INTRODUCTION
OMCA has implemented policies and practices in order to fully comply with the principles as set out in Part I of the Personal Information Protection & Electronic Documents Act (PIPEDA) effective January 1, 2004 including:
- Implementing procedures to protect personal information
- Establishing procedures to receive and respond to inquiries and complaints
- Training staff and communication to staff about the Association’s policies and practices, and
- Developing information to explain the Association’s policies and procedures
It should be noted that under the Act, “personal information” does not include the name, title, business address or business telephone number of an employee, including employees and contractors of OMCA.
The Provisions of the Act require compliance in 10 areas. We have listed those areas below, as well as information on how OMCA complies with each requirement.
PRINCIPLE #1 – ACCOUNTABILITY
OMCA is responsible for personal information under its control and has designated the President as the person who is accountable for the Association’s compliance with the following principles:
- Accountability for OMCA’s compliance with the PIPEDA is that of the President, even though other persons within the Association may be responsible for day to day collection and processing of personal information. In addition, other persons within OMCA may be delegated to act on behalf of the President.
- OMCA is responsible for personal information that is in its possession or custody, including information that has been transferred to a third party for processing. OMCA uses contractual and other means to provide a comparable level of protection in situations where information is processed by a third party.
- OMCA will protect all personal information held by the Association.
- OMCA does not transfer personal information to third parties, without consent of the individual, nor will OMCA make personal information contained in membership lists available to third parties, either voluntarily or for sale.
- In the case of sponsored events, such as specific seminars and conferences, OMCA will provide to speaker(s) and sponsors access to the list of members attending, for the purpose of providing additional educational material, after the event has concluded. The list will contain business information only and will not disclose personal information about a member.
- In order to help bring business to our members, OMCA will divulge names or contact information of members, but not personal information without consent.
- All OMCA members in good standing who are listed in the OMCA Resource Guide have given their permission to post their name and business contact information on the OMCA’s website, and therefore, on the World Wide Web. OMCA members are reminded on a regular basis to inform OMCA if information in the Resource Guide needs to be updated, corrected or removed.
- OMCA makes every reasonable attempt to correct member information and keep both public records (those on the Directory) and private records (those in our database and in our paper back-up files) up to date.
- OMCA will occasionally destroy obsolete files. In these cases, a shredder will be used to ensure that personal information is destroyed and not simply discarded.
PRINCIPLE # 2 – IDENTIFYING PURPOSE
The purposes for which personal information is collected shall be identified by OMCA at or before the time the information is collected. Information is collected in order for OMCA to maintain the accuracy of membership records; to better communicate with our members; to establish member eligibility for membership services and benefits, and to mail information to consumers who have specifically requested information from OMCA about a member’s services.
Information that we collect:
- Business (company) name
- Contact Name & Business Title/Position
- Membership number
- Mailing address
- Membership Category
- Last fee paid
- Paid fee date
- Method of payment (cash, cheque, credit card)
- Home contact information (if applicable)
- Business contact information
- Email address
- Fax number
- OMCA events/conferences etc. attended
- Phone number
We collect this information to maintain correspondence with OMCA members in order to provide timely and efficient member services and to conduct general business practices and the administration of the Association. Information is collected verbally (buy telephone, or in person), electronically by e-mail, or written correspondence using forms, letters and faxes.
- OMCA documents the purposes for which personal information is collected. These purposes are limited to the following:
– To develop and market travel services tailored to the interests of our members.
– To resolve member customer concerns and complaints.
– To recruit, train and retain a highly motivated workforce, including the administration of compensation and pension plans.
– As required by law. - OMCA will specify the identified purpose in writing (at or before the time of collection) to the individual from whom the personal information is collected.
- Personal information that has been collected by OMCA will not be used for a purpose not previously identified without further individual consent, unless the new purpose is required by law.
- OMCA employees (or contractors conducting work for and on behalf of OMCA) collecting personal information will be pleased to explain the purposes for which the information is being collected.
PRINCIPLE #3 – OBTAINING CONSENT
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- OMCA will seek consent for the collection of personal information wherever possible at the time information is collected
- OMCA will make a reasonable effort to ensure individuals are advised of the purposes for which information will be used and will state purposes in such a manner that individuals can reasonably understand how the information will be used or disclosed.
- OMCA will not require an individual to consent to the collection, use or disclosure of information beyond that which is required to meet legitimate purposes.
- Where any personal information that might be considered sensitive is collected, only express consent will be used.
