At CLR we are committed to providing excellent service and to ensuring that our relationship with you is conducted with integrity and in a responsible, fair, honest and ethical manner. As providing this service involves the collection, use and disclosure of some personal information about our client, protecting their personal information is one of our highest priorities. Consistent with these objectives we maintain high standards of confidentiality with respect to the personal information in our possession.
We will inform our clients of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we will follow in protecting clients’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing our clients’ to request access to, and correction of, their personal information.
1.0 Collection, Use and Disclosure of Personal Information
1.1 What is personal information?
Personal information is information that may be used to identify a specific individual. Examples of personal information include your name, address, age, and other personal identification numbers.
1.2 What personal information does CLR collect and use?
In the course of carrying on our business, it is necessary for CLR to collect and use information about a variety of individuals. The way this information is used is dependent upon the nature and sensitivity of the particular information. CLR limits its collection, use and disclosure of your personal information to the purposes that we have identified to you. For example, CLR may collect personal information such as client medical history in order to make appropriate clinical recommendations, and to respond to client questions or concerns. CLR may collect personal contact information, such as our clients’ home phone number to provide follow-up communication.
CLR does not request information that would enable a client to be contacted at a place of business including: business phone, business email, business fax, business address, and business title. If any of this contact information is voluntarily provided by our client, it is not covered by this policy or PIPA.
The only personally identifiable information we collect and store is the information you choose to provide us when you complete the assessment process, or when you provide periodic updates if relevant information changes during the course of receiving services with CLR. In addition, we may occasionally collect information when offering information from our website. At the time that we collect this information we will give you the opportunity to opt out of receiving further offers and information from CLR.
1.3 Purposes: Why do we collect personal information?
CLR collects and uses personal information for the purposes reasonably required to carry on our business, including the following:
- To establish and maintain a responsible relationship with you: CLR collects basic information from its customers or potential customers, patients, medical staff and other individuals, to confirm their identity and related personal contact information. This information is used to assist and maintain an effective clinical care professional relationship with you. For example, we may collect your name, home address, home telephone number, birth date and clinical care history.
- To meet legal requirements: CLR collects and uses personal information in order to meet our contractual obligations to you, and our legal obligations to others.
- To manage, develop and improve our operations: CLR collects and uses personal information to ensure the efficient operation of our clinical business including ongoing internal quality improvement efforts including collecting information for research purposes and outcome measures.
- To understand your needs: From time to time, we may ask you to participate in surveys that provide us with important information about the effectiveness of services, or other communications. Participation is always voluntary.
We do not sell personal information: names, email addresses, mailing addresses, or any other information to third parties for any purpose.
If we identify a new purpose for the personal information that we have collected from you, we will obtain your consent before using your personal information for the new purpose.
1.4 What personal information does CLR disclose?
CLR may be required to disclose personal information about individuals in certain situations, including the following:
- To an affiliated company or a third party service provider where the third party has agreed to handle the information in accordance with applicable PIPA legislation.
- To a person whom CLR reasonably believes to be acting as the individual's agent.
- To a public authority, or its agent, to the extent required to comply with legal or regulatory requirements.
- For the purpose of a proposed sale of all of or a part of our business, in which case, CLR will obtain the agreement of third parties to protect the confidentiality of information disclosed.
We will not use or disclose client personal information for any additional purpose unless we obtain consent to do so. We will not sell personal lists or information to other parties.
Consent can be provided orally, in writing, electronically, and through an authorized representative. Consent can be implied where the purpose for collecting, using, or disclosing personal information would be considered obvious and the client voluntarily provides personal information for that purpose. You may withdraw or limit your consent to our collection, use or disclosure of your personal information at any time, subject to any legal or contractual restriction and reasonable notice. Please note that the withdrawal of your consent may change the way in which CLR is able to interact with you.
We will not use or disclose your personal information without your consent except in the following circumstances:
- When required by law or for law enforcement or investigatory purposes.
- For an emergency that threatens life, health or personal security.
- For the purpose of collecting on a debt owed to CLR.
- If the information is publicly available and specified in the applicable regulations.
2.0 Protecting Your Personal Information
Keeping your personal information confidential and secure is a priority for us. In order to ensure protection of your personal information, we have developed security procedures to safeguard and protect your personal information against loss, theft, unauthorized disclosure, copying, and unauthorized use or modification, including:
- Limiting the collection, use and disclosure of personal information to that reasonably required to carry on our business.
- Ensuring that areas and documents are only accessible by authorized personnel on a need-to-know basis including physically securing offices where personal information is held.
