Financial Fitness Centre Privacy Policy
|
|
- Hester Patterson
- 7 years ago
- Views:
Transcription
1 Financial Fitness Centre Privacy Policy Date of Original Issue: Jan 15,2004 Date of Last Review: Jan 21,2004 Date Review Approved: Jan 28, Table of Contents Preamble:... 1 Application:... 2 Definitions:... 2 The Ten Privacy Principles:... 4 Principle 1: Accountability- Privacy Officers... 4 Principle 2: Identifying Purpose... 4 Principle 3: Consent... 6 Principle 4: Limiting Collection... 8 Principle 5: Limiting Use, Disclosure and Retention... 8 Principle 6: Accuracy Principle 7: Safeguards Principle 8: Openness Principle 9: Individual Access Principle 10: Challenging Compliance Preamble: In 2000 the federal government of Canada enacted The Protection of Personal Information and Electronic Documents Act ( PIPEDA ) which states that effective January 1, 2004, all organizations that collect, use or disclose personal information in the course of their commercial activities will be subject to PIPEDA or substantially similar provincial legislation (collectively privacy legislation ). Privacy legislation requires that the consent of an individual be obtained for the collection and use of his or her personal information, that steps are taken to protect personal information and that one or more individuals be appointed to monitor compliance with the provisions of applicable privacy legislation. 1 P a g e
2 Financial Fitness Centre (FFC) is committed to controlling the collection use and disclosure of personal information provided by our clients and employees and has adopted this privacy policy to ensure the accuracy, confidentiality and integrity of such personal information. Application: This privacy policy applies to personal information that Financial Fitness Centre collects, uses or discloses in respect of any of its clients or employees in the course of its commercial activities. It does not, however, apply in respect of the collection use and disclosure of the following information by FFC: Information that is publicly available, such as a client s name, address, telephone number and electronic address, when listed in a directory or made available by directory assistance the name, title, business address or telephone number of an employee of an organization The application of this Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, tariffs or agreements (such as collective agreements), or the order of any court or other lawful authority. Definitions: The following defined terms are used throughout this policy: FFC means Financial Fitness Centre Collection means the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means. Consent means voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require an inference on the part of FFC. Implied consent is consent that can reasonably be inferred from an individual s action or inaction. 2 P a g e
3 Client means an individual who uses the services of FFC Disclosure means making personal information available to third parties outside of Financial Fitness Centre. Employee means an employee or former employee of Financial Fitness Centre and for the purposes of this policy includes the directors, members and volunteers of FFC. Personal Information means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, colour, age, gender, marital status, religion, education, medical information, criminal information, performance reviews, trade union membership, employment and financial history, income, address and phone number, address, numerical identifiers such as social insurance numbers, views and personal opinions. Personal information also includes credit information, case histories, counselling notes, recorded complaints, record of appointments and in the case of an employee, includes information found in personal employment files, performance appraisals and medical and benefits information. Publicly available information, such as a public directory listing of names, addresses, telephone numbers and electronic addresses, however, is not considered personal information. Privacy legislation - means The Personal Information Protection and Electronic Documents Act (Canada) and/or substantially similar provincial legislation. Third Party means an individual other than the client/employee or his or her agent or an organization other than FFC. Use - means the treatment, handling and management of personal information by Financial Fitness Centre. 3 P a g e
4 The Ten Privacy Principles: There are ten principles of fair information practices that have been identified by the Canadian Standards Association and are contained in the PIPEDA legislation. FFC has adopted these principles as minimum requirements to be adhered to for the protection of personal information collected from the clients and employees of FFC. Principle 1: Accountability- Privacy Officers FFC is responsible for the personal information under its control and shall designate one or more individuals who shall be accountable for the agency s compliance with the legislation s privacy principles. 1.1 Accountability for compliance with the policies and procedures set out in this privacy policy rests with the Executive Director of the FFC, even though others within the agency may be responsible for the day to day collection and processing of personal information. The Privacy Compliance Officer, may from time to time, designate an individual to act on his or her behalf. 1.2 The name and contact information of the Privacy Compliance Officer shall be made available on the FFC website and upon request. 1.3 FFC has implemented policies and practices to give effect to the principles and procedures set out in this privacy policy including: a) implementing procedures to protect personal information such as the adoption of physical, organization and technological security measures; b) establishing procedures to receive and respond to complaints and inquiries through a confidential address and dedicated phone line; c) training and communicating to staff information about the privacy policy and practices; d) developing public information to explain the privacy policy and procedures. Principle 2: Identifying Purpose FFC will identify the purpose for which personal information is collected at or before the time the information is collected. The purposes for which information is collected, used or disclosed by FFC must be those that a reasonable person would consider are appropriate in the circumstances. 4 P a g e
