AGENCY WEBSITE PRIVACY
POLICY
The respect of the private lives of the public who access the Phoenix Centre’s website www.phoenixctr.com is of the utmost importance to the Phoenix Centre’s webmaster and information technology personnel.
This Privacy Policy aims to lay out:
- the way users personal information is collected and processed
- your rights regarding your personal information
- who is responsible for processing of the collected information
- to whom the information is transmitted
The Privacy Policy complements the Terms and Conditions that you may find at the following address: www.phoenixctr.com
PROCEDURE
- COLLECTION OF PERSONAL INFORMATION
We collect the following personal information:
- Name and email address, IP address
The personal information we collect is collected through the collection methods described in the following section.
- FORMS AND METHODS OF COLLECTION
Personal information is collected through the following methods:
- Website Contact form
We use the collected data for the following purposes:
- contact
- response to questions
- INTERACTIVITY
Personal information is also collected through the interactivity between you and the website.
We use the personal information thus collected for the following purposes:
- statistics
- website management
- to understand how the website is performing by seeing who is visiting our site, which channels are driving the most traffic, and how traffic and other engagement metrics change over time
- COOKIES AND LOG FILES
We collect information through log files and cookies. These allow us to process statistics and information about traffic on the website, to ease navigation, and to improve the users experience for their comfort.
Under the General Data Protection Regulation, the use of cookies and log files that involves personal information saving and analysis requires the users consent.
Consent is considered to be valid for a maximum period of thirteen (13) months. At the end of that period, we will ask again for your consent to save cookies and log files on the hard disk.
-
-
- Cookies used by the Website
-
The cookies used on the Website are the following:
-
-
-
- _ga
- _gat_gtag_UA_157959953_1
- _gid
- _lscache_vary
- tk_ai
- tk_qs
- wfwaf-authcookie-9d0232be91f76bc4d69e49501327cb0d
- woocommerce_cart_hash
- woocommerce_items_in_cart
- wordpress_logged_in_96800868865f4500f5fa9f47d473657a
- wordpress_test_cookie
- wp-settings-1
- wp-settings-time-1
- wp_lang
- wp_woocommerce_session_96800868865f4500f5fa9f47d473657a
-
-
The use of such files allows us to achieve the following purposes:
- improvement of the service
- statistical surveys
-
-
- Objection of the use of cookies and log files by the Website
-
-
-
-
- Users have the right to object to the recording of these cookies and log files by configuring their web browser
- Once they have deactivated cookies and log files, they may continue their use of the website; however any malfunction resulting from this deactivation may not be considered the agency’s making
-
-
- SHARING PERSONAL INFORMATION
The personal information collected by the website is not transmitted to any third party and is processed only by the Phoenix Centre.
- STORAGE PERIOD OF PERSONAL INFORMATION
The controller will keep in its computer system, reasonable security conditions, the entirety of the personal information collected for a period of one year.
- HOSTING OF PERSONAL INFORMATION
The Phoenix Centre website is hosted by Danica Cliche Designs who can be contacted at 613-281-6518 or danicacliche_1@hotmail.com.
- RIGHT OF OBJECTION AND OF WITHDRAWAL
The user has the right to object to the processing of their personal information by the Website. They also have the right to request that their personal information not appear, for example, on a mailing list.
If they wish to exercise the right to object or right to withdraw they must contact the Phoenix Centre by telephone (613)735-2374 or email: mail@phoenixctr.com
- RIGHT OF ACCESS, RECTIFICATION AND/OR REMOVAL
The user has the right to consult, update, modify or request the removal of information about them by contacting the Phoenix Centre by telephone (613)735-2374 or email: mail@phoenixctr.com
- SECURITY
Personal information the Phoenix Centre collects is stored in a secured environment. Personnel are obligated to respect the confidentiality of the user’s personal information
We are committed to maintaining a high degree of confidentiality by integrating the latest technological innovations that allow us to ensure the confidentiality of the user’s transactions.
AGENCY & STAFF PRIVACY POLICY
POLICY
The Phoenix Centre for Children and Families is committed to protecting the privacy of its employees, clients/customers and confidential business information.
Employees are obligated to ensure that personal information to which they may have access remains confidential, is only used for the purposes for which it was collected, is not disclosed without authorization or used for personal gain.
Employees are required to follow all procedures regarding collection, use, and disclosure of personal information as set out in this policy.
Employees who disclose personal information, contrary to this policy will be subject to disciplinary measure, up to and including discharge for cause.
The Manager, Administrative Services is the Agency’s Privacy Officer and is accountable for the implementation of this policy. Any issues or questions regarding this policy should be directed to the Privacy Officer.
