COMMITMENT TO PRIVACY
Respecting the privacy and confidentiality of personal information has always been an important part of our commitment to our members, users, program participants, donors, sponsors, volunteers and other stakeholders.
At Manitoba Cardiac Institute (Reh-Fit) Inc. (the “Reh-Fit Centre”) (which terms includes all of our officers, directors, agents, representatives, trustees, contractors, employees, licensors, licensees, partners, and our charity, the Manitoba Cardiac Institute (Reh-Fit) Foundation Inc.), we want to make sure that we comply with the legal obligations imposed by the applicable legislation regarding the collection, use and disclosure of personal information in commercial activities.
SCOPE AND APPLICATION
- ”Personal information” means any information that can be used to identify, distinguish or contact a specific individual. It can include facts about, or related to, an individual, as well as an individual’s opinions or beliefs. However, it does not include:
- an individual’s name, address and telephone number that appears in a telephone directory that is available to the public, where the individual can refuse to have their personal information appear in such a directory;
- other information about an individual that is publicly available or that is specified by regulation pursuant to PIPEDA; or
- Non-personal information (as defined in Section 3.2 below)
- “Personal health information” means information about:
- an individual’s health or health care history, including genetic information about the individual;
- the provision of health care to an individual; or
- payment for health care provided to an individual;
- the PHIN (personal health identification number) and any other identification number, symbol or particular assigned to an individual; and
- any identifying information about an individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care
but does not include “non-personal health information” as defined in Section 9.6 of the PHIA Supplement to this policy.
Principle 1 – Accountability
We are responsible for personal and/or personal health information in our possession or under our control.
(b) developing information materials to explain our policies and procedures;
(c) training our employees, contractors and volunteers about our policies and procedures; and
(d) establishing procedures to receive and respond to inquiries or complaints.
Principle 2 – Identifying Purposes for Collection of Personal Information
We collect personal information and personal health information about you when you join the Reh-Fit Centre or subscribe to any of our services. The information is used in the delivery of the Reh-Fit Centre’s services to you.
- information that you provide when you become or make inquiries to become a user or member or program participant of the Reh-Fit Centre, such as:
- your name and contact information (address, phone numbers, and email address);
- your birth date;
- your membership type and payment method, including credit card or pre-authorized debit account information;
- information that you provide when you use our websites and/or register an online, web-based or mobile account;
- information you provide when you participate in our research studies;
- information you provide when you apply to become an employee, contractor, or volunteer of the Reh-Fit Centre;
- information that you provide to us or our charity, the Manitoba Cardiac Institute (Reh-Fit) Foundation Inc. (the “Reh-Fit Foundation”), in order to give donations to the Reh-Fit Foundation, including credit card information;
- information that you provide in your communications with Reh-Fit Centre employees, contractors, or volunteers.
2.2 We collect personal information for but not limited to only for the following purposes:
(a) to identify our members, users, program participants, donors, sponsors, volunteers and other stakeholders;
(b) to establish and maintain responsible relationships with our members, users, program participants, donors, sponsors, volunteers and other stakeholders;
(c) to understand, develop and/or enhance the needs, desires, concerns or opinions of our members, users, program participants, donors, sponsors, volunteers and other stakeholders;
(d) to provide services and carry out program and other organizational activities,including but not limited to:
- determining your eligibility for our programs and services;
- providing you with access to our facility, equipment, programs and services;
- measuring and assessing your health and fitness needs and capabilities;
- developing your customized work outs, training programs, or other programs and services;
- monitoring your health and fitness progress and goals;
- recommending our programs, products, and services to you;
- placing you in fitness groups suitable to your fitness goals and capabilities;
- enabling you to use any software, online, web-based, or mobile technologies that we use in providing services to you;
- communicating with you, including sending you electronic communications;
- establishing and maintaining your online, web-based, or mobile accounts;
(e) to manage and develop our business and operations;
(f) to process and collect membership payments and/or fees for services;
(g) to process and collect donations for the Reh-Fit Centre or the Reh-Fit Foundation, including issuing tax receipts;
(h) to inform you of and invite you to participate in our organizational activities, research studies, surveys, rewards programs, contests, and philanthropic opportunities for the Reh-Fit Centre or the Reh-Fit Foundation;
(i) to provide you with information that you have requested from us; and
(j) to meet legal and regulatory requirements.
