CSPG Privacy Policy
Personal Information Privacy Policy
CSPG Personal Information Privacy Policy (47 kb PDF)
General
The Canadian Society of Petroleum Geologists (CSPG) is a national organization
incorporated federally under the Canada Corporations Act.
Effective January 1, 2004, CSPG became subject to two separate pieces of legislation
with respect to the collection, use and disclosure of personal information:
- The Personal Information Protection and Electronic Documents Act ("Canada") ("PIPEDA") which applies to all commercial activity carried out by an organization within a province or territory of Canada, as well as to certain cross-border transactions in personal information; and,
- The Personal Information Protection Act (Alberta) ("PIPA").
PIPEDA and PIPA together are referred to in this policy as the "Legislation."
Personal information means information
concerning an identifiable individual, but generally excludes information
related to contacting an individual in their capacity as an official or
employee of an organization.
PIPEDA does not apply to the employees of a provincially regulated organization
such as CSPG, but PIPA does.
The purpose of PIPEDA and PIPA
generally is to balance the requirements of an organization to collect,
use and disclose personal information for lawful and reasonable purposes
with the privacy rights of individuals.
The CSPG is committed to protecting the privacy of members and customers and
has adopted the following Personal Information Privacy Policy (PIPP), which
supports the principles put forward in the applicable legislation and summarized
below. It is the policy of the CSPG to comply with the provisions of the Legislation.
Subject to the specific provisions of the Legislation and applicable exemptions and exceptions, the CSPG will follow the following ten fair information principles:
Principles
1. Accountability: The CSPG is responsible for personal information under its control and the Chairman of the Membership Committee shall be accountable for the Society's compliance with PIPP in support of these principles.
2. Identifying Purposes: Except in limited cases as set out in this PIPP, the purposes for which personal information is collected shall be identified by the CSPG at or before the time the information is collected.
3. Consent: Except in limited cases as set out in this PIPP, the knowledge and consent of the individual will required for the collection, use or disclosure of personal information, except when inappropriate. In some cases, consent may be deemed or implied, and in some cases, notably with respect to personal employee information, reasonable notification of the intent to collect, use and disclose personal information will be given but consent may not be required, depending on the circumstances.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the CSPG. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual, or as allowed or required by the law. Personal information shall be retained only as long as necessary for fulfilment of those purposes.
6. Accuracy: CSPG will make reasonable efforts to maintain personal information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8. Openness: The CSPG shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access: Upon request, and depending on the circumstances and the applicable law, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information, subject to legal exemptions and prohibitions. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the CSPG's compliance.
Application
1. Accountability: The CSPG Membership Committee Chair shall also be known as the Information Privacy Officer (IPO) and is responsible for CSPG compliance with the legislation. In this capacity, the IPO may delegate the implementation of PIPP to the CSPG Business Manager, who shall take such steps as are necessary to ensure its comprehensive application in all CSPG-related programs and services.
2. Purpose: Subject to the Legislation, personal information is used only for the purpose or purposes for which it was collected by the CSPG. The information individuals provide to CSPG – such as name, address, etc. – allows CSPG to inform members and customers about events and activities and to notify them of issues, events or special offers which may be of interest. The CSPG does not sell personal information. Personal information concerning members of the CSPG is treated uniformly regardless of the location or residence of any individual member. The following refers to those activities that the CSPG collects personal information for and details why that information is collected:
a. Membership: When an individual applies for or renews membership, the CSPG collects personal information about the individual, which may be used for any of the following purposes:
- Mailing of member publications in either paper or electronic format;
- Disclosing to the membership the names, company and company phone number through the Member Directory available on the CSPG website, or by way of email or mail query. Members may choose to withdraw their contact information from the Member Directory at any time, and may at any time contact the CSPG Business Manager of the CSPG to do so;
- Engaging in policy development, advocacy activities, or establishing funding arrangements;
Administering, increasing opportunities for or facilitating access to member programs, benefits, services, etc, offered by CSPG;
- Supporting efficient operation of committees of the Society; and
- Performing analysis to improve member service and satisfaction.
