Privacy of Personal Information Policy
Privacy of personal information is an important principle of the Association of New Brunswick Massage Therapists (ANBMT). We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services we provide. We also try to be open and transparent as to how we handle personal information.
This document describes our privacy policies in accordance with the Privacy Laws in Canada: the New Brunswick Right to Information and Protection of Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). The New Brunswick Privacy Act applies to all records that are not otherwise excluded under Article 3.1, section 4. This Act prevails over other Acts unless expressly provided otherwise PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity.
Alberta, British Columbia, Quebec, Ontario, New Brunswick, Nova Scotia and Newfoundland and Labrador have their own private-sector privacy laws that have been deemed substantially similar legislation regarding the collection, use and disclosure of personal health information. Organizations subject to a substantially similar provincial privacy law are generally exempt from PIPEDA with respect to the collection, use or disclosure of personal information that occurs within that province.
Right to Information and Protection of Privacy Act (link)
What is personal information?
Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics (e.g., gender, age, income, home address or phone number, ethnic background, family status), health or activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is to be contrasted with business information (e.g., an individual’s business address and telephone number), which is not protected by privacy legislation.
Who are we?
Our organization, the Association of New Brunswick Massage Therapists, includes at the time of writing one (1) staff member. We use a number of consultants and agencies that may, in the course of their duties, have limited access to personal information we hold. These include computer consultants, bookkeepers and accountants, temporary workers, credit card companies, website managers, and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
We collect personal information about our members
Like all associations, we collect, use and disclose personal information in order to serve our members. For our members, the primary purpose for collecting personal information is to provide membership services.
On our website, we only collect with the exception of cookies, the personal information you provide and only use that information for the purpose you gave it to us (e.g., to respond to your email message, to attain membership, to register for a course). Cookies are only used to help you navigate our website and are not used to monitor you.
Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
• To invoice members for services that were not paid for at the time, to process credit card payments or to collect unpaid accounts.
• To advise members and others of special events or opportunities (e.g., a seminar, workshops or service) that we have available.
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
• Paper information is either under supervision or secured in a locked or restricted area.
• Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used on computers.
• Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
• Electronic information is transmitted either through a direct line or is anonymized or encrypted.
• External consultants and agencies with access to personal information must enter into privacy agreements with us.
Retention and Destruction of Personal Information
We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies. However, we do not want to keep personal information too long in order to protect your privacy.
Our membership and contact directories are much more difficult to systematically destroy, so we remove such information when we can if it does not appear that we will be contacting you again. However, if you ask, we will remove such contact information right away. We keep any personal information relating to our general correspondence (i.e., with people who are not members) seminars and marketing activities for about two years after the seminar or marketing activity is over.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed. Alternatively, we may send some or all of the membership file to our member.
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or expressly authorized by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
Under federal privacy legislation, organizations are required to develop detailed procedures to govern the retention of documents in our possession. In addition, good business practices call for retention procedures to ensure that we keep personal information and sensitive business documents for the appropriate length of time for reference and continuity, but that we do not retain such information beyond the period required to fulfill the purpose for which it was collected or developed.
To make record retention as easy as possible the recommended time for record retention is ten years. After that time, records can be destroyed as outlined in the Record Destruction section below. In a few instances, record retention requirements will vary, as required by law.
Deceased member records 2 years from the time of death
Non-Practising member records 10 years from the time the person ceased to be a member
Practising member records 10 years from the time the person ceased to be a member
The Association’s records that contain personal information and sensitive information as outlined above must be destroyed in such a manner so that information cannot be reconstructed or retrieved. Paper documents must be shredded.
Electronic files must be permanently and thoroughly deleted from all online and offline storage media using existing digital shredding techniques to prevent data reconstruction.
Right to your information
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access.
If there is a problem, we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
Do you have a question?
Our Information Officer / Executive Director can be reached at:
Association of New Brunswick Massage Therapists (ANBMT)
PO Box 323, STN “A”
Fredericton NB E3B 4Y9
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer/ Executive Director. The Executive Director will acknowledge receipt of your complaint, ensure that it is investigated promptly, and that you are provided with a formal decision and reasons in writing.
This policy is made under the New Brunswick Right to Information and Protection of Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). These are complex Acts and provide some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitments set out above.