2.3 When personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new purpose is permitted or required by law, consent will be required before the personal information will be used or disclosed for the new purpose.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of an individual are required for the collection, use or disclosure of personal information, except where inappropriate.
3.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example:
(a) if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated;
(b) if seeking the consent of the individual might defeat the purpose for collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law, or that of a foreign jurisdiction;
(c) if there is an emergency where the life, health or security of an individual is threatened; or
(d) if disclosure is to a lawyer representing us, to comply with a subpoena, warrant or other court order, or is otherwise required or authorized by law.
3.2 Non-Personal Information
“Non-personal information” means information that does not identify you and which we are unable to connect to other information in order to identify you. We may collect, use and disclose non-personal information, including aggregated data resulting from the combination and/or aggregation or certain raw data collected from you with other data in a way that no longer personally identifies you. We make no attempt to link this non-personal information with the identity of individuals. We may permanently archive non-personal information for future use in any manner whatsoever.
Principle 4 – Limiting Collection of Personal Information
We will limit the collection of personal information to that which is necessary for the purposes that we have identified. We will collect personal information by fair and lawful means.
4.1 Generally, we will collect personal information from the individual to whom it relates.
4.2 We may also collect personal information from other sources including employers or personal references, or other third parties who represent that they have the right to disclose the information.
4.3 Generally, we will endeavor to obtain only the minimum amount of personal information necessary for the purpose for which it is being collected.
Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
5.1 We may disclose an individual’s personal information to:
(a) a third party that is involved in supplying that individual with our services or in otherwise carrying out our program and other organizational activities, including a third party which provides or assists us in providing online or web-based or mobile programs and services;
(b) a third party that we have engaged to perform functions on our behalf, such as data management, data storage, email processing, direct mail processing and payment processing;
(c) a person who, in our reasonable judgment, is seeking the information as an agent of that individual. For example, we may provide information about an individual’s donations or sponsorships to that individual’s legal, accounting or financial advisors if we are satisfied that an advisor is requesting the information on behalf of that individual and the individual has consented to the release of information to his or her agent;
(d) a public authority or agent of a public authority if, in our reasonable judgment, it appears that there is imminent danger to life or property which could be avoided or minimized by the disclosure of the information;
(e) a third party that is affiliated with or otherwise related to or part of our organizational group;
(f) a third party with whom we are negotiating for the purpose of them taking over some or all of our service offerings and/or programs or other organizational activities; and
(g) a third party where such disclosure is required or permitted by law.
5.2 Only our employees, contractors, third party service providers, directors and volunteers with a business need to know, or whose duties or services reasonably so require, are granted access to personal information about our members, users, program participants, donors, sponsors, volunteers and other stakeholders.
5.3 Any disclosure made to a third party will be on a confidential basis. We will use our best efforts to obtain contractual and other means to ensure that a comparable level of protection is used by any third parties that may handle personal information and that such personal information is only used for the purpose(s) for which it was disclosed. No personal information will be disclosed to any third party for the purpose of enabling them to market their products or services without first seeking the express consent of the individual.
5.4 All donors and sponsors of the Reh-Fit Centre or the Reh-Fit Foundation will be recognized for their donations, sponsorships or other gifts in accordance with our Donor/Sponsor Recognition Policy unless a particular donor/sponsor wishes to remain anonymous.
Principle 6 – Accuracy of Personal Information
Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 We will update personal information about an individual as necessary to fulfill the identified purposes or upon notification by that individual. Where appropriate, we will transmit amended information to third parties having access to the personal information in question.
Principle 7 – Security Safeguards
We will use our best efforts to protect personal information through the use of security safeguards appropriate for the circumstances.
7.1 We will use appropriate security measures, such as locked filing cabinets, need-to-know access and technological measures (including the use of passwords, encryption, and firewalls) to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, regardless of the format in which it is held. While the Reh-Fit Centre cannot guarantee that risks such as loss, theft, unauthorized access or disclosure of personal information will not occur, the Reh-Fit Centre will make every effort to prevent such unfortunate occurrences.
