| |
|
|
| |
|
|
| |
Toronto
Institute of
Pharmaceutical Technology
55 Town Centre Crt. Suite
800
Toronto, Ontario
M1P 4X4, CANADA
Tel: (416) 296-1478
Fax: (416) 296-7077
Email: info@tipt.com |
|
|
|
|
| |
Introduction
Purpose
We are committed to protecting privacy. This policy
establishes the rules under which we collect, use
and disclose the personal information from individuals
and employees in the course of conducting business.
Scope
This policy applies to all personal information
in our possession or custody, including information
that has been transferred to a third party for processing.
Articles
Article 1 — Accountability
1. We are responsible for the personal information
under our possession or custody.
2. We assign accountability for compliance with
this privacy policy to a named individual who has
authority over privacy matters within his or her
organization. That role is called "Privacy
Officer". The identity of the Privacy Officer
is available on request.
1. The Privacy Officer may assign the function of
Information Custodian to one or more individuals
within the organization for ensuring that collections,
accesses, disclosures and disposals of personal
information are conducted in compliance with established
policies and procedures.
2. The Privacy Officer may assign to a Compliance
Architect some or all activities related with establishing
and maintaining the organization's privacy framework.
3. We use legal agreements to provide a comparable
level of protection for personal information while
an authorized third party processes the information.
4. We comply with the privacy requirements inherent
with third party sources of personal information.
Article 2 — Purpose
1. We provide individuals with information that
explains the purposes for which we collect their
personal information, at or before the time of collection.
2. We invest reasonable efforts to ensure that individuals
understand the purposes for the collection, access,
use, disclosure, or disposal of their personal information.
3. The only situation in which we do not inform
an individual of the purpose of disclosing his or
her personal information is when it is required
by law that they not be informed.
4. We document the purposes for collection, access,
use, disclosure, or disposal of personal information.
Article 3 — Consent
1. We obtain express consent from individuals for
the collection, access, use, disclosure, or disposal
of their personal information for the specified
purposes.
· Exceptions to this rule must be authorized
by the Privacy Officer.
2. We consider we have obtained consent from an
individual only when the individual has voluntarily
disclosed his or her personal information to us
for the stated purpose.
· In the case of an individual of age less
than 18, consent is obtained only from one of the
individual's parents or legal guardians on the individual's
behalf.
3. We collect or access personal information from
third party sources only when the individuals whom
the information is about have given their consent
to that third party for the disclosure to us, or
when the individual's consent was not required by
statute.
4. An individual may withdraw his or her consent
at any time.
· We take appropriate actions within a reasonable
time to comply with an individual's decision to
withdraw.
· We inform the individual of the implications
of such withdrawal.
Article 4 — Limiting Collection
1. We limit the collection of personal information
to the amount and type that is necessary for the
identified purposes.
2. We collect personal information only by fair
and lawful means.
Article 5 — Limiting Use, Disclosure
and Retention
1. We use and disclose personal information only
to fulfill the purposes for which the information
has been collected or to comply with the law.
2. We retain the personal information only as long
as necessary for the fulfillment of the identified
purposes.
3. We retain personal information that has been
used to make a decision about an individual long
enough to allow the individual access to the information
after the decision has been made.
Article 6 — Accuracy
1. We seek to collect personal information that
is as accurate and complete as necessary for the
purposes for which this information is to be used
taking into account the interests of the individual.
2. We update the personal information as necessary
for the stated purposes.
3. We correct personal information as requested
in writing by an individual when it is appropriate
or necessary for the stated purposes.
· In cases when requested corrections are
not appropriate or necessary for the stated purposes,
we annotate the personal information in question
with the requested corrections.
Article 7 — Safeguards
1. We protect the personal information with safeguards
that are commensurate with the sensitivity of the
personal information, regardless of the format in
which it is held.
2. Our employees pledge, in writing, to protect
the confidentiality of the personal information
they collect or access.
·We provide our employees with the required
training and resources to meet their confidentiality
responsibilities.
3. We demonstrate our compliance with safeguard
requirements through regular self-assessments and
security reviews.
· We conduct quarterly security reviews to
assess how our security procedures and practices
are aligned with our security policy.
Article 8 — Openness
1. We make available to individuals information
about our privacy policies, procedures and practices
relating to the management of personal information.
· We establish a privacy group that oversees
the adoption and enforcement of privacy policies,
procedures and practices throughout the organization.
· We undertake periodic assessments of our
privacy policies, procedures, and practices.
- The Privacy Officer conducts quarterly privacy
reviews to assess how our privacy procedures and
practices are aligned with this privacy policy.
- The Privacy Officer commissions an independent
third party to perform annual privacy reviews to
assess our compliance with privacy legislation and
industry best practices.
2. We respond to an individual's written request
for such information within 30 days of the receipt
of the said request.
· When we cannot deliver the requested information,
we provide an explanation to the individual, also
within 30 days.
Article 9 — Individual Access
1. Upon request, we give an individual access to
his or her personal information; we also give the
individual an account of the use and disclosure
of his or her information.
2. We charge the individual a fee for responding
to a request for information. We inform the individual
about the fee before responding, and only proceed
with responding to the request once advised by the
individual to do so.
3. We respond to an individual's written request
for access to information within 30 days of receiving
the payment in full of the fee associated with the
said request.
· If the requested information cannot be
delivered within the allocated time, we will provide
an explanation to the individual.
Article 10 — Challenging Compliance
1. An individual can challenge us about our compliance
with this privacy policy or about the legitimacy
of this privacy policy.
2. We take appropriate measures to resolve challenges
that have been received in writing.
3. We respond to an individual's written challenge
within 30 days of the receipt of the said challenge.
· If a response cannot be delivered within
the allocated time, we will provide an explanation
to the individual.
If you have any questions about our policy, please
contact the Privacy Officer at privacy@tipt.com.
|
|
|
