twitter, we will collect information you have added to your profile on that network, and which is available to us by default. We may also collect personal information about you following your use of the social networks in which you participate (“social media channels”), but always in accordance with applicable privacy laws. You may also choose to use a third-party application or feature (for example, one of our Facebook or Twitter applications or a similar application or feature on a third-party website) through which you authorize us to collect (or you authorize the third party to disclose to us) information about you (including personal information), such as details about your friends/connections, “likes,” comments you have shared, groups and locations. In addition, we may receive information about you (including your personal information) if other users of a third-party website give us access to their profile and you are one of their friends/connections, or information about you is otherwise available through your friend/connection’s webpage, profile page or similar page on a social-media channel or other third-party website or interactive service. We may supplement the information we collect directly from you with the information we receive from third parties to better serve you, tailor our content to your needs and send you details of promotions and/or offers that we believe may be of interest to you, but always in accordance with applicable privacy laws.
     
  • Vehicle information: If you park your vehicle on one of our installations, we may collect information about your vehicle for the purposes of managing our parking facilities, providing parking services to you, and enforcing our parking regulations.

Information collected from third parties: ADM may also collect personal information about you from third parties with your consent, such as from airlines, or without your consent if permitted by law; for example, when the collection of information is clearly in your interest and your consent cannot be obtained in a timely manner. For example, we may collect information about your trips, such as your departure and arrival dates, your destination, your flight number, your ticket class and the airline used. Whenever possible, instead of using personal information, we will use anonymized and/or aggregated information so that it does not identify you, and we will use it for the purposes described above or for any other legal purpose.

5. USE OF YOUR PERSONAL INFORMATION

We may use your personal information to provide our products and services, for our own internal purposes as well as for marketing and advertising purposes, but in the latter case, subject to your Right to Withdraw Your Consent under this Policy. We also use your personal information to ensure the safety and security of our facilities and to establish your identity.

ADM collects and uses only personal information that is necessary for the following purposes:

  • To provide the products and services you have requested.
     
  • To process the payment associated with the use of our products, services and facilities; for example, we collect and use financial information to process payments associated with your use of our parking lots.
     
  • To comply with our legal and regulatory obligations; for example, we may collect and use personal information to comply with a court order or for the purpose of reporting to governments.
     
  • To ensure the safety and security of our facilities; for example, we use cameras to monitor access, egress or activities in public areas and those restricted to the authorized members of the public.
     
  • To improve the products, services and facilities we offer; for example, subject to your Right to Withdraw Your Consent under this Policy, we conduct customer satisfaction surveys to improve our products, services and facilities.
     
  • To answer your questions, comments and suggestions; for example, when questions are sent to us through the “Contact us” page of our website, www.admtl.com.
     
  • To establish your identity; for example, we may request personal information, such as a photograph, to issue passes that allow people to be identified in areas that are restricted to authorized members of the public and gain access to such areas.
     
  • To contact you through direct marketing, subject to your Right to Withdraw Your Consent; for example, we may use your contact information to provide you with details about new products, services and facilities.

Your personal information will not be used for purposes other than those mentioned above unless we have your consent or in cases and under the conditions provided for by law.

6. SHARING OF PERSONAL INFORMATION

No personal information about you will be sold or otherwise transferred to unaffiliated third parties without your consent. We may, however, share your personal information with certain business partners, including airlines and other merchants occupying our facilities (subject to your Right to Withdraw Your Consent to such sharing), our service providers and other companies in the case of a commercial transaction. We may also provide your personal information to third parties if permitted or required by law (for example, in response to a court order or investigation).

No personal information about you will be sold or otherwise transferred to unrelated third parties without your consent. However, ADM reserves the right to disclose personal information were permitted by law or as follows:

  • Commercial partners: Subject to your Right to Withdraw Your Consent, ADM may disclose personal information to its business partners, including airlines and other merchants occupying its facilities, for any purpose related to the marketing of services provided by ADM and its commercial partners, but always in compliance with applicable privacy laws.
     
