|
Code for the Protection of Personal Information
Introduction
North America is part of a global economy based
on the creation, processing, and exchange of information. The technology
underlying the information economy provides a number of benefits
that improve the quality of our lives. This technology also gives
rise to concerns about the protection of privacy rights and the
individual's right to control the use and exchange of personal information.
Register4Sports.com has an inherent responsibility
to be open and accessible while, at the same time, demonstrating
the greatest respect for protection of the user's personal privacy.
In adopting this Code for the Protection of
Personal Information, what has been accepted practice becomes a
documented commitment by Register4Sports users.
Principles
Several interrelated principles form the basis
of the Code for the Protection of Personal Information ("the Code").
When reading, each principle must be read in conjunction with the
accompanying commentary.
1. Accountability
Register4Sports.com is responsible for personal information under
its control and shall designate an individual who is accountable
for compliance with the principles of the Code.
2. Identifying Purposes
The purposes for which personal information is collected shall
be identified by Register4Sports at or before the time the information
is collected.
3. Consent
The knowledge and consent of the user are required for the collection,
use, or disclosure of personal information, except where inappropriate.
4. Limiting Collection
The collection of personal information
shall be limited to that which is necessary for the purposes identified
by Register4Sports.com. Information shall be collected by fair
and lawful means.
5. Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes
other than those for which it was collected, except with the consent
of the individual or as required by law. Personal information
shall be retained only as long as necessary for the fulfillment
of those purposes.
6. Accuracy
Personal information shall be as accurate, complete, and up-to-date
as is necessary for the purposes for which it is to be used.
7. Safeguards
Personal information shall be protected by security safeguards
appropriate to the sensitivity of the information.
8. Openness
Register4Sports.com shall make readily available to users specific,
understandable information about its policies and practices relating
to the management of personal information.
9. Individual Access
Upon request, a user shall be informed of the existence, use,
and disclosure of their personal information, and shall be given
access to that information. A user is entitled to question the
accuracy and completeness of the information and have it amended
as appropriate.
10. Compliance
A user shall be able to question compliance with the above principles
to the designated individual accountable for Register4Sports.com's
compliance. Register4Sports.com shall have policies and procedures
to respond to the questions and concerns.
Definitions
The following definitions apply in this Code.
"Collection"
The act of gathering, acquiring, or obtaining personal information
from any source, including Third Parties, by any means.
"Consent"
Voluntary agreement with what is being done or proposed. Consent
can be either express or implied. Express consent is given explicitly,
either orally, in writing, or on the website. Express consent is
unequivocal and does not require any inference on the part of Register4Sports.com
seeking consent. Implied consent arises where consent may reasonably
be inferred from the action or inaction of the user.
"Designated Individual"
The person within Register4Sports.com who is responsible for collecting,
using, disclosing and protecting the users' personal information
and compliance with the Code.
"Disclosure"
Making personal information that can uniquely identify individuals
available to others outside of Register4Sports.com.
"User"
The person or organization who is a registered user of the services
offered by Register4Sports.
"Organization"
A term used in the Code that includes organizations, partnerships,
associations, businesses, charitable organizations, clubs, government
bodies, institutions, professional practices and unions.
"Personal Information"
Any information that is about or can be linked to an identifiable
individual, but does not include the name, title or business address
or telephone number of an employee of an organization.
"Third Party"
Any person or organization other than a registered user.
"Use"
Refers to the treatment and handling of personal information within
Register4Sports.com.
Principles
1.0 Principle 1 - Accountability
Register4Sports.com is responsible for personal information under
its control and shall designate an individual who is accountable
for Register4Sports.com's compliance with the principles of the
Code.
1.1
Ultimate accountability for Register4Sports.com's compliance with
the principles rests with Register4Sports.com's Board of Directors,
who delegate day-to-day accountability to a designated individual.
Other individuals within Register4Sports.com may be accountable
for the day-to-day collection and processing of personal information,
or to act on behalf of the designated individual.
1.2
Register4Sports.com shall identify internally and to its users the
designated individual who is responsible for the day-to-day compliance
with the principles.