7.2 We will protect personal information disclosed to third parties by contractual or other means stipulating the purposes for which it is to be used and the necessity to provide a comparable level of protection.
7.3 While the Reh-Fit Centre will make every effort to use technological measures to protect your personal information, the Reh-Fit Centre cannot guarantee that information sent or received over the Internet is secure and does not make any representation or warranty concerning the security of personal information communicated to or from the Websites (as defined in section 12 below) or regarding the interception by third parties.
7.4 Personal information collected by the Reh-Fit Centre may be stored on servers located in Canada and internationally, including the United States and subject to the US PATRIOT ACT, and the location of the servers we use may change from time-to-time.
Principle 8 – Openness Concerning Policies and Procedures
We will make readily available to our members, users, donors, sponsors, volunteers and other stakeholders specific information about our policies and procedures relating to our management of personal information.
Principle 9 – Access to Personal Information
We will inform an individual of the existence, use and disclosure of his or her personal information upon request, and will give the individual access to that information. An individual will be able to challenge the accuracy and completeness of the information and request to have it amended as appropriate.
9.1 Upon request, we will provide a member, user, donor, sponsor, volunteer, employee or other stakeholder with a reasonable opportunity to review the personal information in the individual’s file. Personal information will be provided in an understandable form within a reasonable time and at nominal or no cost to the individual. If there will be a cost, the individual will be informed prior to the request being processed.
9.2 In certain situations we may not be able to provide access to all of the personal information we hold about an individual. In such a case, we will provide the reasons for denying access upon request. For example:
(a) if doing so would likely reveal personal information about another individual that cannot be severed or the information could reasonably be expected to threaten the life or security of another individual;
(b) if doing so would reveal any of our confidential information;
(c) if the information is protected by solicitor-client privilege;
(d) if the information was generated in the course of a formal dispute resolution process; or
(e) if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law, or that of a foreign jurisdiction.
9.3 Individuals can obtain information or seek access to their personal information by contacting our Privacy Officer during our office hours.
Principle 10 – Challenging Compliance
An individual will be able to address a challenge concerning compliance with the above principles to our Privacy Officer.
10.1 We will maintain procedures for addressing and responding to all inquiries or complaints from any member, user, program participants, donor, sponsor, volunteer or other stakeholder about our handling of personal information.
10.2 We will inform our members, users, program participants, donors, sponsors, volunteers and other stakeholders about the existence of these procedures as well as the availability of complaint procedures.
10.3 Our Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints.
(a) Record the date the complaint was received and the nature of the complaint.
(b) Send a formal acknowledgement to the individual that the complaint is being investigated.
(c) Assign an appropriate person to investigate the complaint.
(d) Once the investigation is concluded, a summary of outcomes and recommendations will be documented.
10.5 If a complaint is found to be justified, we will take appropriate measures to resolve the complaint including, if necessary, amending our policies and procedures. An individual will be informed of the outcome of the investigation regarding his or her complaint.
11.1 An individual may refuse to provide personal information to us. An individual may also withdraw his or her consent for us to collect, use or disclose his or her personal information at any time, subject to legal or contractual restrictions and reasonable notice. In either case, this may diminish our ability to provide services to the individual, to involve him or her in our programs or organizational activities, or to communicate with the individual.
11.2 An individual may choose to have his or her name removed from our telephone, mail or e-mail lists. We use these lists to inform individuals of relevant activities or initiatives that we are contemplating or undertaking that we think may be of interest of them. To unsubscribe from one or more of our communications, please contact us at 204-488-8023 or send us an email at email@example.com. Unsubscribing may diminish our ability to provide our services to you. Please note that, after you unsubscribe, we may still send communications to you in certain limited circumstances, such as to provide you with notifications regarding your membership and billing information, or to provide information that we are legally obligated to provide to you.
12.1 The Reh-Fit Centre operates the website www.reh-fit.com and other websites and microsites, including all related tools, applications (whether online, web-based or on a mobile device), forums, social media pages, blogs, and other similar technology whether owned by us or which we have a license to use or operate (collective, the “website” or “websites”).
