The Royal College Privacy Statement - Frequently Asked Questions
The Royal College of Physicians and Surgeons of Canada is committed to respecting your privacy and protecting your Personal Information (PI).
What is Personal Information?
Personal Information is defined as information about an identifiable individual and includes, but is not limited to, name, date of birth, residential address and phone number, email address, and identification number. Personal Information does not include job titles, business addresses and business phone/fax numbers.
How/when did privacy become the responsibility of organizations in Canada?
Canadian Parliament passed the Personal Information Protection and Electronic Documents Act (PIPEDA), which came into force in 2001.
Is the Royal College captured under PIPEDA?
The Royal College is not captured under PIPEDA, as it is not engaged in commercial activities; however, it endeavors to comply with the ten principles of the Canadian Standards Association (CSA) Model Code on a voluntary basis.
What are the guiding principles of PIPEDA?
This Act sets out ten privacy principles that apply to all Canadian organizations engaged in commercial activities. The ten principles are derived from the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information.
Do you have the right to know what types of PI is collected by the Royal College?
You have the right to know the types of Personal Information collected by the Royal College, as well as how and why we collect and use the information. It is also your right to choose whether or not you wish to provide the Royal College with this information. In some cases, a decision to withdraw consent or withhold Personal Information may prevent the Royal College from providing you with a product or service.
What types of Personal Information does the Royal College collect?
As a candidate or a certificant, when you apply for membership with the Royal College, or as an individual who is interacting with the Royal College, you may be asked for Personal Information such as name, contact information and date of birth. The Royal College also tracks participation in the Maintenance of Certification (MOC) and Continuing Professional Development (CPD) programs, as well as personal medical or training details (e.g., maternity leave, further post-graduate training) that may affect your membership dues or MOC/CPD cycle. When required, you may be asked for specific Personal Information such as documented proof of a name change. The Royal College may also collect your Personal Information for the purpose of facilitating the use of the Medical Information Number for Canada (MINC). As well, Personal Information, such as credit card information, is collected during e-commerce transactions. Accurate and up-to-date Personal Information collected for specific purposes enables us to improve our services and to better serve our candidates and members.
What does the Royal College do with your PI?
The Personal Information the Royal College collects will only be used for the purposes originally stated, unless additional consent is obtained. Once the requirements of the original purpose have been met, your Personal Information will be destroyed in a timely and appropriate manner, in accordance with legal and business purposes.
How does the Royal College use the information that is collected?
The Royal College recognizes the importance of being able to reach candidates, certificants and members in a timely fashion, using a variety of communication vehicles. The Royal College needs contact information to regularly communicate with its various audiences and inform them of Royal College activities, registration for seminars/conferences, annual dues renewal, and requests for feedback on products, services, and issues of interest, or collaboration on issues and to share points of view and expertise.
The date of birth is collected to verify identities. The Royal College may also use Personal Information for other purposes, for example, the Royal College may conduct statistical analyses in order to develop services that are likely to be of interest to particular segments of our audiences. This data would be provided in aggregate form only.
Does the Royal College share information for research purposes?
The Royal College is committed to being scholarly in its work and contributing to the evidence base in medical education through research efforts. To that end, any analyses of various membership databases for scholarly presentations (disseminated internally and externally) will be strictly compliant with the privacy codes and practices that underlie our policy framework. All data used for research purposes will be collected and stored in a confidential and secure manner that restricts accessibility only to those directly involved with the research project. The Royal College ensures that all personal identifiable information is summarized in aggregate form to ensure confidentiality. Scholarly activities intended for external publication would be subject to research ethics standards, including, but not limited to, formal ethics approval, confidentiality, and, where applicable, subject consent.
Does the Royal College disclose PI to third parties?
The Royal College makes member contact information (business information only) available to the public through our public online directory as well through its in-house collaboration environment. The directory allows the public to locate a medical specialist in a specific region or confirm that the specialist is a Fellow of the Royal College.
On occasion, the Royal College may also release limited data to third parties who organize approved continuing medical education programs, to university departments, or to members of the Royal College involved in research activities. Data released for this purpose includes names, business addresses and specialties, but does not include business phone/fax numbers, email addresses or any other Personal Information. The signed agreements with third parties restrict use to Royal College approved purposes, in accordance with Royal College policies.