5 2.1 FFC will document the purposes for which information is collected in order to comply with the Openness principle (principle 8) and the Individual Access principle (principle 9). 2.2 Identifying the purposes for which information is collected at or before the time of collection allows FFC to determine the information it needs to collect to fulfill these purposes. The Limiting Collection principle (principle 4) requires FFC to collect only that information necessary for the purposes that have been identified. 2.3 The identified purposes for which personal information is collected shall be specified at or before the time of collection to the client or employee from whom the personal information is collected. Depending upon the way in which the information is collected, this shall be done orally or in writing. 2.4 When FFC proposes to use personal information that has been collected for a purpose not previously identified, it will identify the new purpose before using such personal information. Unless the new purpose is required by law, or consent is not otherwise required pursuant to privacy legislation, the consent of the individual shall be obtained before the information is used for the new purpose. 2.5 Individuals responsible for collecting personal information on behalf of FFC will explain to clients and/or employees the purposes for which the information is being collected. 2.6 The purposes for which the personal information of employees is collected may include, but is not limited to: a) administering payroll and employee benefit programs; b) conducting evaluations and discipline; c) effecting employee training; d) conducting internal reviews; e) investigations and complaint resolution processes; f) effecting the administration of the collective agreement; g) participating in union negotiations and labour arbitrations; h) complying with legal and regulatory obligations; 5 P a g e
6 i) communicating professional certification credentials to clients and potential contractors. 2.7 The purposes for which personal information of clients is collected may include but is not limited to: a) providing advice and information on personal money management issues; b) providing advice, information and options for debt repayment to FFC clients through communication with their various creditors; c) communicating with clients and their creditors. 2.8 The aggregation of anonymous or non-personal information may be used for technical, research and analytical purposes. Information collected through surveys, existing files and public archives may be used to identify services and programmes that benefit the community we serve, to target the marketing of our programmes, to apply for funding, to maintain the financial support and cooperation of our stakeholders. 2.9 The agency shall ensure that any third party to whom personal information is disclosed is in compliance with PIPEDA as well. Principle 3: Consent The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where consent is not required by privacy legislation 3.1 Consent is required for the collection of personal information and the subsequent use and disclosure of this information. Generally, FFC will seek the consent for the use or disclosure at the time of collection. In certain circumstances, consent may be sought after the information is collected but before it is used (for example, when FFC wants to use the information for a purpose not previously identified.) In obtaining consent, FFC shall use reasonable efforts to ensure that a client or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the client or employee. 3.2 In certain circumstances personal information may be collected, used or disclosed without the knowledge and consent of the individual if the use of personal information is clearly in the interests of the individual and consent cannot be obtained in a timely way. An example may be when the individual 6 P a g e
7 is seriously ill or mentally incapacitated, or if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of agreement or a contravention of a federal or provincial law. Personal information may also be used or disclosed without the knowledge or consent of the individual in the case of an emergency where the life, health or security of an individual is threatened. FFC may disclose personal information to a lawyer representing the agency, to comply with a subpoena, warrant or other court order, or as may otherwise be required by law. 3.3 FFC will not as a condition of the provision of service, require an individual to consent to the collection, use or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes. 3.4 The way in which FFC seeks consent may vary, depending on the circumstance and type of information collected. FFC will generally seek express consent when the information is likely to be considered sensitive. The agency will rely on implied consent only where the collection and use of information is directly related to a transaction or exchange of information in which the client is directly participating. Consent may be given by an authorized representative (such as a legal guardian or a person having power of attorney.) 3.5 Consent may be obtained in any one of the following ways: a) An application form may be used to seek consent, collect information and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and specified uses; b) Consent may be given orally when information is collected over the telephone; c) Consent may be given at the time the individual uses the service. 3.7 Generally, the acceptance of employment by an individual constitutes implied consent for FFC to collect, use and disclose personal information for all identified purposes. 3.8 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. FFC will inform individuals of the implications of withdrawing consent. 7 P a g e