b. Event: When an individual registers for a CSPG event, the CSPG collects personal information about the individual, which may be used for any of the following purposes:
- Mailing/emailing event information;
- Event administration;
- Performing event analysis to improve programs and/or services; and
- Sharing registrant contact information, for specified purposes, with other delegates, vendors, partnering societies, and exhibitors, such sharing to be done on an event-by-event basis subject to the recommendation of the event Chairman and approval of the Executive Committee.
c. Payments: When an individual makes a payment for a CSPG Program or Service, personal information about that individual may be collected for the following purposes:
- Provide an individual membership financial profile to enable discounts;
- Verify payment confirmation;
- Event financial management; and
- Where applicable, enable credit card authorization for payments.
d. Website: The operating system for the CSPG website (www.cspg.org) may automatically record some general information about an individual's visit, such as:
The Internet domain for and individual's Internet service provider, such as "company.com" or "service.ca" and the IP address of the computer accessing the website, such as "555.55.5.555";
- The type of browser (such as "Netscape version x" or "Internet Explorer version x") an individual is using;
- The type of operating system an individual is using (such as Macintosh, Unix, or Windows);
- The date and time an individual visits the CSPG site and the web pages that the individual visits on the CSPG site, along with the address of the previous website the individual was visiting, if linked to the CSPG from another website; and
- If an individual logged into the CSPG site, the individual's user name will be recorded along with the date and time of their visit, which pages were viewed, and related information.
CSPG uses this information for statistical analysis, to help make its site more useful to visitors. The CSPG may disclose this information in aggregate only to third parties such as sponsors, clients or advertisers and/or use it for auditing purposes.
The CSPG website may use "cookies" that identify individuals as return visitors. A cookie is a piece of data that a website can send to a browser, which may then store the cookie on the individual’s hard drive, in order that, when the individual comes back to visit CSPG's website again, information can be tailored to suit the individual's preferences. The goal is to save time, provide the visitor with a more meaningful visit, and to measure website activity. Browsers such as Netscape and Internet Explorer allow individuals to disable cookie collection if so desired, or inform the visitor when a cookie is being stored on their hard drive.
Specifically, the CSPG uses cookies in order to allow members to access features (i.e. "Remember Me" function) without logging into the website each time.
When Leaving The CSPG Website
PIPP discloses the privacy practices for the CSPG. However, the CSPG website contains links to other sites. Once an individual links to another site, they are subject to the privacy and security policies of the new site. CSPG encourages visitors to read the privacy policies of all websites visited, especially if sharing any personal information. CSPG is not responsible for the personal information practices of any third party website linked to from the CSPG website.
e. Aggregate Data: CSPG may share aggregate information about its members and customers – not individual data – with sponsors, potential sponsors and other parties to help them better understand CSPG members and their interests.
Such aggregate information is used to give the CSPG demographic data about its members in order to improve the organization and the programs and services it provides.
f. Employees: Personal information concerning employees of and individual contractors to CSPG are not generally subject to PIPEDA. For specific information with respect to personal information concerning employees and contractors, please see the CSPG Employee Privacy Policy, a copy of which is available to employees and contractors from the IPO of CSPG on request.
3. Consent: Subject
to the provisions of the Employee Privacy Policy, the Legislation and applicable
exemptions, the CSPG collects no personal information about individuals
unless those individuals choose to provide that information to the CSPG.
The CSPG shall, whenever personal information is being requested, seek
the consent of the individual to collect such information. Such consent
may take the form of notice at the point of collection that, by providing
the requested personal information, the individual is consenting to its
collection and use as specified. By becoming a member or by requesting
information or registering for events or courses offered by CSPG, individuals
are giving CSPG permission to contact them by way of the information provided.
It is the policy of the CSPG to generally collect personal information
from the individual concerned, but there may be cases where it is not practical to do so, in which case CSPG may collect personal
information from third parties as allowed in the Legislation.
Where PIPA is applicable, PIPA provides that an individual is deemed to consent
to the collection, use or disclosure of personal information about that individual
for a particular purpose if the individual voluntarily provides the information
for that purpose, and it is reasonable that a person would voluntarily provide
that information.
4. Limits: CSPG will collect only the personal information necessary to fulfill the purposes specified. Within the Society, personal information is available only on a need-to-know basis. Except for the Purposes specified above, or where required or permitted by law, CSPG will not collect, use, or disclose information about individuals without their consent.