Like many other organizations, the Royal College may hire external companies to provide certain administrative services that require access to member information. These services include credit card payment processing, printing of annual dues statements, and mailing and distribution services. In addition, the Royal College shares aggregate, non-Personal Information with the media, other medical organizations, government agencies, and other third parties. For example, the Royal College may publish statistics on the number of members certified within a specific specialty, or the geographic distribution of our members. This data, however, does not permit identification by member name and cannot be linked to other Personal Information.
Does the Royal College share PI with organizations outside Canada?
The Royal College, similar to other organizations in Canada, may from time to time use a third party service provider outside Canada to process or store data. In cases where the Royal College uses a third party outside Canada, contractual means are in place to ensure there is a comparable level of protection while the information is in the possession of a third party. However, where Personal Information is stored outside of Canada (e.g. the United States), it may be subject to the laws of that country and no contractual provision can override those laws. Similar to Canadian law, law enforcement agencies in the U.S. may obtain access to Personal Information but only where access is permitted by U.S. or Canadian law. Confidentiality and the security of information are key considerations for the Royal College in any outsourcing arrangement to third parties, both inside and outside Canada. The Royal College undertakes a due diligence process that fully assesses the risks associated with the outsourcing arrangement to ensure there is a comparable level of security and information protection from the point of transfer to the eventual destruction of data.
Does the Royal College sell or rent PI?
The Royal College does not sell or rent the Personal Information collected to telemarketers, mailing list brokers, pharmaceutical companies, or medical equipment companies.
Are there any other circumstances whereby the Royal College will release PI?
The Royal College and any third party organization may release Personal Information when required to do so by law or in situations where there is a need to protect the rights or property of the Royal College. The Royal College reserves the right, at its discretion, to contact the appropriate authorities when activities appear to be illegal or inconsistent with Royal College policies.
How does the Royal College obtain your consent to collect Personal Information?
The Royal College respects your rights to privacy. For this reason, the Royal College staff obtains your consent whenever it collects your Personal Information. Depending on the nature of the information, your consent may be collected on a form, within a letter, orally, or, in some instances, consent will be implied.
You have the right to withhold your consent if you do not wish the Royal College to collect your Personal Information.
How does the Royal College protect your Personal Information?
The Royal College utilizes a number of ways and means to ensure your Personal Information is secure and protected. Security measures are in place to protect the Royal College buildings, the computer systems, and your Personal Information from unauthorized access and use. The safeguards used vary, and depend on the sensitivity of the information being protected, i.e., a higher level of protection is used to safeguard more sensitive information.
Physical measures include building alarm systems, perimeter fences, locked filing cabinets and restricted access areas.
Organizational measures include security clearances and restricting access to data on a "need-to-know" basis.
Technological measures include passwords for all users in order to gain access to computers, as well as separate passwords for access to the database, firewalls, and software programs that detect intrusion attempts and viruses.
Employees of the Royal College are knowledgeable about and comply with the requirements that have been established to safeguard your information. Protecting the confidentiality of information is specified in the Royal College employment agreements and is confirmed in writing.
How can you access your Personal Information at the Royal College?
You have the right to access information stored in your personal records. Most of this information is in electronic format, securely stored in the Royal College database, or in a hard copy file, stored in a restricted area. If you would like to view this information, simply forward an email to the Royal College Privacy Officer at email@example.com or mail request to The Privacy Officer, The Royal College of Physicians and Surgeons of Canada, 774 Echo Drive, Ottawa, Ontario, K1S 5N8.
You may be required to provide sufficient information to allow us to verify your identity (e.g., your Royal College Identification Number).
What is the time frame that you can expect a response and is there a fee involved?
The Royal College responds to a written request within 30 days after receipt of the request. Under extenuating circumstances, the Royal College may extend the time limit for responding to a maximum of 30 additional days. If a fee is required in order to access your information, the Royal College will provide you with an estimate of the cost. You should inform the Royal College in writing if you wish to withdraw your request.
Are there any restrictions to providing you with the information?
The Royal College may not be able to provide you with information from our records that:
- contains references to other individuals
- may cause harm to another person
- is protected by solicitor-client privilege or is the subject of litigation
- contains confidential information
- may harm or interfere with a law enforcement investigation
- where the Royal College has another legal basis for withholding the information
How can you update or correct your Personal Information at the Royal College?
