Contacting UsInformation on how to get in touch with OPGH.
Looking for help? Find problem gambling help in Ontario using our Online Directory.
Privacy Policy Details| Privacy Policy Details (for a summary of ConnexOntario's Privacy Policy, click here.) Table of Contents Introduction
ConnexOntario Health Services Information is committed to controlling the collection, use and disclosure of Personal Information. ConnexOntario has demonstrated that committment by developing this privacy policy (the Privacy Policy) in accordance with the standards set out in the Personal Information Protection and Electronic Documents Act (Canada) (the Act).
Definitions Collection - gathering, acquiring or obtaining Personal Information from any source, including third parties, by any means. Consent - voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of ConnexOntario. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual. Disclosure - making Personal Information available to other ConnexOntario personnel or others outside of ConnexOntario. Personal Information - information about an identifiable individual recorded in any form and might include, but will not be limited to, such things as race, ethnic origin, colour, age, marital status, religion, education, medical, criminal, employment or financial history, address and telephone number, numerical identifiers such as a Social Insurance Number, and views and personal opinions. -does not include the name, title or business address or business telephone number of an employee of ConnexOntario. Privacy Commissioner - the Federal Privacy Commissioner as set out under section 2 of the Act.
Privacy Officer - ConnexOntarios Privacy Officer as required by Schedule 1 of the Act.
Use - means the treatment and handling of Personal Information within ConnexOntario.
Application The Privacy Policy applies to: - any Personal Information that ConnexOntario collects, uses or discloses in the course of commercial activities or any Personal Information about an employee of ConnexOntario.
The Privacy Policy does not apply to: - exceptions set out under section 7 of the Act.
The Ten Privacy Principles Principle 1: Accountability The Privacy Officer for ConnexOntario: Wendy Murray 1.1 - Accountability for compliance by ConnexOntario with these policies and procedures rests with the Privacy Officer, even though other individuals within ConnexOntario may be responsible for the day-to-day collection and processing of Personal Information. In addition, the Privacy Officer may, from time to time, designate one or more other individuals within the company to act on his or her behalf. 1.2 - ConnexOntario shall make the name of and contact information for the Privacy Officer known upon request and shall provide information in this Privacy Policy. 1.3 - ConnexOntario is responsible for Personal Information in its possession or custody, including Personal Information that has been transferred to a third party for processing. ConnexOntario shall use contractual or other means to provide a comparable level of protection while the Personal Information is being processed by a third party. 1.4 - ConnexOntario has implemented policies and practices that give effect to the principles and procedures in this Privacy Policy including: (a) implementing procedures to protect Personal Information; (b) establishing procedures to receive and respond to complaints and inquiries; (c) training staff and communicating to staff information about ConnexOntarios policies and practices; and (d) developing information to explain ConnexOntarios policies and procedures. 1.5 - The designation of a Privacy Officer does not relieve ConnexOntario from accountability for compliance with these principles.
Principle 2: Identifying Purposes 2.1 - ConnexOntario shall document the purposes for which Personal Information is collected in order to comply with the Openness principle (Principle 8 of Schedule 1 to the Act) and the Individual Access principle (Principle 9 of Schedule 1 to the Act). 2.2 - Identifying the purposes for which Personal Information is collected at or before the time of collection allows ConnexOntario to determine the Personal Information it needs to collect to fulfil these purposes. The Limiting Collection principle (Principle 4 of Schedule 1 to the Act) requires ConnexOntario to collect only that Personal Information necessary for the purposes that have been identified. 2.3 - The identified purposes shall be specified at or before the time of collection to the individual from whom the Personal Information is collected. Depending upon the way in which the Personal Information is collected, this can be done orally or in writing. 2.4 - When ConnexOntario personnel intends to use Personal Information that has been collected for a purpose not previously identified, it shall identify the new purpose prior to use. Unless the new purpose is required by law or consent is otherwise not required under the Act, the consent of the individual is required before Personal Information can be used for that purpose. 2.5 - Persons collecting Personal Information shall explain to individuals the purposes for which the Personal Information is being collected.