PURPOSE
All employees at one time or another may receive personal, privileged and/or confidential information which may concern other employees, company operations or clients/customers. The purpose of this policy is to preserve the privacy of employees, clients and The Phoenix Centre for Children and Families, by outlining employee obligations and procedures for dealing with personal, privileged and/or confidential information.
SCOPE
This policy applies to all employees, contractors, subcontractors of the Phoenix Centre for Children and Families or anyone else who is granted access to personal privileged and/or confidential information.
RESPONSIBILITY
Employees are responsible for:
- keeping their own employee files current regarding name, address, phone number, dependents, etc.
- being familiar with and following policies and procedures regarding personal information;
- obtaining the proper consents and authorizations prior to disclosure of personal, privileged and/or confidential information.
- immediately reporting any breaches of confidentiality to their Supervisor;
- keeping private passwords and access to personal, privileged and/or confidential data;
- explaining this policy to clients and referring them to the Manager, Administrative Services if necessary;
- relinquishing any personal, privileged, confidential or client information in their possession before or immediately upon termination of employment.
Supervisors are responsible for:
- obtaining consent to the collections and use of personal information from employees;
- ensuring policies and procedures regarding collection, use and disclosure of information or personal information are consistently adhered to;
- responding to requests for disclosure after the proper release is obtained;
- cooperating with the Manager, Administrative Services to investigate complaints or breaches of policy;
- obtaining from terminating employees prior to their termination any personal, privileged, confidential or client information in their possession;
- ensuring that disclosure of personal information or personal health information to a Third Party is done with the approval of the Manager, Administrative Services in order to minimize the risk of non-compliance with applicable legislative or regulatory regimes.
Human Resources and/or Payroll personnel are responsible for:
- ensuring that appropriate consents have been obtained from employees with respect to the collection and use of personal information;
- maintaining systems and procedures to ensure employee records are kept private;
- obtaining the proper consents and authorizations prior to disclosure of information contained in employee records;
- responding to employees’ requests for access to their files;
- ensuring proper disposal of unnecessary files/information;
- maintaining separate files to ensure that personal health information is protected;
- ensuring that disclosure of personal information or personal health information to a Third Party is done with the approval of the Privacy Officer in order to minimize risk of non-compliance with applicable legislative or regulatory regimes.
The Privacy Officer (Manager, Administrative Services) is responsible for:
- internal compliance with applicable policies or legislation;
- cooperating with supervisors, human resources and/or payroll personnel in developing internal policies for the collection, use and disclosure of personal information and personal health information of employees and clients;
- monitoring and responding to Third Party requests for personal information or personal health information;
- ensuring appropriate consents are obtained for the collection, use and disclosure of personal information and personal health information;
- where collection, sue or disclosure is permitted without prior consent, notifying individuals of the collection, use and disclosure of personal information and/or personal health information after such occurrence.
ACKNOWLEDGEMENT OF CONFIDENTIALITY
The Agency will make all staff aware of the importance of maintaining the confidentiality of personal and personal health information and other confidential business information. As a condition of employment or affiliation, all new staff must read the Privacy and Confidentiality Policy as part of their orientation process and it is documented on the Staff Orientation Checklist. In addition, personal and/or personal health information obtained in the course of one’s employment or other affiliation with the Agency must remain in the strictest of confidence including when the employment or affiliation with the Agency ceases.
DEFINITIONS
“Personal information” is any information about an identifiable individual and includes race, ethnic origin, colour, sex, sexual orientation, age, marital status, family status, religion, education, medical history, criminal record, employment history, financial status, address, telephone number, and any numerical identification, such as Social Insurance Number. Personal information also includes information that may relate to the work performance of the individual, any allegations, investigations or findings or wrongdoing, misconduct or discipline. Personal information does not include job title, business contact information or job description. Included under personal information are anyone else’s opinions about the individual or the individual’s personal views or opinions, except if they are about someone else.
“Personal health information” is information about an identifiable individual that relates to the physical or mental health of the individual, the provision of health care to the individual, the individual’s entitlement to payment for health care, the individual’s health card number, the identity of the providers of health care to the individual or the identity of substitute decision-makers on behalf of the individual.
“Third parties” are individuals or organizations other than the subject of the records or representatives of the authoriPhoenix Centre for Children and Families. Note that in certain circumstances, the company may be entitled to provide personal information to an external party acting as an agent of the Phoenix Centre for Children and Families.
PROCEDURE
Employee Records
- An employee’s supervisor, higher level managers, human resources and payroll personnel shall have access to employee records containing personal information. An employee’s supervisor, higher level managers, human resources and payroll personnel will have access to an employee’s personal health information if the Privacy Officer determines that such access is permissible and necessary. Personal information and personal health information will not be disclosed outside of the organization without the knowledge and/or approval of the employee. Notwithstanding the foregoing, the Phoenix Centre for Children and Families will cooperate with law enforcement agencies and will comply with any court order or law requiring disclosure of personal information without the employee’s consent.
