SureHire Inc. Privacy Policy

 

Introduction

We are dedicated to protecting the personal information of our customers and employees.  Our privacy policy is a formal statement of principals concerning the minimum requirements for the protection of personal information provided by our customers and employees.  We are committed to meeting or exceeding the privacy standards established by federal and provincial legislation.  Our information handling practices comply with the Personal Information Protection Act (Alberta), and the Personal Information Protection and Electronic Document Act (Canada).
  

Scope and Application

The scope and application of our privacy policy are as follows:

 

  • The policy applies to personal information about our individual customers and employees that is collected, used or disclosed by us. For greater certainty, this policy specifically applies to the results of drug and alcohol testing, health examinations, critical strength and mobility testing and occupational testing.
  • The policy applies to the management of personal information in any form whether oral, electronic or written.
  • The policy does not impose any limits on the collection, use or disclosure of the following information by us:

     

    • A customer's name, address, telephone number and e-mail address, when listed in a directory or available through directory assistance;
    • An employee's name, title, business address (including email address) or business telephone or fax number; or
    • Other information about the customer or employee that is publicly available and is specified by regulation pursuant to Personal Information Protection Act or the Personal Information Protection and Electronic Documents Act.

 

Our Ten Privacy Principals

We are committed to maintaining the accuracy, confidentially and security of your personal information.  As part of this commitment, we have established ten privacy principles that govern our information handling practices.  These principles are:

 

Principle 1 - Accountability
We are responsible for personal information under our control and we have designated one or more persons who are accountable for our compliance with the privacy principles.

 

Principle 2 - Identifying Purposes For Collection of Personal Information
We identify the purposes for which personal information is collected at or before the time the information is collected.

 

-With respect to the collection of personal information for the purposes of drug and alcohol testing, health examminations, critical strength and mobility testing and occupational testing, please refer to the SureHire Inc. Client Consent/Release/Authorization/Acknowledgement Form.

 

Principle 3 - Obtaining Consent for Collection, Use, or Disclosure of Personal Information
We obtain the customer's consent to the collection, use or disclosure of personal information, except where required or permitted by law.

 

Principle 4 - Limiting Collection of Personal Information
We limit the collection of personal information to that which is necessary for the purposes identified.  We collect personal information by fair and lawful means.

 

Principle 5 - Limiting Use, Disclosure and Retention of Personal Information
We do not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.  We retain personal information only as long as is necessary for the fulfillment of those purposes.

 

-With respect to the use, disclosure and retention of personal information for the purposes of drug and alcohol testing, health examinations, critical strength and mobility testing and occupational testing, this personal information is disclosed as indicated on the SureHire Inc. Client Consent/Release/Authorization/Acknowlegement Form.

 

Principle 6 - Accuracy of Personal Information
Personal information is maintained in as accurate and up to date form as is necessary to fulfill the purposes for which it is to be used.

 

Principle 7 - Safeguarding Personal Information
We protect personal information by employing security safeguards appropriate to the sensitivity level of the information.

-All personal information collected in relation to drug and alcohol testing, health examinations, critical strength and mobility testing and occupational testing is protected by the following safeguards: (a) a unique confirmation number which limits access to the personal information when stored in electronic format; (b) all parties authorized to access specific personal information are assigned a username and password; (c) all personal information in written form is secured by lock and restricted physical access; (d) all personal information in electronic form is protected by 128 bit SSL (secure socket layer) and encrypted with AES256 before storage on the secure server.

 

Principle 8 - Openness Concerning Policy and Practices
We make available to our customers and employees information concerning the polices and practices that apply to the management of their personal information.

Principle 9 - Customer and Employee Access to Personal Information
Upon request, customers and employees will be informed of the existence, use and disclosure of their personal information, and be given access to it, subject to certain circumstances in which the organization is either prohibited or not required to provice access.  Customers and employees may verify the accuracy and complteness of their information, and may request that the information be ammended where appropriate.

 

Principle 10 - Handling Customer Complaints and Suggestions
Customers or employees may direct any questions or inquiries with respect to the privacy principles outlined above or about our practices by contacting our privacy officer.

