CLIENT PRIVACY INFORMATION POLICY
Curtis Health Personalized Health Management Ltd, (Curtis Health) respects your right to privacy and takes your privacy seriously. Our mission is to ensure you and your personal information are protected. We are aware of the restrictions placed and policies on storing, accessing or disclosing your personal information and are obligated to and will do everything reasonable to comply with the provisions of the Freedom of Information and Protection of Privacy Act (FOIPPA)
We recognize that you have provided, and will, from time to time be providing us with personal information (information) such as your name, contact & financial information as well as information relating to your health, fitness and wellness.
As part of our ongoing service relationship with you, we use and retain your information for the purposes of completing sales, service and credit transactions with you, responding to your requests for products, services and information, improving our products and services, better understanding of your needs and including you in marketing campaigns, all as described in more details below.
The scope and application of this policy is as follows:
- This Policy applies to personal information about Curtis Health customers and other individuals that is collected, used or disclosed by Curtis Health.
- This Policy does not apply to information about Curtis Health corporate customers; however, such information is protected by other Curtis Health practices and policies and through contractual arrangements.
- This Policy does not apply to Curtis Health employees and agents; however, such information is protected by other Curtis Health practices and policies through and through contractual arrangements.
- This Policy is subject to change and may be modified or supplemented by addition terms applicable between Curtis Health and its customers.
Curtis Health is responsible for the personal information under its control and shall designate one or more persons who are accountable for its compliance with the following principles:
1.2 Curtis Health shall make known, upon request, the person or persons responsible to oversee the privacy policies.
1.3 Curtis Health is responsible for personal information in its possession or under its control. Curtis Health shall use appropriate means to protect personal information.
1.4 Curtis Health shall implement policies and procedures to give effect to the policy, including:
B). establishing procedures to receive and respond to inquiries or complaints;
C). training and communicating to staff about Curtis Health Policies and procedures; and;
D). developing public information to explain Curtis Health Privacy Policies and Procedures.
2. PURPOSE OF RETAINING CLIENT INFORMATION
Curtis Health shall identify and document the purpose for collecting personal information at or before the time the personal information is collected or, when appropriate, at, or before a time when the personal information is used for a new purpose.
Client information is obtained through a personal phone conversation, directly, online (secured) and through paper submission. Curtis Health will convey the Privacy Policies to the individual through the same means.
2.1 Information regarding the individuals’ personal health and lifestyle habits is collected for the following purpose:
a. to gather information pertaining to the individual’s fitness, health and lifestyle habits in order to develop a plan to assist the individual in obtaining their personal goals;
b. to market new services and products to the individual;
c. to meet legal and regulatory requirements;
d. for the purpose identified or obvious to individuals, in respect of particular respect of personal information;
e. to establish and maintain a responsible commercial relationship with customers
2.2 Curtis Health shall, as appropriate, specify orally, electronically or in writing, the identified purposes to the individual at or before the time the personal information is collected. Upon request, persons collecting the information shall explain the purposes or refer to the designated person within Curtis Health who shall explain the purposes.
3. CHANGING THE PURPOSE OF USE.
The purpose of using the personal information has no other use than to help the consultant draw up a plan and provide tools for the customer to seek an end to their means or to be able to contact the individual.
4. NON-IDENTIFYABLE INFORMATION
Curtis Health shall use appropriate methods to ensure personal information is secure and non-identifiable.
The knowledge and consent of an individual are generally required for the collection, use or disclosure of personal information. In certain circumstances, personal information can be collected, used or disclosed without the knowledge or consent of the individual, such as in the case of an emergency when the life, health or security of an individual is threatened.
Curtis Health may disclose information without the knowledge or consent to a lawyer or other advisor representing Curtis Health, to collect a debt or comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.
5.1 In obtaining consent, Curtis Health will use a reasonable effort to ensure that an individual is advised of the identified purpose on which the information shall be used or disclosed. The purpose shall be stated in a manner that can be reasonably understood by the individual.
