Disclaimer
All information and resources provided by the Ontario Hospital Association on this website, including all bulletins, guidance documents, and/or newsletters, is for general information only, and should not be relied on as legal advice or opinion. No person should act or refrain from acting in reliance on any information found on this website without first obtaining appropriate professional advice. While the Ontario Hospital Association aims to provide accurate and up-to-date information, any information provided on this website is by nature subject to revision and may not be the most current information available on the subject matter discussed.
Privacy Policy
The Ontario Hospital Association (the "OHA") is committed to protecting and safeguarding the privacy and security of customer and member personal information ("Personal Information"). This policy (the "Privacy Policy") has been implemented to comply with the Personal Information Protection and Electronic Documents Act (the "PIPEDA") which came into effect provincially on January 1, 2004 and Canada's Anti-Spam Legislation ("CASL") which came into effect July 1, 2014.
Part I of this Privacy Policy sets out the principles and guidelines that the OHA has adopted for the management of Personal Information of its customers and members, and is in accordance with the PIPEDA and the 10 principles of the Canadian Standards Association Model Code for the Protection of Personal Information (the "Privacy Principles"). Part II of this Privacy Policy outlines the OHA's commitment to safeguarding electronic information and complying with CASL.
PART I
Personal Information is defined as information about an identifiable individual including customer and member information that pertains to the use of OHA services, credit card information and purchase information whether provided in writing, orally or by electronic means. Personal Information does not include information that is business contact information, is publicly available information, such as customer and member names, addresses, telephone numbers and electronic addresses when listed in a public directory or made available through directory assistance or other similar sources.
The OHA wants you to know it keeps your Personal Information secure and uses it only as necessary and as is authorized. In recognition of this goal, the OHA makes the following commitments to you, our customers and members.
Principle 1 – Accountability
1.1 The OHA is responsible for Personal Information under its control and has designated the Director of Legislative, Legal and Professional Issues as our Privacy Officer who is accountable for the OHA's compliance with the PIPEDA. There are other individuals within the OHA who are designated with the responsibility for day to day collection and management of Personal Information.
1.2 The OHA has policies and procedures in place to implement and comply with this Privacy Policy, including procedures relating to the collection, handling, storage and destruction of Personal Information. OHA staff has also been provided the requisite education and training to protect Personal Information and to deal with complaints on privacy issues.
1.3 The OHA is responsible for Personal Information transferred by it to third parties, if any, for processing on its behalf. The OHA uses contractual means to provide an appropriate level of protection for such transferred information. Third parties entering into a business relationship with the OHA are required to adhere to the Privacy Principles, this Privacy Policy, the PIPEDA, CASL and any other applicable law dealing with the protection of Personal Information.
Principle 2 – Identifying Purposes
2.1 The OHA identifies the purposes for which Personal Information is being collected at or before the time of such collection.
2.2 Generally, the OHA collects Personal Information only for the following purposes:
(a) To establish and maintain responsible commercial relations with customers and members and to provide ongoing services and offers;
(b) To understand customer and member needs;
(c) To develop, enhance, market or provide services;
(d) To manage and develop OHA's business and operations;
(e) To meet legal and regulatory requirements; and
(f) To facilitate commercial transactions.
2.3 In the event that the OHA is required to use, disclose or collect Personal Information for a purpose that is not listed above and in respect of which the customer or member has not previously granted his or her consent, the Personal Information will not be used or disclosed without first identifying the new purpose and obtaining the customer or member's consent, unless otherwise exempted from doing so under the PIPEDA.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure
3.1 The OHA collects Personal Information by fair and lawful means and obtains the individual's consent for the collection, use or disclosure of his or her Personal Information, as required by the PIPEDA or by law.
3.2 The consent may be express, implied or given through an authorized representative.
3.3 A customer or member may withdraw consent to use his or her Personal Information at any time, subject to any legal or contractual restrictions and upon giving the OHA reasonable notice. The OHA will inform individuals of the implications, if any, of withdrawing consent and how to do so.
3.4 While the OHA will seek consent from the customer or member to collect, use and disclose Personal Information in most circumstances, there are some exceptions to the requirement to obtain consent. These exceptions to the requirement for consent include, but are not limited to, where the OHA is required to comply with a court order or investigation by law enforcement personnel.
Principle 4 – Limiting Collection of Personal Information
4.1 The OHA limits the collection of Personal Information to that which is reasonably necessary for the identified purpose(s). Personal Information will be collected only by fair and lawful means.
Principle 5 – Limiting Use, Disclosure and Retention
5.1 The OHA does not use or disclosure Personal Information for purposes other than those for which it was collected, except with the consent of the individual, or as permitted or required by law.