8 Principle 4: Limiting Collection FFC shall limit the collection of personal information to that which is necessary for the purposes identified by the agency. Personal information shall be collected by fair and lawful means. 4.1 FFC will not collect personal information indiscriminately. Both the type and the amount of information collected shall be limited to that which is necessary to fulfill the purposes identified. FFC shall specify the type of information collected as part of its information handling policies and practices, in accordance with the openness principle (Principle 8). 4.2 The requirement that personal information be collected by fair and lawful means is intended to prevent FFC from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. Consent to the collection of personal information must not be obtained through deception. Principle 5: Limiting Use, Disclosure and Retention Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment for which it was collected. 5.1 Where FFC intends to use personal information for a purpose not previously identified, the agency shall document the new purpose and shall obtain the consent of the individual prior to using the information for the new purpose. 5.2 FFC may disclose the personal information of its employees: a) to human resources, payroll, benefits, information management, medical and security personnel; b) to third party service providers for the purposes of administering the the above programs; c) to union representatives and labour arbitrators; d) to internal or external legal counsel and auditors; e) to the Privacy Officer of FFC or her designate; f) to third parties for the development, enhancement or marketing of FFC programmes and services; 8 P a g e
9 g) in context of providing references regarding current or former employees; h) in response to requests from prospective employers and/or financial institutions; i) to accreditation reviewers in accordance with OAFFC standards; j) where disclosure is required by law. 5.3 FFC may disclose the personal information of its clients: a) to credit grantors and reporting agencies; b) to any third party the client or counselor may deem as having an interest in the client s financial outcome where the client consents to such disclosure; c) to internal or external legal counsel and auditors; d) to accreditation reviewers in accordance with OAFFC standards; e) where disclosure is required by law. 5.4 Except as required or permitted by law, when disclosure is made to a party other than FFC or a third party provider of personal information processing services, the consent of the individual shall be obtained and reasonable steps shall be taken to ensure that any such third party has personal information privacy procedures and policies in place. 5.5 Personal information shall be kept only as long as necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a client or an employee, FFC shall retain, for a period of time that is reasonably sufficient to allow for access by the client or employee, either the actual information or the rationale for making the decision. 5.6 FFC follows the guidelines and procedures set out in the OAFFC accreditation standards for the retention of personal information. With regard to client information retention: FFC retains the hardcopy client assessment files for 24 months, after which the files are destroyed by shredding by either a FFC employee or a licensed and bonded third party. Debt Management Programme file documentation is retained for a period of seven years from the date the Debt Management 9 P a g e
10 Programme is successfully completed or closed, after which the files are destroyed in the same manner as the counselling files. Bankruptcy files are retained for a period of one year after the second counselling session has been completed, after which the files are destroyed by shredding either by a FFC employee or a licensed and bonded third party. FFC electronic counselling and third party case histories are permanently deleted upon closure of the file. Demographic information taken during intake is permanently deleted on the first day of the 24 month following the closure of the file. FFC electronic Debt Management files are kept active for seven years after the debts under administration have been paid in full, or alternatively until there is a default in payment or a request by the client to self-administer the repayment of their debts. After this time, the electronic files are permanently deleted from the FFC system. Electronic back ups of all files are retained for a period of two years. 5.7 Personal information that is no longer required to fulfill the identified purposes or that is not required to be retained pursuant to any applicable law, is destroyed, erased or made anonymous. FFC shall review the personal information in its custody and control on a periodic basis in order to ensure that personal information no longer required to be retained has been destroyed, erased or made anonymous. 5.8 FFC retains personal information of employees for the entire term of their employment with the agency and for a period of up to seven years following the termination of their employment. After this time hard copy and electronic files pertaining to this employee are destroyed by shredding, permanent deletion or are made anonymous. Principle 6: Accuracy Personal information shall be accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. 6.1 FFC recognizes that is it crucial for our client s creditors to have current and accurate information to assist them in making important decisions regarding the acceptance of our debt management programmes and other credit solutions. FFC shall ensure to the best of its ability that the information it holds is accurate, complete, current and relevant to the identified purposes. 10 P a g e
