Privacy Policy

Last Updated: June 25, 2025

 

La Source Bains Nordiques vows to ensure the confidentiality and protection of its employees’ and clients' personal information. In accordance with our approach to privacy, we have produced this privacy policy to clearly define our practices in terms of personal data collection, usage, retention, and protection.

This policy addresses different aspects, from information securisation to data management. We strongly advise you to closely examine this document in order to understand our approach to managing your personal data.

Data privacy policy goals 

The main goal of this policy is to clearly define the guiding principles regulating the collection, usage, retention, and protection of personal information for its clients and employees.

 

Adherence to laws and standards: La Source Bains Nordiques vows to respect all laws and standards relating to data privacy in effect in Quebec.

Respect for your privacy: this policy aims to ensure the privacy and protection of your personal information.

Transparency and understanding: By encouraging transparency, this policy gives clients and employees the chance to fully understand our approach to the protection of personal information.

Responsibility and ethical management:  This policy strengthens our engagement towards data protection and aims to create a balance between operational needs and the protection of our clients’ and employees’ privacy.

 

With the implementation of this policy, La Source Bains Nordiques not only wants to respect the fundamental rights regarding data protection but also wants to create a trusting environment between the company, its clients, and its employees.

La Source Bains Nordiques’s commitment to the handling of confidential data

1- Implementation of a privacy policy

La Source Bains Nordiques vows to stay vigilant in terms of data confidentiality. With this in mind, periodical follow-ups and continuous improvements are implemented to constantly strengthen our procedures in personal information management.

 

Training and awareness-raising of the employees

On-going staff training is an essential component of our commitment to data privacy.

La Source Bains Nordiques guarantees a thorough understanding of data protection by the entirety of its staff. All of our employees are aware of the fundamentals surrounding respectful data handling. This includes everyone’s understanding in terms of individual and collective responsibility linked to the personal information confidentiality of clients and colleagues.

 

Analysis of new processes involving personal data

Any new process involving personal data handling will be thoroughly analyzed. Before their implementation, all new methods are tested in terms of risk and sensitivity levels regarding personal information confidentiality and they can’t be implemented without the approval of the Data Protection Officer. This proactive approach allows us to foresee any possible confidentiality issues and to implement adequate protective measures from the start.

 

Supplier and supplier of service selection

Per our interactions with our partners regarding personal data, La Source Bains Nordiques makes sure to select suppliers that are committed to personal data privacy.

In the situation where our suppliers did not publicly disclose their Privacy policy following Quebec’s laws and standards, we will make sure to discuss with them whether to add a term in the contract or to sign specific amendments on this subject. This assures a shared awareness and shows our commitment to the protection of information, even outside the borders of our company.

 

Incident log

A detailed incident log of all potential incidents linked to data confidentiality is maintained. This technique allows for full traceability of events compromising the protection of information. Each incident is precisely recorded, including the circumstances, the corrective measures taken, and the lessons learned to reinforce our data protection practices.

 

Contingency plan 

Despite our preventive efforts, La Source Bains Nordiques recognizes the possibility of security incidents. To effectively react in the case of a harmful data leak, a contingency plan is established. This plan contains specific steps to follow and the methods to use to minimize the impacts on the data’s confidentiality.

By putting these measures in place, La Source Bains Nordiques demonstrates its firm commitment to the protection of confidential data by establishing an ethical culture and responsibility within the organization.

 

2- Personal data protection protocol

Operation management and logistic

La source Bains Nordiques ensures the protection of personal information by using a trusted institutional management system. This strategic choice guarantees a strong, efficient, and safe management of all the data. It covers all the different aspects of our operations, including the collection and handling of the client’s information.

Increasing digitalization of procedures

We take a gradual approach to digitalizing our procedures, gradually eliminating the physical documents in exchange for computerized solutions. This transition offers many advantages, particularly reducing risk regarding the physical loss of documents, information duality, increased access to data, responsible protection, and improved operational efficiency.