 

What Information is Collected?
Most of the information we collect comes directly from you, and only with your consent.  The information we ask for depends on the nature of your request and is limited to the information needed to process that request or to provide you with better service.

 

How Your Information is Used
We use your personal information to communicate with you, to deliver products and services you have requested, to provide you with the information about additional products and services that we believe might be of benefit and interest to you.

 

Disclosing Information to Outside Parties
We are obligated to keep you personal information confidential at all times, except under the following circumstances:

-When Authorized by you (for example, individuals who have authorized us to release their test results to company's designated representative);
-When required or otherwise authorized by law.

 

Safeguarding Your Information
We maintain security standards to ensure that your personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse.  Our safety and security measures are appropriate to the sensitivity of the information.

 

Accessing and Amending Your Information
As a customer, or employee, you have the right to access, verify and amend the personal information held by our organization, subject to certain circumstances in which the organization is either prohibited or not required to provide access.  To submit a request for access to your personal information, please contact our privacy officer.

 

Questions, Concerns and Complaints

If you have questions about our privacy policies or have a concern or complaint about privacy, confidentiality, or our information handling practices, please contact our privacy officer.

Contact Information
If you have any questions, please contact our Privacy Officer at:

SureHire Inc.
#105, 7611 Sparrow Dr.
Leduc, AB  T9E 0H3

Attention: Kyle Powell
Telephone: 780.980.2222
Fax: 780.980.3663

For a copy of the Personal Information Protection and Electronic Documents Act, please access the Privacy Commissioner of Canada website at www.privcom.gc.ca.

For a copy of the Personal Information Protection Act, please access the information management, access and privacy website: www.psp.gov.ab.ca.


Notice to Employees

Since January 1, 2004, our organization has been subject to the Personal Information Protection Act ("PIPA").  This legislation governs the manner in which we collect, use, and disclose information about individual customers and employees.  Failure to comply with the legislation may resut in a fine of $10,000.00 for an individual or $100,000.00 for an organization.  The legislation does not apply to information gathered from corporations.

As of January 1, 2004, you must obtain consent to collect, use, and disclose new personal information provided by individual customers.  A form has been developed for this purpose.  Under the new legislation, our organizations obligations are as follows:

 

  • We are responsible for personal information under our control and have appointed Kyle Powell as our Privacy Officer who will oversee our compliance with the privacy legislation, respond to requests for access to personal information, and address questions or concerns from customers and employee.
  • You must keep all personal information concerning our customers and employees in strict confidence.
  • In our dealings with individual customers, we must identify the purposes for which personal information is collected and obtain the customer's consent to the collection, use or disclosure of the information.  A consent form has been developed for this purpose (specifically, the "SureHire Inc. Client Consent/Release/Authorization/Acknowlegement Form").  Please ensure that the individual customer completes this form at the time that the personal information is collected.
  • Customers may ask about our privacy policies and practices and we are obligated to assist them.  Should you receive such a request, please redirect the customer to our Privacy Officer.

 

Individual customers have the right to request access to personal information we hold about them, and we are obligated to assist them with their request, subject to certain circumstances in which the organization is either prohibited or not required to provide access.  Individual customers may verify the accuracy and completeness of their information, and may requeset that the information be amended where appropriate.  Should you receive such a request, please redirect the customer to the privacy officer.


Duties of a Privacy Officer When a Request for Access or Correction to Personal Information is Made by an Individual

When an individual customer or employee makes a request for access to the personal information, an organization must provide ther individual with access to the following:

 

  • The individual's personal information that is in the custody or control of the organization;
  • The purpose for which the personal information in the custody or control of the organization has been used by the organizations;
  • The names of the outside parties to whom and the circumstances in which the personal information has been disclosed.

An organization may refuse to provide information to the individual if:

  • The information is protected by legal privilege;
  • The disclosure of the information will reveal confidential information that is commercial in nature and it is not unreasonable to withold that information;
  • The information was collected for an investigation of legal proceedings;
  • The information was collected by a mediator or arbitrator or is created during a mediation or arbitration;
  • The information may be used in a prosecutorial discretion.

