Privacy Policy
This Privacy Policy was last updated in March 2019.
This Privacy Policy describes how ICDTA® collects, uses, and discloses information associated with an identified or identifiable individual (referred to in this Privacy Policy as “Personal Information”). This policy applies to all users of ICDTA®’s services and offerings.
Your privacy is important to us. If you have any questions, please do not hesitate to contact us.
Definitions
Personal Information
“Personal Information” refers to information about an identifiable individual and includes employee or volunteer personal information, subject to applicable exceptions. Personal information does not include business contact information or work product information.
Collection
“Collection” means the act of gathering, acquiring, or obtaining personal information from any source, by any means.
Consent
“Consent” involves a voluntary agreement with what is being done or proposed. Consent may be express or implied.
Express Consent
“Express Consent” signifies that an individual, knowing what personal information is being collected and for what purposes, willingly agrees to the information being collected, used, and disclosed as notified. It may be given in writing or verbally.
Implied Consent
“Implied Consent” exists when an individual is “deemed” to consent to the collection, use, or disclosure of personal information if the individual voluntarily provides it for a purpose that would, at the time, be considered obvious to a reasonable person.
Accountability
Confidentiality
ICDTA® is responsible for the confidentiality of personal information in its custody or under its control in compliance with the applicable privacy legislation.
Privacy Officer
ICDTA® has appointed a Privacy Officer, who is responsible for implementing the privacy program.
Compliance by All
All ICDTA® directors, officers and employees are responsible for day-to-day compliance with our Privacy Policy.
Consent
Collection, Use, or Disclosure
ICDTA® will collect, use, or disclose personal information only with knowledge and consent, except where required or permitted by law.
Applicable Privacy Laws
Knowledge and consent to the collection, use, and disclosure may not be required under applicable privacy laws where the collection, use, and disclosure of personal information is in relation to a law enforcement matter or where compelling safety issues exist.
Implied & Explicit Consent
Consent may be implied in some situations while express consent is required for the collection, use, and sharing of confidential and sensitive information. ICDTA® reserves the right to disclose information where required or permitted by law.
Consent Withdrawn
Consent may be withdrawn at any time, on reasonable notice, subject to legal or contractual restrictions.
Identifying Purposes
Communication
ICDTA® will always endeavor to communicate the purposes for which personal information is collected at or before the time the information is collected, except as otherwise permitted under applicable privacy laws.
Common Collection
Generally, ICDTA® collects personal information for the following reasons:
- To develop, manage, and deliver services to its clients, including by conducting online student threat assessments within the education sector;
- To meet regulatory and reporting requirements of governmental authorities;
- To hire, manage, and terminate staff.
Limiting Collection, Use, Disclosure and Retention
Limited Collection
ICDTA® will limit the collection of personal information to what is necessary for the purposes for which it is collected.
Collection Methods
ICDTA® collects personal information by fair and lawful methods.
Usage
Personal information will only be used or disclosed for the purpose for which it was collected, except with the individual’s consent or as required or permitted by law.
Retention
Personal information will be retained only as long as necessary for fulfillment of the purposes for which it was collected, or as required or permitted by law.
Safeguards
ICDTA® protects personal information by ensuring security safeguards appropriate to the sensitivity of the information are in place, including through the use of the following measures:
Physical
Examples:
- Locked filing cabinets,
- Restricted access,
- Appropriate security measures when disposing of personal information.
Organizational
Examples:
- Security clearances,
- Access only on a “need to
know” basis.
Technological
Examples:
- Passwords,
- Firewalls,
- Data encryption,
- Data disconnection from the Internet,
- Regular backups
- Training of employees and contractors.
Accuracy
Complete Information
ICDTA® will make reasonable efforts to ensure that personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, ICDTA® relies on individuals to ensure that certain information, such as an individual’s home telephone number, is current, complete, and accurate.
Communication
From time to time, ICDTA® may contact the individual to ensure that the information collected is or remains accurate and up-to-date.
Right Of Access
Transparency
ICDTA® is open about the policies and procedures it uses to protect personal information. Any inquiries may be made to our Privacy Officer.
Personal Information Requests
Upon written request, ICDTA® will, within a reasonable time period, tell the individual what personal information it has, for what purposes it is being used, and to whom it has been disclosed, if applicable, and within the time period for which records are available.
Accuracy
Individuals may challenge the accuracy and completeness of their information and have it amended if it is inaccurate, incomplete, or out-of-date.
Disclosure
In certain circumstances, ICDTA® may refuse to disclose personal information, including:
- where required by law, certain personal information may not be disclosed;
- where the information contains personal information about another individual;
- where the information is of such a nature that its disclosure could reasonably be expected to prejudice the mental or physical health of the individual;
- where the information was gathered in the course of a formal dispute resolution process;
- where the information is subject to solicitor-client communication, attorney work product, or litigation privilege.
Compliance and Contact Information
Requests for access to information, issues, or complaints about SST’s compliance with this Policy regarding the handling of personal information, and questions or comments about this Policy may be addressed to the ICDTA®’s Privacy Officer:
Theresa Campbell, President / Chief Executive Officer
[email protected]
GET IN TOUCH
Have any questions? Get in touch with the ICDTA® Team – we are happy to help!