Safe local area computer network

The safety of our local area computer network is based on the implementation of advanced protocols, aiming to completely protect our clients’ and employees' data. The following protocols are rigorously applied to guarantee the confidentiality and integrity of the information :

Protocol WPA3 (wifi protected access 3): We use the last security protocol for our internal wifi network, ensuring strong protection against attacks and non-authorized intrusions. Our Wi-Fi network is private and for internal usage exclusively.

Firewall and packet filtering: a strict firewall is implemented to monitor and control network traffic. Packet filtering helps to identify and block unauthorized access attempts. 

Antivirus and anti-spam: We have selected a solution that allows full security and protection of our network from potential threats during e-mail processing or internet navigation.

Access control: access control mechanisms are deployed to limit the access of sensitive data only to authorized employees. This is possible because of unique identifiers and specific permissions.

Active network monitoring: Real-time surveillance tools are used to detect all abnormal activity on the network, allowing for immediate reaction to potential threats.

Daily updates: all systems and software are updated regularly by a specialized external supplier to address known security vulnerabilities and ensure constant protection.

Data encryption: all data passing through the network is encrypted. This guarantees that the data can’t be intercepted or understood by unauthorized third parties. 

Limited access to data and protection by password

Access to data is strictly limited to authorized employees which guarantees the confidentiality of sensitive information.  The client’s data, bank information, and reservation history are specifically protected by individual passwords. This security measure reinforces our engagement toward the protection of private information.

Procedures for the collection, details, usage, and protection of data managed by La Source

1- Transactions made on our website

During transactions made on our website, La Source Bains Nordiques implements rigorous practices to guarantee the protection and confidentiality of your data.

Securement of online transactions: All transactions made on our website are secured with the help of SSL (Secure socket layer) encryption, ensuring the confidentiality of the information submitted, specifically when entering credit card information. 

Payment processing: The payments are directly made by Global Payments,  partners of the corporate financial holding group Desjardins, which guarantees the safe management of credit card data. La Source Bains Nordiques does not keep any computer data linked to online transactions, which leads to the re-entering of credit card information for each new reservation.

 

2- Transactions made on the phone

Transactions made on the phone require specific protocols aiming to guarantee the protection and confidentiality of the shared information.

Access to the answering machine is protected by a password: The messages left on the answering machine are accessible only with a secure password, ensuring that only authorized recipients can access the information.

Payment processing: During reservations made on the phone, we enter your payment card number into our system and proceed with the complete payment with the help of a secure payment terminal (POS). the safe transfer of the funds is made through the Global Payments platform. We keep the credit card number in your client file and in our computerized management system that is protected by a password. By demand, and after the passing of your stay and the full payment is completed, you can ask for your banking information to be removed. Only authorized employees have access to this data.

 

3- On-site transactions and collection

La Source Bains Nordiques takes specific measures to protect the client’s private information

 during on-site transactions and collection.

On-site purchases: The information linked to on-site purchases is processed following the privacy norms and with minimal data collection to guarantee confidentiality. All data is recorded in our system and only the authorized employees have access to it.

Recommendation form: Upon your arrival, an employee at the reception will present the rules of conduct to follow during your stay. Once you have read them, we will invite you to sign the register. Upon demand, we can simply confirm your acceptance with verbal consent to the person checking you in. Your presence on the site implicitly induces your consent to follow the recommendations.

Identification document: When necessary, the use of an identification document is handled safely. We ask for proof of identity on arrival. We thank you for your participation in fighting against assurance fraud attempts. Please note that no insurance receipt can be issued without confirmation of the identity of the person receiving the massage.

On-site visit: We vow to preserve your privacy during each step of your stay. To guarantee our client’s relaxation, the use of electronic devices, including cellphones and cameras, is strictly forbidden in all areas of La Source Bains Nordiques’ site.

