Last Updated: May 2022
Personal Information shall include (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act; information about an identifiable individual except to the extent that the information is about an individual in his or her professional capacity, including his or her name, title, business postal and email address and telephone and fax number. For purposes of this policy, Personal Information shall not include information about CRA employees in such employees’ capacity as employees of the CRA.
It is the policy of the CRA to keep any information gathered through the use of our systems secure. As such, user information is not disclosed or shared to unauthorized third parties except as allowed by Canadian law and described herein.
Please carefully read this policy from time to time as we will amend it as required to reflect changes in our activities and/or personal information management practices. The date on which the policy was last amendment will be posted at the top (“Effective Date”). If you provide us with your personal information after the Effective Date, we will understand you to have agreed to our managing the information in accordance with this policy.
Please direct all inquiries regarding this policy, our management of particular Personal Information, access to or the correction of Personal Information to our privacy officer, as indicated in the last section of this policy.
The CRA collects information that personally identifies the user, such as the user’s name, address, mobile telephone number, e-mail addresses, educational background, professional practice, specialties, birth year, and other information that the user provides to the CRA or information on the CRA profile or account. Personal information may be collected in a number of ways, including: over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your Personal Information in our records.
Collection, Use, Disclosure of Personal Information
The CRA principally collects, uses, and discloses Personal Information about its members and applicants for membership, although it may also collect Personal Information from others, including users of its website. The CRA uses and discloses Personal Information for purposes consistent with such Personal Information’s collection, as described below or communicated at the time the information is requested. Individuals are permitted to opt out of the use and/or disclosure of their personal information for certain purposes.
The CRA collects and uses personal information from members and individuals who are applying to become members of the CRA for the following purposes:
- to process a membership application or renewal;
- to collect and process membership dues and to issue receipts for membership dues;
- to keep members informed about the activities of the CRA by sending them the regular CRA newsletters, e-blasts, CRAJ and JRheum;
- to keep members informed about information, activities and events of other organizations on topics related to the aims of the CRA;
- to respond to members’ questions and communications;
- to advise members about meetings, conferences, workshops and seminars offered by other reputable organizations that may be of interest to members;
- to analyse the demographics of the membership for future planning purposes;
- to contact members to request their participation in the affairs of the CRA;
- to display contact information from the membership directory on a page of the CRA website accessible (by password) to members only;
- to display limited contact information from the membership directory to the public on the CRA website, including each member’s name, business telephone number, city, and province.
- to notify participants about the benefits of being a member of the CRA.
Participants in Conferences and Events
The CRA collects and uses personal information of participants in CRA conferences and other events for the following purposes:
- to process registration for the event;
- to organize and administer the event;
- where consent is provided at registration, to make a list of attendees available at an event;
- to invite participants to future events that are likely to be of interest to them (in compliance with CASL)
The CRA does not collect credit card information. Payments are made through a Service Provider that processes payments.
Taxable Payments, Other Legal Requirements
We collect and use social insurance numbers and HST numbers where the law requires us to do so in connection with a payment, for example, of a stipend.
We disclose Personal Information when required or permitted to do so by law, for example:
- In response to subpoenas or other legal instruments requiring disclosure or production including court orders;
- to establish or exercise our rights in regard to legal claims;
- where we believe it necessary to investigate, prevent, or take other action regarding activities that may be illegal, including fraud, or in violation of our policies, or to protect the safety of persons or property
Operations, Business Purposes
The CRA discloses your personal contact information (name and address) to the publishers of CRAJ (STA Communications Inc.) and JRheum (The Journal of Rheumatology Publishing Company Limited) so that they may provide you with those publications. Members must indicate consent during membership application and renewal process.
The CRA may disclose Personal Information for the purposes of carrying out the due diligence required for or the closing of a transaction involving the reorganization of the CRA or its sale or amalgamation with another organization. The CRA is not anticipating any changes in corporate status, however as we grow and develop that may change. You understand and agree that we may use your Personal Information and disclose your Personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing Personal Information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your Personal Information for substantially the same purposes as those set out in this Policy.
In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your Personal Information in any manner whatsoever for any purpose, and to return or destroy such Personal Information.
The CRA may disclose Personal Information for the purpose of obtaining or maintaining insurance coverage or making an insurance claim.
Marketing and Fundraising
The CRA’s collection, use and disclosure of your Personal Information for marketing and fundraising purposes is entirely optional and to be clear, not required as a condition of your membership in the CRA or of attending a CRA event. You may withdraw your consent at any time. Because of distribution schedules, you may continue to receive marketing communications for a short period of time after opting out. If you would like to withdraw your consent to any of the following optional purposes, please contact our privacy officer.
The CRA may wish to use the Personal Information you provide to communicate with you for the purpose of offering you products and services outside of those you have ordered or allowing select third party organizations to send you information about their products and services that may be of interest to you. (Note: we will not provide your information directly to any third party unless asked for express consent).
Should the CRA conduct market or product research, it will never use Personal Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
The CRA may also wish to use Personal Information to:
- perform surveys;
- carry out fundraising activities including soliciting sponsorships for events and other activities.
The CRA reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt-out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
Processing of Personal Information
Access to private, sensitive and confidential information, including user’s Personal Information, is restricted to authorized employees with legitimate business reasons. We require all of our employees to abide by the CRA’s privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.
Employees are strictly prohibited from accessing or disclosing Personal Information without authorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.
