Privacy of personal information is an important principle to ICT Schools. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. We also try to be open and transparent as to how we handle personal information. This document describes our privacy policies.
The following policy is in place at ICT Schools in compliance with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA). This is federal legislation which is intended to provide Canadians with a right of privacy with respect to their personal information that is collected, used or disclosed by an organization in the private sector in an era in which technology increasingly facilitates the collection and free flow of information.
1. SUMMARY OF THE ACT
Organizations covered by the PIPEDA must obtain an individual's consent when they collect, use or disclose the individual's personal information. The individual has a right to access personal information held by an organization and to challenge its accuracy, if required. Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, consent must be obtained again. Individuals should also be assured that their information will be protected by specific safeguards, including measures such as locked cabinets, confidentiality agreements, computer passwords or encryption.
2. PRIVACY PRINCIPLES
PIPEDA identifies the following privacy principles, which ICT is committed to upholding:
Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the these privacy principles.
Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate.
Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfillment of those purposes.
Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance.
Some groups, such as law enforcement agencies and journalists, have a lawful or investigative need to collect, use and disclose personal information without having to obtain the consent of the concerned individuals. For these reasons, certain exemptions are included:
- where such data can contribute to a legal investigation or aid in an emergency where people’s lives and safety could be at stake;
- where disclosure facilitates the conservation of historically important records;
- where the action clearly benefits the individual or if obtaining permission could infringe on the information’s accuracy; or
- where the information is collected, used or disclosed solely for journalistic, artistic or literary purposes.
3. PERSONAL INFORMATION PROTECTED BY THE ACT
Personal information is information about an identifiable individual. Personal information includes information that relates to their personal characteristics (e.g., gender, age, income, home address or phone number, family status), their health (e.g. health history, health conditions, health services received by them) or their activities (opinions, evaluations, comments, disciplinary actions, intentions). Personal information is distinct from business information (e.g., an individual's name, business address and telephone number), which is not protected by privacy legislation.
4. WHO WE ARE
Our organization, ICT Schools, is engaged in the education and training of students who wish to pursue a career in Massage Therapy or related Complementary Health Care professions. We engage a number of third party organizations and independent contractors that may, in the course of their duties, have limited access to personal information that we hold. These include accountants, computer, website consultants, clinic supervisors and co-op students among others. We restrict their access to any personal information we hold as much as is reasonably possible, though in some instances, it may be necessary for them to have access to personal information to allow them to effectively perform their tasks. Independent contractors and co-op students are required to sign contracts which contain confidentiality provisions with regard to the information they may have access to.
5. PERSONAL INFORMATION WE COLLECT
We collect, use and disclose only that personal information that allows us to efficiently and effectively operate the college, in accordance with sound business practices and in compliance with relevant legislation and the requirements of other regulatory and accrediting bodies. In this regard, personal information is collected for the following purposes:
- to enroll the student in the college in accordance with relevant legislation;
- to engage in on-going, up-to-date communication with a student as to their academic performance and status at the college;
- to allow the college to communicate a student's financial status with the college;
- to administer student loans and other government funding in accordance with relevant legislation and guidelines;
- to ensure that students are free from TB in the interest of the protection of the public;
- to ensure the college’s policies and procedures (including disciplinary policies related thereto) as outlined in the Program Catalogue are properly adhered to and, where necessary, fairly enforced; and
- to invoice students for goods or services that were not paid for at the time, to process credit card payments or to collect unpaid accounts.
Examples of the information that we collect include identifying information ( student name, address, phone number, email address, emergency contact name); the enrollment contract between the student and the college; attendance records and related notes and information pertaining to absences; tests, examinations and other academic evaluations; grades; certification that the individual is free from TB; financial transaction history with the college including invoices, receipts, student loan information and, where applicable, credit card information; photographic consent (for promotional purposes) and notes related to student meetings for academic purposes or for any dispute or disciplinary action against the individual. We also take measures to ensure student ID is verified in accordance with student loan administration requirements and maintain a written ID verification record on file.
The personal information that we collect is with the informed consent of the individual.
Public Clinic Clients
As teaching clinics we collect only that personal information that allows us to provide the indicated and requested therapy treatment. For example, we collect information about a client's health history, physical condition and function in order to help us assess what their health needs are, to advise them of their options and then to provide the health care they choose to have. A second primary purpose is to educate our students as to appropriate methods and protocols of clinical reporting. The personal information that we collect is with the informed consent of the individual.
ICT Schools is dedicated to the pursuit of excellence in private post-secondary education for health care professionals. To this end we ask for personal resumes, diplomas, transcripts, and evidence of relevant certification. This information is collected and stored with the informed consent of the individual.
For people who are contracted to do work for us (e.g., computer consultants, co-op students, clinic supervisors), our primary purpose for collecting personal information is to ensure we can contact them in the future (e.g., for new assignments) and for necessary work-related communications (e.g., sending out invoice payments, year-end tax receipts). Examples of the type of personal information we collect for those purposes include home addresses and telephone numbers and, where the Independent contractor is an individual, Social Insurance Numbers. It is rare for us to collect such information without prior consent, but it might happen in the case of health emergency (e.g., a SARS outbreak) or to investigate a possible breach of law (e.g., if a theft were to occur in the clinic).