 

4- Communication and customer service

Specific measures are taken for communication and customer service to ensure the protection of your information.

Communication by phone or e-mail: Telephone and e-mail communications are handled safely with the necessary access to information and specific protocols for data archiving. Our employees are not authorized to share sensitive information on the phone or by e-mail no matter the request.

 

5- Publicity and marketing

La Source Bains Nordiques implements respectful practices for data collection and handling regarding privacy in its publicity and marketing activities.  

Retargeting: Retargeting services are used transparently and follow clients’ preferences with particular attention to data protection.  

Promotions by e-mail and newsletter: E-mail promotions and newsletters respect the previously obtained consent with clear mechanisms for preference management and voluntary withdrawal.

With these practices, La Source Bains Nordiques shows its engagement toward the data protection of its clients, ensuring a safe and respectful experience.

Retention, depersonalization, and destruction of personal data

1- Personal data management protocol

La Source Bains Nordiques vows to put in place rigorous managing protocols for the retention, depersonalization, and destruction of personal data by putting forward confidentiality and information protection.

Responsible retention policy: Data retention is based on strict standards, guaranteeing a minimal data storage time in line with legal obligations. This targeted approach allows an efficient management of information in accordance with our engagement towards data protection and responsibility.

Advance depersonalization: If need be, before any prolonged storage and after the established storage time, personal data are put through a thorough depersonalization process, excluding all direct reference to an individual. This step protects the anonymity of data while authorizing its use for statistical needs and service improvement.

Secured destruction: Data destruction, physical or electronic, is irreversible. The shredding of paper documents can be done internally or by a specialized business which preserves confidentiality. Likewise, digital files are overwritten ensuring total impossibility for retrieval. These measures reinforce our engagement toward the protection of information, preventing any unauthorized access to personal data.

 

2- Personal data management specificity

Data linked to a commercial transaction

Billing information – storage time (6 years Min.): Billing information is stored for a minimum of 6 years, in compliance with tax requirements. An additional storage time is done for effective customization of customer service.

Gift card purchase – storage time ( activity period + 6 years Min.): Minimal storage time corresponds to the activity period of the gift card (total of partial unused amount) added to a minimum of 6 years after the date of the last transaction made on the gift card.

Health Questionnaire

La Source Bains Nordiques has specific practices for the collection of health data of message therapy or beauty treatment clients:

Storage time (6 years Min.): Health questionnaires are stored for a minimum of 6 years in a secured place with a lock and key, in line with La Source Bains Nordiques’ internal standards. This period follows legal and insurance requirements as well as facilitating necessary follow-ups regarding the therapeutic component. After this period, an appropriate destruction will be done to guarantee the continued protection of data. Your health questionnaire and all sensitive information are treated with careful attention to guarantee protection and respect.

Files and job-related information

Storage time ( as long as employment is established + current legal provisions): Files linked to employment are stored as long as an employee is considered active at La Source Bains Nordiques, including any additional delay in line with current legal provisions. Data linked to the payroll are stored at all times in a protected dedicated system.

By implementing these management protocols in our operations, La Source Bains Nordiques proves its engagement toward proactive, ethical, and compliant management of personal data and maintains its clients’ and employees’ trust.

Data sharing with third parties

La Source Bains Nordiques vows to manage personal data responsibly and transparently. We limit data sharing to third parties only, guaranteeing the confidentiality of the information. Our practices are detailed below:

 

Bank transactions: Data related to transactions are shared exclusively with financial institutions or services needed for the transaction. The information is limited to what is essential to the completion of the transaction.

Geographical limitations: Data sharing is generally limited to entities located in the province of Quebec. In exceptional circumstances, some sharing can be intended in Canada or the United States,  while respecting laws and regulations.

 

By implementing these practices, La Source Bains Nordiques maintains a balance between the necessity to share data to ensure optimal service and the rigorous protection of its client’s privacy.