The Royal College makes every reasonable effort to keep your information accurate and up-to-date, which allows the Royal College to provide the best possible service. You can help by keeping us informed of any updates such as address change, email change, or legal name change. If you find errors in our information, let us know and we will make the appropriate corrections.
To update your contact information, please call 613-730-6243 or 1-800-461-9598, or email Membership Services Center at firstname.lastname@example.org.
Do you have any questions/concerns about your Personal Information?
Under the CSA Model Code for the Protection of Personal Information, you have the right to challenge the Royal College’s Personal Information practices. If an error or omission in your Personal Information has occurred, the Royal College will amend the information as required. In the event that the accuracy of your Personal Information is challenged and not resolved to your satisfaction, the Royal College will ensure that a record is kept of the process.
Is information collected from you on line?
You may visit the Royal College web site anonymously or as a registered (signed in) member. Whether you visit the Royal College web site anonymously or in registered fashion, information may be collected from you. The Royal College web site is configured to collect both identifiable and anonymous information.
What is identifiable information?
The Royal College does not collect identifiable information without your prior consent. Such identifiable information includes business related information (e.g., business address, certification details) and Personal Information (e.g., name, address, username, email address). We do not collect identifiable information unless you knowingly provide it to us.
The Royal College may use identifiable information for activities such as the maintenance of the Directory of Fellows, dues renewal, processing conference registration, or to provide you with access to a special online service or feature.
What is anonymous information?
To help us understand user preferences and the trends of a general user population, we may record information that is not identifiable to you during your session as either an anonymous visitor or registered member. This type of information currently includes the following:
- internet browser in use
- computer operating system
- domain name of the web site from which you linked to our site
- pages viewed
- search requests
What are cookies and does the Royal College use them?
The Royal College web site uses "session cookies" to identify you during your site visit and to ensure that those who log into the site can access content areas reserved for members only. Cookies are simple, alphanumeric identifiers that record information about your visit to our web site. Session cookies are managed by your Internet browser (i.e. Firefox, Internet Explorer), and are not stored on your computer's hard drive, they are non-intrusive and persist only for the duration of your current session at the Royal College web site.
You can choose to "enable" or "disable" cookies in your Internet browser. If you disable cookies in your browser, the Royal College web site cannot grant you access to the "Members Only" areas of the site.
We recommend that you review your browser instructions for guidelines on cookie use and preference settings.
Are online forms used and do I have to use them?
Forms have been added to the Royal College web site, enabling you to perform certain functions online. For example, you can change your mailing address or the address that appears in the Directory of Fellows, register for conferences and seminars, apply for resident membership, or pay your annual dues. These options have been added for your convenience, however, if you are not comfortable completing these tasks online, you may contact the Royal College by telephone, mail, or email.
How does the Royal College secure my information online?
The security of your identifiable information is of the utmost importance. The Royal College makes every reasonable effort to protect it by implementing security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, or modification. The Royal College web site has physical, organizational and technological measures in place to ensure the security of and access to personal and financial information.
Servers reside in secured facilities that are accessible to a limited group of authorized personnel and subject to video surveillance. The Royal College also uses advanced encryption and firewall technology. An encrypted authentication process is employed to verify the identity of registered members upon log in. The Royal College makes every effort to protect your Personal Information from loss, misuse or alteration by third parties.
How does the Royal College protect your credit card information in online transactions?
In the case of online transactions such as paying dues, credit card information is not stored in permanent or temporary files or in a database on the Royal College server. Data does not remain on the server for more than a few seconds during transaction processing.
What is the relationship between the Royal College and external links on the site?
Certain Royal College web site pages provide links to web sites created and maintained by other organizations. We provide these links solely for your information and convenience. When you link to an external web site, you are leaving the Royal College web site. As a result, the Royal College has no control over, and is not responsible for, the privacy policies or content located within these external sites. We encourage you to review the privacy practices of those web sites.
Does the Royal College notify its members when there are changes to how PI is managed?
How can I contact the Royal College about any privacy issue?
If you have any questions, concerns or problems regarding privacy, confidentiality or the handling of a request for information, please contact the privacy officer at email@example.com, or by telephone at 613-730-6226 or 1-800-668-3740 extension 226, or by mail request to The Privacy Officer, The Royal College of Physicians and Surgeons of Canada, 774 Echo Drive, Ottawa, Ontario, K1S 5N8.