Use of the information collected for other purposes is contrary to the policy of CSPG. Where personal information has been collected by the CSPG for an identified purpose or purposes and a new purpose is identified or otherwise arises, the CSPG will first contact the individual in question to obtain consent to use or disclosure of personal information for such new purpose or purposes and, unless otherwise required by law, will not use or disclose personal information for such new purpose or purposes until the consent of the individual in question has been obtained.
CSPG does not sell its membership lists or personal information concerning members. In the event that opportunities arise that may provide a benefit to members of the CSPG by disclosure of their personal information, in all such cases the express consent of the individual members will be first obtained.
5. Accuracy: CSPG will make every effort to ensure that all personal information collected is accurate and, through regular updates and checks, ensure held information is as up-to-date as possible. Members shall be given every possible opportunity to confirm and up-date their personal information. By mail this shall be done annually as part of the Membership Renewal program; electronically, members may check or update their personal record at any time.
6. Safeguards: Any personally identifiable information about members or customers or website visitors is stored securely. Electronic access to personal information shall be accorded the highest reasonable level of security. Personal information shall only be accessed on a need-to-know basis as determined by the IPO. The Business Manager shall strictly control staff access to personal information concerning employees, staff, members, and customers. All electronic access to personal information shall be password protected and all personal information documents shall be kept under lock and key.
7. Openness/Access: The law permits individuals to submit written requests to the CSPG to provide them with their personal information under the custody or control of the CSPG, information about the purposes for which their personal information under the custody or control of the CSPG has been or is being used by the CSPG, and the names of the recipients of any disclosures of their personal information and the circumstances in which their personal information has been and is being disclosed by the CSPG.
It is the policy of the CSPG to respond to requests within the time allowed by the Legislation, which is 30 days under PIPEDA and 45 days under PIPA. The CSPG will make a reasonable effort to assist applicants and to respond as accurately and completely as reasonably possible. All requests may be subject to any reasonable charge allowed by applicable legislation. Where appropriate to do so, the CSPG may require advance payment of a deposit or the entire costs of responding to a request for access to personal information.
In responding to requests for personal information, the law requires that CSPG shall not disclose personal information where the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request, or where the disclosure would reveal personal information about another individual, or, in most cases, generally applicable to employees and contractors, where the disclosure would reveal the identity of an individual who has in confidence provided the CSPG with an opinion about another individual and the individual providing the opinion does not consent to the disclosure of his or her identity.
The Legislation further provides that the CSPG may choose to not disclose personal information in certain circumstances, including where the personal information is protected by any legal privilege, where the disclosure of the information would reveal confidential commercial information of the CSPG, and it is not unreasonable to withhold that information, where the personal information was collected by the CSPG or on its behalf for an investigation or legal proceeding, where the disclosure of the personal information might result in similar information no longer being provided to the CSPG when it is reasonable that it would be provided, or where the personal information was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act under an agreement, under an enactment, or by a court of law.
Individuals shall have the right to amend information about themselves to ensure its accuracy and currency. Subject to verification of identity, such access may requested by the individual by telephone, fax, mail, or electronic means. CSPG will not amend personal information consisting of opinions as opposed to fact.
8. Correction of Errors: In the event that an individual alleges errors or omissions in the personal information in the custody or control of the CSPG, the CSPG will either correct the personal information and, if reasonable to do so, and not contrary to any legal or client privilege, send correction notifications to any other organizations to whom we disclosed the incorrect information; or decide not to correct the personal information but annotate the personal information that a correction was requested but not made. Corrections or amendments will rarely, if ever, be made to opinions, including expert or professional opinions, as opposed to factual information.
9.Challenges: Individuals may address challenges to the CSPG's compliance with PIPP and the Legislation as follows:
a. Initial inquiries should be directed through the Business Manager to the IPO using the following contact information:
b. All such challenges shall be be addressed within thirty (30) working days of receipt.
c. Should an individual not receive a satisfactory response from the IPO, the individual may pursue their inquiry directly to the Executive Committee of the CSPG.
d. In the event of failure to reach an acceptable resolution at the Executive Committee level, the individual shall be free to address their challenge directly to the applicable Privacy Commissioner under the Legislation.
