We reserve the right to change this policy from time to time as industry practice, the law, and our procedures in this area may change from time to time.
If the policies and procedures outlined in this document do not address a specific situation, individuals are advised to contact the Privacy Officer firstname.lastname@example.org for guidance or clarification.
The Group collects and uses only the personal information that we need for providing services and operating our business. Generally, the Group collects the personal information from individuals such as the type of information described below for the various purposes set out herein.
The Group collects uses and discloses personal information for the following purposes:
We normally collect information directly from you. We may collect your information from other persons with your consent or as authorized by law. Before or at the time of collecting personal information, we identify the purposes for which we are collecting the information. We do not provide this notification when personal information is volunteered for an obvious purpose. If we wish to use or disclose your information for a new purpose not included in this policy, we will notify you and seek your consent.
In addition, we also receive and send data from our servers and from your browser when you visit our website, including your IP address, the time and information about the page you requested and the website through which you were linked to our site, if any. We may use tracking technologies in a variety of ways, including the following: keeping count of return visits to our site; accumulating and reporting anonymous, aggregate (data collected in mass), statistical information on website usage; and determining which features users like best. Finally, your Internet browser has a feature called “cookies”, which stores small amounts of data on your computer about your visit to our site. Cookies tell us nothing about who you are, however, unless you specifically give us personal information. You do not need to have cookies turned on to visit viewpointgroup.ca or any other websites operated by us. You may also elect not to allow cookies to be collected by selecting certain options on your browser.
Ordinarily we ask for consent to collect, use or disclose personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
You may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfil our reasonable business or legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information. In the case of certain assessments and surveys, participation is anonymous and we have no ability to track individual responses or otherwise identify you. In these instances, we will not be able to withdraw your data and answers after you have submitted them.
The purpose for collecting personal information is set out in this policy. Any necessary consents shall be obtained before personal information is collected, used or disclosed.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form), or electronically (by clicking a button).
In cases that do not involve sensitive personal information, we may rely on “opt-out” consent.
The amount and type of personal information collected by the Group shall be limited to what is necessary to fulfill the identified purpose. Personal information shall only be used or disclosed for the purposes for which it is collected, or anonymously for conducting research. Exceptions may be made with the consent of the individual or if authorized or required by law.
Upon request received by the Group in writing, individuals shall be informed of the existence, use, and disclosure of their personal information records and shall be given access to that information only in the cases where it is identifiable. In most scenarios, data is collected anonymously and therefore we will not be able to identify/access individual-level data or responses. Requests to access personal information held by the Group should be directed to the Privacy Officer.
Requests must be made in writing or by e-mail. Individuals may be required to verify their identity in order to access their personal information. Any such documentation provided shall be used for verification purposes only.
The Group responds to requests for access to personal information within thirty (30) days of receipt of the request, or as may be permitted in accordance with applicable privacy legislation.
A fee for reasonable costs incurred may be charged when responding to more complex requests. The individual will be informed of the applicable fee.
Requested information will be provided in a form that is generally understandable.
The Group will be as specific as possible when describing third parties to whom it has disclosed personal information about an individual. When it is not possible to provide a list of the organizations to which it has actually disclosed information, the Group will provide a list of organizations to which it is likely to have disclosed information.
Individuals are permitted either to view the original record, or to request a copy, subject to limitations as permitted or required by law. To preserve the integrity of the record and ensure that documents are not removed from the Group, individuals wishing to view an original record will do so at the Group's head office and under the supervision of designated the Group personnel.
The Group will only refuse access to information about you in those circumstances permitted or required by applicable privacy legislation.
In the event that the Group refuses to provide access to information, it will provide you with the reasons for its refusal upon request.
Exceptions may include information that contains references to or opinions of other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. The Group will respond to your requests for access in accordance with applicable privacy legislation.
Personal information shall be kept as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
Individuals have the right to challenge the accuracy and completeness of the personal information that is maintained by the Group and have it amended as appropriate.
Individuals seeking a correction or amendment to their personal information should direct their requests in writing to the Group's Privacy Officer.
All formal requests to amend personal information must be accompanied by appropriate supporting documentation. The Group’s Privacy Officer will manage any exceptions. The amended information will be transmitted to third parties, as appropriate.
If the individual is not satisfied with the results of the request, the Group shall internally document the issue, and provide a response. The existence of the unresolved challenge will be transmitted to third parties, as appropriate.
Personal information will be retained only as long as necessary and will be disposed of in a manner that is appropriate to the sensitivity of the information. We render client personal information non-identifying, or destroy records containing personal information once the information is no longer needed. We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
Personal information will be protected by security safeguards, appropriate to the sensitivity of the personal information.
Please note that we may use cloud-based services to store information in the following countries: Canada and the United States. Where personal information is stored or processed outside of Canada, it is subject to the laws of that foreign jurisdiction, and may be accessible to that jurisdiction’s governments, courts, law enforcement, or regulatory agencies.
We will notify all required authorities including the Office of the Information and Privacy Commissioner of Alberta, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals.
If you are not satisfied with the response from our Privacy Officer after making a complaint, you may have recourse to additional remedies under applicable privacy legislation. For further information, please contact the Federal Privacy Commissioner or your provincial Privacy Commissioner, as applicable.
If you have a question or concern about any collection, use or disclosure of personal information by the Group, or would like to request access to your own personal information, please contact:
Privacy Officer: email@example.com
Last Updated June 1, 2020