At the BC Pharmacy Association (BCPhA) our commitment to protecting the confidentiality and security of our members’ Personal Information has, is, and always will be an integral part of our core values. Since we are a society incorporated under the Society Act in BC, it is the Personal Information Protection Act (PIPA) that governs how we manage personal information.
We do not sell, trade or rent any Personal Information to any organization for any purpose, at any time. We share members' personal information only with service providers that are contracted to provide membership benefits and services: educational events, member benefits services (phone, hotel, discount coupons, etc.,) and member support services (practice support, job board resume, advocacy, counselling referral, audit defence, interpretation of regulations, lawyer referral, etc.) after they have contracted to abide by applicable legislation.
Employees are trained in their privacy obligations and must exercise discretion and only access Personal Information when they have a legitimate business purpose. Compliance with privacy regulations, and all other prevailing legislation, is a condition of employment at BCPhA.
What is Personal Information?
Under the Personal Information Protection Act (PIPA), Personal Information is broadly defined as information, oral, written or electronic, about an identifiable individual. Personal Information includes, but is not limited to, the following:
- Name, home address, home telephone number, home fax number and home email address
- Age, gender, family and marital status
- Identification numbers (such as Diploma, Social Insurance or driver’s license)
- Financial and employment information
- Credit rating, payment records
- Medical and health information
- Images of a person
What is Not Personal Information?
Under PIPA, Contact Information is not considered Personal Information and means information to enable an individual at a place of business to be contacted and includes the name, position name or title, business telephone number, business address, business email or business fax number of the individual and.
Also, any data that we have collected in which all the “personal identifiers” have been removed, making it impossible to determine the identity of the person to whom it relates, is also not considered Personal Information.
Why Do We Ask For Your Personal Information?
These are the types of information that the BCPhA collects, either directly or indirectly:
Name, date of birth (optional) ,home address, home telephone number, home fax number, home email address
Diploma number, graduation year, School, Date of CPBC registration, additional certification
Payment records of membership and services (by cash, cheque or credit card)
Event registrations, benefits and services preferences
Employee and Job Applicants Personal Information
The BCPhA may collect Demographic, educational, financial, medical and health, and contact information of the purposes of establishing, managing and terminating the employment relationship.
Why do we collect Personal Information?
We collect Personal Information:
- to register applicants for membership, using faxes, mail or online forms
- to respond and provide information regarding membership or BCPhA activities or announcements
- to register applicants for events like conferences and training events when we use third party event digital online applications
- to register applicants for member benefits such as insurance coverage, phone, hotel, car rentals, cinema tickets, fairs, discount coupons, provided directly by third party providers
- to register applicants for member benefits services such as journal subscription, sport events, counselling referral, lawyer referral, wealth management, provided directly by third party providers
- to register applicants for member benefits services such as job board resume posting provided by BCPhA
- to register applicants for member benefits services such as advocacy, audit defence, interpretation of regulations, practice support, provided by BCPhA
- to publish columns in the magazine or newsletters, like the Tablet or Practice Updates
- to respond to member requests for other administrative services provided by BCPhA staff
- to publish interviews published online using video or the Tablet
- to publish discussions, interviews and profiles on social media platforms
All matters regarding privacy are handled by the Privacy Officer, Gary Mui: firstname.lastname@example.org or (604) 261-2092
The Privacy Officer is responsible for monitoring compliance on a continuous basis update the CEO regularly on the state of the privacy management program.
Privacy Impact Assessment
If appropriate, a Privacy Impact Assessment may be undertaken (led by the Privacy Officer) whenever there is a change in the process or system of collecting, use or storing of Personal Information.
Our Ten Privacy Principles
Policy 1 - Accountability
The BCPhA is responsible for Personal Information under its custody and control and will ensure that it takes reasonable steps to comply with the legislation and principles for the protection of privacy. Besides collecting Personal Information directly, we share members' Personal Information only with service providers that are contracted to provide membership benefits and services: educational events, member benefits services (phone, hotel, discount coupons, etc.,) and member support services (practice support, journal subscription, job board resume, advocacy, counselling referral, audit defence, interpretation of regulations, lawyer referral, etc.) after they have contracted to abide by applicable privacy legislation.
Policy 2 - Identifying Purposes
The BCPhA will identify the purposes for which Personal Information is collected at or before the time the information is collected and will ensure that the purposes are limited to what a reasonable person would consider appropriate in the circumstances.
Policy 3 – Obtaining Consent
The knowledge and consent of the individual is generally required for the collection, use, or disclosure of Personal Information, except where inappropriate. This consent may be withdrawn by contacting the Privacy Officer.
Note: In certain circumstances Personal Information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information.
Policy 4 - Limiting Collection
The BCPhA will limit the collection of Personal Information to that which is considered necessary for the purposes it has identified.
Policy 5 - Limiting Use, Disclosure, and Retention
The BCPhA will not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or as otherwise permitted or required by law. Personal Information will be retained only as long as necessary for the fulfillment of those purposes or as required by legislation.
Policy 6 - Accuracy
Personal Information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Policy 7 - Safeguards
The BCPhA will use security safeguards appropriate to the sensitivity of the information to protect Personal Information.
Policy 8 - Openness
The BCPhA will make available on request to individuals specific information about its policies and practices relating to the management of Personal Information.
Policy 9 – Giving Individuals Access
Upon request applicants will be informed of the existence, use, and disclosure of his or her Personal Information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and to request correction.
Policy 10 – Providing Recourse
The BCPhA will have a process in place so that an individual can challenge the BCPhA’s compliance with the Personal Information Protection Act.
Canada's Anti-Spam Law (CASL)
The BCPhA is compliant with Canada's Anti-Spam Law (CASL) introduced in 2014 and only sends communications to those who have provided expressed or implied consent. BCPhA is allowed to rely on implied consent for all active members or recently inactive members (e.g., two years after ending membership) which is defined as an existing business relationship.
We provide the option for members to opt-out of any of our communications with an opt-out link on emails or a fax number to reply to on fax transmissions. Express consents will be obtained by 1 July 2017 as required under CASL.
If members wish to opt-out of such communications, they will be missing out on many of the important member benefits of the BCPhA, but they can choose to do limit the use of their Personal Information by emailing their request to email@example.com.
However, it is also possible that the BCPhA may not be able to fully accommodate members’ choices yet manage membership as required by its bylaws. BCPhA commits to discuss any obstacles with members so as to arrive at a reasonable accommodation balanced by compliance with the prevailing legislation.
BCPhA keeps a record of all express consents, unsubscribe requests and withdrawals of consent by noting these on its digital member and contacts iMIS database.
BCPhA has enacted procedures to implement these policies. For more details please contact the Privacy Officer.