1.3
Register4Sports.com is responsible for personal information in its
possession. Register4Sports.com shall use contractual or other means
to provide a comparable level of protection while the information
is being processed by a Third Party.
1.4
Register4Sports.com shall implement policies and procedures to give
effect to the principles, including:
(a) procedures to protect personal information
(b) procedures to receive and respond to concerns and inquiries
(c) training staff to understand and follow Register4Sports.com's
policies and procedures
(d) annual review of the effectiveness of the polices and procedures
to ensure compliance with the Code and consideration of revision
as deemed appropriate.
2.0 Principle 2 - Identifying
Purposes
The purposes for which personal information is collected shall be
identified by Register4Sports.com when or before the information
is collected.
2.1
Register4Sports.com shall document the purposes for which personal
information is collected prior to the information being collected.
2.2
Register4Sports.com shall make reasonable efforts to ensure that
the user is aware of the purposes for which personal information
is collected, including use by Third Parties.
2.3
Identifying the purposes for which personal information is being
collected at or before the time of collection also defines the information
needed to fulfil these purposes. Register4Sports.com shall collect
personal information for the following purposes:
- to aid in understanding the user's needs
- to facilitate the registration process for
the user
- to determine the suitability of the products
or services for the user or the eligibility of the user for products
and services
- to set up, offer and manage products and
services that meet the user's needs
- to provide ongoing service
- to meet legal and regulatory requirements.
2.4
The identified purposes should be specified to the user from whom
the personal information is being collected. This can be done orally,
electronically or in writing. An application form with the purposes
highlighted, for example, may give notice of the purposes
2.5
When personal information that has been collected is to be used
for a purpose not previously identified, the new purpose shall be
identified prior to use. Unless the new purpose is required by law,
the consent of the user is required before information can be used
for that purpose
3.0 Principle 3 - Consent
The knowledge and consent of the user are required for the collection,
use, or disclosure of personal information, except in specific circumstances
as described below.
Note: In certain circumstances personal information may be
collected, used, or disclosed without the knowledge and consent
of the individual. These circumstances include:
- Where clearly in the interests of the individual
and consent cannot be obtained in a timely way;
- To avoid compromising information availability
or accuracy and if reasonable to investigate a breach of an agreement
or a contravention of the laws of Canada or a province;
- Where the information is generally considered
to be in the public domain;
- To act in respect of an emergency that threatens
the life, health or security on an individual;
- To investigate an offence under the laws
of Canada, a threat to Canada's security, to comply with a subpoena,
warrant or court order or rules of court relating to the production
of records, or otherwise as required by law.
3.1
Consent is required for the collection of personal information and
the subsequent use or disclosure of this information. In certain
circumstances, consent may be sought after the information has been
collected but before use (for example, when Register4Sports.com
wants to use information for a purpose not previously identified).
Register4Sports.com may be required to collect, use, or disclose
personal information without the user's consent for certain purposes,
including the collection of overdue accounts, legal or security
reasons.
3.2
The principle requires "knowledge and consent". Register4Sports.com
shall make a reasonable effort to ensure that the user is aware
of the purposes for which the information will be used. To make
the consent meaningful, the purposes must be stated in such a manner
that the user can reasonably understand how the information will
be used or disclosed.
3.3
Register4Sports.com shall not, as a condition of the supply of a
product or service, require a user to consent to the collection,
use, or disclosure of information beyond that required to fulfil
explicitly specified and legitimate purposes
3.4
In determining the form of consent to use, Register4Sports.com shall
take into account the sensitivity of the information. Although some
information (for example, medical and income records) is almost
always considered to be sensitive, any information can be sensitive,
depending on the context.
3.5
In obtaining consent, the reasonable expectations of the user are
also relevant. For example, as a user of Register4Sports.com, a
user should reasonably expect Register4Sports.com to periodically
supply information on Register4Sports.com developments, products
and services. A user who requests sports registration services should
reasonably expect that Register4Sports.com, in addition to using
the user's name and address for registration purposes, would also
contact the user to renew the registration. Similarly, consent will
not be obtained when personal information is supplied to agents
of Register4Sports.com to carry out processing functions, such as
data processing or the printing of player registration cards. In
this case, Register4Sports.com can assume that the user's request
constitutes consent for specific purposes.
