Personal information is information about an identifiable individual. Personal information does not include information that cannot be attributed to an identifiable individual, e.g. information of an aggregate or anonymous nature, which is considered non-personal information.
Generally, we must obtain express consent when the personal information being collected, used or disclosed is sensitive (e.g. financial information, such as a credit card number), when the collection, use or disclosure is outside of your reasonable expectations, and/or when the collection, use or disclosure creates a meaningful residual risk of significant harm to you.
We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the personal information and your reasonable expectations.
We will limit the collection, use, and disclosure of your personal information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is required or permitted by law.
You can refuse to provide your personal information. However, your refusal to provide personal information may prevent you from using our website or Services
We need to collect certain information from you in order to provide you with our website or Services. We collect personal information and non-personal information from you when you provide it to us or when you use or interact with our website or Services.
We may collect various types of personal information from you depending upon how you interact with us or use our website or Services. This may include your first and name, your email address, your mailing address, your telephone number, any details about the person you are providing care for that you choose disclose, and your purchase or financial information, e.g. credit card number.
You may provide us with personal information and non-personal in several ways, including for example when you visit our website or use our Services, when you create an account on our TUSK™ platform, or when otherwise using our Services, including when you correspond or interact with us in any way, online or offline.
Social Media and Other Links
Our website may, from time to time, contain links to and from social media platforms or other websites. You may choose to connect to us through a social media platform, such as Twitter, and when you do, we may collect additional information from you (including personal information), such as your screen name, through the social media platform.
Social media platforms and other websites may also collect information from you. We do not have control over (nor do we assume responsibility for) the collection, use, or disclosure practices of social media platforms or other websites. Please review their privacy policies and practices, including data security practices, before using these social media platforms or other websites.
We use personal information to provide you with our website and Services including without limitation to administer membership and provide member services to you, register you for events, and allow you to purchase various products or services including document certification. We also use personal information to maintain and improve our website and Services, including managing your account on our TUSK™ platform, communicate with you with respect to updates or other information related to the Services, respond to your requests and communications, respond to legally binding demands from law enforcement, regulatory authorities or other third parties, and to comply with applicable law.
We may use non-personal information for any legitimate business purpose, including the provision of our website and/or Services.
The following are particular circumstances in which we may disclose your personal information without obtaining your further consent. By using our website or Services, you consent to the following disclosures:
(b) to other parties where we are under a duty to disclose your personal information in order to comply with any applicable legal obligation, including if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records;
(c) for the purpose of collecting a debt you owe;
(d) if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
(e) if the disclosure is made to another organization and is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
(h) if otherwise required or permitted by law.
We disclose non-personal information to third parties as reasonably necessary to meet our business needs.
When you disclose personal information or otherwise publicly interact with other users on the website or the Services (e.g. on our TUSK™ insights community), such personal information may be viewed by all users. We are not responsible for any use these users may make of the personal information you disclose.
We do not sell or trade any personal information with third parties.
Retention and Security
We will only retain your personal information for as long as is reasonably required to fulfill the purposes for which it was collected, including compliance with legal requirements. We may retain non-personal information for as long as we have a business need to do so.
We have taken appropriate measures to ensure the security and confidentiality of your personal information. For example, firewalls, encryption, intrusion detection, restricted access to records and to equipment, including computers. There is some storage and maintenance of personal information in the cloud, through AWS.
We try our best to safeguard personal information once we receive it, but no transmission of data over the Internet or any other public network can be guaranteed to be completely secure. If you suspect an unauthorized use or security breach that compromises the security of your personal information, please contact our Privacy Officer as soon as possible.
All of our service providers and contractors are contractually obligated to employ appropriate data security measures with respect to your personal information and to collect/use/disclose/retain it only within the scope required for the provision of our website or Services. The contractors we enter into agreements with will use your personal information if required to perform their respective services in support of our provision of the website or Services to you.
Access and Updates
On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your personal information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your personal information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the personal information you are seeking. Your request should include your name, contact details, membership number (where applicable), and the specifics of your request
If you request a copy of your personal information and the personal information can reasonably be reproduced, we will provide you with a copy of the personal information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested personal information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation.
We reserve all rights not to disclose personal information to you in response to your request, in whole or in part, in certain circumstances required or permitted by law, including but not limited to where the personal information is protected by any legal privilege, the disclosure of the personal information would reveal our confidential commercial information or that of our third party service providers, the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual, or the personal information was collected by us for an investigation relating to a breach of an agreement or a contravention of the laws of Canada or a province thereof.
If access to your personal information is refused, in whole or in part, we will provide you with the reasons for our refusal, the provision of applicable privacy legislation on which the refusal is based, and the contact information of the Privacy Officer who can answer your questions about the refusal. We will also inform you that you may ask for a review of our refusal in accordance with applicable privacy legislation.
To submit a request to access your personal information or designate an authorized agent to make a request to access your personal information, please contact our Privacy Officer.
We make every reasonable effort to keep personal information as accurate, complete, current and relevant as necessary for the identified purposes, however, we do not routinely update personal information. Please contact our Privacy Officer if you would like to request an update to your personal information. If you so request, we will make every reasonable effort to correct any of your outdated personal information, or errors or omissions in your personal information, provided that such personal information is in our custody or control. Your request must be in writing, signed by you, and include sufficient detail to enable us to identify any personal information in our custody or control in relation to your request, including your name, contact details, membership number (where applicable), and the specifics of your request.
As soon as reasonably practical (but not later than thirty (30) days from our receipt of your request or within such additional time as required or permitted by law), we will either correct your personal information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect personal information, or we will decide not to correct the personal information. If we do not correct the personal information, we will annotate the personal information under our control to indicate that a correction was requested but not made.
We will inform you of the action that we have taken in response to your request for correction, that our Privacy Officer can answer your questions about your request for correction, and that you may ask for a review of the action taken in accordance with applicable privacy legislation.
Last update: 1 June 2020