Clinic Reservation's policy regarding the collection, use and disclosure, if any, of personal information can be broken down into the 10 principles covered in Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"). After the principle, specific information may be provided for clarity.
- Clinic Reservation is responsible for personal information under its control.
- We have designated a Privacy Officer who is accountable for our compliance with this Policy and all applicable privacy laws.
- All Clinic Reservation employees are responsible for day-to-day compliance.
- When we use trusted third parties to act on our behalf by performing such functions as fulfilling orders, delivering packages, processing credit card payments or providing customer service, contractual or other appropriate means are used to ensure compliance by such third parties with this Policy and all applicable privacy laws.
- Every user retains ownership of the data they enter.
- Clinic Reservation is the steward of all data supplied. In addition clinics are joint stewards of booking information.
2. Identifying Purposes
- Unless the purpose is self-evident due to the nature of the transaction in question, Clinic Reservation will identify the purposes for which personal information is collected at or before the time the information is collected.
- The proposed purposes will be described in a reasonably understandable manner.
- An example of a self-evident purpose is requesting the name and address of the person placing an order in order to ensure proper delivery.
- If you become a Registered User then you choose what information you put in your profile, including contact and personal information.
- We will collect, use or disclose your personal information only with your knowledge and consent, except where required or permitted by law.
- Clinic Reservation will not make your consent a requirement to the supply of a product or a service other than required to be able to supply the product or service.
- Consent can be express or, in some circumstances, implied, and given in writing, by using or not using a check-off box, electronically, orally (in person or by telephone), or by your conduct, such as use of a product or service.
- In determining the type of consent to obtain, Clinic Reservation will consider all relevant factors, including the sensitivity of the information and your reasonable expectations.
- You may withdraw your consent at any time, on reasonable notice, subject to legal or contractual restrictions. Clinic Reservation will inform you of the implications of doing so.
- As per Comprehensive Anti-Spam Legislation (CASL), patients must double opt in, to receive notices about future events.
4. Limiting Collection
- The collection of personal information by Clinic Reservation will be limited to what is necessary for the purposes which it identifies.
- We will collect personal information by fair and lawful means.
5. Limiting Use, Disclosure, and Retention
- Personal information will not be used or disclosed for purposes other than those for which it was collected, except with your consent or as required or permitted by law.
- It will be retained only as long as necessary for these purposes or as required by law.
- Credit Card information will not be stored after the transaction has taken place.
- The following patient information will be disclosed to the clinic providing service to the patient: name, birthday, phone number, email and a custom field if the clinic uses that feature.
- Clinics are contractually obligate to delete all information that Clinic Reservation provides to them once they have provided service to the patient and they have calculated needed aggregate information such as the total number of attendees.
- Clinic Reservation will automatically delete booking details 3 months after an event takes place.
- If there is a breach, the person who entered the exposed data will be notified by email. If the data was corrupted because of the breach, then affected consumers of the data will also be notified by email.
- We will keep your personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
- Clinic Reservation will protect personal information by security safeguards appropriate to the sensitivity of the information, including through the use of the following measures: physical (e.g., locked filing cabinets, restricted access, appropriate disposal of personal information), organizational (e.g., security clearances, access only on a "need to know" basis), technological (e.g., passwords, encryption) and training of employees.
- Our equipment is located in a secure data centre in Ontario, Canada.
- All Internet traffic is routed though a firewall, with rules updated daily. Deep inspections will be performed on all traffic, and anything deemed suspicious will be blocked.
- SSL is used to protect all patient data sent to or from our servers. We recommend, but can not ensure, that email recipients use the SSL option when configuring their email client.
- Data is backed up daily to a standby database server.
- The IP numbers, browser type and operating system of each client using the system is logged in case needed for troubleshooting or security audit. After a month this information is automatically deleted.
- Information about our policies and practices relating to the management of personal information will be made readily available to individuals.
9. Individual Access
- Upon request, Clinic Reservation will inform you of the existence, use and disclosure of personal information relating to you, and give you access to that information. You have the right to challenge the accuracy and completeness of your information and have it amended as appropriate.
- However, in certain circumstances permitted by law, this information will not be disclosed to you. Some examples of these circumstances are information that contains references to other individuals, that cannot be disclosed for legal, security or commercial proprietary reasons, or that is subject to solicitor-client or litigation privilege.
- We do not knowingly collect or solicit personal information from anyone under the age of eighteen or knowingly allow such persons to register. If you are under the age of eighteen, please do not attempt to register or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under the age of eighteen, we will remove that information as quickly as possible. If you believe that we might have any information from or about a person under the age of eighteen, please contact us.
- A parent or guardian is permitted to provide information about people under the age of 18 that are in their care.
10. Contacting us and/or Challenging Compliance
- For anything to do with this Policy, including questions or comments, or to challenge our compliance with this Policy, please contact us as follows:
John Matecsa, President
Picasso Fish Corporation
62 Berkley Cr.
Simcoe, Ontario, Canada N3Y 2K5