If contract staff or co-op students wish a letter of reference or an evaluation, we will collect information about their work related performance and provide a report as requested by them.
6. RELATED AND SECONDARY PURPOSES
Like most organizations, we also collect, use and disclose information for purposes related to, or secondary to, our primary purposes. The most common examples of our related and secondary purposes are discussed below.
We advise graduates, clinic clients and other individuals who contact our schools of special events or opportunities (e.g., seminars, continuing education courses, job opportunities for graduates, clinic ‘specials’ or appointment openings for clinic clients, development of a new service, arrival of a new product) that we have available. Students are given the option to be part of some of these related or secondary purposes (e.g., by declining to receive notice of special events or opportunities).
The College may share, as required, personal student information with the relevant provincial ministries that regulate us (including for student load purposes), banks, and the College's auditors. In addition the College may be required to provide personal information regarding students, staff or clinic clients to other governmental or regulatory authorities such as Canada Revenue Agency, the College of Massage Therapist of Ontario, and so forth. In such instances, the College may seek professional advice from lawyers or accountants.
As an educational instituition, we are sometimes called upon to disclose a student’s status (i.e. a current student, a graduated student or neither of these) to other schools, employers and other organizations, in order to protect the integrity of our diploma and our College (we would do this when someone is representing themselves to another party as either current student or graduate of one of our schools).
The College provides personal information to Collection Agencies in order collect delinquent accounts.
In order to obtain Errors and Omissions insurance, the College must disclose personal information to its insurance company regarding its instructors’ qualifications and experience.
As a service to our graduates and in compliance with legislation, the College maintains transcripts onsite and offsite (where required by legislation). Transcripts may be ordered directly from each school for a fee.
In the event ICT Schools were to be offered for sale, prospective purchasers may want to conduct a review of the College's records to ensure that it is a viable business that has been fairly portrayed to the purchaser. This due diligence may involve a review of the College’s financial, student and other records. No potential purchaser will be allowed to remove or record personal information, until such time as a sales transaction may be competed. Before any such review could take place, the purchaser would be required to sign appropriate confidentiality provisions in respect of any personal information which may be provided to or ascertained by the purchaser.
7. PROTECTING PERSONAL INFORMATION
Paper information is either under supervision or secured in a locked or restricted area.
Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used in computers and changed regularly.
Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
Electronic information is transmitted either through a direct line or is password protected.
External consultants and agencies with access to personal information must enter into confidentiality provisions with us.
8. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We retain personal information as long as necessary to comply with legislative and/or regulatory requirement. Information may be retained longer with the consent of the individual (e.g. Personal information for members of the Alumni Association may be retained as long a they remain active members). We retain personal information pertaining to delinquent accounts until the account is collected or otherwise closed.
We retain required student information (each province determines which information must be retained in the student's file) for 1-3 years (depending on the province) following the student's exit from his/her Program of Study or until the student has fulfilled all Enrolment Contract obligations if this is longer (e.g. delinquent accounts).
Our clinic client files are shredded 10 years after the last contact. If a clinic client asks, we will remove contact information right away.
We destroy paper files containing personal information by shredding annually. When our files are purged we contract with a reputable, bonded company to shred these documents and provide us with a Certificate of Destruction. We destroy electronic information by deleting it or by physically destroying the hard drive.
9. VIEWING YOUR INFORMATION
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We will identify the records we have about you. We will also try to help you understand any information you do not understand. We will need to confirm your identity, if we do not know you, before providing you with this access. Certain information, such as transcripts and diplomas, are provided upon payment of a set fee as disclosed in the current Student Catalogue. Photocopies of files (clinic or student) are provided to currently enrolled students for a fee of $25 plus HST. All other copying requests must be accompanied by a fee of $150 plus HST per file. We reserve the right to charge a nominal fee for other requests based on a per hour rate.
We require that you request to see your file in writing, directed to the Registrar. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include on our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
10. CONTACTING US
Our Director of Schools, who will attempt to answer any questions or concerns you might have, can be reached at:
Pascal Papathanasakis: (416) 762-4857 ex 226 or email at firstname.lastname@example.org
If you wish to make a formal complaint about our privacy practices, you may make it in writing to the Director of Schools, ICT Schools, 2340 Dundas St. West, Unit G-04, Toronto, ON M6P 4A9 . The Director will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
If you have a concern about the professionalism or competence of our services or the mental or physical capacity of any of our professional staff we would ask you to discuss those concerns with us. If we cannot satisfy your concerns we will provide you with the contact information for the appropriate regulatory body.
This policy is made under the Personal Information Protection and Electronic Documents Act. That is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitment set out above.
For general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:
112 Kent Street, Ottawa, ON, K1A 1H3
Telephone: 613 995 8210
Toll Free: 1 800 282 1376