The PIPEDA sets standards and regulations governing the collection, use and disclosure of personal information by private sector organizations.
This law impacts the way private corporations, federal agencies, not-for-profit organizations, and associations handle personal information. At the same time, it clearly establishes a code of practices to ensure that the personal information of Canadians is handled respectfully and privately.
The province of Quebec was the first jurisdiction in North America to enact comprehensive personal information protection legislation for the private sector. An Act respecting the Protection of Personal Information in the Private Sector sets out fair information practices for businesses operating in Quebec.
The provinces of Alberta and British Columbia enacted their own privacy laws, the Personal Information Protection Act of British Columbia, and the Personal Information Protection Act of Alberta, on January 1, 2004.
As other provinces enact similar legislation, organizations conducting commercial activity within a province will be subject to the provisions of their provincial laws rather than PIPEDA. However, PIPEDA will continue to regulate cross-border, inter-provincial and international trade, and commerce.
Definition of Personal Information
“Personal Information” is defined as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. This is a very broad definition and may encompass most types of information held such as race, medical, criminal, employment, and financial history. The legislation only applies to information collected, used, or disclosed during commercial activities.
The types of Personal Information that we may collect in order to fulfill the Purposes identified in Principle Two of this Policy include: name, address, country, email address, birthdate, gender, credit card information IP address, GPS location, device unique identifier and any other personal information you provide within the service.
However, Personal Information does not include certain prescribed sources of public information such as:
- Personal Information consisting of the name, address and telephone number of a subscriber that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the Personal Information appear in the directory;
- Personal Information including the name, title, address and telephone number of the individual that appears in a professional or business directory, listing or notice, that is available to the public, where the collection use and disclosure of the Personal Information relates directly to the purpose for which the information appears in the directory, listing or notice;
- Personal Information that appears in a registry collected under statutory authority and to which a right of public access is authorized by law, where the collection, use and disclosure of the Personal Information relate directly to the purpose for which the information appears in the registry;
- Personal Information that appears in a record or document of a judicial or quasi-judicial body, that is available to the public, where the collection and disclosure of the Personal Information relates directly to the purpose for which the information appears in the record or document; and
- Personal Information that appears in a publication, including a magazine, book or newspaper, in printed or electronic form, that is available to the public, where the individual has provided the information.
The Ten Privacy Principles
- My Care Crew shall inform individuals of the purposes for which Personal Information is collected at or before the time the information is collected. [Principle Two]
- My Care Crew requires the knowledge and consent of the individual for the collection, use, or disclosure of Personal Information, except in certain circumstances where consent is not required. [Principle Three]
- My Care Crew shall only collect Personal Information that is necessary for the identified purposes and such information shall be collected by fair and lawful means. [Principle Four]
- My Care Crew shall not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. My Care Crew shall only retain Personal Information as long as necessary for the fulfillment of such purposes. [Principle Five]
- My Care Crew shall ensure that Personal Information is as accurate, complete, and up to date as is deemed necessary for the purposes for which it is to be used. [Principle Six]
- My Care Crew shall protect Personal Information by establishing and operating security safeguards appropriate to the sensitivity of the information, which is held, and to prevent any unauthorized activity relative to the information. [Principle Seven]
- My Care Crew shall make available to individuals upon receipt of a written request, specific information about its policies and practices relating to the management of Personal Information and its complaints handling process. [Principle Eight]
- My Care Crew shall, upon the receipt of a written request from individuals, inform them of the existence, use, and disclosure of any Personal Information about them, and they shall be given access to such information except as may be limited by law. My Care Crew shall amend Personal Information as deemed appropriate to ensure continued accuracy. [Principle Nine]
- My Care Crew shall provide a means for individuals to challenge compliance with the above with My Care Crew’s Privacy Officer. [Principle Ten]
PRINCIPLE ONE: Accountability
We are responsible for all Personal Information under our control, whether supplied to us directly by you or by a third party, or that we have provided to a third party for processing.
Please see below to contact our Privacy Officer regarding your specific privacy questions or concerns.
PRINCIPLE TWO: Identifying Purposes
My Care Crew shall inform individuals of the purposes for which Personal Information is collected at or before the time the information is collected.