11 FFC shall seek to minimize the possibility that inappropriate information may be used to make a decision about a client or employee. 6.2 FFC will not routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected. Personal information about clients and employees shall be updated only as and when necessary to fulfill the identified purposes or upon notification by the individual. Principle 7: Safeguards Personal information shall be protected by security safeguards appropriate to the sensitivity of the information 7.1 FFC will implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. 7.2 The nature of the safeguards will vary depending upon (i) the sensitivity of the information that has been collected, (ii) the amount distribution and format of the information, and (iii) the method of storage. 7.3 Physical measures such as locked fire resistant filing cabinets and vaults and restricted access to offices, organizational measures such as levels of permission and need to know basis and technological measures such as passwords, VPN connection and firewalls have been adopted by FFC. 7.4 The employees of FFC shall sign a statement of confidentiality agreeing to hold all sensitive information confidential. 7.5 The server environment shall be managed appropriately and firewall infrastructure strictly adhered to. Security practices shall be reviewed on a regular basis and up to date technology employed to ensure that the confidentiality and privacy of the information is not compromised Principle 8: Openness FFC shall make readily available to its clients and employees specific information about its policies and practices relating to the management of personal information. 11 P a g e
12 8.1 FFC will be open about its policies and practices with respect to the management of personal information. Clients and employees shall be able to acquire information about the agency s policies and practices with respect to the management of personal information without unreasonable effort. 8.2 Such information shall be made available through the website and at the main administrative office and the Sarnia branch office and shall include: a) The name address and title of the Privacy Compliance Officer; b) The means of gaining access to the type of information held by FFC and a general account of its usage; c) Copies of any information that explains the agency policies, standards and codes; d) A description of what personal information is made available and to whom. Principle 9: Individual Access An individual shall be informed of the existence use and disclosure of his or her personal information and shall be given access to that information except where FFC is permitted or required by law not to disclose personal information to the client or the employee. An individual client or employee shall be able to a challenge the accuracy and completeness of the information disclosed to him or her and have it amended as appropriate. 9.1 Upon request FFC shall inform an individual client or employee whether it holds personal information about that individual (except where permitted or required by law not to disclose personal information) and shall afford the individual a reasonable opportunity to review the personal information in his or her file at minimal or no cost to the individual. FFC shall provide an account of the use that has been made or is being made of the personal information and an account of the third parties to which the personal information has been disclosed. Where reasonably possible FFC shall indicate the source of the personal information. 9.2 In order to safeguard personal information, a client or employee may be required to provide sufficient identification information to permit FFC to account for the existence use and disclosure of personal information and to authorize access to the individual s file. Any such information shall be used only for this purpose. 12 P a g e
13 9.3 In certain situations, FFC may not be able to provide access to all of the personal information that they hold about a client or employee. If access to personal information cannot be provided, FFC shall provide the reasons for denying access upon request. 9.4 FFC will respond to an individual s request within thirty (30) days of the request being received. The time for request may be extended for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of the agency, or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. FFC may also extend the time for responding fore such period of time as is necessary to be able to convert the personal information into an alternative format. FFC will provide notice to the individual of any extension taken within thirty (30) days of the individual s request and will advise the individual of the right to make a complaint to the Privacy Commissioner about the extension. The agency will provide the requested information or make it available in a form that is generally understandable. 9.5 FFC shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to the accuracy or completeness shall be noted in the individual s file. Where appropriate, FFC shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences. 9.6 A client can obtain or seek access to his or her individual file by contacting the contacting the main administrative office of the FFC. An employee can obtain information or seek access to his or her individual file by contacting his or her immediate supervisor. Principle 10: Challenging Compliance An individual client or employee shall be able to address a challenge concerning compliance with the principles in this privacy policy to the Privacy Compliance Officer FFC shall maintain procedures for addressing and responding to all inquiries or complaints from its clients and employees about the agency s handling of personal information FFC will inform their clients and employees about the existence of these procedures as well as the availability of complaint procedures. 13 P a g e