  • Third-party service providers: ADM may also use third-party service providers (for example, data-hosting providers, payment processors, parking providers, and/or suppliers who are involved in our complaints and comments management process) to manage one or more aspects of our commercial activities, including the processing or management of personal information. When we retain the services of an outside company, we employ contractual or other appropriate means to ensure that your personal information is protected in accordance with the laws applicable to ADM and collected, used, stored and destroyed in a manner that complies with the Policy. If a third party to which ADM sends your personal information is operating in a foreign jurisdiction, local laws may allow the local authorities previously listed to also have access to your personal information without your consent.
     
  • As permitted or required by law: Occasionally, ADM may disclose your personal information if such disclosure is necessary to establish, exercise or dispute legal claims, is required as part of the management of ADM’s loss-prevention program or as otherwise permitted by law; for example, if ADM is forced to disclose personal information because of a law, regulation, court order, subpoena, valid summons, search warrant, government investigation, other request or inquiry that is lawfully made or instituted, or if reasonably necessary to do so to protect the rights, property or safety of ADM or others. We may also disclose information to our accountants, auditors, agents and attorneys in connection with the enforcement or protection of our legal rights. We also reserve the right to report to law enforcement agencies any activity that, in good faith, appears to us to be unlawful, or to disclose information to law enforcement agencies and emergency-service providers in an emergency situation or where required or permitted by law.
     
  • Business transactions. We may disclose personal information to a third party in connection with a merger, acquisition, consolidation, sale of a portion of our operations, business units or property, or any other fundamental corporate change, whatever form it may take. However, if the transaction takes place, your personal information will remain protected by applicable privacy laws. If the transaction does not take place, we will require that the other party does not use or otherwise disclose your personal information and completely deletes it.

7. YOUR CONSENT

When you interact with ADM, whether through our website, in person, by using our Wi-Fi in our facilities or through any other interaction you may have with us, you agree to be bound by this Policy.

As a general rule, by interacting with us, by visiting our facilities, by subscribing to our newsletter and/or by submitting information to us in connection with the use of ADM services, a visit and/or use of our website and/or our Wi-Fi network, you consent to the collection, use and disclosure of your personal information as set out in this Policy.

8. RIGHT TO WITHDRAW YOUR CONSENT

You have the right to withdraw your consent at any time. However, if you withdraw your consent to any use or sharing that is an integral part of our products and services, we may have to limit their provision. Other purposes, such as advertising, are not an integral part of our products and services, and the withdrawal of your consent for these purposes will have no effect on the provision of our products and services.

You may withdraw your consent at any time, subject to legal and contractual restrictions and with reasonable notice. However, if you withdraw your consent for the use or sharing of your information for purposes that are an integral part of our services, this may limit the services that ADM can offer you. You may refuse or withdraw your consent by contacting the Data Protection Officer, whose contact information is shown in section 3. Our staff will explain the choices available to you and the consequences of withdrawing your consent and will note your choices in our files.

You may also withdraw your consent as follows:

  • Communications for quality-control purposes. You may decide that you prefer not to have ADM contact you by e-mail or telephone for purposes of quality control. If so, you may notify us by contacting the Data Protection Officer, whose contact information is shown in section 3.
     
  • Commercial electronic messages. You may at any time limit the commercial electronic messages that ADM sends you. To stop receiving them, simply use the unsubscribe method outlined in any commercial e-mail message or text message that we send to you. Please note that, even if you decide to stop receiving promotional communications, we may still contact you when authorized by law, for example to send you important information about our services.

9. PERSONAL INFORMATION OUTSIDE CANADA

We may process and archive your personal information in Canada, in the United States or in the European Economic Area. Accordingly, government authorities in these countries may, as the case may be, obtain disclosure of your information under their laws.

ADM may communicate your personal information in Canada, the United States or the European Economic Area. Accordingly, governments, courts, law enforcement agencies or regulatory bodies in these countries may obtain disclosure of your information under applicable laws in the jurisdictions where the information is located.

10. SECURITY OF PERSONAL INFORMATION

We use physical, administrative and electronic means to protect your personal information against the risk of loss, theft or unauthorized access or sharing. These security measures are continually revised and updated.