My Care Crew shall collect your Personal Information directly from you to:
- Register and establish your account;
- Communicate with you, email you with special offers and promotions relating to our services we think you might like;
- Conduct your messaging, texting or chat services;
- Process payment and billing information if pricing or fees implemented;
- Process e-commerce transactions;
- Understand who our customers and potential customers are and their interests in our product and services;
- Manage our relationship with you and other customers;
- Carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations;
- Help detect, prevent, or investigate security incidents, fraud, and other abuse and/or misuse of our products and services;
- To communicate with you about matters, including products, services, and promotions, that might be of interest to you;
- To improve the overall Website and Mobile Application experience;
- Provide you with information on our products and services;
- Train employees and monitor for quality assurance; and
- Act as required or as authorized by law.
If we require your Personal Information for any purpose other than as identified above, My Care Crew will seek your consent prior to using it.
PRINCIPLE THREE: Consent
My Care Crew requires the knowledge and consent of the individuals for the collection, use, or disclosure of their Personal Information, except in certain circumstances where consent is not required.
You can provide consent to the collection, use and disclosure of your Personal Information expressly or consent may be implied by your actions.
Express consent can be given orally or in writing. It is given by agreement or action on the part of the customer, to acquire or accept a product or service. For example, express oral consent can be given over the telephone, or express written consent can be given by signing a document, form or an agreement which may relate to Personal Information.
Express consent by an action can be given by clicking an accept button or checkbox on a computer screen. If oral express consent is given, we will document the conversation, specifically the name, date, and details of the conversation in either hard or soft copy within the appropriate customer account or file in order that it may be easily located and accessed should this be necessary.
Implied consent can be inferred from the relationship between the parties or from the nature of the dealings between the parties. For example, when you give Personal Information to our customer, sales or technical support teams, it is reasonable to infer that there is implied consent to the disclosure of that information in order to meet your needs.
Who Can Give Consent
Consent may be given by the individual or by an authorized representative (such as a person having power of attorney, or a legal guardian). My Care Crew will verify authorization by requesting identification of the representative, the reason for representation, and if applicable, the approval of representation by the applicable individual.
When consent is not required:
Knowledge and consent are not required in many circumstances under the law for the collection, use and disclosure of Personal Information, such as:
- Where it would compromise the availability or accuracy of the Personal Information relating to the breach of an agreement or the contravention of any law, including the detection and prevention of fraud;
- For compliance with subpoenas, search warrants, and other court or government orders;
- When Personal Information is transferred to lawyers retained by My Care Crew pursuant to the contractual obligation in the insurance policy to defend legal actions against the insured;
- When, under exceptional circumstances, My Care Crew may, under a public requirement, disclose Personal Information to appropriate authorities in matters of significant public interest;
- Where the individual is a minor, seriously ill, or mentally incapacitated, and seeking consent is impossible or inappropriate;
- Where the Personal Information is publicly available and is specified by the regulations; and
- When required by law.
Withdrawing your consent:
Subject to certain legal and contractual restrictions and reasonable notice, you may refuse or withdraw consent to the collection, use or disclosure of Personal Information at any time by notifying our Privacy Officer in writing. In addition, you may also opt out of certain communications we may send you regarding other products and services. However, you should be aware that withdrawing your consent may affect our ability to respond to your insurance needs.
PRINCIPLE FOUR: Limiting Collection
My Care Crew shall only collect Personal Information that is necessary for the identified purposes mentioned above and such information shall be collected by fair and lawful means.
We only collect information that we require to do business with you. We will collect it openly, fairly and lawfully.
PRINCIPLE FIVE: Limiting use, disclosure, and retention
My Care Crew shall not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. My Care Crew shall only retain Personal Information if necessary for the fulfillment of such purposes.
Disclosure to Third Parties
We may disclose your Personal Information to third parties. Third parties are also subject to PIPEDA and other applicable privacy legislation. Only those companies or individuals who are authorized, based on their need to carry out work for the purposes identified in Principle Two, can have Personal Information disclosed to them.
These third parties that help us bring you the products and services we offer and to create, operate, and maintain our Website and Mobile Application. For example, we may work with third parties to:
- manage a database of customer information;
- assist us in distributing emails;
- assist us with direct marketing and data collection;
- provide data storage and analysis;
- provide fraud prevention;
- provide customer service;
- provide e-commerce services;
- providing messaging/chat services;
- provide website and mobile application development and maintenance;
- process payment information;
- provide other services designed to assist us in developing and running our Services and maximizing our business potential. We require that these outside companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us; and
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
Furthermore, should My Care Crew become involved in any business transaction including purchase or sale, merger or amalgamation or a financing arrangement, pertaining to any of its business assets, your Personal Information may need to be shared with applicable third parties to complete such a transaction.