- During your use of the websites, you may be asked to voluntarily provide information if the information is reasonably required to provide the services accessed, used, or requested by you:
- information that you provide when you complete online forms in order to access certain features of the websites;
- your log-in and password details in connection with any account that you set up on the websites, including your username;
- information contained in comments, videos, photographs, and any other content or information that you may post or submit to the websites;
- information that you provide to us to process membership payments, fees for services, or to give donations, including credit card information;
- your correspondence to Reh-Fit Centre employees and contractors, including your questions, concerns or comments you may have about the websites or problems that you report;
- details of your transactions and requests made through the websites; and
- information that you input or upload into the websites, including but not limited to information concerning your facility attendance, workouts, exercises, activity levels, and fitness classes attended.
- If you are a registered user of an account, to establish and maintain your account, to provide ongoing services to you, and to verify the identity of registered users; and
- To analyze the websites, to improve the websites, and to improve you experience with the websites;
- If you voluntarily submit, transmit, upload, provide, post or otherwise make available any information, photographs or other content (the “user content”) to the website for the purpose of making it publically available, certain of your personal information may be automatically included in the providing, posting, transmission, upload or submission, including without limitation, your name and email address, and this user content may be collected and used by others. The Reh-Fit Centre has no control over and is not liable for the collection, use or disclosure of any posted, submitted, transmitted, or uploaded user content which you have chosen to make publically available. You are responsible for ensuring the protection of any of your personal information that you submit, post, transmit, upload, provide or otherwise make publically available on any of the websites. We recommend that you do not include your home address, job title, telephone number or other more sensitive personal information in any publically viewable user content, unless you are entirely satisfied that such information should be made public. The term “user content” does not include non-personal information as defined in Section 3.2 above.
- Non-identifying information:
- The websites may automatically collect certain non-identifying information regarding uses of the websites, such as the IP address of your computer, the IP address of your internet service provider, the date and time you access the websites, the internet address of the website from which you linked directly to the websites, the operating system you are using, the sections of the websites you visit, the pages of the websites read and images viewed, and the materials you post, submit, transmit, upload or provide to or download from the websites. This non-identifying information is used for the operation of our web services, to maintain quality of the services, and to provide general statistics regarding use of our web services. We make no attempt to link this information with the identity of individuals visiting our websites. Your non-identifying information may be permanently archived for future use.
- We engage technology providers to supply certain online, web-based and/or mobile applications (collectively, the “Technology”), that we may use from time to time to deliver our programs and services to you and to store and manage the data and information (including personal information and personal health information) that we collect from you.
- In order to provide our programs and services as one seamless experience, we may automatically integrate your personal information and personal health information that we collect with the technology. We may offer you the use of certain types of Technologies which have the ability for you to create a user account and to interact with the Technology. You may choose whether or not to create and/or use a user account; however, a failure to do so may limit the programs and services that we are able to provide to you. By actively using or interacting with the technology, you consent to the Reh-Fit Centre having access to and use of the personal health information which is submitted by you when you interact with the technology.
- Such information will be collected in a variety of ways depending on how you set up your account and use the Technology.
As Relates to the Personal Health Information Act of Manitoba (PHIA)
“Individual” means a member, program participant, or facility user.
“Personal health information” means information about:
- the individual’s health, or health care history, including genetic information about the individual;
- the provision of health care to the individual; or
- payment for health care provided to the individual;
- the PHIN (personal health identification number) and any other identification number, symbol or particular assigned to an individual; and
- any identifying information about the individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care;
but does not include “non-personal health information” as defined in section 9 below.
Collection, Use and Disclosure of Personal Health Information
- Collection. During your use of our facilities, programs, products, services and our Websites, or during your participation in our research programs, you may be asked to voluntarily provide the following personal information if the information is reasonably required, including but not limited to the following: (a) your Personal Health Identification Number (PHIN); (b) the name and phone numbers of your family physician and/orspecialist; (c) your health & fitness goals and interests in other services offered by the Reh-Fit Centre (for example, physiotherapy, foot care, massage therapy, nutrition counselling, personal training); (d) health screening and assessment information, including but not limited to: (i) whether you suffer from certain diseases or other medical conditions or concerns; (ii) your medications; (iii) your activity level, lifestyle information, family history; (iv) your height and weight, heart rate, blood pressure, blood analysis, muscular strength and endurance, flexibility, cardiac risk assessment, functional movement, waist circumference and body mass index; and (e) any changes to your personal health information.