ADM has instituted various means to ensure that your personal information is protected against the risk of loss or theft or of unauthorized access, disclosure, reproduction, use, alteration or destruction. These include physical, administrative and electronic (technological) means of security that are reasonable given the sensitivity level of the personal information collected as well as its quantity, distribution and format and the preservation methods.

ADM continually revises and updates its security methods to protect the security and confidentiality of the personal information it holds, in particular technological measures to take account of technological change, so as to counter the risk of unjustified intrusion in its databases and computer systems.

11. RETENTION OF PERSONAL INFORMATION

We retain your personal information only for the time needed to meet the purposes for which it was collected, unless permitted or required by applicable law.

ADM retains personal information regarding you only for the time needed to satisfy the purpose for which it was collected so as to abide by the legal requirements to which it is subject for the time needed to ensure protection of its legitimate commercial interests.

12. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION

You are allowed access to your personal information and to have it corrected by contacting us in the manner outlined in this clause. In some situations, applicable law may prevent ADM from providing access to certain information regarding you. If access cannot be provided, ADM will inform you in writing. ADM pledges to respond to all access requests within 30 days, unless the situation requires this period to be extended.

You are allowed access to the personal information ADM holds regarding you and to have it corrected. Access requests should be sent, in writing, to the Data Protection Officer at the contact information shown in section 3.

In some situations, based on applicable law, ADM may be unable to provide access to certain personal information regarding you. Here are a few examples of such situations:

  • Disclosure of this information reveals personal information regarding another person;
     
  • Disclosure of this information reveals confidential commercial information;
     
  • The information is covered by attorney-client privilege;
     
  • The information was collected in connection with an investigation into a breach of an agreement or violation of a federal or provincial law.

If access cannot be provided, ADM will notify you, in writing, of the reasons for the refusal.

When personal information regarding you held by ADM is found to be inaccurate or incomplete, you may also submit a correction request to ADM following the same procedure as outlined for access requests. If the information in question does indeed need to be corrected, deleted or supplemented, ADM will amend the information and, if applicable, send the amended information to third parties that have access to the information in question.

ADM pledges to respond to any access or correction request within 30 days of receiving a written request, unless circumstances allow ADM to extend the period, in which case ADM will send to the applicant, within 30 days of the request, an extension notice informing the applicant of the new period and the reasons for the extension.

Access to your personal information is generally provided free of charge. However, ADM may charge fees, in accordance with applicable law, if it informs the applicant of the approximate amount before responding to the request.

Furthermore, ADM may disregard your request if it is abusive, repetitive or systematic, in compliance with applicable laws.

13. NOTIFICATION OF PRIVACY INCIDENTS

ADM takes the necessary measures to protect the confidentiality of your personal information.

However, despite these measures and ADM’s vigilance in protecting your personal information, it could happen that, due to an exceptional event, such as the negligence of a third party, a force majeure or an illegal act, an unauthorized person accesses, uses, communicates or destroys your personal information. In such an event, ADM will diligently notify and cooperate with the appropriate governmental authorities to protect your personal information.

ADM will notify you if your personal information is involved in the incident as soon as it is not likely to interfere with an internal investigation or an investigation by the appropriate government authorities.

In addition, ADM may notify any person or organization that may be in a position to mitigate or limit the risk, providing only the personal information necessary to do so.

ADM will ensure that any incident related to the protection of personal information is recorded in a confidential log in the interest of continuous improvement and compliance with applicable laws.

14. REVISION OF THE POLICY

ADM policies and procedures for the protection of personal information are updated continually. The latest version of this Policy will always be available on our website.

ADM policies and procedures for the protection of personal information are updated continually. In accordance with its governance principles, a review is automatically carried out every two (2) years.

Please consult the latest version of the Policy on our website at www.admtl.com. A copy of the Policy may also be sent by mail upon written request to the Data Protection Officer, at 800 Place Leigh-Capreol, Suite 1000, Dorval, Québec H4Y 0A5.

15. YOUR QUESTIONS AND CONCERNS REGARDING COMPLIANCE WITH THE POLICY BY ADM

You may contact ADM with any question, concern or complaint regarding the Policy and compliance with it. The Data Protection Officer will investigate each written complaint that is received.

