The Newfoundland and Labrador Environmental Industry Association (“NEIA”) is a non-profit association with a mandate to promote the growth and development of the environmental industry of Newfoundland and Labrador. NEIA is committed to the benefit of its members and stakeholders. As a part of this commitment, NEIA protects the privacy of pesonal information that it collects, uses and discloses. Our privacy commitment is based on the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information, all of which are enshrined in law in the Personal Information Protection and Electronic Documents Act (“PIPEDA”).
This privacy commitment adopts the definition of personal information from PIPEDA:
“personal information” means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
NEIA is responsible for personal information under its control. As part of this accountability, NEIA has designated an individual who is responsible for NEIA compliance with this policy and applicable legislation. Any inquiry related to our privacy practices may be directed any of our employees, or escalated to our privacy officer, whose contact details are below:
90 O’Leary Avenue, Suite 207
St. John’s, NL A1B 2C7
Fax: (709) 237-8090
NEIA is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. We seldom transfer personal information to third parties for processing, but when we do we obtain assurances from the transferee that the personal information will be protected in the same manner as if the information was being processed by NEIA directly and we also require that the transferee abide by this policy in every respect.
At the time that any personal information is collected, NEIA will inform the individual concerned of the purposes for which the information is being collected, unless such purposes are reasonably obvious to the individual concerned. Individuals will be informed of the purposes in a manner that is clear, concise and comprehensible. Our employees and volunteers are knowledgeable about our privacy practices and are able to provide any further information on the purposes of collection, if such information is required. Depending upon the circumstances of the collection, this information may be provided orally or in writing.
NEIA may, from time to time, provide its list of members to carefully screened organizations. In such a circumstance, only the names and business addresses of members will be provided and any decision of whether to provide such a list will be made by NEIA’s executive committee. In addition, the transferee will be required to only use the list for the clearly identified purpose and then to destroy the list. Any member may decline to have his or her membership information disclosed to any third party by contacting our privacy officer, who is identified in Principle 1, above.
NEIA may publish a directory of members, which may include information such as name, business address, industry segment and the like. Any member may decline to have his or her membership information included in a directory of members by contacting our privacy officer, who is identified in Principle 1, above.
At any time when it is proposed to use any personal information for a purposes that was not originally identified, the new purpose shall be identified prior to use and the consent of the individual will be obtained, unless such new consent is not required under law.
NEIA will obtain the informed consent of an individual concerned for the collection, use, or disclosure of that individual’s personal information, except as may be allowed or required by law. NEIA will try to obtain consent for all anticipated purposes at the time of the collection of the personal information. In some circumstances this may not be possible, so NEIA will obtain the informed consent of the individual before using the personal information. Also, if NEIA proposes to use an individual’s personal information for a purpose for which consent was not initially obtained, new consent will be obtained for that new purpose.
For all purposes, consent means informed consent. At the time that consent is sought, NEIA will make reasonable efforts to advise the individual of all the purposes for which the personal information is being sought. As required under Principle 2, individuals will be informed of the purposes in a manner that is clear, concise and comprehensible.
NEIA shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified purposes. This means that where consent is being sought for information it is not essential to the provision of the service, the provision of that information will be clearly voluntary. It is NEIA policy to obtain affirmative or “opt-in” consent for any secondary or marketing use of personal information. If certain personal information is necessary for the provision of a service, this will be communicated to the individual along with information related to why the personal information is necessary in such circumstances.
There may be circumstances where the consent of an individual may be implied by the circumstances. In such cases, the purposes for the collection and use of personal information must be clearly apparent and NEIA may only use the personal information for that obvious purpose. For example, NEIA routinely uses membership information to communicate with members about developments in the industry, with announcements about events and the like. As communication and news such as this is a primary purpose for joining NEIA, consent to this use of personal information is implied by joining NEIA. Of course, any member may withdraw their consent to this use.
The law provides certain exceptions to the usual requirement to obtain an individual’s consent. For example, an organization may collect and use personal information in circumstances where the collection and/or use of such information is clearly in the interests of the individual and consent cannot be obtained in a timely way. Similarly, personal information may be collected and used without the consent of the individual if the information is reasonably required to investigate a breach of an agreement or a violation of the law and there is reason to believe that obtaining consent may compromise the availability or accuracy of such information. Front-line employees of NEIA will not be given discretion to dispense with consent.
NEIA will not collect any personal information that is not reasonably necessary for the legitimate purposes identified and for which consent has been obtained. In addition, personal information shall be collected by fair and lawful means.
NEIA will only use, disclose or retain personal information for the legitimate purposes identified to the individual concerned and for which consent has been obtained. Personal information shall be retained only as long as necessary for the fulfillment of those purposes, except where a longer retention period is required by law. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. Some personal information may be retained incidentally as a result of routine computer backup operations. When this is the case, the personal information is not available for use by NEIA. Personal Organizations should develop guidelines and implement procedures with respect to the retention of personal information.
Personal information that is no longer required to fulfil the identified purposes shall be destroyed, erased, or made anonymous.
Personal information collected, used and disclosed by NEIA shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. Information that will be used to make a decision about an individual should be as accurate as reasonably possible. If NEIA does not have confidence in the accuracy of particular information, it shall not be used to make any decisions about the individual.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. All personal information shall be maintained on a “need to know” basis. All information shall be secured by physical, technical and policy measures as is prudent given the sensitivity of the personal information concerned. NEIA does not generally collect, use or handle sensitive personal information.
NEIA shall also carefully scrutinize its waste stream to make sure that all media that contains personal information is appropriately disposed of in a manner that does not compromise the security of such personal information.
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. If, in NEIA’s view, the information is accurate, the individual will be able to have the personal information annotated with his or her comments related to the alleged inaccuracy.
All requests must be in writing. An individual requesting access to his or her personal information, or who is inquiring whether NEIA holds any personal information related to him or her, shall be required to provide sufficient identifying information to allow NEIA to search for his or her personal information and to confirm that the information is only disclosed to an appropriate person. Such personal information provided to facilitate a search shall only be used for the purposes of a search and shall be destroyed as soon as practicable after conducting the search. NEIA may charge a reasonable fee for such access requests, but will in any event inform the individual of the fee, if any, soon after the request is made.
If possible and upon request, NEIA will inform an individual of the source of any personal information, the uses to which it has been put and to whom it may have been disclosed.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, NEIA shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question. When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by NEIA. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
Any individual with concerns related to NEIA’s personal information handling practices or the manner in which his or her personal information has been collected, used or disclosed, shall be able to address those concerns to a customer service representative. If the concerns are not immediately resolved to the satisfaction of the individual, it will be immediately referred to the designated privacy officer for that NEIA business. The privacy officer shall investigate the individual’s concerns and shall attempt to resolve any complaint as expeditiously and as fairly as possible. If a complaint is found to be justified, NEIA shall take appropriate measures, including, if necessary, amending its policies and practices. If a complaint is not found to be justified, the individual will be informed of this conclusion and of his or her right to seek redress with the Office of the Privacy Commissioner.
The complaint procedure shall be made known to any individual expressing concerns and shall be personally explained to the individual if circumstances warrant.