Effective Date: October 16, 2016
Slimband Weight Loss Services Inc. is a Health Information Network Provider under the Personal Health Information Protection Act, 2004 S.O. 2004, c.3 (hereinafter PHIPA) and as such has certain obligations under PHIPA respecting the protection of Personal Health Information.
"Personal Information" has the meaning ascribed thereto in the Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c.5 and the regulations made thereunder and all amendments to that Act and its regulations.
"Personal Health Information" has the meaning ascribed thereto in PHIPA.
"Services" Means services provided to custodians.
LIMITING COLLECTION OF INFORMATION
Collection of Personal Health Information shall be limited to that which is necessary for the fulfillment of services.
LIMITING DISCLOSURE AND RETENTION OF INFORMATION
Personal Health Information will not be disclosed except in accordance with Slimband Weight Loss Services' obligations under its client agreements.
Slimband Weight Loss Services is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Health Information that is deposited to or generated in client projects or collected by Slimband Weight Loss Services on behalf of client organizations, regardless of the media or format, including electronic and paper records, records in Slimband Weight Loss Services' possession or control, and records in the possession or control of contractors, outsourced service providers, consultants, or external parties performing tasks on behalf of Slimband Weight Loss Services.
Slimband Weight Loss Services will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to appropriate management, and will correct all data integrity issues in a timely manner.
A process for the correction of any Personal Health Information will be designed as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.
Slimband Weight Loss Services will implement security safeguards appropriate to the sensitivity of the information to protect Personal Health Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.
Slimband Weight Loss Services will:
- Disseminate to each client organization and to the public a plain language description of the services that is appropriate for sharing with the individuals to whom the Personal Health Information relates. This description will include a general description of the safeguards in place to protect against loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal, and to protect the integrity of the Personal Health Information.
- Disseminate to the public any directives, guidelines, and policies of Slimband Weight Loss Services that apply to the client services to the extent that these do not reveal a trade secret or confidential scientific, technical, commercial, or labour relations information.
- Disseminate to the public a general description of the safeguards implemented by Slimband Weight Loss Services in relation to the security and confidentiality of the Personal Health Information.
Slimband Weight Loss Services has a documented process and procedure, with clear lines of accountability, to comply with applicable sections of PHIPA referring to individual access.
Slimband Weight Loss Services has in place systems and processes to produce audit trails, which if necessary can be used to trace privacy and security violations and breaches.
In order to meet its governance obligations under PHIPA and its agreements with its clients, Slimband Weight Loss Services will:
- Assign a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.
- Assign an information security officer (ISO) to be responsible for overseeing the information security aspects of the solution(s) being used.
- Develop a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to Slimband Weight Loss Services obligations in client systems.
- Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.
- Review the Slimband Weight Loss Services privacy and security policy, and privacy and security practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry and regulatory standards and requirements, and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.
Slimband Weight Loss Services shall use and develop practices, processes, and procedures to ensure that employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information will:
- Sign a confidentiality agreement and code of conduct.
- Be informed of all privacy and security-related policies and procedures and ensure that all privacy and security-related policies and procedures are readily accessible to all personnel.
- Obtain a satisfactory background screening of all employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information, in accordance with its client agreement(s).
TRAINING AND AWARENESS
Slimband Weight Loss Services believes that a culture of privacy and security is necessary to meet the individual and collective responsibilities of its organization, and delivers comprehensive training and ongoing awareness initiatives to its employees and agents.
AUDITING POLICY AND PROCEDURES
For each project, Slimband Weight Loss Services will draft policies, procedures, and processes to regularly, and with predefined frequency, audit projects to monitor that Slimband Weight Loss Services is in accordance with agreements and legislation, and to identify privacy incidents and breaches.
BREACH RESPONSE PROTOCOL
Slimband Weight Loss Services promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of any privacy or security breach or incident. Accordingly, Slimband Weight Loss Services will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Health Information.
Slimband Weight Loss Services has documented procedures, with clear accountabilities, to ensure that it:
- promptly notifies the client's Service Delivery Lead by email, followed by written notification, of any enquiry or complaint received by Slimband Weight Loss Services relating to the processing of Personal Health Information; and
- promptly complies and fully co-operates with all instructions of client management with respect to any action taken in response to such enquiry or complaint.
Slimband Weight Loss Services has practices, processes, and procedures in place to ensure that it meets all requirements of PHIPA and of its client agreements.
INFORMATION WE COLLECT
USE OF PERSONAL INFORMATION
Slimband Weight Loss Services may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct customer satisfactory surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.
DISCLOSING YOUR PERSONAL INFORMATION
Slimband Weight Loss Services will never sell your Personal Information to anyone.
Any disclosure to third parties is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared if Slimband Weight Loss Services becomes part of a merger, amalgamation, joint venture, joint project delivery, or otherwise sells its business or part of its business.
PROTECTING YOUR PERSONAL INFORMATION
We follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect personal information. We do not warrant that the safeguards we implement are sufficient to protect Personal Information you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to Slimband Weight Loss Services may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government or its agencies under a lawful order made in that country (including the USA). For further information, please contact us at 700 Lawrence Avenue West, Suite 400, Toronto, Ontario Canada, M6A 3B4 or firstname.lastname@example.org
Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behavior on that specific website. According to Google, the data collected cannot be altered or retrieved by services from other domains.
If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics
Google Analytics Terms of Service http://www.google.com/analytics/tos.html
Google Analytics Cookie Usage on Websites https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
Google AdWords remarketing service allows Slimband Weight Loss Services to advertise on third party websites, including Google, to visitors previously browsing our site. Advertisements on the Google results page, or a site in the Google Display Network are both examples of this. Google and other third-party vendors utilize cookies to serve ads based on a users history with Slimband Weight Loss Services website. We respect your privacy and are not collecting identifiable information through third-party remarking systems, including Google's tool.
You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.
By way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties with your Personal Information. We may contact you by phone, email, or text to provide you with notifications, updates, or other information regarding our services and products.
You may withdraw your consent by mailing us at 700 Lawrence Avenue West, Suite 400, Toronto, Ontario, Canada, M6A 3B4 or emailing us at email@example.com. Please understand that your withdrawal of consent may affect or limit our ability to provide services or products to you.
Please contact us by mail if you have any questions or concerns about our handling of your Personal Information.
Access to personally identifiable information that is collected from our sites and that we maintain may be available to you. For example, if you created a password-protected account within our site, you can access that account to review the information you provided.
You may also send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information. For verification purposes please include your first name, last name, e-mail address and the password you use for such service.
Slimband Weight Loss Services Inc.
700 Lawrence Avenue West
Suite 400, Toronto, Ontario
Canada, M6A 3B4