- Employees may request access to review their own file by making arrangements with the Manager, Administrative Services. Employees shall provide at least twenty-four (24) hours notice. Employees may obtain a copy of any document in their file which they have signed previously. No material contained in an employee file may be removed from the file. A Manager will be present during viewing of the file.
- An employee may provide a written notice of correction related to any data contained in the employee’s file. The notice of correction shall be provided to the Manager, Administrative Services.
- Employee requests for disclosure of their own personal information to Third Parties must be accompanied by a completed, signed and dated Authorization to Release Information form. Attachment A to this policy is used for this purpose. This form should also be used in dealings with insurance companies with respect to employee benefits and to provide confirmation of earnings to financial institutions for lending purposes.
- Unless retention of personal information is specified by law for certain time periods, personal information that is no longer required to fulfil the identified purpose shall be destroyed, erased or made anonymous within twelve (12) months after its use.
Client Information
- Personal, privileged and/or confidential information about customers and clients may only be collected, used, disclosed and retained for the purposes identified by The Phoenix Centre for Children and Families as necessary.
- Employees must ensure that no personal, privileged and/or confidential client information is disclosed without the client’s consent and then only if security procedures are satisfied. Client information is only to be accessed by employees with appropriate authorization.
- Unless retention of personal information is specified by law for certain time periods, personal information that is no longer required to fulfil the identified purpose shall be destroyed, erased or made anonymous within twelve (12) months after its use.
Notwithstanding Employee Records (e) and Client Information (d), personal information that is the subject of a request by an individual or a Privacy Commission shall be retained as long as necessary to allow individuals to exhaust any recourse they may have under the Personal Information Protection and Electronic Documents Act (PIPEDA).
Concerns or complaints related to privacy issues must be made, in writing, to the Manager, Administrative Services setting out the details of the concern or complaint. The Manager, Administrative Services shall investigate the matter forthwith and make a determination related to the resolution of the concern(s) or complaint(s).
No employee shall be disadvantaged or denied any benefit of employment by reason that the Phoenix Centre for Children and Families believes that an employee will do anything referred to paragraphs (a), (b), or (c) below or by reason that an employee, acting in good faith and on the basis of reasonable belief,
- has disclosed to the Privacy Commissioner of Canada that the Phoenix Centre for Children and Families or any other person has contravened or intends to contravene a provision of PIPEDA related to the protection of personal information.
- has refused or stated the intention of refusing to do anything that it is in contravention of a provision of PIPEDA related to the protection of personal information.
- has done or stated an intention of doing anything that is required to be done in order that a provision of PIPEDA related to the protection of personal information not be contravened.
An employee who is found to be in breach of this policy will be subject to discipline up to and including discharge for cause.
COMPLIANCE, MONITORING, AUDITING & CONSEQUENCES
Access, use, disclosure and sharing of Personal and/or Personal Health Information will be monitored and all suspected breaches of this Policy will be investigated by the Privacy Officer. Actions to be taken will be determined by the Management Team in consultation with the Privacy Officer, Legal Counsel, and/or other Agency stakeholders according to the nature of the breach and parties involved.
Agency operational areas and programs conduct appropriate reviews and audits of their systems and processes to ensure compliance with Agency policies and standards.
BREACH OF POLICY
Staff will report any real or suspected breaches of this Policy in connection with any Agency program or activity immediately upon becoming aware. All reports must be made to the Privacy Officer. Staff may report real or suspected breaches without any fear of reprisal.
All incidents involving theft or loss of Personal and/or Personal Health Information will be promptly addressed for containment, investigation, reporting, and remedial actions.
If an Agency staff identifies, or has reason to believe, that Personal and/or Personal Health Information has been lost or stolen or has been accessed by unauthorized person(s), that staff member will notify the Privacy Officer immediately either verbally or by e-mail. The notification will be followed by a written submission that includes all pertinent details leading to this assertion. The Privacy Officer will conduct an investigation and, in consultation with the Executive Director/Delegate, will notify the affected client(s) or staff member(s), appropriate Ministry, and, as required, the police.
COMPLAINTS
Clients or other members of the public who complain about a breach of their personal privacy or who express concern about the collection or use of their Personal and/or Personal Health Information should be directed to the Privacy Officer. Such complaints from members of the public will be accepted either with the member of the public being identified or in an anonymous format. Complaints regarding another Social Service Provider should be referred to that agency. At any time, a client or staff member has the option to access the office of the Information and Privacy Commissioner at:
2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8
1-800-387-0073
Fax: (416) 325-9195
Email the Information and Privacy Commissioner