Privacy Policy
Click here to download the CUA Privacy Policy.
PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACTS
The Personal Information Protection and Electronic Documents Act (PIPEDA) came into full effect on January 1, 2004.
The PIPEDA applies to all personal information collected, used or disclosed by private sector organizations in the course of commercial activity. Its privacy provisions are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). Key among the Act’s provisions are:
Organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information;
Organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; and
Individuals may access personal information about themselves held by an organization and have it corrected, if necessary.
“Personal Information” as used in the Privacy Policy means information about an identifiable individual, but does not include the name, title or business address or business telephone number of an employee of an organization.
CANADIAN UROLOGICAL ASSOCIATION PRIVACY POLICY
The Canadian Urological Association (CUA) values the relationship it has with its members of all categories, all urologists, urology residents and urology-related organizations and institutions it deals with, and is committed to the protection of their personal information. Accordingly, the CUA and its employees adhere to this Privacy Policy which is based on the privacy principles set out in Schedule 1 of the PIPEDA.
- Accountability
The CUA is responsible for all personal information under its control and has
appointed a Privacy Officer who is accountable for the CUA’s compliance with the
act’s principles. Other individuals within the organization who may be responsible
for the day-to-day collection and processing of personal information or who may be
delegated to act on behalf of the Privacy Officer, will comply with this Privacy Policy
as it may apply to their work.
The CUA is responsible for personal information in its possession or custody,
including information that has been transferred to a third party for processing. The
CUA will use contractual or other means to provide a comparable level of protection
while the information is being processed by a third party.
Questions or comments from members of the CUA should be addressed to the
CUA Privacy Officer at privacy.officer@cua.org, or (514) 395-0376, or by mail:
Privacy Officer, CUA, 1155 University Street, Suite 1155, Montreal, Quebec, H3B
3A7.
- Identifying Purposes
The CUA will identify and document the purposes for which personal information is
collected at or before the time of collection.
The CUA collects, uses and discloses personal information concerning its members
for the following purposes:
a. Providing products, services and information of interest to its members;
b. Providing the Canadian Journal of Urology, or other similar media to its members;
c. Publishing a membership booklet and distributing it to its members;
d. Exchanging information with urology-related organizations and institutions in order to facilitate the provision of products, services and information of interest to urologists and urology-related organizations and institutions in Canada and internationally. When personal information that has been collected is to be used for a purpose other than those identified above, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individuals is required before information can be used for that purpose.
- Consent
Personal information will only be collected, used, or disclosed with the knowledge
and consent of the CUA members, except in emergencies and on other occasions
permitted or required by law.
The CUA will make a reasonable effort to ensure that its members are advised of the
purposes for which the information will be used. To make the consent meaningful,
the purposes will be stated in such a manner that the members can reasonably
understand how the information will be used or disclosed.
The CUA will not, as a condition of the supply of its services, require an individual
to consent to the collection, use, or disclosure of information beyond that required
to fulfill the explicitly specified and legitimate purposes.
An individual may withdraw consent at any time, subject to legal or contractual
restrictions and reasonable notice.
In certain circumstances, as permitted or required by law, the CUA may collect, use
or disclose personal information without the knowledge or consent of its members.
These circumstances include personal information:
a. which is publicly available;
b. where collection or use is clearly in the interests of the individuals and consent cannot be obtained in a timely manner;
c. which is required to investigate a breach of an agreement or a contravention of a law;
d. required to act in an emergency that threatens the life, health or security of an individual; or e. to comply with a subpoena, warrant or court order.
- Limiting Collection
The collection of personal information will be limited to that which is necessary for
the purposes identified by the CUA. Information shall be collected by fair and lawful
means.
- Limiting Use, Disclosure, and Retention
Personal information will not be used or disclosed for purposes other than those for
which it was collected, except with the consent of the individuals or as required by
law. Personal information will be retained only as long as necessary for the
fulfillment of those purposes.
Personal information that has been used to make a decision about an individual shall
be retained long enough to allow the individual access to the information after the
decision has been made.
Personal information that is no longer required to fulfill the identified purposes will
be destroyed, erased or made anonymous.
- Accuracy
Personal information will be as accurate, complete, and up-to-date as is necessary for
the purposes for which it is to be used, taking into account the interests of the
individuals.
The CUA will use its best efforts to ensure that personal information that is used on
an ongoing basis, including information that is disclosed to others, and information
that is used to make a decision about an individual is accurate, complete, and up-todate.
- Safeguards
Personal information will be protected by security safeguards appropriate to the
sensitivity of the information.
The security safeguards will protect personal information against loss or theft, as well
as unauthorized access, disclosure, copying, use, or modification. The nature of the
safeguards will vary depending on the sensitivity of the information that has been
collected, the amount, distribution, and format of the information, and the method
of storage.
Depending on the format of the personal information, security measures may
include physical precautions, limited access and technological measures such as the
use of passwords and encryption. Care will be used in the disposal or destruction of
personal information, to prevent unauthorized parties from gaining access to the
information.
The CUA will make its employees aware of the importance of maintaining the
confidentiality of personal information.
- Openness
The CUA will make readily available to individuals specific information about its
policies and practices relating to the management of personal information.
The information made available will include:
a. the name or title, and the address, of the person who is accountable for the CUA’s policies and practices and to whom complaints or inquiries can be forwarded;
b. the means of gaining access to personal information held by the CUA;
c. a description of the type of personal information held by the CUA, including a general account of its use;
d. a copy of any information that explains the CUA’s policies, standards, or codes; and
e. what personal information is made available to related organizations.
- Individual Access
Upon request, an individual will be informed of the existence, use, and disclosure of
his or her personal information and will be given access to that information. An
individual will be able to challenge the accuracy and completeness of the information
and have it amended as appropriate.
In certain situations, the CUA may not be able to provide access to all the personal
information it holds about an individual. Exceptions to the access requirement will
be limited and specific. The reasons for denying access will be provided to the
individual upon request. Exceptions will include information that is prohibitively
costly to provide, information that contains references to other individuals,
information that cannot be disclosed for legal, security, or commercial proprietary
reasons, and information that is subject to solicitor-client or litigation privilege.
In providing an account of third parties to which it has disclosed personal
information about an individual, the CUA will attempt to be as specific as possible.
The CUA will respond to an individual’s request within a reasonable time and at
minimal or no cost to the individual.
- Challenging Compliance Any individual may address a challenge concerning compliance with the above principles to the Privacy Officer who is accountable for the CUA’s compliance with the act’s principles. The CUA will investigate all complaints. If a complaint is found to be justified, the CUA shall take appropriate measures, including, if necessary, amending its policies and practices.
