The CRG Companies values your personal information and commits to ensuring that your personal information is collected, used and disclosed only in accordance with this Policy and the requirements of the British Columbia Personal Information Protection Act (“PIPA”).
PIPA governs how CRG Companies may collect; use and disclose personal information about our users, employees, contractors and those with or from whom we provide or receive services.
“Personal Information” under this policy shall use the same definition as PIPA, which is the following:
- information about an identifiable individual and includes employee personal information but does not include
CRG Companies collects, retains and uses Personal Information for legitimate purposes only.
Personal Information is not shared with outside parties except to the extent necessary to manage our employment, commercial or marketing purposes.
In collecting, using and disclosing Personal Information, CRG Companies will abide by and be guided by the following:
- Accountability – The CRG Companies’ ROLE will oversee our legislative compliance under this Policy. The ROLE will be responsible for analyzing the handling practices and what personal information is collected and why; how it is collected; what it is being used for; how it being stored and secured; who has access to it; to whom it is being disclosed and for what purpose; and how it is being disposed of.
- Identifying the purpose of collection – While this Policy sets out the purposes for the collection of Personal Information by the CRG Companies, we will advise further as to why we are collecting any additional personal information and the purpose for such collection if and when such inquiries are made.
- Consent – With limited exceptions, the person to whom the Person Information relates must consent to its collection. As such, consent must be voluntarily given and the individual must be aware of why information is being collected. This Policy is intended to provide such awareness. However, if any further information is required into issues of collection, use and disclosure of Personal Information, please contact the CRG Companies’ ROLE;
Although consent must usually be express, it may be implied I some instances; such as when an individual applies for a position of employment or uses the services made available by or through CRG Companies’ products.
Under this Policy, consent from individuals is deemed to be provided when an individual:
- a. uses, accesses or conveys information to or via the products, portals or services made available by CRG Companies;
- b. applies for or accepts work and/or employment or an engagement with one or more of the CRG Companies;
- c. An individual provides Personal Information, or any other identifying or other data, information or particulars, to the CRG Companies; or
- d. Otherwise engages in, or signals an intent to engage in, business, commerce or other engagement with the CRG Companies;
Furthermore, there are certain circumstances in which consent is not required, such as when information is publicly available, it is a medical emergency, or obtaining consent may compromise the availability or accuracy of the information which is relevant to an investigation of a breach of an agreement or a contravention of law.
4. Limited Collection – CRG Companies will only collect Personal Information or other information that is necessary for its stated purpose. For example; in the course of conducting a credit check, an organization would not need to collect information related to an individual’s religious affiliation.
5. Limited use, disclosure and retention – information that was collected cannot be used for any purpose other than that which was stated or for which additional authorization is provided by the individual. If there is information required apart from that for which consent was given, new consent authorizing disclosure must be obtained. For example, information regarding dependents gathered for life insurance purposes cannot be transferred to a medical insurer for the purpose of obtaining medical coverage without obtaining a specific new consent. There are certain circumstances in which additional consent may not be required; such as in an emergency; where information is publicly available.
6. Accuracy – All individuals are required to ensure that any Personal Information provided or made available to CRG Companies is complete and accurate. If use or disclosure of out-of-date or incomplete information would harm the individual, CRG Companies will make best efforts to ensure that the information is accurate and current.
7. Providing safeguards – CRG Companies will protect Personal Information against theft, loss or unauthorized access. For example, written, hard copy Personal Information will be kept in locked drawers with keys accessible only to those who need access.
8. Transparency – This Policy and procedures that flow from it will be readily available to customers, clients, users, employees, contractors and suppliers of CRG Companies.
9. Individual access – Subject to specified exceptions, CRG Companies will provide individuals with details about the Personal Information being held about them by CRG Companies and a means to gain access to it upon request. There are exceptions to what an individual should have access to but if there is Personal Information in a CRG Company file that contains Personal Information about another individual, any and all third-party identifiers should be removed prior to viewing. Also, if Personal Information is collected or gained as part of an investigation into a breach of an agreement or law, or information was generated in the course of a formal dispute resolution process, such information may and should be removed by CRG Companies and not disclosed. Where access to Personal Information is denied by CRG Companies, we will provide an explanation as to the basis for such denial.
10 – Complaints and Concerns – CRG Companies values your trust and your Personal Information. In the event of a concern of complaint in regard to your Personal Information or our legislative compliance, please direct the same to ROLE at EMAIL. Furthermore, concerns about compliance with PIPA may be directed to the Office of the Information and Privacy Commissioner for British Columbia.
All employees are expected to follow the terms of this Policy as terms of their employment. Violations of this Policy may result in disciplinary action up to and including dismissal for just cause.