Privacy Policies & Procedures
Email at info@dentalgram.ca
Background:
DentalGram is committed to protecting the privacy of its candidates, employees and clients. We will endeavor to ensure information is collected, used and retained in accordance with the purposes as stated hereafter. The Privacy Policy explains the management of your personally identifiable information collected in relation to our services from all the divisions within the DentalGram Group. In order to keep up with changing legislation requirements, this policy may be updated periodically without notice. Please note that this policy does not apply to the practices of companies which are not owned or controlled by DentalGram.
General Information:
Each of our divisions provides a unique service. Through these divisions we provide recruitment services, human resource management and payroll services. There are three main types of groups we deal with:
Candidates: people actively looking for work.
Employees: people currently employed individuals that are pay rolled through DentalGram.
Clients: businesses that require our services to supply them with recruitment, human resource management or payroll needs.
Definition of Personal Information:
"Personal Information" is personally identifiable information, including but not limited to name, address, and date of birth, contact details, resume, qualifications, work history, skills and interests.
What Personal Information do we collect?
|
Type of Information |
Examples of Personal Information Included |
|
Resumes |
Name, address, contact details, education, skills, previous work experience. |
|
References & Background Checks |
Specific information related to work experience, qualifications, character, skills and personality. |
|
Application Forms |
Name, address, and contact details, skills (including test results), education, and previous work experience. |
|
Payroll Information |
Periods of employment, position, SIN, gender, date of birth, emergency contact information, banking information, driver’s abstract, hours of work and overtime hours, wage and overtime rates, tax credits, vacation, leave time granted, taxable benefits and deductions made e.g. RSP contributions. |
|
benefits Information |
Family and dependant information, marital status, dates of birth, beneficiary information, spousal insurance coverage, provincial personal health numbers. |
|
Garnishee Information |
Documentation of garnishment, garnishee amounts/percentages, requirements and maximums. |
|
Employee Handbook |
Signed agreement page. |
|
Occupational Health & Safety / WCB |
Medical certificates, details of incidents/accidents in the workplace, relevant medical information, modified duties provided. |
|
Performance Measures |
Evaluations and disciplinary letters/issues. |
|
Security Measures |
Internet use/e-mail monitoring programs. |
|
Client Information |
Business name, address, business contact details, contact names, personal information pertaining to contacts, order forms, surveys, correspondence, accounting information including credit checks and applications. |
How do we collect Personal Information?
We collect personal information through fair and lawful means and personal information is subject to our privacy policies. Information is collected from a wide variety of sources, which includes resumes dropped off in person, received by fax or e-mail. References are obtained through telephone conversations and written reference letters Candidate application forms, payroll information, benefits application forms are received from candidates and employees by fax, e-mail and in person
Garnishee information is received from various organizations in writing by mail or fax Client information is collected by our internal staff and volunteered by our clients in order to provide them with our services We may collect personal information without consent or knowledge if it’s in the interest of the individual and consent is not obtainable in a timely manner Would compromise information availability or accuracy Is reasonable to investigate contravention of laws Is publicly available and specified in the regulations
Why we collect Personal Information?
The very nature of our business means that we require a lot of personal information concerning individuals. Personal information is only collected in order to provide services through our divisions to our candidates, employees and clients and not for any other means.
Only relevant information is collected, to fulfill the needs and requirements to facilitate the services we offer.
How is Personal Information used?
Personal information and references regarding candidates is added to our database, and it is used to place candidates in positions at our client sites. This information may be used by any internal staff member and may be sent to clients interviewing potential candidates for positions.
Other employee personal information, such as SIN, date of birth, etc is used in order to provide payroll and human resource services to our employees.
Information regarding our clients is used only to provide services. We do not sell or share client information with any outside agency unless approval is granted by the client. Information is shared with an outside agency only if additional outsourcing services are required.
Who controls Personal Information?
All internal staffs are responsible for collection of data as required to perform their duties. It is also the responsibility of all internal staff to protect the privacy of all candidates, employees and clients.
Decisions on the collection, use, disclosure and retention of data are shared by the Management Team and the Privacy Officer. The Privacy Officer also deals with any complaints concerning privacy issues.
What is Personal Information used for?
Personal information is used only to provide services to our candidates, employees and clients. Personal information is never sold or passed on to outside organizations or individuals for purposes other than providing these services.
Where is it stored and how it is kept secure?
Storage of paper based personal information is maintained in our offices, along with external secured storage facilities. Electronic information is stored in our computer systems with back up stored off-site.
In order to protect the privacy of our employees, candidates and clients we have various levels of security in place: physical safeguards, administrative safeguards and technical safeguards.
Physical safeguards include:
Locked cabinets and storage areas
Limited access to areas where personal information is filed or stored
Shredding papers containing personal information when disposing
Alarms and pass keys for restricted areas
Administrative safeguards include:
Staff training on privacy policies and procedures
Staffs are required to acknowledge and sign a confidentiality agreement.
