about Red Deer co-op
CO-OP memberships

Our Privacy Policy

Issued by: General Manager
Approved by: Board of Directors
Issue Date: January 2004

A. DEFINITIONS

  1. “personal information” is defined as “information about an identifiable individual”, i.e. the individual’s race, ethnic origin, colour, age, marital status, religion, education, medical information, criminal record, employment history, financial records, address, telephone number, email address, Social Insurance Number, fingerprints, blood type, and tissue or biological samples.

    Information about an identifiable individual does not include name, title, or business address or business telephone number of an employee.
  2. “commercial activity” is any activity that is of a commercial character, i.e. sales, purchases, leases, barters, exchanges etc.
  3. “consent” is defined as “voluntary agreement with what is being done or proposed”.  Consent can be either express or implied. Express consent is given explicitly, either orally or in writing.

B. GENERAL

In Red Deer Co-op Limited (the Co-op), privacy in the collection, use and disclosure of personal information is important.  This applies to personal information collected, used and disclosed in the course of commercial and employment activities.

The Co-op will govern itself in accordance with the following ten (10) interrelated privacy principles which are based upon Canada’s Personal Information Protection and Electronic Documents Act:

1. Accountability
2. Identifying Purposes
3. Consent
4. Limiting Collection
5. Limiting Use, Disclosure and Retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual Access
10. Challenging Compliance

The General Manager is designated as the individual who will be accountable for ensuring that the Co-op complies with the Ten Privacy Principles (Chief Compliance Officer).  Other individuals within the organization may be accountable for the day-to-day collection and processing of personal information or to act on behalf of the Chief Compliance Officer.

C. PRACTICES

The Co-op will adopt the following practices in compliance with the Ten Privacy Principles:

  • The Co-op will obtain an individual’s consent prior to collecting, using or disclosing personal information from or about the individual, except where required or permitted by law.
  • The Co-op will disclose to the individual the reason the Co-op is collecting the personal information before or at the time it is collected, how the Co-op intends to use this information, and how the Co-op will obtain the individual’s consent to such use.
  • The Co-op will disclose to the individual the names or classes or persons to whom the Co-op intends to disclose the personal information and how the Co-op intends to obtain the individual’s consent to the disclosure of such information.
  • The Co-op will implement a system to record personal information collected, the individual’s consent, the uses to which the individual has consented, the persons to whom personal information may be disclosed, and other matters such as how the Co-op obtained consent, any withdrawal of consent, any legal or contractual restrictions an individual has placed on withdrawal of consent, and the implications of withdrawal of consent with respect to any use of the information.
  • The Co-op will avoid collecting personal information indiscriminately or through deception.
  • The Co-op will implement security measures and safeguards appropriate to the sensitivity of the personal information to ensure the protection of the personal information, i.e. use computer passwords, locked filing cabinets, restricted access areas, etc., if appropriate.
  • The Co-op will set up a process by which an individual may request and have access to information about:
    • whether the Co-op has any of that individual’s personal information;
    • what personal information the Co-op has about an individual;
    • how the Co-op has used the individual’s personal information;
    • names of persons to whom the Co-op has disclosed the individual’s personal information; and
    • policies and practices
  • The Co-op will set up procedures to respond to complaints from individuals about their personal information and to inform complainants of the existence of the Co-op’s complaint procedure.
  • The Co-op will investigate complaints made about an individual’s personal information and if a complaint is justified, take action to remedy the complaint.
  • The Co-op will ensure that personal information under its control will only be transferred to third parties that provide a level of protection that is comparable to the Co-op.
  • The Co-op will not punish an employee for:
    • reporting the Co-op to the Commissioner for contravening the Act;
    • refusing to do anything that would contravene the Act; or
    • taking action to prevent the Co-op from contravening the Act

This protection prohibits dismissal, suspension, demotion, discipline, harassment, disadvantage, or other denial benefit of employment by the Co-op.

D. GUIDELINES FOR ACCESS AND RECTIFICATION REQUESTS

  1. Access Requests
    The Chief Compliance Officer or designate will have 30 days from the date of a written request to respond to the request.  In exceptional circumstances, the Co-op may advise the requester in writing of the need for an extension of a further 30 days.

    Once an access request has been made, the Co-op is prevented from disposing of personal information that is the subject of a request until such time as the request is fully resolved and any appeal period has expired, i.e. where the Co-op denies the request.

    Grounds for Denial or Restriction
    (a)     Providing access would likely reveal personal information about a third party unless such information can be severed from the record or the third party consents to the disclosure, or the information is needed due to a threat to life, health or security.

    (b)     The personal information has been requested by a government institution for the purposes of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out any investigation related to the enforcement of any law, the administration of any law, the protection of national security, the defense of Canada, or the conduct of international affairs.

    (c) The information is protected by solicitor-client privilege.

    (d) Providing access would reveal confidential commercial information, provided this information cannot be severed from the file containing other information requested by the individual.

    (e) Providing access could reasonably be expected to threaten the life or security of another individual, provided this information cannot be severed from the file containing other information requested by the individual.

    (f) The information was collected without the knowledge or consent of the individual for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.

    (g) The information was generated in the course of a formal dispute resolution process.

    Access Granted
    The Chief Compliance Officer or designate should ensure that all copies of files, all multi-media files, all physically dispersed files and all derivative files are taken into account before supplying access to the requester.

    The Co-op is permitted to copy personal information and provide the copy to the requester.  The company is not obligated to allow the requester access to the original file.  If the Chief Compliance Officer or designate chooses to allow access to the original file, such access should only be provided under supervision.

    Any reasonable expenses incurred by the company in providing access to personal information may be charged to the requester, i.e. transcription costs and other administrative costs.  The requester must be made aware up-front of any costs payable by them in granting their access request.

    Access Denied
    If the company refuses access to information, the Chief Compliance Officer or designate will give the reasons in writing, except where prohibited by law, and inform the requester of his/her recourse which is to take the dispute to the Privacy Commission.

  2. Rectification Requests
    The law allows any person to have corrected any inaccurate or incomplete personal information contained in a file concerning him/her.  The person concerned can also have deleted any information which is obsolete or not justified by the object of the file, or may even formulate comments in writing and ask that this be incorporated in the file.  Additionally, any information that was not collected under the authority of the law may also be deleted upon request from the person concerned.

E. GUIDELINES FOR COMPLAINTS AND INQUIRIES

  1. Complaints
    All complaints regarding compliance with this policy, as well as the provisions of the Personal Information Protection and Electronic Documents Act, shall be directed in writing to the attention of the Chief Compliance Officer.

    (a) Investigation - The Chief Compliance Officer or designate will investigate all complaints and render a decision in writing within 30 days of receipt of the complaint.

    (b) Complaint Justified - The Co-op will take appropriate measures to redress the complaint including, where necessary, an amendment to this policy or any practice.

    (c) Complaint not Justified -The Co-op will inform the complainant in writing of its decision and will inform the complainant of their right to complain to the Privacy Commissioner.
  2. Inquiries
    All inquiries as to the Co-op’s policies and practices relating to the management of personal information must be directed to the Chief Compliance Officer or designate.  The Chief Compliance Officer or designate will respond to such inquiry as soon as practical.
  3. Implementation
    The Co-op will analyze personal information handling practices to ensure compliance with the Ten Privacy Principles on an annual basis.