Health Products Stewardship Association

Privacy

As of January 1, 2004, under the Personal Information Protection and Electronic Documents Act (PIPEDA), HPSA is required to obtain an individual's consent when they collect, use or disclose the individual's personal information. Under the Act, HPSA must follow a code for the protection of personal information, which consists of 10 principles of fair information practices.

1.     Being Accountable

HPSA will comply with all 10 principles of the Personal Information Protection and Electronic Documents Act. The President of HPSA is responsible for ensuring HPSA's compliance with the Act.

Personal information gathered by HPSA is kept in confidence. Our personnel are authorized to access personal information based only on their need to deal with the information for the reason(s) for which it was obtained. Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered. We also take measures to ensure the integrity of this information is maintained and to prevent its being lost or destroyed. We collect, use and disclose personal information only for purposes that a reasonable person would consider appropriate in light of the circumstances.

2.     Identifying Purposes

HPSA collects personal data in order to maintain contact with individuals with whom it has normal business dealings and to fulfill its mandate. For example, HPSA uses the collected data to:

  • Distribute regular business correspondence including newsletters, event notices, meeting notices, membership information, correspondence;
  • Contact individuals via mail, e-mail, telephone, fax;
  • Identify groups for the purposes of corresponding (such as categories of memberships)
  • Maintain records of correspondence;
  • Analyze and improve its services and benefits;

3.     Obtaining Consent

HPSA considers consent to be an expression of permission to collect and use information for the purpose of providing services, benefits, and information. HPSA has procedures in place to inform individuals of the purposes for collecting and using personal information, and for obtaining consent to collect and use personal information. Consent may be provided in the form of a written or oral expression of consent or the withdrawal of consent. HPSA obtains consent in person, and/or by mail, internet, telephone, or fax.

4.     Limiting Collection

Personal information is any information that can be used to distinguish, identify or contact a specific individual. Certain information is excluded under the Act: information contained on the business card of an employee of an organization and certain publicly available information, such as that published in public directories. Where an individual uses his or her home contact information as business contact information as well, we consider that the contact information provided is business contact information, and is not therefore subject to protection as personal information.

HPSA collects personal information only for purposes that a reasonable person would consider appropriate in light of the circumstances. For example, HPSA collects e-mail addresses so that we can provide services via the internet. HPSA does not collect information that is extraneous to the efficient operation of the Association. HPSA does not collect information on behalf of third parties.

5.     Limiting Use, Disclosure and Retention

HPSA only collects personal information for the purpose of maintaining contact and providing services and benefits to business associates. Personal information is retained for as long as HPSA has a business relationship with the individual. When consent is withdrawn, HPSA deletes the information from its database.

6.     Being Accurate

HPSA endeavours to keep records as up-to-date as possible to ensure that it is able to fulfill the intended purposes for which the data are collected. Data is obtained directly from the individual, individuals authorized to provide updated data, publicly available directories, and other sources as appropriate. Data is reviewed and updated on an annual basis and throughout the year as updated data is identified.

7.     Using Appropriate Safeguards

Personal data is stored on an electronic database in the HPSA office. A User ID and password is required to access the database. The database is backed up according to technological protocols. HPSA's office and the building in which it is housed are locked outside of normal business hours.

Contact information is defined as information necessary to identify the business relationship of the individual and to contact the individual, such as name, telephone number, and e-mail address. Contact information is stored on handheld devices belonging to, and secured by, senior HPSA employees.

8.     Being Open

HPSA takes the management of personal information seriously and makes every reasonable effort to protect it. HPSA's Privacy Policy is posted on its web site at www.healthsteward.ca and is available from the office at 2255 St-Laurent blvd, suite:330, Ottawa, ON, K1G6C4; tel.: 1-613-723-7282; e-mail: info@healthsteward.ca. If you have questions or comments about HPSA's Privacy Policy or procedures, please contact the office.

9.     Giving Individuals Access

Individuals may contact the HPSA office to review their personal information records. Correspondence should be sent to the Executive Director at ginette.vanasse@healthsteward.ca or tel.: 1-613-723-7282. Someone will be available to answer questions about the requested information. HPSA will correct incorrect information on a timely basis, usually within 48 hours of notice. There are no costs or charges associated with the correction of information.

10.     Challenging Compliance

The easiest method of complaint about HPSA's enforcement of its Privacy Policy and procedures is to communicate directly with HPSA's Executive Director via letter, e-mail or telephone. In most cases, complaints can be satisfied within 48 hours. Understandably, complaints that involve more than a simple correction or updating of information should be submitted in writing so that both the complainant and HPSA have a paper trail to follow in accounting for the resolution of the complaint.

Should an individual not be satisfied with the handling of a Privacy Policy complaint by an HPSA employee, they should bring the complaint directly to the attention of HPSA's President, if the complaint is still not resolved, the complaint should be brought to the attention of the Privacy Commissioner of Canada.