Personal Information is defined as information about an identifiable individual including customer and member information that pertains to the use of OHA services, credit card information and purchase information whether provided in writing, orally or by electronic means. Personal Information does not include information that is business contact information, is publicly available information, such as customer and member names, addresses, telephone numbers and electronic addresses when listed in a public directory or made available through directory assistance or other similar sources.
The OHA wants you to know it keeps your Personal Information secure and uses it only as necessary and as is authorized. In recognition of this goal, the OHA makes the following commitments to you, our customers and members.
Principle 1 – Accountability
1.1 The OHA is responsible for Personal Information under its control and has designated the Director of Human Resources and IT, as our Privacy Officer who is accountable for the OHA’s compliance with the Act. There are other individuals within the OHA who are designated with the responsibility for day to day collection and management of Personal Information.
Principle 2 – Identifying Purposes
2.1 The OHA identifies the purposes for which Personal Information is being collected at or before the time of such collection.
2.2 Generally, the OHA collects Personal Information only for the following purposes:
(a) To establish and maintain responsible commercial relations with customers and members and to provide ongoing services and offers;
(b) To understand customer and member needs;
(c) To develop, enhance, market or provide services;
(d) To manage and develop OHA’s business and operations
(e) To meet legal and regulatory requirements; and
(f) To facilitate commercial transactions.
2.3 In the event that the OHA is required to use, disclose or collect Personal Information for a purpose that is not listed above and in respect of which the customer or member has not previously granted his or her consent, the Personal Information will not be used or disclosed without first identifying the new purpose and obtaining the customer or member’s consent, unless otherwise exempted from doing so under the Act.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure
3.1 The OHA collects Personal Information by fair and lawful means and obtains the individual’s consent for the collection, use or disclosure of his or her Personal Information, as required by the Act or by law.
3.2 The consent may be express, implied or given through an authorized representative.
3.3 A customer or member may withdraw consent to use his or her Personal Information at any time, subject to any legal or contractual restrictions and upon giving the OHA reasonable notice. The OHA will inform individuals of the implications, if any, of withdrawing consent and how to do so.
3.4 While the OHA will seek consent from the customer or member to collect, use and disclose Personal Information in m0st circumstances, there are some exceptions to the requirement to obtain consent. These exceptions to the requirement for consent include, but are not limited to, where the OHA is required to comply with a court order or investigation by law enforcement personnel.
Principle 4 – Limiting Collection of Personal Information
4.1 The OHA limits the collection of Personal Information to that which is reasonably necessary for the identified purpose(s). Personal Information will be collected only by fair and lawful means.
Principle 5 – Limiting Use, Disclosure and Retention
5.1 The OHA does not use or disclosure Personal Information for purposes other than those for which it was collected, except with the consent of the individual, or as permitted or required by law.
5.2 The OHA retains Personal Information only as long as is necessary for the fulfillment of those purposes or as required by law.
5.3 The OHA may disclose Personal Information to a person or organization involved directly or indirectly in supplying a product or service to OHA customers or members, including without limitation, our sales and marketing department, our invoice printing and mailing suppliers, our data processors, and our product and service suppliers. This disclosure is only made to the extent the Personal Information is required and is used only for purposes such as the efficient supply of OHA services. Such disclosure requires the receiving person or entity to keep the Personal Information confidential.
5.4 The OHA may share Personal Information with potential business partners or related entities of the OHA for the same or reasonably similar purposes as those identified above under Principle 2.
5.5 The OHA will take reasonable steps to ensure that only employees who need to know or whose duties so require, are granted access to customer or member Personal Information.
5.6 The OHA has established reasonable guidelines and procedures for Personal Information and records retention, and any Personal Information no longer needed for its identified purpose or for legal requirements will be destroyed, erased or made anonymous within a reasonable period of time.
Principle 6 – Accuracy
6.1 The OHA takes reasonable steps to keep Personal Information accurate, complete and up to date as is necessary for the identified purpose(s). Individuals are entitled to check on the accuracy of their Personal Information and submit a correction request, if necessary. The OHA will rely exclusively on the representation provided by individuals in determining the completeness, accuracy, and timeliness of his or her Personal Information and will have no further obligation to seek independent verification of any customer or member Personal Information supplied by the individual.
Principle 7 – Security Safeguards
7.1 The OHA protects Personal Information from unauthorized access, use and disclosure by establishing and maintaining appropriate security safeguards.
7.2 The OHA has implemented safeguards to protect against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. The OHA’s employees are made aware of the need to maintain the confidentiality of all Personal Information.
Principle 8 – Openness
8.1 The OHA makes information readily available about our policies and practices related to the management of Personal Information of our customers and members.
Principle 9 – Obtaining Access to Personal Information
9.1 Upon request and in accordance with the requirements under the Act, the OHA provides its customers and members with access to their Personal Information and details about the use and disclosure of that information. The individual customer or member shall be able to challenge the accuracy and completeness of his or her Personal Information and to have it corrected, as and when appropriate.
9.2 In certain circumstances the OHA may not be able to give customers or members access to all Personal Information it holds about the individual. For example, this may be the case when the information is unreasonably costly to provide, the information contains references to other individuals, the information cannot be disclosed for legal, security or commercial proprietary reasons, or the information is subject to solicitor client or litigation privilege. In the event the OHA declines to grant access to Personal Information of a customer or member, the OHA will explain and give reasons for denying access in writing and the recourse available to the individual.
9.3 The OHA will make reasonable efforts to respond to an individual’s request for access to his or her Personal Information no later than 30 days after receipt of the written request, and at a minimal or no cost. The individual will be informed of any extensions to the time limit and his or her right to contact the Privacy Commissioner regarding the extension of time.
Principle 10 – Challenging Compliance
10.1 The OHA provides individuals with information about the procedure for challenging our compliance with the Act, should they wish to do so.
10.2 All complaints and/or questions should be directed, in writing, to the Privacy Officer at the OHA. The Privacy Officer may be contacted at the following information:
Director, Policy, Legislative and Legal Affairs
Ontario Hospital Association
200 Front Street West
Toronto, Ontario M5V 3L1
E-mail address: firstname.lastname@example.org
10.3 If the Privacy Officer is unable to resolve the issue, a written complaint may be filed with the Federal Privacy Commissioner at the following address:
The Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
E-mail address: email@example.com