– OMCA considers consent to be an expression of permission to collect and use information for the purpose of providing membership services and benefits, or for the provision of consumer information.
A Note Regarding E-mail Addresses
E-mail addresses of a general format that do not identify an individual (for example info@ etc.) are not considered “personal information”. E-mail addresses that are of an individual nature (contain information about an identifiable individual for example John.smith @ etc) are deemed “personal information” (except in Alberta and British Columbia). New OMCA members at time of application provide express consent for OMCA to use their e-mail address as a means of communication with OMCA and for customers or potential customers to communicate with OMCA members. Members of OMCA prior to Dec 31, 2003 are advised that OMCA will continue to use e-mail addresses on file for these purposes, (on the basis of “implied consent) unless OMCA is otherwise advised.
PRINCIPLE #4 – LIMITING COLLECTION
The collection of personal information shall be limited to that which is necessary for the purposes identified by OMCA. OMCA will specify the type of information collected in a regularly updated Guide to Information Handling (see below).
- OMCA will collect personal information only by fair and lawful means.
OMCA’s Guide to Information Handling
OMCA will collect only the following personal information about OMCA members:
- Name, address and telephone number
- The interest expressed about by the member various services and benefits offered by the Association
- information for the purpose of maintaining membership files, for the purpose of recording attendance at events (seminars, workshops, conferences), for the purpose of maintaining records with regard to the purchase of educational materials and seminars
- The interest expressed by a member in receiving further information
- Any other information provided by a member to assist in planning or providing services to the member
- Information obtained from the member to provide for their comfort and safety (e.g. emergency contacts, age, medical, dietary or similar information at OMCA events, conferences, etc.)
- Information provided by the member required to address a customer concern or complaint
- Information required for billing purposes or payment collection
- Any information required by law
OMCA will collect only the following personal information about OMCA employees:
- Name, home address and telephone number, emergency contacts, next of kin, dependents
- Age, sex, education, training, experience, driver licensing, trades accreditation licensing, employment history, references
- Years of employment, salary & benefits, performance evaluations
- Information required for the administration of group insurance (benefits) plans and Workplace Safety & Insurance (workers compensation)
- Any information required by law
PRINCIPLE #5 – LIMITING USE, DISCLOSURE & RETENTION
Personal information shall not be used or disclosed for purposes other than for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- OMCA will document any new purpose for using personal information and obtain further consent before use
- OMCA will set minimum and maximum retention periods for the retention of personal information. Personal information that has been used to make a decision about an individual will be retained long enough to allow the individual access to the information after the decision has been made.
When personal information is no longer required to fulfil the identified purpose, it will be destroyed under guidelines prescribed by the Association.
Retention Schedule:
OMCA retains registration records for a period of three years; obsolete membership records are shredded every five years. Financial records are maintained for a period of 6 years.
PRINCIPLE #6 – ACCURACY
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- OMCA will ensure that information is sufficiently accurate, complete and up-to-date to meet required purposes and to minimize any likelihood that inappropriate information may be used to make a decision about an individual.
- OMCA endeavors to keep membership records as up-to-date as possible, through regular communication with members via the OMCA’s newsletter Report and annual membership renewal procedures.
- OMCA will not routinely update personal information unless this is necessary to fulfil the purposes for which the information was collected.
- Personal information on individual members can be retrieved from the database by an OMCA employee in order to verify the accuracy of the information, in consultation with a member.
PRINCIPLE #7 – SAFEGUARDS
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- OMCA will protect all personal information, regardless of format, against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. More sensitive information will be safeguarded by a higher level of protection.
- The methods of protection will include physical measures, organizational measures and technological measures. OMCA will make employees aware of the importance of maintaining the confidentiality of personal information.
- OMCA will take care in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to it.
- OMCA employees, and its contractors hired to work for and on behalf of OMCA are made aware, verbally and in writing of OMCA’s Privacy Policy with regard to compliance of the Act. In addition, OMCA employees are vigilant with regard to the access of membership files. Staff training includes awareness of the provisions of the Act, as well as this policy document.
- The OMCA office is situated in a secured building with 24-hour security. After-hours access is restricted to employees with a pass-card. The office itself is locked at all times out side of normal business hours.
- OMCA computers are password protected. All computer forms that relate to financial transactions are “secure”. The OMCA computer system is firewall protected. Membership data is stored off-site by a contracted firm. This firm must, as a condition of its contract with OMCA, abide by the PIPEDA in respect to protection and security of OMCA members’ personal information.
