Privacy Policy

We at GD Barkwell & Associates Inc. (GDB) have a legal, ethical and professional commitment to respecting client and employee privacy.  We recognize the need for appropriate protection and management of any personally identifiable information (personal information) that is shared with us.

GDB has established this privacy policy so that our clients and employees can understand the respect we have for their right to privacy regarding the collection, use and disclosure of personal information in the course of providing consulting services.

This policy addresses various key issues associated with the way private information is handled within our organization

• Responsibility
• Protection of Personal Privacy
• Collection, Use and Disclosure of Personal Information
• Consent
• Maintaining Accurate Information
• Accessing Personal Information
• Information Requests & Challenges
• Safeguards
• Retention & Destruction of Information
• Use of Electronic Resources
• Use of Physical Resources
• Surveillance, Monitoring and Searches
• Copyright and License Agreements

TYPE OF PERSONAL INFORMATION COLLECTED:

• Age, identification numbers, income
• Information about an individual’s mental or physical health
• Information regarding personal and professional performance. (internal and external)
• Opinions, evaluations, comments, social status or disciplinary action related to employees
• Employee files, credit records, loan records, personal disputes & intentions

Personal Information does not include the name, title, business address or telephone number of an employee

Purpose & Coverage:

The following privacy policies are established for:

• Collection, use and disclosure of client and employee personal information by GDB and its employees
• Use and protection of GDB’s electronic, physical resources, proprietary and confidential information

Computers (desktop & laptop), pagers, telephones, cell phones, faxes, photocopiers, voice-mail, email, internet, intranet and access to the World Wide Web are collectively known as GDB’s “Electronic Resources”. 

Any of GDB’s resources that do not fall under “electronic resources” are collectively known as “physical resources”.  This includes but is not limited employee files, file cabinets, desks, workstations, storage areas, office space and vehicles. 

Access to the electronic and physical resources of GDB has been provided to its employees for the benefit of GDB, its clients, and others involved in GDB’s operations.

These electronic and physical resources enable employees to communicate and work with each other, with clients and other individuals.  It also allows them to connect to information and resources around the world.  All employees are required to maintain and enhance GDB’s image to use these electronic and physical resources in a productive and professional manner.

Employees acknowledge and agree to follow and adhere at all times to GDB’s privacy policy as it currently exists or as it may be modified by the employer in its sole discretion.

Violation of this policy by any GDB employee will be subject to discipline up to and including discharge.

This policy applies to all employees, contractors and subcontractors of GDB.

Privacy Responsibilities

Sarah White has been designated as Privacy Officer for the purpose of privacy protection.

GDB Employees

GDB employees are responsible for ensuring the following:

• Compliance with policies and procedures related to personal information
• Obtaining proper consent/authorization to collect personal information from patients, clients, employees and GDB
• Ensuring their own employee file is kept current regarding name, address, contact information, etc.
• Reporting any confidentiality issues/violations to the President immediately
• Ensuring passwords, security codes and access to personal, privileged and confidential information are not compromised and immediately reporting suspected/real incidents of compromise to the President.
• Ensuring GDB privacy policy is communicated to clients and referring them to the Privacy Officer if necessary for additional information
• Returning personal, privileged and confidential information in possession to GDB Management before or immediately upon termination of employment

President of GDB

The President of GDB is responsible for:

• Ensuring compliance with policies and procedures related to personal information
• Obtaining proper consent/authorization to collect personal information from clients, employees and GDB
• Responding to disclosure requests after release is obtained
• Working with Privacy Officer to investigate complaints of privacy policy violations
• Ensuring disclosure of private information to a Third Party is done in compliance with applicable legislation and with the approval of the Privacy Officer.
• Obtaining personal, privileged and confidential information from employees prior to their employment exit from GDB

Privacy Officer

• Internal compliance with policies and procedures related to personal information and with applicable legislation
• Developing internal policies for the collection, use and disclosure of personal information
• Ensuring individuals have the right to access and correct any personal information
• Review and approval of Third Party requests for personal information
• Ensuring proper consent/authorization is obtained for collection, use and disclosure of personal information
• Notifying individuals when private information was disclosed after an incident where the collection, use or disclosure of such information was permitted without prior consent (i.e. Medical Emergency)
• Handling and following proper procedure for complaints made against GDB information practices

POLICY

Collection, Use & Disclosure of Personal Information

Collection:

GDB will collect personal information about clients and employees ensuring at all times that it uses an appropriate notice and method of collection.  GDB will limit the collection and use of personal data to that which is needed for valid business purposes or to comply with law.  All data will be obtained only by lawful and fair means.

GDB will make every effort possible to ensure that the personal information obtained is accurate and complete. 

Use:

GDB will use personal information only:

• For the purpose for which the information was collected;
• For a use consistent with that purpose;
• With the written consent of the individual
• For the purpose for which that information was disclosed to GDB

Disclosure:

GDB will not disclose personal information about clients, employees or other individuals involved in GDB’s operations to other employees or any third party without written consent.  Under certain circumstances, private information may be disclosed without consent including:

1. To a lawyer representing GDB
2. To collect debt owed by the employee to GDB
3. To comply with a subpoena, warrant, court order or if required by law
4. In an emergency situation where health & safety is threatened

Consent

GDB will inform the individual and obtain consent at the time of information collection the purposes for which the Personal Information is being collected.