Your questions and concerns regarding the Policy and compliance with it by ADM as well as any complaint in this regard must be sent in writing to: the Data Protection Officer, whose contact information is shown in section 3.

The Data Protection Officer will investigate each written complaint received. If a complaint is justified, the Data Protection Officer will take the appropriate measures to settle it, including changes to the Policy or its procedures for ensuring the protection of personal information, if warranted. In each case, the complainant will be notified in writing of the results of the investigation.

The Data Protection Officer reports each year to the ADM board of directors on the number of complaints received the previous year, their nature and the measures taken in response to them.

16. ADDITIONAL TERMS FOR CUSTOMERS LOCATED IN THE EUROPEAN ECONOMIC AREA (EEA) AND SWITZERLAND

If you are located in the EEA or Switzerland, these supplementary terms apply to you in addition to the ADM’s Privacy Policy. In case of conflict between the Policy and these supplementary terms, the latter shall prevail.

A. LEGAL BASIS IN PROCESSING

We will process your personal information only on a legal basis.

We process your personal information only if we have a legal basis for doing so, including:

  • Consent: when you have provided your consent, for example to receive our newsletter;
     
  • Contract: when processing is necessary to fulfil a contract with you, for example to provide Wi-Fi services you have requested; or
     
  • Legitimate interests: for example, we may process your personal information to protect you, ourselves or other persons against threats (such as security threats or fraud) so as to comply with the laws that apply to us for permitting or managing our business (such as quality control and customer service), for managing ADM’s transactions (such as mergers or acquisitions), or for understanding and improving our business relationships or relationships with our customers in general.

If you have any questions about the legal basis, we rely upon to collect and use personal information, please contact our Data Protection Officer by e-mail at privacy@admtl.com.

B. TRANSFER OF YOUR PERSONAL INFORMATION OUTSIDE THE EEA OR SWITZERLAND

We may process your personal information outside your country of residence, including in the United States.

We may process information outside the EEA or Switzerland, including in Canada and the United States. We use legal mechanisms to transfer your personal information legally between the EEA, Switzerland and non-EEA countries.

C. ADDITIONAL RIGHTS REGARDING YOUR PERSONAL INFORMATION (LIMITATION OF PROCESSING, DELETION, OBJECTIONS TO PROCESSING, PORTABILITY OF DATA)

You have the right to restrict the way we process your personal information, to object to our processing, to ask us to delete your personal information and to request a copy of your information in machine-readable format.

You have the right to restrict the way we process your personal information, to object to our processing, to ask us to delete your personal information and to request a copy of your information in machine-readable format.

In addition to the rights mentioned in the Policy section on Access to and Correction of Your Personal Information, you may, subject to applicable laws:

  • have the right to restrict or limit the way we process your personal information, for example when you consider that your data are inaccurate;
     
  • have the right to object to the processing of your personal information by ADM when we process it on the basis of the circumstances outlined in the “Legitimate Interests” paragraph above, if your interests, rights and freedoms do not prevail over our legitimate interests;
     
  • request deletion of your personal information, in which case we will fulfil this request unless there are exceptional reasons allowing us to retain certain information regarding you; and
     
  • obtain a copy of your personal information in machine-readable format. In some instances, you may also request the transfer of some of your information to third parties.

ADM will help you exercise these important rights. Please contact the Data Protection Officer, whose contact information is shown in section 3, for help in exercising these rights.

If you have any questions, or if you disagree with our data processing practices, please contact the Data Protection Officer, whose contact information is shown in section 3. You also have the right to lodge a complaint with the data protection authority in your country of residence.

Two measures are used for risk assessment: probability of occurrence and impact. The probability of occurrence is related to the frequency and duration of the risk. The impact of the risk is related to the magnitude of the effects it has on ADM.

The evaluation of mitigation measures is based on the following two criteria: the effectiveness of the control or mitigation and its degree of application. This scale is used to determine whether the mitigation measures in place are effective in reducing the risk to an acceptable level for the organization and to identify opportunities where they could be optimized when assessments are not consistent with the level of risk tolerance and acceptability.

17. ENTRY INTO FORCE

This updated Policy shall enter into force upon adoption by the Board of Directors.

Adopted by the Board of Directors January 27, 2022.