An organization shall not provide access to personal information if:

  • The disclosure of the information could be expected to threaten the life or security of another individual;
  • The information would reveal personal information about another individual;
  • The information would reveal the identity of the individual who has provided an opinion about another individual and the individual providing the opinion does not consent to disclosure of his or her identity.

If an organization is reasonably able to sever the information referred to in the paragraph above from a copy of the records that contains the personal information about the individual who requested it, then the organization must provide the individual with access to the record and the information has been severed.

 

Right of the Individual to Request a Correction

An individual may request an organization to correct an error or omission of the personal information about the individual under the control of the organization.

If there is an error or omission in the personal information, and a request for a correction is received by an organization, the organization must correct the information as soon as reasonably possible and if the organization has disclosed the incorrect information to other organizations, it must then send out a notification containing the correct information to each organization to which the information was disclosed, if reasonable to do so.

If an organization decides not to make the correction as requested by the individual, the organization must annotate the personal information under its control with the correction that was requested to be made but not in fact done so.

When an organization receives a correction of personal information from another organization, the organization which receives the correction must correct the personal information in its custody or under its control.

An organization does not have to correct or otherwise alter an opinion including a professional or expert opinion.

 

How to Make a Request

For an individual to obtain access or make a request for correction to their personal information, the request must be made in writing which has sufficient detail to enable the organization to identify the information requested.  The individual may ask for a copy of the record which contains the personal information.

 

Duty to Assit

An organization must make every reasonable effort to assist the applicant and to respond to each applicant as accurately and completely as reasonably possible.  Furthermore, at the request of the applicant, the organization, if reasonable  to do so, must explain every code, term or abbreviation in the record provided to the applicant.

 

Time Limit For Responding

Under PIPA, an organization must respond to an applicant not later than 45 days from the day the organization received the applicant's written request.  The organization may ask for an extension of time period in which to respond.  An organization may, with respect to a request made for personal information extend the time period for responding to the request by up to an additional 30 days or with the commissioner's permission for a longer period of time.

If an organization requires an extension greater than 30 days to respond to the request, they must explain to the commissioner that:

 

  • The request does not have enough detail to allow the organization to identify the personal information or record relating to the information;
  • A large amount of personal information requested must be searched;
  • Meeting the time limit would unreasonably interfere with the operation of the organization;
  • Additional time is needed with another organization or with the public body before the organization is able to determine whether or not the individual should be permitted access to the requested personal information.

 

If an extension is granted, an organization must inform the applicant of the reason for the extension, the time when a response from the organization can be expected and that the applicant has the ability to ask for a review under Section 46 of PIPA.

 

Content of Response

  • When responding to a response for personal information, the organization must inform the applicant:  Whether the applicant will be given access to all or part of his personal information;
  • When access will be given;
  • If access to all or part of the applicant's personal information is refused, the organization must inform the applicant as to the reasons for the refusal and the provisions of PIPA on which the refusal is based, as well as the name for the person who can answer on behalf of the organization for the applicant has questions about the refusal.  Furthermore the applicant must be advised that they can ask for a review under section 46 of PIPA.

 

How Access Will be Given

If an individual is granted access to their personal information the organization must provide a copy of the applicant's personal information if a copy is requested for and can be easily reproduced.  If the applicant has asked to examine the record relating to the applicants personal information or the record cannot reasonably be reproduced, the organization must permit the applicant to examine the record or part of the record.

 

Fees

An organization is able to charge an applicant who makes a request for personal information a fee for access to the applicant's personal information which must conform with the guidelines set out in the regulations.

If an organization intends to charge a fee, the applicant must be given a written estimate of the total fee for the service and the organization may require the applicant to pay the deposit prior to the information being provided.

SureHire News

SureHire News

Welcome to the newly re-designed SureHire website.

Check here for important news and updates.
SureHire News

Not A Client?

Request a Quote
 
Go to SureHire Company Blog