14 10.3 FFC shall investigate all complaints concerning compliance with this Privacy policy. If a complaint is found to be justified, FFC shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A client or employee shall be informed of the outcome of the investigation regarding his or her complaint If an individual is not satisfied with the response from the Privacy Compliance Officer, he or she may have recourse to additional remedies under applicable privacy legislation. Effective date: This policy is effective as of January 1, P a g e
The Manitoba Child Care Association PRIVACY POLICY
The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationNORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001
NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationTaking care of what s important to you
National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles
More informationTaking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationPersonal Information Protection and Electronic Documents Act
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
More informationBoys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology
Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationPersonal Information Protection and Electronic Documents Act (PIPEDA)
Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring
More informationSUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION
SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing
More informationThe Winnipeg Foundation Privacy Policy
The Winnipeg Foundation Privacy Policy The http://www.wpgfdn.org (the Website ) is operated by The Winnipeg Foundation (the Foundation ). The Winnipeg Foundation Privacy Policy Foundation is committed
More informationPERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]
[Insert Date of Policy] PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS of [ABC SCHOOL] Address Independent schools in British Columbia are invited to adopt or adapt some or all of this
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationFIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE
FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE Last Updated: November 2012 FMR LLC and its affiliated entities ( Fidelity ) value your trust and are committed to the responsible management, use and protection
More informationNational Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada
Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy
More informationPRIVACY POLICY. Privacy Statement
PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people
More informationCredit Reporting Privacy Policy of Baybrick Pty Ltd
Credit Reporting Privacy Policy of Baybrick Pty Ltd Introduction 1. This Credit Reporting Privacy Policy is the official privacy policy of Baybrick Pty Ltd and its subsidiaries which includes JBS Australia
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
More informationThe Ten privacy principles and our commitment to them are as follows:
Your Privacy is Our Concern Federated Insurance Company of Canada 1 is committed to protecting your personal information, whether you are a customer of Federated or not, and, no matter how we came to be
More informationQuestions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationCoffey International Limited Privacy Policy. July 2014
Coffey International Limited Privacy Policy July 2014 Privacy Policy 1. Introduction Coffey International Limited and its related bodies corporate (we, our, us) recognise your rights under the Privacy
More informationPERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS
PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,
More informationPRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION
PRIVACY POLICY Last updated February 2, 2009 INTRODUCTION This Privacy Policy explains how personal information about you may be collected, used, or disclosed by the Canadian Education and Research Institute
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationCultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy
Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationWe ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.
PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,
More informationChangeIt Privacy Policy - Canada
ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information
More informationPersonal Information Protection Act. Information Sheet 5: 1. Personal Employee Information
Personal Information Protection Act Information Sheet 5 Introduction The Personal Information Protection Act (PIPA) governs the collection, use, disclosure, retention and protection of personal information
More informationPERSONAL INFORMATION PROTECTION ACT
Province of Alberta Statutes of Alberta, Current as of December 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton,
More informationAbilities Centre collects personal information for the following purposes:
Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy
More informationROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.
ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands
More informationCode of Business Conduct and Ethics. Strike Energy Limited ACN 078 012 745
Code of Business Conduct and Ethics Strike Energy Limited ACN 078 012 745 Approved: 2 December 2014 Contents 1. General... 1 2. Responsibilities to shareholders and the financial community generally...
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationPRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.
Purpose Australian Institute of Professional Education P/L (AIPE/we/our) is committed to providing all stakeholders with the highest levels of professional service. The purpose of this Privacy Policy is
More informationHIPAA PRIVACY POLICIES AND PROCEDURES
HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE
More informationPINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM
PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is
More informationLaw Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario
PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,
More informationRecord Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario
Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationDisclosure is the action of making new or secret information known.
/PURPOSE OF POLICY Pty Limited (Momentum) is required and committed to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1998 (Cth) (Privacy Act). The APPs regulate the manner in
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationYou may choose not to provide us with any of this information, but not doing so will affect our ability to provide you with storage.
BENALLA MINI STORAGE Privacy Policy This Privacy Policy outlines the policy of Benalla Mini Storage, Nish Court Benalla, abn37 371 733 702, managed by Benalla Residential Rural Real Estate of 72 Bridge
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationCOUNCIL POLICY R180 RECORDS MANAGEMENT
1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.
More informationPrivacy Impact Assessment
DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552
More informationConducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008)
Conducting Surveys: A Guide to Privacy Protection Revised January 2007 (updated to reflect A.R. 186/2008) ISBN 978-0-7785-6101-9 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street
More informationProtecting your privacy
Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online
More informationThe Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee
The Journey to Create Document Standards and Guidelines for Occupational Therapists Christine Fleming Legislation and Bylaws Committee Objectives To describe the process and tools used to create the document
More informationSTANDARDS OF PRACTICE (2013)
STANDARDS OF PRACTICE (2013) COLLEGE OF ALBERTA PSYCHOLOGISTS STANDARDS OF PRACTICE (2013) 1. INTRODUCTION The Health Professions Act (HPA) authorizes and requires the College of Alberta Psychologists
More informationSCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION
More informationPRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7
PRIVACY POLICY Effective: January 1, 2014 Revised: March 19, 2015 Privacy Policy Page 1 of 7 WAJAX CORPORATION PRIVACY POLICY GENERAL POLICY Privacy Overview Wajax Corporation (Wajax) and its business
More informationWe will not collect, use or disclose your personal information without your consent, except where required or permitted by law.
HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial
More informationPacific Smiles Group Privacy Policy
Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in
More informationLast updated: 30 May 2016. Credit Suisse Privacy Policy
Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationMyNextConsultant.com Privacy Policy. Last updated: October 01, 2013
MyNextConsultant.com Privacy Policy Last updated: October 01, 2013 1. About this Privacy Policy Thank you for using MyNextConsultant and visiting our website. Your privacy is important to us, and we have
More informationPRIVACY POLICY. I. Introduction. II. Information We Collect
PRIVACY POLICY school2life, Inc. ( school2life ) Privacy Policy is designed to provide clarity about the information we collect and how we use it to provide a better social gaming experience. By accepting
More information2. What personal information do we collect and hold?
