This Policy explains how we will collect, use, disclose and store Personal Information. We urge you to read the Policy carefully in order to gain a clear understanding of how the Organization may collect, use or disclose Personal Information.
“Personal Information” means any information, in any form, about an identified individual or an individual whose identity may be inferred or determined from such information, other than business contact information (e.g. name, title, business address).
Please note that this Policy does not cover business contact information, anonymous aggregate information or data from which the identity of an individual cannot be determined. Subject to any agreement between the Organization and you (or between the Organization and your employer) otherwise, the Organization retains the right to use and disclose such information and data in any way that it determines appropriate.
This Policy applies to all Personal Information collected by the Organization including Personal Information we collect from you through our website (when you register for an account or visit anonymously), our Client Portals, Partner Portals, Surveyor Portals, as well as Personal Information provided to the Organization by its clients, contractors (including surveyors), service providers, agents, partners, and affiliated entities participating in Accreditation Canada licensed accreditation processes.
The Organization and its agents, partners, contractors or service providers that may collect Personal Information on behalf of the Organization, will not collect any Personal Information without obtaining the consent of the individual to whom it belongs prior to the collection of the information. By using our websites [www.accreditation.ca], or providing us with your Personal Information over the telephone, by email, in writing, by fax or in person, you provide your consent for the Organization to collect, use, disclose and store your Personal Information in accordance with the terms of this Policy.
In most cases and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent to the collection, use, disclosure and storage by the Organization of your Personal Information at any time upon reasonable, advance notice to the Organization. However, the withdrawal of your consent is not retroactive. It should be noted that in certain circumstances, our products or services can only be offered if you provide us with your Personal Information. Consequently, if you choose not to provide us with the required Personal Information, we may not be able to offer you these products or services. We will inform you of the consequences of the withdrawal of consent. Notwithstanding anything in this Policy, we may, from time to time, seek consent from you to use and disclose your Personal Information collected for a purpose other than the purposes set out herein.
If you are a client of the Organization and you provide us with the Personal Information of other individuals, you are responsible for obtaining the consent of the individuals from whom you collect any Personal Information at the time of collection in accordance with all applicable privacy laws.
III. Collection of Personal Information
What Personal Information Do We Collect?
We may collect the following types of Personal Information: your name, email address, and credit card information.
Surveyors: We collect the following Personal Information from surveyors: address, emergency contact information, information about allergies, place of employment, SIN, and similar information collected in the context of entering into a contractual relationship between the Organization and the surveyor. The terms and conditions for the collection, use and disclosure of this information are set out in the contractual agreements between the Organization and the surveyors. The Organization does not disclose any of the surveyor’s information without the surveyor’s prior consent, unless permitted to do so by law.
We collect only such Personal Information as we deem to be reasonably required in the circumstances for the purpose(s) for which it is collected.
Except as set out in this Policy (or unless otherwise permitted by the applicable laws), the Organization does not collect Personal Information without first obtaining the consent of the individual concerned to the collection of such Personal Information.
How Do We Collect Your Personal Information?
We collect Personal Information from individuals who create accounts with our website or who create (or are provided) accounts with any Client Portal, Partner Portal or Surveyor Portal operated by the Organization.
We also collect Personal Information from individuals who place orders through the website for goods and services, who respond to online or email surveys, or provide information to us in person, in writing, by fax or over the telephone when asked for such information (including proof of any accreditation process).
We may also indirectly collect and store in our systems Personal Information which is uploaded by clients and contractors of the Organization pursuant to Accreditation Canada accreditation processes or which is provided to us indirectly by clients, contractors (including surveyors), service providers, agents, partners, and affiliated entities participating pursuant to any Accreditation Canada licensed accreditation process.
We collect Personal Information from surveyors at the time of entering into a contractual relationship with the surveyor.
We use only fair and lawful methods to collect Personal Information.
IV. Use of Personal Information
What Do We Use Your Personal Information For?
We use Personal Information for the following purposes:
- For the performance and delivery of accreditation services and related services;
- For the performance and delivery of education and training sessions and webinars;
- To process transactions for the purchase of goods and services;
- To perform activation services and generate reports;
- To improve our products and services;
- To improve our website;
- To enter and maintain a contractual relationship with a surveyor.
Unless permitted or required by the applicable laws, the Organization does not use Personal Information for other purposes.
Surveyors that perform surveys on behalf of the Organization as part of the accreditation process may have access to the Personal Information in the custody or control of our clients. Surveyors do not collect any Personal Information, do not remove it offsite and do not disclose it to the Organization or any third party. The surveyors’ use of any Personal Information of the Organization’s clients is limited to the purposes of assessment and provision of recommendations by the surveyors to the Organization during the survey process. Personal Information that may be accessed by surveyors is further protected by contractual means.
We also use information collected from surveyors about themselves in order to enter into and manage the contractual relationship between the Organization and the surveyor.
V. Disclosure of Personal Information
The Organization may disclose your Personal Information between its related entities, as well as to third party individuals or organizations who are our trusted partners, service providers, contractors or agents who assist us in delivering or performing our services, conducting our business, operating our website, so long as those parties agree to use, disclose and store the Personal Information disclosed to them solely for the purpose(s) such Personal Information was provided to them, and to otherwise keep your Personal Information confidential and have appropriate safeguards for the protection of the information.
Unless permitted or required by the applicable laws, the Organization does not disclose Personal Information for other purposes.