Principle 3: Consent 3. 1 - Consent is required for the collection of Personal Information and the subsequent use or disclosure of this Personal Information. Generally, ConnexOntario personnel shall seek consent for the use or disclosure of the Personal Information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the Personal Information has been collected but before use (for example, when ConnexOntario wants to use Personal Information for a purpose not previously identified). 3.2 - The principle requires knowledge and consent. ConnexOntario shall make a reasonable effort to ensure that the individual is advised of the purposes for which the Personal Information will be used. To make the consent meaningful, ConnexOntario shall state the purpose in such a manner that the individual can reasonably understand how the Personal Information will be used or disclosed. 3.3 - ConnexOntario may collect, use or disclose Personal Information without consent only in those circumstances permitted by section 7 of the Act. ConnexOntario shall consult the Act to determine whether an exception to the obligation to obtain consent applies. Legal, medical, or security reasons may make it impossible or impractical to seek consent. For example, when Personal Information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the Personal Information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill or mentally incapacitated, in which case consent must be obtained from parents, guardians or legal representatives of such individuals. 3.4 - ConnexOntario shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of Personal Information beyond that required to fulfil the explicitly specified and legitimate purposes. 3.5 - The form of the consent sought by ConnexOntario may vary depending upon the circumstances and the type of Personal Information. In determining the form of consent to use, ConnexOntario shall take into account the sensitivity of the Personal Information. 3.6 - In obtaining consent, ConnexOntario shall also consider the reasonable expectations of the individual. ConnexOntario shall not obtain consent through deception. 3.7 - The way in which ConnexOntario seeks consent may vary, depending on the circumstances and the type of Personal Information collected. ConnexOntario shall generally seek express consent when the Personal Information is likely to be considered sensitive. It shall rely on implied consent only where collection and use of the Personal Information is directly related to a transaction or exchange of Personal Information in which the individual is directly participating. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney). 3.8 - An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. ConnexOntario shall inform the individual of the implications of withdrawing consent.
4.1 - ConnexOntario shall not collect Personal Information indiscriminately. ConnexOntario shall limit the amount and the type of Personal Information it collects to that which is necessary to fulfil the purposes identified. ConnexOntario shall specify the type of Personal Information collected as part of its information-handling policies and practices, in accordance with the Openness principle (Principle 8 of Schedule I to the Act). 4.2 - The requirement that Personal Information be collected by fair and lawful means is intended to prevent ConnexOntario from collecting Personal Information by misleading or deceiving individuals about the purpose for which Personal Information is being collected. This requirement implies that consent with respect to collection must not be obtained through deception.
5.1 - Where ConnexOntario uses Personal Information for a new purpose it shall document this purpose (see Clause 2.1 of this Privacy Policy). It shall obtain consent of the individual prior to use of the Personal Information for a new purpose. 5.2 - ConnexOntario has guidelines and procedures with respect to the retention of Personal Information. These guidelines have minimum and maximum retention periods. ConnexOntario shall retain Personal Information that has been used to make a decision about an individual long enough to allow the individual access to the Personal Information after the decision has been made. ConnexOntario may be subject to legislative requirements with respect to retention periods. 5.3 - ConnexOntario shall destroy, erase or make anonymous Personal Information that is no longer required to fulfil the identified purposes. ConnexOntario shall develop guidelines and implement procedures to govern the destruction of Personal Information.
6.1 - ConnexOntario shall ensure that Personal Information is sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate Personal Information may be used to made a decision about the individual. The extent to which Personal Information will be accurate, complete and up-to-date will depend upon the use of the Personal Information, taking into account the interests of the individual. 6.2 - ConnexOntario shall not routinely update Personal Information, unless this is necessary to fulfil the purposes for which the Personal Information was collected. 6.3 - ConnexOntario shall ensure that Personal Information that is used on an ongoing basis, including Personal Information that is disclosed to third parties, is generally accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.
7.1 - ConnexOntario shall implement security safeguards to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the Personal Information is held. 7.2 - The nature of the safeguard shall vary depending on the sensitivity of the Personal Information that has been collected; the amount, distribution and format of the Personal Information; and the method of storage. More sensitive Personal Information shall be safeguarded by a higher level of protection. 7.3 - The methods of protection shall include, where applicable, and depending on the sensitivity of the Personal Information: (a) physical measures (e.g., locked filing cabinets and restricted access to offices); (b) organizational measures (e.g., security clearances and limiting access on a need-to-know basis); and (c) technological measures (e.g. the use of passwords and encryption). 7.4 - ConnexOntario shall make its employees aware of the importance of maintaining the confidentiality of Personal Information. 7.5 - ConnexOntario shall use care in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the Personal Information (see Clause 5.3 of this Privacy Policy).
