The federal Personal Information Protection and Electronic Documents Act (PIPEDA), sets out ten privacy principles that apply to Canadian organizations engaged in commercial activities. While the CFPC is not subject to PIPEDA, it endeavours to comply with PIPEDA's ten privacy principles on a voluntary basis.
This policy describes how the CFPC collects, uses and discloses personal information. In some provinces, separate provincial privacy legislation imposes obligations on not-for-profit organizations like the provincial chapters. Each provincial chapter is required to develop its own policy to meet the standards of applicable provincial law.
The CFPC may make changes to this policy from time to time including to ensure that it is relevant and remains current with changing laws and regulations. This policy is current as of March 2018.
Definitions and Privacy Principles
"Personal information" includes all information about an identifiable individual, except that it should be noted that privacy laws generally do not apply to business contact information when it is collected, used or disclosed for the purposes of communicating or facilitating communication with an individual in relation to their employment, business or profession.
In our effort to protect the privacy of our members and non-members, we observe the following ten privacy principles:
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the fol lowing principles.
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
The CFPC collects, uses and discloses personal information in accordance with this policy. The CFPC’s Privacy Officer is accountable for compliance with this policy.
The CFPC staff is educated and reminded about this policy and the appropriate management of personal information.
The CFPC collects personal information to communicate with members and non-members about matters of interest to family physicians, and for the following purposes:
- Membership applications
- Membership maintenance and updates
- Mainpro+ maintenance and updates
- Certification Examinations in Family Medicine
- Examinations of Added Competence in Emergency Medicine
- CFPC library services
- Canadian Family Physician journal distribution (see below)
- Family Medicine Forum registrations
- Self Learning ProgramTM and other courses provided by the CFPC
- Canadian Physican Database
- Scientific Research projects that are conducted or facilitated by the CFPC
- Payment of annual dues
- Donations to the College of Family Physicians of Canada's Foundation for Advancing Family Medicine
- Recipients of Honours and Awards
- Website visits (see Website below)
- To market and promote CFPC and its products, services and benefits
- To send mailings to members on behalf of insurers credit companies and other thrid parties who deal with us on behalf of our members.
Members and non-members may withdraw their consent to the collection, use or dsiclosure of their personal information at any time by notifying the CFPC's Privacy Officer, subject to legal or contractual restrictions and reasonable notice. The CFPC will inform members and non-members of the implications of such withdrawl.
Canadian Family Physician
Canadian Family Physician (CFP) uses the name, title, business name, mailing address, telephone and fax numbers, email address, professional qualifications, and demographics in order to:
- Send the magazine to an individual.
- Fulfill circulation audit requirements.
- Renew/re-qualify an individual as a subscriber.
- Help direct editorial content to satisfy readers' needs.
- Ensure advertisers they are reaching their targeted audience.
- Determine whether an individual qualifies for a complimentary subscription to CFP.
When Personal Information May be Disclosed
Examination Data Processing
The College provides family medicine program directors with a copy of the summary of the examination results that have been sent to each of their residents sitting the examination. If, for any reason, a resident does not wish this summary of his or her results to be released to his or her program director he or she must indicate this in writing to the College prior to thirty days after the writing of the examination.
The granting of the special designation CCFP (Certification in the College of Family Physicians of Canada) to one of our members is public information, which is available through our College or through the provincial and territorial licensing/registration authorities.
Credit card information collected by the CFPC is submitted in encrypted format to the CFPC Credit Card Merchant only for payment approval and processing. The CFPC is fully compliant with PCI (Payment Card Industry) requirements.
The CFPC shares information about its members with provincial licensing bodies, its provincial chapters, the CFPC's Foundation for Advancing Family Medicine, and other health care related organizations as approved by the CFPC's Board of Directors (e.g., CMA, CAPER, MCC).
For Non-Member Mainpro+ Participants
The CFPC shares information about its non-member participants in the CFPC's CME/CPD Mainpro program with provincial licensing bodies.
Personal information may be disclosed for other purposes with the individual's consent or as permitted or required by law.
Aggregate data may be shared with sponsors, potential sponsors and other parties to help them understand the CFPC members and their interests.
Website Use and Targeted Advertising
Browser software allows the disabling of cookie collection if users wish or may inform users when a cookie is being stored on a user's hard drive. You may also be able to opt-out of a social media site's targeted advertising program by adjusting your privacy or account settings.
The operating system for the CFPC website (www.cfpc.ca ) may automatically record some general information about visitors such as:
- The internal domain for visitors' internet service provider and the IP address of the computer accessing the website
- The type of browser visitors are using
- The type of operating system visitors are using
- The date and time of the visit to the website
- The web pages that visitors viewed on the website
- The previous website accessed by visitors (if linked to another site)
Use of Website Information
When Exiting the CFPC Website
The CFPC obtains consent from members and non-members for the collection, use or disclosure of their personal information, except where collection, use or disclosure without consent is permitted or required by law. Consent may be expressed (for example, orally or in writing) or implied (for example, when you provide information necessary for a service you have requested). You may provide your consent in some circumstances where notice has been provided to you about CFPC's intentions with respect to your personal information and you have not withdrawn your consent for an identified purpose, such as by using an "opt out" option provided, if any.
The CFPC retains personal information only as long as necessary for the fulfillment of the identified purposes. The CFPC destroys, erases or makes anonymous personal information that is no longer required to fulfill the identified purposes.
Examination information collected and retained in hard copy format is kept in a secured place for a maximum of two years. Payment information collected and retained in hard copy format is kept in a
secured place for a period of seven years.
The CFPC takes reasonable measures to protect personal information from loss or theft, or unauthorized access, use, copying, disclosure or modification. The measures the CFPC takes to ensure the security of personal information include:
- Physical security of our premises
- Restriction of staff access to files on a "need to know" basis
- Fireproof and locked file cabinets
- Undertakings by all staff to comply with our policy
- Deployment of technological safeguards like security software, encryption, and firewalls to prevent hacking or unauthorized computer access
- Internal password and security policies
- Regular audits of our procedures and measures to ensure that they are properly administered and that they remain effective and appropriate
If the CFPC transfers personal information to a third party for processing, the CFPC uses contractual or other means to ensure that the third party affords an appropriate level of protection to such information during its processing.
The CFPC disposes of personal information with care to prevent unauthorized parties from gaining access to the information.
Access and Correction
The CFPC will, upon request, give members and non-members information about the existence, use and disclosure of their personal information, and access to that information.
Members whose personal information has been collected by the CFPC may access their own information in the "Member Profile" of the "Members Only" area on the CFPC website.
Members and non-members may challenge the accuracy and completeness of their personal information and notify the CFPC's Member Care Centre if any changes are required.
Questions and Contacting Us
The CFPC takes steps intended to ensure compliance with applicable privacy legislation related to the management of personal information. Any questions or complaints about the CFPC's management of this information, or any requests to access or correct your personal information, should be directed to the CFPC's Privacy Officer:
Corporate Services Administration Manager Privacy Officer
The College of Family Physicians of Canada and the Foundation for Advancing Family Medicine
2630 Skymark Avenue
Mississauga, Ontario L4W 5A4 Tel: 905.629.0900, ext. 266
Approved by the CFPC Board of Directors on March 20, 2018