10. Decisions of CSPG Concerning Personal Information and Access
a. In any event where CSPG declines or refuses to provide access to information, or a portion of information, to an individual, or declines to amend personal information concerning an individual, CSPG will:
i. provide the individual with reasonable written particulars of the reasons of the CSPG for doing so,
ii. where such refusal is pursuant to PIPA, provide the individual with the provisions of PIPA on which the CSPG relies,
iii. provide the individual with the name and contact information of an individual who can answer any questions the individual may have,
iv. advise the individual that they have the right to appeal any decision of the CSPG to the applicable Privacy Commissioner, and,
v. provide the individual with the contact information for such Privacy Commissioner.
11. Amendment of Policy: The CSPG reserves the right to amend this PIPP from time to time in order to better comply with the provisions of the Legislation.
Canadian Society of Petroleum Geologists
Employee Personal Infomration Privacy Policy
1. Application: This Employee Personal Information Policy (the "Employee Privacy Policy") applies to the collection, use and disclosure of personal employee information (as defined below) by CSPG for reasonable purposes reasonably connected to establishing, managing and terminating employment. This Employee Privacy Policy applies to all employees of the CSPG, past, present and prospective.
The general Personal Information Privacy Policy ("PIPP") of CSPG will apply to employees of CSPG as well, provided that, where this Employee Privacy Policy conflicts with the provisions of the PIPP, the provisions of this Employee Privacy Policy with respect to employees shall take priority and over-ride the PIPP.
Personal information concerning employees that is not personal employee information shall be collected, used and disclosed pursuant to the PIPP.
2. Definitions:
a. An employee is someone employed by the CSPG, or someone who performs a service for, or provides a service to, the CSPG, and includes, in addition to full-time and part-time employees, a volunteer, a student, a temporary employee, and those in a contract or agency relationship with the CSPG. Volunteers who are also members of the CSPG shall be subject to PIPP and are not subject to this Employee Privacy Policy.
b. The term "employee personal information" refers to personal information reasonably required by the CSPG that is collected, used or disclosed for the purposes of establishing, managing or terminating an employment or volunteer relationship, but does not include personal information not related to that relationship.
c. "Contact information" refers to an individual's name and position or title, business telephone number, business address, business e-mail, business fax number and other business contact information. Contact information may be made publicly accessible for the purposes of allowing members, other employees and other members of the public to contact individual employees in their capacity as such for purposes of the business of the CSPG.
3. Importance of Privacy: The CSPG considers privacy and the protection of personal information to be a serious matter. Accordingly, all employees are expected, as a term of their employment, to be familiar with, and to abide by, the provisions of the PIPP and all policies, practices and procedures of the CSPG with respect to privacy and personal information.
4. Personal Employee Information:
a. The collection, use and disclosure of personal employee information is not subject to PIPEDA but is subject to PIPA.
b. PIPA provides that the CSPG can collect, use, and disclose an individual's employee personal information without consent if the individual is an employee of CSPG or if it is for the purpose of recruiting a potential employee, but only if:
i. the collection, use, or disclosure is reasonable for the purposes for which it is being collected, used, or disclosed;
ii. the information is related to the employment relationship with the CSPG; andiii. the CSPG has, with current employees, provided notification to the individuals in question before collecting, using or disclosing the information that the CSPG is doing so and the purposes for doing so. It is the policy of the CSPG to provide such notification in writing.
c. The CSPG will provide employees with reasonable written notification from time to time of personal employee information being collected, used or disclosed, and the purposes for the collection, use and disclosure of personal employee information.
d. Where practical, the CSPG will attempt to collect employee personal information directly from the person to whom the information pertains.
e. Where necessary, the CSPG will collect personal employee information from other sources. When collecting employee personal information from other sources, or when using or disclosing the personal information we have collected, we will, where required, first obtain the consent of the individual.
f. The CSPG collects, uses and discloses personal employee information for the following purposes:
i. To pay employees;
ii. To remit tax withholdings and other required remittances to the relevant tax authorities;
iii. To provide employee benefits;
iv. To evaluate, hire, reward, promote, demote, discipline or terminate employees.
5. Employee Inquiries and Concerns: Employees may submit any inquiries or concerns with respect to the collection, use or disclosure of their personal information in the manner provided in the PIPP from time to time by the CSPG