Disclosure Outside of Canada
My Care Crew may use service providers located outside of Canada or related companies located outside of Canada to collect, use, disclose or store your Personal Information. Only those companies or individuals, who are authorized, based on their need to carry out work for the purposes identified in Principle Two, can perform such functions.
Where your Personal Information is collected, used, disclosed or stored outside of Canada, we will attempt to contractually protect it, however, it may be subject to the laws of that jurisdiction and may be accessed by the courts, law enforcement and national security services of that jurisdiction.
The jurisdictions where Personal Information may be collected, used, disclosed, and stored include the United States of America. To obtain further information on My Care Crew’s policies and practices with respect to service providers outside of Canada you may contact the My Care Crew Privacy Officer.
The retention periods for Personal Information are consistent with My Care Crew’s Record Retention Policy and Schedule, which in turn meets provincial and federal legislation requirements.
Your Personal Information will only be retained for as long as necessary for My Care Crew to serve you or as long as may be required for legal purposes. As soon as any of the Personal Information reaches its maximum retention period, it is either destroyed, made anonymous, or archived from operating systems to a secured, limited access site.
Personal Information that still serves an identified purpose may be retained indefinitely provided that it is archived outside of the regular operating environment with more restrictive accessibility.
PRINCIPLE SIX: Accuracy
My Care Crew shall ensure that Personal Information is as accurate, complete, and up to date as is deemed necessary for the purposes for which it is to be used. However, data provided by the user is only as accurate as provided. You are responsible for making sure your data, as provided, is accurate, complete, and up to date, and should review your account regularly for accuracy.
If My Care Crew has any doubt about your Personal Information being accurate, complete and/or up-to-date, given that there is a business need, you may be contacted to verify the information currently available, and amendments shall be made where necessary.
PRINCIPLE SEVEN: Safeguards
My Care Crew shall protect Personal Information by establishing and operating security safeguards appropriate to the sensitivity of the information, which is held, and to prevent any unauthorized activity relative to the information.
Responsibility for safeguarding:
My Care Crew is responsible for safeguarding your Personal Information from loss, theft, unauthorized access, disclosure, copying, use, or modification, regardless of the format in which it is stored.
Methods of Safeguarding
The nature of the safeguards will vary depending on sensitivity, amount, distribution, format and method of storage of the Personal Information. In general, the following are observed:
- Personal Information is not left unattended out in the open;
- Access to Personal Information is only permitted when a legitimate business need exists;
- Personal Information is not photocopied, modified, disclosed, or destroyed without the specific consent and order of the responsible employee;
- When information is supplied to a third party, only necessary information is released;
- No unescorted individual is given access to floors where sensitive information is retained;
- Passwords are changed on a periodic basis, and are not shared under any circumstances;
- Sensitive files are segregated and only authorized individuals allowed access;
- All mail received after hours is secured in the mail and supply area;
- Information of a sensitive nature is transferred to third parties by secure means; and
- Offsite information is stored in a secure location.
My Care Crew employees are required to be diligent about safeguarding Personal Information.
Information Received from Third Parties
My Care Crew employees adhere to the same diligence for Personal Information received from outside My Care Crew and adhere to any higher standard of third parties if so contracted.
Destruction of Information
All Personal Information that is no longer required for its original purpose and has reached its maximum retention period shall be destroyed, erased, made anonymous, or archived to the secure limited access site.
PRINCIPLE EIGHT: Openness
My Care Crew shall make available to individuals upon receipt of a written request, specific information about its policies and practices relating to the management of Personal Information and its complaints handling process.
Upon request, My Care Crew will provide an explanation of its Policy with respect to the management of Personal Information. You can contact our Privacy Officer with any inquiries or complaints or if you require further information.
PRINCIPLE NINE: Customer Access
My Care Crew shall, upon the receipt of a written request from individuals, inform them of the existence, use, and disclosure of any Personal Information about them, and they shall be given access to such information except as may be limited by law. My Care Crew shall amend Personal Information as deemed appropriate to ensure continued accuracy.
Requests for disclosure must be made in writing, email, or letter. We respond to all requests within 30 days.