PRINCIPLE #8 – OPENNESS
OMCA will make specific information about its personal information management policies and practices readily available to individuals.
OMCA will be open about its polices and practices with respect to the management of personal information. Individuals will be able to acquire information about OMCA’s policies and practices without unreasonable effort and in a form that is generally understandable.
This information will include:
- The name or title, and the address, of the person who is accountable for OMCA’s policies and practices and to whom complaints or inquiries can be forwarded.
- How to gain access to personal information held by the Association
- A description of the type of personal information held by OMCA, including a general account of its use
- A copy of any brochures or other information that explain OMCA’s policies, and
- What personal information is made available to related organizations
- OMCA’s Privacy Policy is available on the OMCA website (OMCA.com), as a main link, and also on the site index. Henceforth, in all membership renewal packages, membership registration packages and, periodically throughout the year, OMCA will ensure that due notice is made of the OMCA Privacy Policy.
- Members may contact OMCA at any time for a copy of the personal information in their files.
- Individuals can complain to OMCA using the contact information listed.
PRINCIPLE #9 – INDIVIDUAL ACCESS
Upon request, OMCA will inform individuals of the existence, use and disclosure of their personal information and provide access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Note: In certain situations, OMCA may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific, but may include instances where disclosure would reveal information about a third party where the information cannot be severed’ for certain investigator and legal reasons as specified by legislation’ where the information is protected by solicitor-client privilege; where disclosure would reveal confidential commercial information and cannot be severed; or where the information was generated in the course of a formal dispute resolution process.
- Upon request, OMCA will inform individuals whether or not the organization holds personal information about them and will allow access to this information. Where possible, OMCA will indicate the source of the information, and will provide an account of its use and an account of the third parties to which it has been disclosed. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, OMCA will provide a list of organizations to which it may have disclosed the information. OMCA may chose to make sensitive medical information available through a medical practitioner.
- OMCA may require sufficient information to permit the company to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.
- OMCA will respond to individual requests within a reasonable time and at no cost to the individual. The requested information shall be provided in a form that is generally understandable.
- When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, OMCA will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question. There are no costs or charges associated with the correcting of information in membership files
- When a challenge is not resolved to the satisfaction of the individual, OMCA will record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.
- Individuals may visit the OMCA office during regular office hours to review their membership records. They may also request a copy of the information OMCA has in their file, as long as they provide verification of their identity.
PRINCIPLE #10 – CHALLENGING COMPLIANCE
OMCA will implement procedures to receive and respond to complaints or inquiries about policies relating to the handling of personal information. These procedures will be easy accessible and simple to use.
- OMCA will investigate all complaints. If a complaint is found to be justified, OMCA will take appropriate measures, including, if necessary, amending its policies and practices.
- Inquiries or complaints about OMCA’s personal information handling policies or practices should be directed to the President at the address below.
- Individuals can also contact the Privacy Commissioner of Canada in writing at the address provided.
PRINCIPLE #11 – THIRD PARTY AD NETWORKS
We use third parties such as network advertisers to serve advertisements on our Site and on third-party websites or other media (e.g., social networking platforms). This enables us and these third parties to target advertisements to you for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third-party advertisers with information about you.
Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.
Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt-out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.
Online Behavioral Advertising and How You Can Opt-Out
We may work with third-party advertising companies who may utilize cookies and web beacons, and data collected on our services, to customize advertisements to you on our services, as well as on other websites or mobile applications in their networks beyond our services. Among other things, these customized advertisements may advertise our products and services and third party products and services on websites or mobile applications not affiliated with us. Some of these ads are online behavioral advertising – which serve advertisements that are more likely to be of interest to you using non-personal behavioral information. Such ads may contain cookies that allow monitoring of websites and mobile applications (including our own services) and your response to such advertisements. Cookies or web beacons placed by these companies do not collect personal information, and the third-party advertising companies do not have access to or use your name, address, e-mail address, telephone number or other personal information; they may however, anonymously track your usage across our services and other websites or mobile applications in their networks. We limit companies that place our ads from using information for any purpose other than to assist us in our advertising efforts.
For more information about these third-party advertising companies’ privacy policies, visit the Network Advertising Initiative’s website at http://www.networkadvertising.org. If you prefer to not receive targeted advertising, you can opt-out of network advertising programs that use your information. To do so, please visit: the Network Advertising Initiative’s opt-out page.