- Source of Information. We will only collect personal health information about an individual directly from the individual unless: (a) the individual has authorized another method of collection; (b) this would endanger the health or safety of the individual or another person; (c) collection is in the interest of the individual and time or circumstances do not permit collection directly from the individual; (d) this could reasonably result in inaccurate information being collected; (e) the collection is for the purpose of compiling family or genetic history of the individual; (f) the collection is for the purpose of determining the individual’s eligibility to participate in one of our programs or services or to receive a benefit from us and is collected in the course of processing an individual’s application; or (g) as otherwise permitted or required by PHIA.
- Consent. We will not collect, use or disclose personal health information without the express or implied consent of the individual, except as may be authorized by law. We will seek express consent if the personal health information will be disclosed to another person or entity, except as may be authorized by law. An individual may withdraw his or her consent at any time by notifying our Privacy Officer; however if consent is withdrawn, this may affect our ability to provide services to the individual.
- Use of Personal Health Information. Information will only be used for the purpose it was collected, except: (a) if another purpose is directly related to the purpose for which the personal health information was collected or received; (b) if the individual has consented to a different use; (c) it is necessary to use the information to lessen or reduce a serious or immediate threat to the health and safety of the individual or the public; (d) if the information is demographic information (including PHIN), to confirm the individual’s eligibility for health care or payment of health care or to collect a debt from the individual; (e) to deliver, monitor, evaluate, research or plan our health care services; or (f) where otherwise required or allowed under PHIA.
- Disclosure of Personal Health Information. Personal health information will not be disclosed to another person or third party except in the following circumstances: (a) to a person or third party who is or will be providing services to the individual and only to the extent necessary, including a third party which provides or assists us in providing online, web-based or mobile programs and services, unless the individual has specifically instructed us not to disclose this information; (b) to a third party that we have engaged to perform functions on our behalf, such as data management, data storage, email processing, direct mail processing and payment processing; (c) if necessary to eliminate or lessen a serious and immediate threat to the health and safety of the individual or to the public; (d) we need to contact a relative or friend of an individual who becomes ill or injured or who dies; (e) to a person or third party who is conducting health research if the health research has been approved by an institutional research review committee and where approval is obtained and disclosure is made in accordance with PHIA; (f) as otherwise required or allowed under PHIA.
- Correction of Health Information. An individual may request, in writing, that we correct any personal health information about the individual that we have collected. Within 30 days, we will (a) make the correction; (b) advise the individual if the information cannot be found or is not in our possession; or (c) advise the individual that we refuse to make the correction. If we refuse to make the correction, you may file a written statement of disagreement stating the correction requested and the reason for the request. Where we make a correction, or where we refuse to make a correction and the individual has filed a statement of disagreement, we will advise any person or third party to whom the original information was disclosed of the correction or statement of disagreement.
- Complaints. An individual who has a complaint about the collection, use, disclosure and protection of his or her personal health information is encouraged to firstly contact our Privacy Officer. A individual may also make a complaint to the Manitoba Ombudsman.
- Non-Personal Health Information. “Non-personal health information” means information that does not identify you and which we are unable to connect to other information in order to identify you. We may collect, use and disclose non-personal health information, including aggregated data resulting from the combination and/or aggregation of certain raw data collected from you with other data in a way that no longer personally identifies you. We make no attempt to link this non-personal health information with the identity of individuals. We may permanently archive non-personal health information for future use in any manner whatsoever.
For more information regarding our Privacy Project, please contact our Privacy Officer by:
- telephone: 204-488-8023
- mail: 1390 Taylor Avenue, Winnipeg, MB R3M 0V3
- e-mail: firstname.lastname@example.org
For a copy of PIPEDA or to contact the Privacy Commissioner of Canada, please visit the Office of the Privacy Commissioner of Canada’s web site at: www.privcom.gc.ca