Scope
Collecting personal information about our members is essential to our ability to provide a high quality of service. OASSIS is committed to the principles of individual privacy and the protection of personal information. This Privacy Policy is a statement of principles and guidelines concerning the protection of personal information entrusted to us.
Purpose
The purpose of these guidelines is:
- To outline the principles of privacy protection as they pertain to the personal information of individuals that is collected, used and stored or disclosed by OASSIS in the course of marketing and administering the OASSIS group insurance program.
- To define the roles and responsibilities for OASSIS’ privacy protection
- To ensure that OASSIS is in compliance with all applicable Privacy legislation
Definitions
Personal Information means information about an identifiable individual but does not include an individual’s name, title, business address, business telephone number or business email address. Personal information with personal identifiers removed is not considered personal information.
Transfer means the movement of personal information from OASSIS to a third party for processing, where OASSIS retains control over the information.
Use means the treatment, handling and management of personal information by OASSIS.
Disclosure means the movement of personal information to a third party, which thereby obtains control over that information.
Third Party means an individual, insurer, union, association, agency or other organization other than OASSIS.
Roles and Responsibilities
The OASSIS Board of Trustees is responsible for personal information within its control and will promote the Personal Information Protection Principles.
The Executive Director is responsible for establishing and implementing practices and guidelines that reflect the Personal Information Protection Principles.
The Privacy Officer is designated to ensure that OASSIS is in compliance with the Personal Information Protection Principles and applicable legislation.
All OASSIS employees and its Board of Trustees have a duty to protect the personal information that is used, collect, retained or disclosed in the course of conducting OASSIS business.
Personal Information Protection Principles
Following are the ten guiding principles for the protection of personal information at OASSIS.
- Accountability: OASSIS is responsible for the personal information in its control.
- Identifying purposes: OASSIS will identify the purposes for which personal information is collected at or before the time the information is collected.
- Consent: OASSIS will only collect, use and disclose personal information with the informed consent of individuals unless required or authorized by law.
Consent can be either express or implied and can be given directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction. Consent can be withdrawn at anytime, and if withdrawn or denied, the consequences should be made clear to those withdrawing or denying their consent. - Limiting collection: OASSIS will limit the amount and type of personal information collected to that which is reasonably necessary to fulfill the identified purpose of collecting the information for the provision of services to OASSIS’ clients.
- Limiting use, disclosure and retention: OASSIS will not disclose personal information for purposes other than those for which it was collected, except with the consent of the individual unless required or authorized by law.
OASSIS will retain personal information only as long as necessary for the fulfillment of its purposes and in accordance with retention guidelines or regulatory requirements. - Accuracy: OASSIS will take reasonable steps to ensure that personal information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Protection and Care: OASSIS will protect personal information with necessary safeguards appropriate to the nature of the information under its control. Access to personal information will be available only to authorized persons.
- Openness: OASSIS will make readily available to individuals, information regarding our policies and procedures relating to the management of personal information.
- Individual access: Upon request, an individual will be informed of the existence, use and disclosure of their personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Compliance: Individuals can address any complaint regarding OASSIS’ handling of personal information to our Privacy Officer. Reasonable and appropriate measures will be taken to correct any perceptions of inappropriate compliance or management of personal information under OASSIS’ control.
Inquiries
Complaints regarding compliance with these principles contained in this policy should be directed to:
Chief Privacy Officer: Karen Bentham, Executive Director
OASSIS
Telephone: (416) 781-2258
Fax: (647) 689-3061
Email: kbentham@oassisplan.com