- Protecting the confidential nature of personal information when dealing with other organizations.
- We will retain client personal information only as long as necessary to fulfill the identified purposes and respective professional legal obligations. We will use appropriate security measures when destroying client’s personal information including shredding documents and deleting electronically stored information.
- We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
3.0 Your Rights
3.1 Accessing your personal information
We will honour any reasonable requests you make to review, update or correct any of your personal information that is held by CLR. CLR requires a written request for copies of personal or file information and provide sufficient detail to identify the personal information being sought. Upon request, we will also tell clients how we use their personal information and to whom it has been disclosed, if applicable. CLR will respond to your request for access within 30 days of the request being received, or provide written notice of an extension where additional time is required to fulfill the request. A fee may be charged for providing access to personal information. Where a fee may apply, we will inform the client of the cost and request further direction from the client on whether or not we should proceed with the request. If a request is refused in full or in part, we will notify the client in writing, providing the reasons for refusal and the recourse available to the client.
You could refuse to allow us to obtain, use or share your personal information or you could also withdraw a previously given consent at any time. However, by doing so, depending on the situation, you may be limiting or even preventing our ability to provide you with the service or product you desire.
3.2 Requesting an update or correction
If you believe that any of your personal information is inaccurate, you may ask us to correct it. We will respond to your request to update or correct your personal information within 30 days of the request being made.
3.3 Registering complaints
In the event of any conflict or other concern regarding access to, the accuracy of, or our use of your personal information, you may register a question or complaint with our Privacy Officer. The Privacy officer is responsible for ensuring compliance with this policy and the Personal Information Protection Act.
4.0 Contact Information and Resources
Our goal is to respect your privacy. We welcome your comments and questions.
Attention: Byron Shier Chief Privacy Officer
Tel: (778) 988-3102
To find out more about federal privacy laws, contact the Office of the Privacy Commissioner at 1-800-282-1376 or visit its website at www.privcom.gc.ca.
For more information on privacy laws in British Columbia, you may contact the Office of the Information and Privacy Commissioner of British Columbia toll free at 1-800-663-7867, 1-250-387-5629, email: firstname.lastname@example.org, or visit its website at www.oipc.bc.ca.
6.0 Visiting the CLR Website
A visitor to the CLR website, www.clrheath.com, is not required to reveal any personal information, such as name, address, or telephone number. Nor is such information collected passively by electronic means.
Your personal information is only collected when you voluntarily complete an online application, request form, or survey. Personal information collected from the online application is only used to respond to client requests and inquiries, and is not used for any other purposes.
Our website does not collect visitor information in the form of the visitor's domain or Internet Protocol ("IP") address but does collect information regarding which pages are accessed. This information is used internally, only in aggregate form; to better serve you by helping us manage and improve the content of our website and to diagnose technical problems.
CLR does not store 'cookies' on your computer when you visit our website.
7.0 CLR's Commitment to the PIPA Guidelines and Principles
Principle #1: Accountability - CLR is responsible for personal information under its control and has designated a Privacy Officer who is accountable for CLR's compliance with the ten privacy principles.
Principle #2: Identifying Purposes - CLR shall identify the purposes for which personal information is collected at or before the time of collection.
Principle #3: Obtaining Consent - The knowledge and consent of an individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle #4: Limiting Collection - The collection of personal information shall be limited to that which is necessary for the purposes identified by CLR. Personal information shall be collected by fair and lawful means.
Principle #5: Limiting Use, Disclosure and Retention - CLR shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. CLR shall retain personal information only for as long as necessary to achieve fulfillment of the identified purposes.
Principle #6: Keeping Personal Information Accurate - CLR shall keep personal information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Principle #7: Safeguarding Personal Information - CLR shall protect personal information by security safeguards appropriate to the sensitivity of the information.
Principle #8: Openness concerning our Privacy Practices - CLR shall ensure that specific information about its policies and practices relating to the management of personal information are made readily available to individuals with whom it interacts.
Principle #9: Access to Information - CLR shall, upon request, inform an individual of the existence, use, and disclosure of his or her personal information and shall give such individual access to that information. CLR must refuse access to personal information the disclosure of which: could reasonably be expected to threaten the safety, physical, or mental health or another individual; could reasonably be expected to cause immediate or grave harm to safety, physical, or mental health of the individual who made the request; would reveal personal information about another individual or an opinion provided that could identify another individual who has not provided consent.
Principle #10: Challenging Compliance - An individual shall be able to address a challenge concerning CLR compliance with PIPEDA (or where applicable British Columbia’s PIPA) to the CLR Privacy Officer.