On the other hand, a user would not reasonably expect that personal
information given to a Register4Sports.com would be given to a company
selling sporting goods, unless consent was obtained. Consent will
not be obtained through deception.
3.6
The way in which Register4Sports.com seeks consent may vary, depending
on the circumstances and the type of information collected. Register4Sports.com
will seek express consent when the information is likely to be considered
sensitive. Implied consent would generally be appropriate when the
information is less sensitive.
Users can give consent:
(a) in writing, such as when completing and
signing an application
(b) through inaction, such as failing to check a box indicating
that they do not wish their names and addresses to be given to
other organizations
(c) orally, such as when information is collected over the telephone
or in person
(d) at the time they use a product
or service
(e) through an authorized representative (such as a legal guardian
or a person having power of attorney).
3.7
A user may withdraw consent at any time, subject to legal or contractual
restrictions, provided that:
a) reasonable notice of withdrawal of consent
is give to Register4Sports.com;
b) consent does not relate to a registration product requiring
the collection and reporting of information after the registration
has been confirmed; and
c) the withdrawal of consent is in writing and includes understanding
by the user that withdrawal of consent could mean that Register4Sports.com
cannot provide the user with a related product, service or information
of value. Register4Sports.com shall inform the user of the implication
of such withdrawal.
4.0 Principle 4 - Limiting
Collection
The collection of personal information shall be limited to that
which is necessary for the purposes identified by Register4Sports.com.
Information shall be collected by fair and lawful means
4.1
Register4Sports.com shall not collect personal information indiscriminately.
Register4Sports.com shall specify both the amount and the type of
information collected, limited to that which is necessary to fulfil
the purposes identified, in accordance with Register4Sports.com's
policies and procedures.
4.2
Register4Sports.com shall collect personal information by fair and
lawful means, and not by misleading or deceiving users about the
purpose for which information is being collected
5.0 Principle 5 - Use,
and Disclosure
Personal information shall not be used or disclosed for purposes
other than those for which it was collected, except with the consent
of the user or as required by law. Personal information shall be
retained only as long as necessary for the fulfillment of those
purposes.
5.1
When Register4Sports.com uses personal information for a new purpose,
the purpose shall be documented.
5.2
Register4Sports.com may disclose personal information without consent
to protect the interests of Register4Sports.com or when required
by law, for example, when requested:
(a) by subpoena or search warrant;
(b) by other court and government orders;
(c) by demands from other parties who have a legal right to personal
information;
(d) by a person acting in a confidential or professional relationship
with Register4Sports.com, such as an auditor or a solictor.
5.3
Register4Sports.com shall protect the interests of its users by
taking reasonable steps to ensure that:
(a) orders or demands comply with the laws
under which they were issued
(b) only the personal information that is legally required is
disclosed and nothing more
(c) casual requests for personal information are denied
(d) personal information disclosed to unrelated Third Party suppliers
of non-financial services is strictly limited to programs endorsed
by Register4Sports.com.
Register4Sports.com will make reasonable effort
to notify the user that an order has been received, if not contrary
to the security of Register4Sports.com and if the law allows it.
Notification may be by telephone, email, or by letter to the user's
usual address.
5.4
The user's health records at Register4Sports.com may be used for
registrations and related insurance or emergency purposes. The user's
health records shall not be collected from, or disclosed to, any
other organization.
5.5
Register4Sports.com shall maintain guidelines and procedures with
respect to the retention of personal information. These guidelines
include minimum and maximum retention periods. Personal information
that has been used to make a decision about a user shall be retained
long enough to allow the user access to the information after the
decision has been made. Register4Sports.com may be subject to legislative
requirements with respect to retention of records.
5.6
As a user of the Register4Sports.com service, it is important for
you to know that each time our service is used two types of information
may be collected.