5.2 Generally, Curtis Health shall seek consent to use or disclose information at the time of collection. However, Curtis Health may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.
5.3 Curtis Health will require the individual to consent to the use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is reasonably required to fulfill the identified purpose.
5.4 In determining the appropriate form of consent, Curtis Health will take into account the sensitivity of the information and the reasonable expectations of the individual.
5.5 Where consent is required for a particular use or disclosure. The individual may withdraw consent at anytime, subject to legal and contractual restrictions and reasonable notice. Individuals may contact Curtis Health for more information regarding the implications of withdrawing consent.
a. WHAT IS THE INFORMATION
- The Information collected is in the form of questionnaires regarding the overall state of the individuals’ health and wellness. This information is obtained either orally, written or electronically:
- Once the forms are gathered from the client. The Curtis Health consultant will review the information to assist in determining the most appropriate program for that client.
b. WHO PROVIDES AND COLLECTS THE INFORMATION
- The personal information is forwarded with approval to the individual via written fax, electronically or hand delivered.
- Personal information is collected by the Curtis Health team member who has the initial interview with the potential customer.
- If that consultant elects to work with the customer, then the consultant will create a program either by themselves or work with the Personal training program director. The information is then passed on to the administration office to be secured, input into the site secure website, or secured on file at the site.
c. HOW IS CONSENT GIVEN
Each of the forms stated above clearly contain a statement to be signed as proof.
d. INFORMING THE INDIVIDUAL THAT THEY MAY WITHDRAW CONSENT AT ANYTIME
As part of each of the consent statements, there is a sentence that informs the consultant that they are allowed to withdraw his or her consent at any time.
e. WHY IS CONSENT NOT GIVEN?
If consent is not given to complete the above forms then Curtis Health cannot take the individual as a customer.
f. TIME FRAME IN WHICH CONSENT IS MAINTAINED
Consent is maintained through the following:
a. until the client requests otherwise;
b. through a reasonable period of time that is indicates the information is no longer necessary or relevant.
6. PROCEDURES REVIEW SCHEDULE
Procedures are reviewed in the quarterly team meetings or as required. Changes in the personal information process is then determined and acted upon according to these practices.
7. DESTROYING PERSONAL INFORMATION
Curtis Health shall maintain reasonable and systematic controls, schedules and practices for information, records, retention and destruction which apply to personal information which is no longer necessary or relevant for the identified purposes or required or permitted by law. Such information shall be destroyed, erased or made anonymous.
- This process will be completed through a checklist system.
- Paper version is shredded.
- E-version is deleted
8. EXCEPTIONS TO THE ORIGINAL PURPOSE OF CONSENT AT THE TIME OF COLLECTION
Exceptions are made through the following process:
- Changes or exceptions to the original purpose of consent must be approved in writing or electronically by the Curtis Health program director.
- Any exceptions to the original purpose of consent must be approved in writing or electronically (secured) from the individuals
9. LIMITING USE OF PERSONAL INFORMATION
Curtis Health shall not use or disclose personal information for the purpose other than for which it was collected, except with the consent of the individual or that is otherwise required by law. Curtis Health shall retain information only as so long as necessary for the fulfillments of the purpose or as required or permitted by law.
10.1 Curtis Health may disclose an individual’s personal information to:
a. an agent used by Curtis Health to evaluate the individual creditworthiness or collect the individuals’ account;
b. a credit reporting agency;
c. Curtis Health, if it appears there is imminent danger to life or property, which could be avoided or minimized with the use or disclosure of information;
d. public authority or agent of a public authority, if in the reasonably judgement of Curtis Health;
e. a third party or agent of an individual, where the individual consents to disclosure as required or permitted by law.
10.2 Only Curtis Health employees or agents with a business need to know, or whose duties reasonably so require are granted access to an individual’s personal information.
11. HOW IS PERSONAL INFORMATION TRANSMITTED
Transmission of personal information is orally, written, fax or electronic (secured).
12. CUSTOMER COMMUNICATIONS
12.1 Curtis Health will make readily available to individual’s specific information about its policies and practices related to the management of personal information.
