At Calgary Eye Specialist Clinic, we are committed to providing our clients with exceptional service. Providing this service involves collecting, using, and disclosing personal information about our clients; protecting their personal information is one of our highest priorities.
We will inform them why and how we collect, use and disclose their personal information, and obtain their consent where required. We only handle their personal information that a reasonable person would consider appropriate under the circumstances.
This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we follow in protecting our client’s personal information. Our privacy commitment includes ensuring our client’s personal information’s accuracy, confidentiality, and security and allowing our clients to request access to and correct their personal information.
Personal Information: information about an identifiable individual. Personal information does not include contact information (described below).
Contact Information: information that would enable an individual to be contacted at a place of business. This includes name, position name or title, business telephone number, business address, business email, or business fax number. Contact information is not covered by this policy or PIPA.
Privacy Officer: the individual designated responsibility for ensuring that complies with this policy and PIPA.
1.1: Unless the purposes for collecting personal information are obvious and the voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
1.2: We will only collect information that is necessary to fulfill the following purposes:
2.1: We will obtain consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent).
2.2: Consent can be provided by the client directly. It is implied that collecting, using, or disclosing personal information would be considered obvious and voluntarily provide personal information for that purpose.
2.3: Consent may also be implied where a is given notice, and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, marketing new services or products, fundraising, and the does not opt-out.
2.4: Subject to certain exceptions (e.g., personal information is necessary to provide a service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), the client can withhold or withdraw their consent for the use of their personal information in certain ways. A decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product. If so, we will explain the situation to assist the client in making the decision.
3.1: We will only use or disclose personal information where necessary to fulfill the purposes identified at the time of collection or for a purpose reasonably related to those purposes, such as to contact our client directly about products and services that may be of interest.
3.2: We will not use or disclose personal information for any additional purposes unless we obtain consent to do so.
4.1: If we use personal information to make a decision that directly affects the client, we will retain that personal information for at least one year to have a reasonable opportunity to request access to it.
4.2: Subject to policy 4.1, we will retain personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose.
5.1: We will make reasonable efforts to ensure that personal information is accurate and complete where it may be used or disclosed to another organization.
5.2: Clients may request corrections to their personal information to ensure its accuracy. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the sought correction.
6.1: We are committed to ensuring the security of personal information to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal, or similar risks.
6.2: The following security measures will be followed to ensure that personal information is appropriately protected:
6.3: We use appropriate security measures when destroying client’s personal information, such as shredding printed documents or securely erasing digital information.
6.4: We regularly review and update our security policies and controls as technology changes to ensure ongoing personal information security.
7.1: Users have a right to access their personal information, subject to limited exceptions.
7.2: A request to access personal information must be made in writing and provide sufficient detail to identify the sought personal information.
7.3: Upon request, we will also tell the client how we use their personal information and to whom it has been disclosed, if applicable.
7.4: We will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request.
7.5: A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform the client of the cost and request further direction from the client on whether or not we should proceed with the request.
7.6: If a request is refused in full or in part, we will notify the client in writing, providing the reasons for refusal and the recourse available to the user.