Technical Safeguards:
The most secure technology is used where possible to protect personal information. Our Information Technology department monitors access and use of our electronic systems and is responsible for maintaining the security of our systems through use of tools such as firewalls, anti-virus programs and passwords. All internal passwords are changed regularly.
All staffs are responsible to protect personal information using the security safeguards in a manner appropriate for the type of information.
Who has access to or uses it?
We limit access to personal information in candidates’, employees’ and clients’ files to:
Certain types of information are segregated to facilitate privacy, provide appropriate access and to protect personal information from unauthorized:
Copies of files are kept to a minimum and all information, where possible, is included or scanned into our database in order to maintain the most current and accurate information and to minimize paper documentation.
Who is Personal Information disclosed to?
DentalGram may release personal information to a third party under the following circumstances:
When is it disposed of?
We aim to retain information only as long as is needed to fulfill the purpose that it was collected for.
Resumes are scanned into our database and then the paper copies are shredded. Our database is periodically purged of old information. Resumes, skills and reference information that has not been accessed or used for more than a year, in relation to any of our services, is deleted. Our Information Technology department is responsible for maintaining and enforcing regular deletion of out-dated information.
Other payroll, garnishee and employee information is kept on file according to federal and provincial legislation requirements.
Client information that is considered public domain and does not contain any personal information is kept on file for an indefinite period of time.
All paper files are destroyed at end of the retention stage through confidential shredding services. Electronic files and discs are destroyed by the Information Technology department to ensure proper deletion of data prior to outdated discs being disposed of.
Commercial Activity:
Any activity we perform or provide for our employees or prospective employees.
Accountability:
If employees have a concern with DentalGram privacy policies and procedures, the employee is to first Contact the Privacy Officer directly by email at info@DentalGram.ca.
Candidates Concerns and Correspondence to the Privacy Officer:
All correspondence and/or contact from employees that is directed to the Privacy Officer will be investigated. Such investigation will include a detailed review of the situation and the Privacy Officer will be given a chance to address the member’s concern. Should such efforts fail to rectify the situation the Director is responsible for privacy will then get involved directly with the employee In order to avoid many potential privacy situations, staff and directors must use the “reasonable person test” when obtaining consent. In short, every staff person and director must answer the following question:
For the services DentalGram provides, is it reasonable for DentalGram to collect, hold, use, or discloses the member’s personal information in the first place?
Identifying the Purpose:
At all times, staff and directors must identify in writing the purpose for obtaining member’s consent. The preferred methods are:
Obtain Consent:
For the purposes of this policy, consent includes the member’s permission to collect, hold, use, and discloses their personal information in accordance with the DentalGram Privacy Notice.
No staff person or director may conduct business with anyone that has not provided his or her consent. Consent can be given verbally provided it is recorded in the member’s file and dated. Further, consent may be implied or explicit. When obtaining consent, all members should be referred to the DentalGram Privacy Notice. If an employee does not wish to consent to any part of the DentalGram Privacy Notice, then the withdrawal of consent MUST be documented in the notes to the employee’s file with the date and the privacy officer notified as soon as possible. The privacy officer will document the situation and ensure that the staff person or director has taken the appropriate action to accommodate the employee’s wishes.
Withdrawal of Consent:
At any time, the member may withdraw their consent. Such action must be documented and brought to the attention of the privacy officer as soon as possible. The privacy officer will document the withdrawal and ensure steps are taken to comply with the employee’s wishes.
Limit Collections:
The reasonable person rule must be adhered to at all times and the purpose for which the
Personal information was collected must be documented. Documentation can be by: employee written instruction, registration form, notes to the employee’s file, or similar correspondence. All verbal consent must be documented with the date received in the employee’s file.
Limit Use, Disclosure and Retention:
Personal information can only be collected, used, and disclosed with the employee’s consent and the DentalGram Privacy Notice obtains consent for most business practices.
Retention Periods:
Once Information is collected, it may only be retained on the employee’s file for as long as the employee has consented to its retention. All collected information is retained in the employee’s file. This does not apply to credit card information which DentalGram does not retain, nor has the ability to retain. The only exception is when a legal requirement dictates that the Information be retained for a specified period of time.
Destruction of Information – Electronic Files:
In accordance with the aforementioned retention periods, Information must be promptly
Deleted from all electronic files when the purpose for which the Information was collected, or when consent to hold such Information has expired.
Destruction of Information – Paper:
All paper files that contain Information must be promptly shredded either on-site at
DentalGram or by a confidential shredder service.
Information Destroyed In Error:
It is important to note that the Information can be destroyed, but not the consent. Should
Information be destroyed, the staff person or director must determine if the consent to collect, hold, and distribute the Information is still valid. If so, then the Information may be reconstructed, replaced, or collected again provided it is for the same purpose as consented to originally. If the status of consent is uncertain, then the staff person or
Director must contact the employee and ensure that proper consent is obtained before replacing, or reconstructing lost information.
