PMAC will strive to ensure that the personal information it manages in the conduct of its business is protected.
To protect personal information, and assure individuals of this protection, this policy establishes procedures enabling PMAC to comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Scope (to whom does this apply)
This policy addresses the protection of personal information of current and former members (including volunteers), program participants, customers and other individuals whose personal information is collected.
Policy Details, Interpretation & Administration
PMAC collects and uses Personal Information (such as name, address, telephone number, academic transcripts and membership status) for the following purposes:
- recording and determining the various services to be provided to members generally;
- evaluating and re-evaluating the goods, services, needs and preferences of existing and potential members and industry;
- assessing and meeting the preferences and needs of members and industry;
- improving the quality of goods and services we offer to existing and potential members;
- administration, billing, accounting and collection in relation to the goods and services provided to members;
- protecting against fraud and error;
- communicating with members generally or to ensure member satisfaction;
- communicating the Personal Information to a sub-contractor (or other agents, intermediaries or third parties) in the course of a contract or mandate for the performance of any of the purposes listed above.
In addition to the above, PMAC also collects and uses a member’s Personal Information for the following purposes:
- recording and maintaining membership records, awards, discipline records, performance evaluations, performance improvement plans, or maintaining any other information necessary for establishing or managing the member’s relationship with PMAC;
- such other specific purposes which are communicated to members by PMAC and its staff before collection
Except when otherwise permitted by law, we will only use a member’s Personal Information for the purposes identified to that member. When Personal Information is to be used for a purpose not identified, we will take all reasonable steps to ensure that the member is made aware of the new purpose.
This policy establishes procedures that reflect the principles in PIPEDA. In summary, the principles are:
- PMAC’s President and Chief Operating Officer is responsible for compliance with PIPEDA.
- Identifying Purposes
- Inform individuals about the purpose of collecting personal information
- Obtain individuals’ consent to collect, use and disclose personal information
- Limiting Collection
- Collect only the required personal information, in accordance with consent obtained
- Limiting Use, Disclosure and Retention
- Use and disclose personal information in accordance with consent obtained, and retain it for the appropriate period of time
- Update personal information as required
- Protect the personal information from loss or unauthorized access
- Maintain open communication about this policy and procedures
- Individual Access
- Make personal information reasonably accessible to individuals
- Challenging Compliance
- Facilitate inquiries and complaints of individuals
- age, name, ID numbers, income, ethnic origin, or blood type
- opinions, evaluations, comments, social status, or disciplinary actions
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs)” (Privacy Commissioner of Canada)
PIPEDA refers to the Personal Information Protection and Electronic Documents Act.
Designated contact refers to the Director of Corporate Services.
Personal information is “…any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
“Personal information does not include the name, title, business address or telephone number of an employee of an organization” (Privacy Commissioner of Canada)
Personal Information – Management:
General: When staff requires further information about this procedure, they should speak to the designated contact.
Purposes and Consent: When personal information is to be collected, staff must, at or before the time of collection, identify to the individuals the reasons for collection, use, and disclosure of the personal information, and obtain their consent. This may be done by whatever means is suitable in the circumstances, and can be accomplished by a paper form, website, email, telephone, or other means. In all cases, a record should be kept of the consent received.
Retention Period: If, at the end of the indicated retention period, the personal information is the subject of an inquiry or complaint, or it has been recently used to make a decision about an individual, then the retention period should be extended by a reasonable amount of time.
Disclosure: Prior to disclosing personal information, staff will refer to the intended use of the information indicated in this procedure. Staff must ensure that any disclosure is in keeping with the intended use.
Third Parties: When personal information is to be received from, or provided to, a third party, staff will confirm by contract, letter, or other means, that the principles of the PIPEDA have been/will be followed.
New Purpose: When any PMAC process or initiative would require using or disclosing personal information for a new purpose not identified at the time of collection, staff will seek consent from the individuals involved. This may be done by whatever means is suitable in the circumstances, and can be accomplished by telephone, email, mail, or other means. In all cases, a record should be kept of the consent received. (Note: consent is not required if the new purpose is required by law)
Updates: Refer to the section “Personal Information – Inquiries and Complaints”.
Personal Information – Inquiries and Complaints:
When staff receives an inquiry1 or complaint about personal information, or PMAC’s compliance with PIPEDA, they shall direct the individual to the Personal Information Request Form2. The form is available for printing from PMAC’s website, or staff can mail it to the individual. They shall also inform the individual that they should return the completed form (by mail, other delivery, or fax) to PMAC, to the attention of the designated contact. There is no charge for an individual to access their personal information.
When the completed form arrives, the designated contact will, depending on the nature of the inquiry or complaint, investigate and respond, or delegate this task. In any case, the investigation and response should be completed in a reasonable period of time, and no more than the 30-day time limit specified in PIPEDA.
When the inquiry or complaint involves an amendment to personal information, the staff member responding will verify as required, prior to making the change. If PMAC does not agree to the requested amendment, then staff will attach a statement of disagreement to the record. When the amendment has been made, or the statement of disagreement attached, staff will then notify third parties, if applicable.
PMAC’s President and Chief Operating Officer is responsible for compliance with PIPEDA.
The designated contact for privacy matters is the Director of Corporate Services, who may be contacted at:
Purchasing Management Association of Canada
777 Bay Street, Suite 2701
Telephone: 1-888-799-0877 ext. 3133
2 Requests for individual access to personal information must be in writing.