Law 25 privacy policy template for SMBs

There is no single CAI-certified template, but Quebec users expect a clear public privacy policy covering purposes, sharing, retention, rights, and your privacy officer contact.

Recommended sections

• Privacy officer identity and contact.
• Categories of personal information and purposes.
• Third parties and cross-border transfers.
• Retention and individual rights (access, rectification, complaint to CAI).
• Visible last-updated date.

Pair with cookie banner and PIA for high-risk projects.