8.1 - ConnexOntario shall be open about its policies and practices with respect to the management of Personal Information. Individuals shall be able to acquire information about ConnexOntarios policies and practices easily. ConnexOntario shall make this information available in a form that is generally understandable. It shall also make copies of this Privacy Policy available upon request. 8.2 - The information made available shall include: (a) the name or title, and the address, of the Privacy Officer; (b) the means of gaining access to ones Personal Information held by DART; (c) a description of the type of Personal Information held by CONNEXONTARIO including a general account of its use; (d) copies of any brochures or other information that explain DARTs policies, standards and codes as the case may be; and (e) a description of what Personal Information is made available to related organizations. Principle 9: Individual Access 9.1 - Upon request, CONNEXONTARIO shall inform an individual whether or not it holds Personal Information about such individual except where permitted by law not to disclose Personal Information to such individual. CONNEXONTARIO is encouraged to indicate the source of this Personal Information. CONNEXONTARIO shall allow the individual access to this Personal Information about him or her. In addition, CONNEXONTARIO shall provide an account of the use that has been made or is being made of this Personal Information and an account of the third parties to which it has been disclosed. 9.2 - An individual may be required to provide sufficient Personal Information to permit CONNEXONTARIO to provide an account of the existence, use and disclosure of Personal Information. CONNEXONTARIO shall use the Personal Information provided only for this purpose. 9.3 - In certain situations, CONNEXONTARIO may not be able to provide access to all the Personal Information it holds about an individual. CONNEXONTARIO may refuse access to Personal Information it holds about an individual only in those circumstances permitted or required by law or by sections 8 or 9 of the Act. CONNEXONTARIO shall consult the Act to determine whether an exception to the obligation to provide access applies. It shall make only limited and specific exceptions to the access requirements and, upon request, shall provide the reasons for denying access to the individual. Exceptions may include Personal Information that contains references to other individuals, Personal Information that cannot be disclosed for legal, security or commercial proprietary reasons, and Personal Information that is subject to solicitor-client, medical or litigation privilege. 9.4 - In providing an account of third parties to which it has disclosed Personal Information about an individual, CONNEXONTARIO shall attempt to be as specific as possible. When it is not possible to provide a list of the third parties to which CONNEXONTARIO has actually disclosed information about an individual, CONNEXONTARIO shall provide a list of third parties to which it may have disclosed Personal Information about the individual. 9.5 - CONNEXONTARIO shall respond to an individuals request within a reasonable time and, in any event, within thirty (30) days of the request. CONNEXONTARIO may extend the time for responding for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of DART; or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. CONNEXONTARIO may also extend the time for responding for such period of time as is necessary to be able to convert the Personal Information into an alternative format. CONNEXONTARIO shall provide notice to the individual of any extension taken within thirty (30) days of the individuals request and shall advise the individual of the right to make a complaint to the Privacy Commissioner about the extension. They shall provide the requested Personal Information or make it available in a form that is generally understandable. For example, if CONNEXONTARIO uses abbreviations or codes to record Personal Information, it shall provide a corresponding explanation. 9.6 - Upon request by an individual with sensory disabilities, CONNEXONTARIO shall give access to Personal Information about the individual in an alternative format if a version of the Personal Information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of CONNEXONTARIO under Principle 10 of Schedule 1 to the Act or complain to the Privacy Commissioner. 9.7 - CONNEXONTARIO shall respond to an individuals request for access to his or her Personal Information at minimal or no cost. CONNEXONTARIO may respond to an individuals request at a cost to the individual if CONNEXONTARIO has informed the individual of the approximate cost and the individual advises CONNEXONTARIO that the request is not being withdrawn. 9.8 - When an individual successfully challenges the accuracy or completeness of Personal Information, CONNEXONTARIO shall amend the Personal Information as required. Depending upon the nature of the Personal Information challenged, amendment may involve the correction, deletion or addition of Personal Information. Where appropriate, CONNEXONTARIO shall transmit the amended Personal Information to third parties having access to the Personal Information in question. 9.9 - CONNEXONTARIO shall record the substance of any challenge that is not resolved to the satisfaction of the individual. When appropriate, CONNEXONTARIO shall transmit the existence of the unresolved challenge to third parties having access to the Personal Information in question.
10.1 - The Privacy Officer is discussed in Clause 1.1. 10.2 - CONNEXONTARIO shall put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of Personal Information. The complaint procedures should be easily accessible and simple to use. 10.3 - CONNEXONTARIO shall inform individuals who make inquiries or lodge complaints about its complaint procedures. 10.4 - CONNEXONTARIO shall investigate all complaints. If a complaint is found to be justified, CONNEXONTARIO shall take appropriate measures, including, if necessary, amending its policies and practices. 10.5 - If an individual is not satisfied with the response from the Privacy Officer, he or she may have recourse to the Office of the Privacy Commissioner at:
Phone: (613) 995-8210 |