Consent may be obtained in the following ways:

• By receipt of this privacy policy outlining the purpose for using your personal information, you provide your implied consent unless you notify us of the withdraw of your consent;
• You provide implied consent when you sign employee documentation;
• We may also ask for your express consent for a specified purpose

Maintaining Accurate Information

GDB is committed to keeping personal information as accurate, complete and up-to-date as necessary for our business purposes.

Accessing Personal Information

Employee Records

1.       Employees may request to review their own employee file by providing the President a minimum of 24 hours notice.  Employees may obtain copies of any documents in their file which they have previously signed.  Documents contained within the file are not to be removed from any employee file.

2.       The President and Accountant shall have access to employee records containing personal information if the Privacy Officer determines that such access is permissible and necessary.  Personal information will not be disclosed outside of GDB without the knowledge and prior written approval from the employee. 

3.       Employees may provide written notice of a correction to the President related to any personal information contained in the employee’s file.

4.       An employee request for disclosure of their own personal information to Third Parties must be documented, signed and dated on an Authorization to Release Information form.  The Authorization to Release Information form should also be used in dealing with insurance companies and in providing earnings information to financial institutions for lending purposes. 

5.       Concerns or complaints regarding the collection and use of employee personal information should be documented and addressed to the Privacy Officer.

Third Party Access to Personal Information

Requests for personal information by Third Parties will be handled by the Privacy Officer.

Third party access to confidential personal information where GDB has control of the information will be allowed if written consent to the disclosure of such personal information is obtained by the patient, client, or employee.

Safeguards

GDB maintains physical, electronic and procedural safeguards to protect your personal information from unauthorized access.

Our policies and procedures are reviewed by management under the direction of the Privacy Officer.  We also monitor our computer networks and test our various security systems to help us ensure the safety of personal information.

Access to personal information is restricted and our employees are bound by all privacy procedures.  Any employee who violates these procedures are subject to disciplinary action including termination.

Retention and Destruction of Information

Personal information is retained only for as long as necessary or to meet any legal, regulatory or tax requirement. 

Sufficient care is used in the destruction of personal information to prevent unauthorized persons from accessing the information.

Information Requests and Challenges

An individual has the right to challenge the accuracy and completeness of their personal information and have it amended as appropriate. 

Requests must be made in writing and submitted to the GDB privacy officer.

GDB will respond to information requests, changes and challenges with due diligence and in a timely manner

Appropriate Use of Resources

The result of all work, including letters, memos, reports, presentations, email and all other documentation whether hard copy or electronic is the property of GDB, is protected by copyright law, and may not be taken or transferred from GDB premises for an employee’s personal use unless the employee receives prior written authorization from the Privacy Officer.  The transfer of these documents to clients or others is permitted when related to work or when the employee is authorized to work off-premises.

Confidential information includes but is not limited to work product, financial records, business records, marketing & strategic plans, personnel files, payroll records, client information, and GDB methodologies.  If an employee is not sure whether or not particular information is confidential, it should be brought to the attention of the Privacy Officer

Electronic Resources

Electronic Correspondence 

All electronic mail and facsimiles containing confidential or proprietary information transmitted by GDB must include the following tag:

“Please Note: The information in this email may contain confidential or proprietary information intended only for the addressee(s). In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), if you have received this communication in error, please immediately notify the sender at 1-888-886-0137 or by return email. Please then delete and destroy all copies of this information. Thank-you for your co-operation.”

Employees should not access new voicemail or email messages in the presence of others without a right to such information.  Employees should also not leave any documents, files or messages containing confidential information in open view while they leave their work area.

Employees must exercise care and caution in the use of GDB’s electronic and physical resources to minimize the occurrences of misdirected or inadvertently forwarded information.  Employees must assure that the transmission of information through GDB’s electronic and physical resources is professional and appropriate in all circumstances. 

In the event of an inadvertent disclosure, the employee should contact the party who mistakenly received the information and inform the party that the information is confidential, that it cannot be disclosed and that it should be deleted.

GDB operates secure data networks that are designed to protect the privacy of our patients, clients, employees and the company.

Physical Resources

Physical resources provided by GDB are to be used for business purposes only and should not be for personal use.  Employees are responsible for ensuring that GDB’s physical resources are used in an effective, ethical and lawful manner.

Employees may only access GDB documents, files, data or programs that are related to their work duties.  Any unauthorized review or improper use, duplication, dissemination, removal installation, damage, or alteration of physical resources is prohibited.

Solicitation of any non-employer business or activity or any use of the physical resources for personal gain is prohibited

GDB considers conduct in violation of this policy to be subject to discipline up to and including termination of employment.

Surveillance, Monitoring & Searches

All electronic and physical resources, whether owned or leased by GDB and any messages, files, data, software, or other information stored or transmitted on them are the property of GDB.