12.2 Copies of the policies will be made available upon request.
12.3 Upon request, Curtis Health will inform the individual of the existence, use and disclosure of their personal information, at a minimal or no cost to the individual. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
12.4 In certain circumstances, Curtis Health may not be able to provide access to all information that it holds about an individual. For example, Curtis Health may not be able to provide access to personal information if doing so would likely reveal information about a third party or could reasonably be expected to threaten the life or security of individual, may reveal commercial information, if the information is protected by solicitor – client privilege.
If access to the information is denied. Curtis Health will provide, upon request, a reason for the denial of information.
13. SECURITY SAFEGUARDS
Curtis Health will protect personal information by security safeguards appropriate to the sensitivity of the information.
13.1 Curtis Health will take all appropriate and reasonable steps to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use modification or destruction.
13.2 Curtis Health will take appropriate and reasonable steps to protect personal information disclosed to third parties, for example by contractual agreements stipulating the confidentiality of the personal information and the purposes for which it is being used.
13.3 In order to safeguard personal information, an individual may be required to provide sufficient personal identification information to permit Curtis Health to authorize access to the individual’s file.
13.4 Individuals can seek access to their personal file by contacting the designated representative at Curtis Health.
14. BREACH & RECOVERY MANAGEMENT
Curtis Health has a plan in place in the event that there is a breach of their security measures.
14.1 All Curtis Health staff has received training on the correct handling and storing of personal information to eliminate the event of information being seen by any unauthorized persons.
14.2 The client would be notified immediately of any breach of the security systems so that they would be in a position to protect them and to prevent any further damage.
14.3 Curtis Health has a contract with a Certified Computer Technician to maintain all of it computers. This individual would be called in, immediately, in the event of a breach to secure any affected computers.
15. PRIVATE INFORMATION COLLECTIONS PROCESS
Personal Information is collected from individuals through the following business services:
A. PERSONAL TRAINING – ADMINISTRATION OFFICE
B. PERSONAL TRAINING – DESIGNATED CORPORATE SITE
C. PERSON TRAINING – MEMBERS SOLUTIONS / VOLO SITE.
D. REGISTERED CLASSES – MEMBERS SOLUTIONS / VOLO SITE
E. FACILITY MEMBERSHIP PROCESSING – DESIGNATED CORPORATE SITE
F. ASSESSMENTS – AT THE DESIGNATED ASSESSMENT AREA FOR THAT PROJECT
A. PERSONAL TRAINING – DIRECT FROM ADMINISTRATION OFFICE
Delivering and retrieving confidential information
i. E-mail and Files
All e-mails pertaining to the transmission of personal information will contain the consent statement at the bottom of the e-mail text.
ii. Hard copy- mail
Each personal information form will contain a consent statement at the top of each form.
iii. Hard copy- in person
The same form is delivered to one of the onsite team to process and secure.
iv. Personal information- members solutions site
v. Personal training online registration
Compliant with FOIPPA and stored.
B. PERSONAL TRAINING – ON SITE
The same process is practiced as above.
i. Personal information transmission
All Personal Training Personal information is collected and secured on site. The Personal information is then transferred via courier, mail or in person to the Curtis Health administration office for security.
C. CLASS REGISTRATION PERSONAL INFORMATION – MEMBERS SOLUTIONS SITE
i. Class online registration.
Compliant with FOIPPA and stored onsite.
D. CORPORATE SITE MEMBERSHIPS PROCESS
i. Information is collected via hardcopy and delivered by the customer in person to the health and wellness centre.
ii. Personal information is then collected, filed and locked in the appropriate storage location in the health and wellness centre office.
iii. If there is no secure area in the health and wellness centre the information is delivered to a designated, secure, confidential location on site.
iv. All forms will follow standard industry practices and consent statements will be attached to forms.
Assessment forms are distributed in the methods described above and collected on site by a designated individual. This information is then placed on hardcopy file and maintained by the designated Curtis Health consultant.