Accuracy:
Updating Information:
Any errors in employee Information must be corrected within 14 business days. Any employee requests for corrections to Information must be documented in the employee’s file with the date received and the date the correction was made. All requests to update member, Information should be in writing, dated, and filed in the employee’s file. Verbal requests must be documented with date received in the employee’s file.
Use Appropriate Safeguards:
Information must be safeguarded at all times against un-authorized access, use, or disclosure.
Computerized Information - Network:
Employee information stored on the DentalGram Network must be protected by secure Passwords.
Computerized Information – Desktop and Lap top Computers:
At all times, Employee Information is the corporate property and responsibility of
DentalGram and must be stored on the network computers. Copies may be retained on Desktop and/or laptop computers for occasional business use. No original Information may be stored solely on desktop or laptop computers. Laptop computers must never be left unattended for any reason. Once available, security software will be installed on all laptop computers to provide reasonable protection against unauthorized access to employee information that may be stored on the computer. All password security software will be updated on a continual basis.
Protection Systems for Network Computers:
All network computers have weekly backups to the server for brief power outages, firewalls, and anti-virus software. Access to the DentalGram offices is restricted to staff only and protected by an alarm system. Network computers are not left unattended unless protected from access by a locked door or a locked cabinet.
Computers those are no Longer Required:
Any computer that is no longer required at DentalGram must first be cleaned of all Information. The staff or director is responsible for notifying DentalGram and ensuring that the procedure was completed prior to the computer leaving DentalGram.
Portable Data Storage Devices:
If personal data devices such as palm pilots, cellular telephones, and so on contain Employee’s Information, they must never be left un-attended unless secured with a locking device such as a door or locked filing cabinet. When taken outside of DentalGram, such devices must be password protected and such security protocols enabled.
Employee Information stored in Paper Files:
Employee Information stored in paper files is protected from un-authorized access by the
Building security systems, locking room doors, and/or locking filing cabinets. Employee files are not left un-attended unless secured.
Employee Paper Files Temporarily Removed from the Building:
Employee Information stored in paper files must be secured at all times. If temporarily
Removed from the building (e.g. Meeting), then the Information must be protected
From unauthorized access. At a minimum, all Information must be obscured from direct view to avoid unauthorized reading of the material and protected by some sort of locking
Mechanisms.
Be Open:
At all times, staff and directors must be familiar with the DentalGram Privacy Notice posted on the website. Any questions with regard to the Notice, or requests for interpretation of DentalGram policies and procedure should first be directed to the privacy officer. Full name, address, and other contact information for the Privacy officer as well as a description of the procedure for making a privacy complaint are clearly outlined on the DentalGram Privacy Notice.
Procedure for New Employees:
The staff must ensure that all new employees are made aware of the DentalGram privacy notice. Should the employee not agree with any provision of the Notice, then the staff must document with date the problem and make suggestions as to how to address the employee’s concern. The Privacy Officer must be notified immediately of any such event in order to review the notes to file and ensure that the recommended procedure for handling the employee’s concern is adequate.
Complaint Process:
If an employee is not content with how his/or her advisor is complying with the terms and
Conditions of DentalGram Privacy Notice, then he or she may file a complaint with the Privacy Officer as follows:
Should a complaint be filed with the privacy officer, the privacy officer will ensure that complaint is properly documented and signed by the employee.
Notify the parties involved in writing that a complaint has been filed and seek a
meeting (conference call) to discuss the issues, document the discussion with the staff or director and formulate a plan to deal with the complaint, notify the member in writing the results of the meeting and inform them of the proposed solution, if required, meet again with the member and/or the parties to mediate a solution to the problem.
DentalGram Must Refuse the Request when:
If requested for information by employee, DentalGram must provide a copy of the Information to the employee within 30 days of the request at no cost to the employee. The copy may be “cleaned” of any other Information, comments, or other information that is not relevant to the employee’s request. The Information must be
Understandable. For example, explain acronyms, unfamiliar terms, and so on prior to
Releasing the Information to the employee. In rare circumstances, additional time is needed to prepare the copy for the employee. Such request must be made in writing to the Director who is responsible for Privacy, as soon as possible. Access would reveal Information about another person unless there is life threatening situation.
DentalGram May Refuse Access when:
Here are five situations where DentalGram may refuse a request for Information:
DentalGram security or reasons of law enforcement. Upon request, that governmental institution may instruct DentalGram to refuse the request. disclosure could harm the individual life or security, it was collected without the individuals knowledge or consent to ensure accuracy and the collection was required to investigate a breach of an agreement or contravention of a federal or provincial law, it was generated as part of a formal dispute resolution (e.g. divorce).The Privacy Officer will determine if a request falls into any of the above.