1. Statistical Information: Each time a user accesses the site,
browses, or registers, statistics on a consolidated basis are kept.
2. Personal information: Where required, personal information provided
by the user is collected and may include username, passwords, and
other identifying information such as name, address, and phone number,
where this information is required to register for certain sports,
activities, or programs.
6.0 Principle 6 - Accuracy
Personal information shall be as accurate, complete and up-to-date
as is necessary for the purposes for which it is to be used.
6.1
The extent to which personal information shall be accurate, complete,
and up-to-date will depend upon the use of the information, taking
into account the interests of the user. Register4Sports.com relies
on the user to keep certain personal information accurate, complete
and current, such as name and address. Information shall be sufficiently
accurate, complete, and up-to-date to minimize the possibility that
inappropriate information may be used to make a decision about the
user.
6.2
Register4Sports.com shall not routinely update personal information,
unless such a process is necessary to fulfil the purposes for which
the information was collected.
6.3
Personal information that is used on an on-going basis, including
information that is disclosed to Third Parties, will generally be
accurate and up-to-date unless limits to the requirement for accuracy
are clearly set out.
7.0 Principle 7 - Safeguards
Personal information shall be protected by security safeguards appropriate
to the sensitivity of the information. Register4Sports.com will
take the same standard of care as it takes to safeguard its own
confidential information of a similar nature.
7.1
The security safeguards shall protect personal information against
loss or theft, as well as unauthorized access, disclosure, copying,
use, or modification. Register4Sports.com shall protect personal
information regardless of the format in which it is held.
7.2
The nature of the safeguards will vary depending on the sensitivity,
amount, distribution and format of the information, and the method
of storage. More sensitive information may be safeguarded by a higher
level of protection.
7.3
The methods of protection will include:
(a) physical measures, for example, locked
filing cabinets and restricted access to offices
(b) organizational measures, for example, controlling entry to
data centres and limiting access to information to a "need-to-know"
basis
(c) technological measures, for example, the use of passwords
and encryption.
(d) investigative measures, in cases where Register4Sports.com
has reasonable grounds to believe that personal information is
being inappropriately collected, used or disclosed.
7.4
Register4Sports.com shall periodically remind employees, directors
and officers of the importance of maintaining the confidentiality
of personal information. Employees and directors are individually
required to sign an oath of ethical conduct annually, including
commitment to keep user's personal information in strict confidence.
7.5
Third Parties shall be required to safeguard personal information
disclosed to them in a manner consistent with the policies of Register4Sports.com.
Examples include cheque printing, data processing, credit collection,
credit bureaus and card production.
7.6
Care shall be used in the disposal or destruction of personal information,
to prevent unauthorized parties from gaining access to the information.
8.0 Principle 8 - Openness
Register4Sports.com shall make readily available to users specific,
understandable information about its policies and practices relating
to the management of personal information.
8.1
Register4Sports.com shall be open about privacy policies and procedures
with respect to the management of personal information and shall
make them readily available in a form that is generally understandable.
8.2
The information made available shall include:
(a) the name or title, and the address of
the designated individual who is accountable for compliance with
Register4Sports.com's policies and procedures and to whom complaints
or inquiries can be forwarded
(b) the means of gaining access to personal information held by
Register4Sports.com
(c) a description of the type of personal information held by
Register4Sports.com, including a general account of its use
(d) a copy of any brochures or other information that explains
Register4Sports.com's policies, procedures, standards or codes
(e) the types of personal information made available to related
organizations, such as subsidiaries or other suppliers.
8.3
Register4Sports.com may make information on its policies and practices
available in a variety of ways. The method chosen depends on the
nature of its business and other considerations. For example, Register4Sports.com
may choose to make brochures available in its place of business,
mail information to its users, provide on-line access, or establish
a telephone number to respond to questions.
9.0 Principle 9 - Individual
Access
Upon request, a user shall be informed of the existence, use, and
disclosure of their personal information and shall be given access
to that information. A user is entitled to challenge the accuracy
and completeness of the information and have it amended as appropriate.