PRIVACY POLICY Conexus Financial Pty Ltd [ABN 51 120 292 257], (referred to as Conexus, us, we" or our"), are committed to protecting the privacy of the personal information that we collect and complying
More informationPersonal Information Protection Policy for Small and Medium-Size Businesses
Personal Information Protection Policy for Small and Medium-Size Businesses Why does a small business need a policy? Alberta s Personal Information Protection Act, which came into force on January 1, 2004,
More informationPrivacy Policy documents for
Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General
More informationNATIONAL BOARD FOR CERTIFIED COUNSELORS (NBCC) CODE OF ETHICS
PREAMBLE NATIONAL BOARD FOR CERTIFIED COUNSELORS (NBCC) CODE OF ETHICS The National Board for Certified Counselors (NBCC) provides national certifications that recognize individuals who have voluntarily
More informationNew Ross Credit Union Web Site Statement
Privacy New Ross Credit Union Web Site Statement YOUR PRIVACY IS OUR PRIORITY Credit unions have a history of respecting the privacy of our members. Your Board of Directors has adopted the Credit Union
More informationCBHS HEALTH FUND LIMITED PRIVACY POLICY
1. Policy Statement CBHS Health Fund Limited ABN 87 087 648 717 (CBHS) is committed to maintaining the privacy of individuals whose information we collect in accordance with the Australian Privacy Principles
More informationPBGC-19: Office of General Counsel Case Management System
PBGC-19: Office of General Counsel Case Management System Excerpted from Federal Register: Sept. 9, 2014 (Volume 79, Number 174) General Routine Uses System Name: Office of General Counsel Case Management
More informationUnited States Trustee Program
United States Trustee Program Privacy Impact Assessment for the Credit Counseling/Debtor Education System (CC/DE System) Issued by: Larry Wahlquist, Privacy Point of Contact Reviewed by: Approved by: Vance
More informationM&T BANK CANADIAN PRIVACY POLICY
M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (
More informationRespecting your privacy
Respecting your privacy We respect your personal information, and this Privacy Policy explains how we handle it. The policy covers National Australia Bank Ltd ABN 12 004 044 937 and all its related body
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures for UC Group Health Plans Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance
More informationCode of Business Conduct and Ethics THE WOODBRIDGE WAY. integrity honesty respect responsibility
Code of Business Conduct and Ethics THE WOODBRIDGE WAY integrity honesty respect responsibility Reissued June 12, 2015 Code of Business Conduct and Ethics THE WOODBRIDGE WAY INTRODUCTION Woodbridge Foam
More informationHume Bank Limited Privacy Policy
Hume Bank Limited Privacy Policy Hume Bank Limited (ACN 051 868 556) ('we', 'us', 'our') is subject to the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles and Part IIIA
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationSASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board
Date: August 29, 2012 File No.: 2008/101 SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003 Saskatchewan Workers Compensation Board Summary: The Commissioner
More informationPrivacy and Management of Health Information: Standards for CARNA s Regulated Members
Privacy and Management of Health Information: Standards for CARNA s Regulated Members September 2011 Permission to reproduce this document is granted; please recognize CARNA. College and Association of
More informationPRIVACY POLICY. Consent
PRIVACY POLICY car2go N.A. LLC and car2go Canada Ltd. (collectively, car2go ) recognize the importance of protecting your personal information. We take the protection of your personal information seriously
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationSCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationDaltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual
Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That
More informationPrivacy fact sheet 17
Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles
More informationAP 417 Information and Communication Services
AP 417 Information and Communication Services Background Access and use of information and communication services (ICS) are an integral component of the learning and working environment. The ability for
More informationPOLICY. on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY
POLICY on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY CONTENTS 2 DATA PROTECTION POLICY 1 GENERAL PROVISIONS... 6 1.1 Purpose... 7 1.2 Rationale... 7 1.3 Scope...
More informationPrivacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction
Privacy Policy This Privacy Policy will be effective from September 1 st, 2014. Please read Pelican Technologies Privacy Policy before using Pelican Technologies services because it will tell you how we
More informationKinds of information that the Company collects and holds
Privacy Policy Verandah Bar & Bistro Pty Limited Introduction 1. From time to time Verandah Bar and Bistro Pty Ltd ("the Company") is required to collect, hold, use and/or disclose personal information
More informationPrivacy Policy and Notice of Information Practices
Privacy Policy and Notice of Information Practices Effective Date: April 27, 2015 BioMarin Pharmaceutical Inc. ("BioMarin") respects the privacy of visitors to its websites and online services and values
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationSAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014
SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationPersonal Information Protection Policy
Personal Information Protection Policy November 2014 Department of Premier and Cabinet The collection, maintenance, use and disclosure of personal information relating to individuals is regulated by the
More information