Management of browser cookies

La Source Bains Nordiques uses different types of browser cookies to improve your experience on our website. These browser cookies serve different purposes, each possessing a specific role. Here is a brief explanation of the browser cookies we may use:

 

Required cookies :

Description: Essential to the site's basic operation, these cookies ensure the running of basic features such as navigation and access to secured areas.

Duration: During the visiting time of the website.

 

Functionality cookies:

Description: These cookies help improve the user-friendliness of the website by memorizing your choices and preferences.

Duration: By the defined duration of each navigation cookie.

 

Performance cookies :

Description: Used to help understand how the users interact with the website, these browser cookies help us improve our service by collecting anonymous analytic information.

Duration: By the defined duration of each navigation cookie.

 

Targeted advertising cookies:

Description: These cookies allow us to post relevant advertising according to your interests and your navigation behavior.

Duration: By the defined duration of each navigation cookie.

 

How to disable cookies?

You have total control over your browser cookie preferences. You can deactivate them at all times via your navigation settings. However, please note that some features on our site might not work correctly after the deactivation.

We wish for your experience on our website to be transparent and under your control. During your visit, a pop-up window will inform you of our use of browser cookies, allowing you to accept or refuse the non-essential navigation cookies. 

If you accept, the pop-up window will show up periodically to give you the chance to reevaluate your preferences.  We are available to answer any questions you might have and guarantee respect for your privacy and a transparent online experience.  

We thank you for your trust and assure you that we use browser cookies responsibly to improve your navigation experience on the La Source Bains Nordiques’ website.

Data communication and data access requests

At La Source Bains Nordiques, we care deeply about transparency and respect for individual rights regarding personal information. Therefore, we implemented clear procedures for communication and access to data, in line with legal requirements.

 

Data access request or adjustment

Here are the main guidelines:

Confirmation of the existence of the file: anyone concerned can call upon the confirmation of the existence of a file that concerns them. We are committed to responding to these demands within legal and reasonable delays.

 

Conditions for an access request or a rectification:

  • The request must be written
  • The request can only be made by the person who it concerns ( for the exceptions of some conditions set out by the privacy act)
  • An identity document is required
  • All access or rectification requests are answered and processed in the 30 days following its reception.

 

Free access to information: we guarantee free access to the personal information contained in the file while clarifying that some reasonable fees might be required for services claimed specifically by the claimant.

Access or rectification request denied: In the event of refusal, we will notify you in writing, explaining the reasons and the possible actions you can take.

The retention period in case of refusal: if your request is denied, we retain the data for the amount of time necessary for a person to exercise their lawful remedies. Once this period is over, the internal policy of La Source Bains Nordiques will be maintained.

For any access or rectification request, please send your written request to the following address:

 

By post

For the attention of the Data Protection Officer

Angélique Grondin - La Source Bains Nordiques

4200 rue Forest Hill, Rawdon, Qc, J0K 1S0

 

By e-mail

angelique@lasourcespa.com

No other destination will be accepted to maintain the confidential nature of the procedure and the information attached to it.

 

This privacy policy confirms La Source Bains Nordiques’ engagement towards the protection and responsible management of our clients’ and employees’ data. We are determined to respect the highest norms regarding confidentiality and information security.

It is important to note that this policy is subject to change periodically to adapt to the evolution of the law, technologies, and industry practices. The updates will be posted on our website. The online version will prevail, at all times, over all previous versions.

For any questions or preoccupations related to this policy, please contact our Data Protection Officer, Angélique Grondin, at the address above.

La Source Bains Nordiques considers privacy as a central element of our engagement towards excellent service and human resources. We are proud to create a space where confidentiality is respected and trust reinforced.

We wish that every client be able to relax with peace of mind and that our employees feel considered and protected at all times.

Discover

The La Source Experience

La Source Bains Nordiques

Subscribe to the newsletter

Thanks! You are now subscribed to our newsletter.