Note: In certain situations, Register4Sports.com
may not be able to provide access to all the personal information
it holds about a user. Exceptions to the access requirement will
be limited and specific. The reasons for denying access include
the following:
- providing access would likely reveal personal
information about a third party unless such information can be
severed from the record or the third party consents to the disclosure,
or the information is needed due to a threat to life, health or
security;
- the personal information has been requested
by a government institution for the purposes of enforcing any
law of Canada, a province or a foreign jurisdiction, carrying
out any investigation related to the enforcement of any law, the
administration of any law, the protection of national security,
the defense of Canada or the conduct of international affairs;
- the information is protected by solicitor-client
privilege;
- providing access would reveal confidential
commercial information, provided this information cannot be severed
from the file containing other information requested by the individual;
- providing access could reasonably be expected
to threaten the life or security of another individual, provided
this information cannot be severed from the file containing other
information requested by the individual;
- the information was collected without the
knowledge or consent of the individual for purposes related to
investigating a breach of an agreement or a contravention of the
laws of Canada or a province;
- the information was generated in the course
of a formal dispute resolution process.
9.1
Upon request, Register4Sports.com shall inform a user of the existence,
use, disclosure, and source of personal information about the user
held by Register4Sports.com, and shall allow the user access to
this information. However, Register4Sports.com may choose to make
sensitive medical information available through a medical practitioner.
9.2
In some cases, Register4Sports.com may not be able to provide all
of the personal information that it holds. Register4Sports.com will
limit these cases and make them specific in its policies and procedures.
For example, some personal information may not be provided, or not
provided in full, because it may contain Register4Sports.com's own
"proprietary information", such as personal information used in
making an evaluation regarding eligibility for services.
9.3
For Register4Sports.com to provide an account of the existence,
use, and disclosure of personal information held by Register4Sports.com,
the user may be asked to provide sufficient information to aid in
the search. The additional information provided shall only be used
for this purpose.
9.4
In providing an account of Third Parties to which it has, or may
have, disclosed personal information about a user, Register4Sports.com
will be as specific as possible, including a list of Third Parties.
9.5
Register4Sports.com shall respond to a user's request within a reasonable
time and at no cost, or reasonable cost, to the user. The requested
information shall be provided or made available in a form that is
generally understandable. For example, if Register4Sports.com uses
abbreviations or codes to record information, an explanation will
be provided.
9.6
When a user successfully demonstrates the inaccuracy or incompleteness
of personal information, Register4Sports.com shall amend the information
as required. Depending upon the nature of the information challenged,
amendment involves the correction, deletion, or addition of information.
Where appropriate, the amended information shall be transmitted
to Third Parties having access to the information in question.
9.7
When a challenge is not resolved to the satisfaction of the user,
the substance of the unresolved challenge shall be recorded by Register4Sports.com.
When appropriate, the existence of the unresolved challenge shall
be transmitted to Third Parties having access to the information
in question.
10.0 Principle 10 -
Compliance
A user shall be able to question compliance with the above principles
to the designated individual accountable for Register4Sports.com's
compliance. Register4Sports.com shall have policies and procedures
to respond to the user's questions and concerns.
10.1
The designated individual accountable for Register4Sports.com's
compliance shall be known to staff and identified to the user periodically.
10.2
Register4Sports.com shall maintain procedures to receive and respond
to complaints or inquiries about their policies and practices relating
to the handling of personal information. The complaint procedures
will be easily accessible and simple to use.
10.3
Users who make inquiries or lodge complaints shall be informed by
Register4Sports.com of the existence of relevant complaint procedures.
If a complaint is not satisfactorily resolved with the designated
individual in Register4Sports.com, it may be taken to Register4Sports.com
Board of Directors. If not resolved there, procedures shall be in
place to refer it to a regulator, or to an independent mediator
or arbitrator, as may be appropriate.
10.4
Register4Sports.com shall investigate all complaints. If a complaint
is found to be justified, Register4Sports.com shall take appropriate
measures, including revision of the personal information and, if
necessary, amending Register4Sports.com's policies and practices.
|