The CRA uses third-party service providers to host servers in Canada and the United States. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to the CRA, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.
Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.
Electronic Collection of Information
The CRA collects Personal Information electronically, through this website (the “Site”). The Site is owned and operated by the CRA. The following sets out practices and procedures that are specific to the CRA’s collection, use, and disclosure of Personal Information collected through the Site.
Collection and Use of Browser Information
The CRA collects information from your web browser regarding your use of the Site. Examples of information (including information that is not Personal Information) we collect from all users of the Site include:
- Internet Protocol (IP) address used to connect your computer to the Internet;
- Computer and connection information such as browser type and version, operating system, and platform; and
- Full Uniform Resource Locator (“URL”) click stream data, including date and time, and content viewed or searched for on the Site through your computer.
The CRA also collects information through the use of “cookies.” Cookies are anonymous, unique alphanumeric identifiers sent to your browser from a website’s computer and stored on your computer’s hard drive.
The information the CRA collects as a result of cookies being stored on your computer is specific to your computer. We use “session” cookies to collect information about your use of the Site. These cookies are temporary and are deleted when you close your browser. We use “persistent” cookies to give you a more personalized browsing experience and help you navigate the Site more efficiently.
The CRA may from time to time supply Service Providers with this information, in aggregate form that does not identify any particular user, for the purposes of usage analysis, quality control, and administering and improving the Site.
You can prevent your browser from accepting new cookies, have the browser notify you when you receive a new cookie, or disable cookies altogether by accessing your browser’s preferences menu. If you choose to disable cookies altogether, you can use the Site but will not be able to make use of any advanced personalization features of the Site; more specifically, you will still be able to use the basic features and functionality of the Site.
The CRA uses the information about your browser that it collects for the following purposes:
- website and system administration;
- tailoring or customizing content or design of the Site during a single visit to the Site and individualized personalization of the Site on repeat visits;
- research and development to enhance, evaluate and improve the Site and our services;
Withdrawal of Consent
You may withdraw consent to our use and/or disclosure of your Personal Information for a particular purpose at any time by contacting our privacy officer. However, if you withdraw your consent, we may not be able to provide you with the full membership services or if a non-member, the products or services you have requested.
The CRA will explain the consequences of withdrawing consent at the time of your request. Please allow two (2) weeks to process any request to withdraw consent.
Members may also withdraw consent through their member profile in the CRA Member Portal. For example, members may opt out of receiving alert announcements and newsletters by accessing their profile in the CRA Member Portal.
Access to Personal Information
You may request access to your Personal Information and an account of the organizations, if any, to which we have disclosed such information. We will let you know if we are unable to provide you with the Personal Information you have requested within 30 days of your request. We will need to verify your identity before providing you with any Personal Information. We will charge for photocopies made in response to an access request, and will advise you of the cost prior to copying your records.
The CRA may not be able to provide you with access to all of your Personal Information, for example if the information cannot be separated from Personal Information of others, or confidential financial, commercial or other information of the CRA that it does not make public, or information subject to solicitor-client or some other form of legal privilege. If we cannot provide you with access to your Personal Information, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.
You may request the correction to your Personal Information by writing to our privacy officer. If we do not believe that it is appropriate to make the correction, we will keep a record of your request with the applicable Personal Information.
Members may also update or otherwise correct Personal Information on or available through their Site profile by accessing their profile.
Security of Personal Information, Use of US Service Providers
The CRA has adopted security measures appropriate to the sensitivity of the information to protect your Personal Information against theft, loss and unauthorized access, use, disclosure, and destruction.
The CRA has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer (CPSO) responsible for information system monitoring and information security policy and procedure management. The CPSO is responsible for compliance with CRA’s privacy program including,
- Undertaking privacy assessments and threat and risk assessments on a regular basis;
- Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.
Safeguard measures to ensure authorized access include: the use of a username and a password for authentication. Every user must keep their password and username safe and make sure that any person who has access to view such private information is permitted to do so. Users must contact the CRA immediately if the user believes their password has been misused compromised or misused.
The CRA stores all Personal Information in Canada, with Member 365. Personal Information is stored in electronic format on servers that are behind a firewall and physically housed within a secured data center.
However, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we do not represent, warrant, or guarantee that Personal Information you chose to send us over the Internet will be protected against loss, unauthorized access, misuse, or alterations, and we do not accept any liability for the security of Personal Information while in transit to us, nor for your or third party use or misuse of Personal Information.
The CRA reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
The CRA processes and stores the user’s personal information in order to provide the CRA’s services to the user. Data will be stored according the CRA’s retention schedules in a secure and private manner or deleted as per direction from the user as allowable by operational needs and relevant law. The CRA maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care.
The CRA may use service providers that operate out of the United States and any of your Personal Information that we collect may be processed and stored in the United States. Our Service Providers in the US may be required under US law to disclose Personal Information they are processing and/or storing on our behalf to the United States Government, Government agencies, courts or law enforcement or regulatory agencies in the United States under a lawful order.
The CRA’s Privacy Officer
If you have any questions about this policy or our management of your Personal Information, wish to request access to or correction of your Personal Information, or to withdraw your consent to the use and/or disclosure of your Personal Information, contact the Virginia Hopkins at:
Canadian Rheumatology Association
280-13300 Tecumseh Road E.
Tecumseh, Ontario N8N 4R8 t: 905-952-0698 ext 3