It is important that you note that if you are an employee, contractor, surveyor or consultant of a health services organization that is a client of the Organization, Personal Information you provide to the Organization as part of the accreditation process or use of other services provided by the Organization may be provided to and used by related companies of the Organization engaged by the Organization to provide such services, and/or contractors and consultants of the Organization and its affiliates for the purpose of allowing such persons and entities to perform and deliver such services to your organization.
Except as set out otherwise in this Policy, or except as you may permit from time to time in the manner set out herein, the Organization will not sell, exchange, transfer or give your Person Information to any other person or entity for any reason whatsoever.
Where Disclosure Can Be Made Without Consent
Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted without your consent or where the Organization is obliged to disclose Your Personal Information without consent. Such circumstances may include, without limitation:
(a) where use or disclosure of Personal Information is required by applicable law or by order or requirement of a court, administrative agency or governmental tribunal;
(b) where the Organization believes, upon reasonable grounds, that the use or disclosure of Personal Information is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
(c) where the use or disclosure of Personal Information is necessary to permit the Organization to pursue available remedies or limit any damages that we may sustain;
(d) where the Personal Information is public as permitted by applicable law;
(e) where the use or disclosure of Personal Information is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
(f) where the use or disclosure of Personal Information is necessary for the purpose of a prospective business transaction if use or disclosure of such Personal Information is necessary to determine whether to proceed with the transaction or to complete the transaction, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction.
Where obliged or permitted to disclose Personal Information without consent, the Organization will not disclose more Personal Information than is required.
VI. Storage and Transfer of Personal Information
Hard copies of your Personal Information are stored by the Organization in Ontario, Canada. Electronic copies of your Personal Information are stored on servers and/or operated by or for the Organization in Ontario, Canada. Personal Information collected from or about you offline may also be stored in Canada.
However, in certain circumstances, unless prohibited by applicable privacy legislation, Personal Information may also be accessed, transferred and stored outside of Canada by the Organization’s contractors, service providers and affiliates. Where Personal Information is accessed, transferred or stored outside of Canada where privacy laws may offer different levels of protection from those in Canada, your Personal Information may be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation.
VII. Protection of Personal Information
How Do We Protect Your Personal Information?
We employ a variety of physical, technical and organizational security measures to maintain the safety of Personal Information.
We offer the use of a secure server. All sensitive financial (e.g. credit card) information, any information provided via the Organization’s websites, Client Portal and Surveyor Portal is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, where it is only accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.
What Do We Do In Case Of A Security Breach?
A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of Personal Information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving Personal Information under the Organization’s control, we will notify you and the appropriate federal or provincial Privacy Commissioners in Canada if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.
VIII. Cookies and Embedded Scripts
ii. Adjusting cookie settings on your browser: By default, most browsers will automatically accept cookies. However, you can disable cookies completely, or be prompted prior to a cookie being loaded, by adjusting your browser’s settings. Consult each individual browser’s “help” feature for more information.
An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.
IX. Access and Correction of Personal Information
How Can You Access Or Correct Any Inaccuracies In Your Personal Information?
The Organization endeavors to ensure that all Personal Information provided by or about you and in its possession is accurate, current and complete as necessary for the purposes for which we use that Personal Information. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use our best efforts to inform third party service providers or contractors which were provided with inaccurate information to enable those third parties to also correct their records.
The Organization permits the reasonable right of access and review of Personal Information held by us and will endeavour to provide the Personal Information in question within a reasonable time, generally no later than 30 days following the request. To guard against fraudulent requests for access, we may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.
We will provide copies of the Personal Information in our possession in a form that is easy to understand or in a summary form where appropriate. The Organization reserves the right not to change any Personal Information but will append any alternative text the individual concerned believes to be appropriate. The Organization will not charge you for verifying or correcting your information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.
X. Retention of Personal Information
How Long Do We Retain Your Personal Information?
We keep your Personal Information only as long as we believe it is required to be used and kept in view of the reasons for which it was collected and purposes for which it will be used. The length of time we will retain Personal Information varies depending on the purpose(s) for which it was collected and the nature of the Personal Information. This period may extend beyond the end of your relationship or contract with us (or the relationship or contract of your organization with the Organization, for its affiliates and licensees, as applicable) but it will be only for so long as we believe it to be necessary for us to have sufficient Personal Information to respond to any issues that may arise at a later date.
XI. Links to Other Websites
The Organization cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. The Organization does not endorse the content or information of any third-party we cite or resource and, further, the Organization does not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of the Organization’s systems or websites to search for or link to a third-party website, you agree and understand that the Organization shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with their use of, or reliance on, the Organization to obtain search results or to link to a third-party website.
XII. Resolving Your Privacy Concerns
In the event of questions about: (i) access to Personal Information; (ii) our collection, use, disclosure or storage of Personal Information; or (iii) this Policy; please contact the Organization’s Privacy Officer by sending an e-mail to Anca Sattler, Privacy Officer @ firstname.lastname@example.org.
The Organization will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue.
XIII. Changes to This Policy
If you do not agree to the terms of this Policy, you should exit the website, Client Portal, Partner Portal or Surveyor Portal, and cease use of all Organization services immediately, or contact the Organization to withdraw your consent. Your continued use of the Organization websites, any Organization Client Portal, Partner Portal, Surveyor Portal or the Organization services following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy.
This Policy is drafted in English, however we have provided translations of the Policy into other languages. To the extent of any conflict between the Policy in English and any version in another language, the English version shall prevail.
Effective Date: This Policy was last updated on February 1, 2017.