It is important to verify that the individual requesting information is in fact the person in question. For this reason, we demand that all inquiries be in writing and that our responses, also in writing, are sent to the registered official account email address we have on file. Any alternative handling will require mandatory validation of the requestor’s identity and address information.
My Care Crew will assist any individual who needs help in preparing the request.
Any responses shall be provided in an understandable manner with adequate explanation of abbreviations or codes. Upon request, My Care Crew will provide access to Personal Information in an alternative format for individuals with sensory disabilities, if conversion to an alternate format is reasonable and necessary.
Timeframe for Responding to the Request
Responses shall be made within 30 days of receipt of the request. However, if an extension is required, a notice of extension for up to an additional 30 days will be sent to you, within 30 days of receipt of the request, stating the reasons for the extension, the new time limit and explaining your right to complain to the Privacy Commissioner of Canada, or if applicable, the Provincial Privacy Commissioner about the extension.
Refusal of Request for Disclosure
If a request for disclosure is denied, we will provide an explanation. The individual will be informed that he/she can challenge the denial of the request through My Care Crew’s Privacy Officer via the Complaints Handling Process [see Principle Ten: Challenging Compliance] or the Federal or Provincial Privacy Commissioner.
Examples of acceptable reasons for non-disclosure include:
- Prohibitive cost;
- Personal Information that contains information about other individuals that cannot be severed;
- Legal and security litigation, or commercial proprietary reasons; and
- Disclosure could reasonably be expected to threaten the life or security of another individual.
If you successfully demonstrate the inaccuracy or incompleteness of Personal Information, My Care Crew will amend the information, as required (correction, deletion, addition). Where appropriate, the amended information shall be transmitted to applicable third parties having access to the information in question.
Maintenance of Records
All amendments resulting from this process are formally recorded with an explanation given, if necessary.
When a challenge is not resolved to the satisfaction of the individual, My Care Crew shall record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
Personal Information that is the subject of a request or has been used to make a decision about an individual shall be retained as long as is necessary to allow the individual to exhaust any recourse that they may have under the applicable privacy legislation.
Cost of the Disclosure
We may charge you for providing access to your information but only after first advising you of the approximate cost.
PRINCIPLE TEN: Challenging Compliance
My Care Crew shall provide a means for individuals to challenge compliance with the above with My Care Crew’s Privacy Officer.
Recognizing and Recording a Complaint or Inquiry
For an inquiry/complaint on privacy that is received via telephone: the Privacy Officer’s address information will be provided along with advice to the individual to put his/her inquiry/complaint in writing or email to our Privacy Officer.
The Privacy Officer or designate receives all inquiries and complaints, coordinates responses, ensures responses meet Privacy requirements, and ensures that responses are timely.
All Privacy complaints received are investigated. If we find a complaint is justified, My Care Crew attempts to resolve it. If necessary, we modify our policies and procedures to ensure that other individuals will not experience the same concerns.
The investigation will involve a review of the facts in order to understand your complaint by:
- Referring to the individual account;
- Discussion with staff member(s) who were dealing with the individual or account; and
- Any other sources or documentation that may provide relevant information.
Acknowledging and Responding
If the inquiry/complaint cannot be resolved immediately, we will advise you that your inquiry/complaint is being reviewed and when you can expect an answer. If you have any concerns about our policy or treatment of your Personal Information and we have not been able to resolve it, you will be advised to contact the office of the Privacy Commissioner of Canada, or if applicable, the Provincial Privacy Commissioner. Our Privacy Officer will provide this contact information on request.
The Privacy Officer or designate will, if warranted and appropriate, contact you to verify whether or not the matter has been resolved satisfactorily.
If the solution means that My Care Crew needs to alter its practices and procedures, then the Privacy Officer or designate is responsible for ensuring such changes are made.
Monitoring of Privacy Complaint Handling Procedures
On a periodic basis, the Privacy Officer or designate will review the complaints process to ensure a fair, appropriate, and prompt process is in place.
Updates to our Policy
Date policy posted: 19/12/2020
How to contact My Care Crew’s Privacy Officer
- Phone: +1 (813) 760-0060
- Website: mycarecrew.co
- Email: firstname.lastname@example.org
- Postal Address:
- My Care Crew, LLC
- Attn: Privacy Requests
- 1402 Harbour Walk Road
- Tampa, FL 33602