5.2 The OHA retains Personal Information only as long as is necessary for the fulfillment of those purposes or as required by law.
5.3 The OHA may disclose Personal Information to a person or organization involved directly or indirectly in supplying a product or service to OHA customers or members, including without limitation, our sales and marketing department, our invoice printing and mailing suppliers, our data processors, and our product and service suppliers. This disclosure is only made to the extent the Personal Information is required and is used only for purposes such as the efficient supply of OHA services. Such disclosure requires the receiving person or entity to keep the Personal Information confidential.
5.4 The OHA may share Personal Information with potential business partners or related entities of the OHA for the same or reasonably similar purposes as those identified above under Principle 2.
5.5 The OHA will take reasonable steps to ensure that only employees who need to know or whose duties so require, are granted access to customer or member Personal Information.
5.6 The OHA has established reasonable guidelines and procedures for Personal Information and records retention, and any Personal Information no longer needed for its identified purpose or for legal requirements will be destroyed, erased or made anonymous within a reasonable period of time.
Principle 6 – Accuracy
6.1 The OHA takes reasonable steps to keep Personal Information accurate, complete and up to date as is necessary for the identified purpose(s). Individuals are entitled to check on the accuracy of their Personal Information and submit a correction request, if necessary. The OHA will rely exclusively on the representation provided by individuals in determining the completeness, accuracy, and timeliness of his or her Personal Information and will have no further obligation to seek independent verification of any customer or member Personal Information supplied by the individual.
Principle 7 – Security Safeguards
7.1 The OHA protects Personal Information from unauthorized access, use and disclosure by establishing and maintaining appropriate security safeguards.
7.2 The OHA has implemented safeguards to protect against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. The OHA's employees are made aware of the need to maintain the confidentiality of all Personal Information.
Principle 8 – Openness
8.1 The OHA makes information readily available about our policies and practices related to the management of Personal Information of our customers and members.
8.2 The OHA's Privacy Policy is posted on the OHA's website and informs customers and members about the type of Personal Information it may collect, what it is used for and to whom the information may be disclosed.
Principle 9 – Obtaining Access to Personal Information
9.1 Upon request and in accordance with the requirements under the PIPEDA, the OHA provides its customers and members with access to their Personal Information and details about the use and disclosure of that information. The individual customer or member shall be able to challenge the accuracy and completeness of his or her Personal Information and to have it corrected, as and when appropriate.
9.2 In certain circumstances the OHA may not be able to give customers or members access to all Personal Information it holds about the individual. For example, this may be the case when the information is unreasonably costly to provide, the information contains references to other individuals, the information cannot be disclosed for legal, security or commercial proprietary reasons, or the information is subject to solicitor client or litigation privilege. In the event the OHA declines to grant access to Personal Information of a customer or member, the OHA will explain and give reasons for denying access in writing and the recourse available to the individual.
9.3 The OHA will make reasonable efforts to respond to an individual's request for access to his or her Personal Information no later than 30 days after receipt of the written request, and at a minimal or no cost. The individual will be informed of any extensions to the time limit and his or her right to contact the Privacy Commissioner regarding the extension of time.
Principle 10 – Challenging Compliance
10.1 The OHA provides individuals with information about the procedure for challenging our compliance with the PIPEDA, should they wish to do so.
10.2 All complaints and/or questions should be directed, in writing, to the Privacy Officer at the OHA. The Privacy Officer may be contacted at the following information:
Melissa Prokopy, Director, Legislative, Legal and Professional Issues
Ontario Hospital Association
200 Front Street West, Suite 2800
Toronto, Ontario M5V 3L1
Telephone: 1-800-598-8002 or 416-205-1300
Facsimile: 416-205-1360
E-mail address: mprokopy@oha.com
10.3 If the Privacy Officer is unable to resolve the issue, a written complaint may be filed with the Federal Privacy Commissioner at the following address:
The Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Telephone: 1-800-282-1376
E-mail address: info@privcom.gc.ca
PART II
The OHA is committed to reducing the harmful effects of spam and related threats to electronic commerce and is working towards a safer and more secure online marketplace.
CASL regulates certain forms of electronic contact, consisting of, the sending of commercial electronic messages, the alteration of transmission data in electronic messages, and the installation of computer programs on another person's computer system, in the course of a commercial activity. The fundamental underlying principle of CASL is that such activities may only be carried out with consent.
The OHA complies with CASL and works with its members, customers and partners to seek consent, as required by CASL, before communicating any commercial electronic messages.
For additional information, see: www.fightspam.gc.ca