Protection of Members’/Users’ Personal Information Operational Policy – Privacy
The following policy outlines the SEIU – Local 1 Canada (the “SEIU”) operational practices concerning the collection, use, disclosure, and protection of personal information to mirror the standards that are set out in Canada’s Personal Information Protection and Electronic Documents Act. This Act is federal legislation governing the collection, use and storage of personal information and is referred to throughout this document as the ACT.
The ACT recognizes an individual’s right to privacy while respecting the needs of organizations and enterprises to collect, use, and disclose information about individuals. The objective of the ACT is to ensure fair, open and equitable treatment of the information entrusted to the SEIU.
What is personal information?
The ACT defines “personal information” as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
What information is the SEIU responsible for protecting?
The SEIU makes its best efforts to protect members’/users’ personal information in its possession including personal information that has been received from a third party.
What information does the SEIU collect?
The types of information that the SEIU collects, either from the Website or from the Apps, include:
- SEIU Membership ID number
- Member/user name
- Member/user email address
- Member/user phone number
- Member/user workplace information
The Website may automatically collect certain information about your device, including information about your web browser, IP address and time zone (“Device Information”). Additionally, as you use the Website, the SEIU may collect information about the individual web pages viewed, and information about interactions with the Website, Apps and other mobile applications.
How else does the SEIU gather members’/users’ personal information?
In addition to the information above that may be collected through use of the Website or Apps, we may also gather information from the following sources:
- Membership application
- Grievance, appeal or claim forms
- Employers, with respect to dues submissions
- A member’s/user’s interaction with the SEIU – for example, e-mail, correspondence and telephone
Collecting, using and disclosing members’/users’ personal information
The SEIU collects certain personal information in order to:
- Maintain a complete record of membership in the union
- Maintain communication with members/users and respond to their enquiries
- Investigate and settle grievances, appeals and claims
- Collect and manage dues and assessments
- Assist the union in representing its members with respect to employment under collective agreements
- Verify eligibility for strike pay and benefits
- Provide information about union membership programs and benefits
- Administer the business of the union such as component/local business, correspondence and research (e.g. member surveys)
- Provide web information services (e.g. address changes, e-mail bulletins, convention and conference registration)
Personal information may be collected, used or disclosed for any of these identified purposes as set out above. If members’/users’ personal information is needed for any purpose other than those set out above, the SEIU will not use or disclose it without obtaining additional consent from the member(s)/user(s).
If the SEIU uses a member’s/users’ personal information to make a decision that directly affects the member/user, the SEIU shall retain that information for at least one year after using it so that the member/user has a reasonable opportunity to obtain access to the information.
The SEIU will disclose personal information only if consent is given by the relevant member/user or:
- when permitted or required by law, such as in response to a subpoena or other legal process;
- to a transferee of all or part of the SEIU;
- to meet legal obligations, including but not limited to regulatory reporting obligations.
Retaining personal information
The SEIU only retains personal information for as long as it is necessary for the purposes for which it was collected. When personal information is no longer required for these purposes, it is securely destroyed or deleted. For further details on our data retention periods, please contact us.
Protection of personal information
In order to protect members’/users’ personal information in the SEIU’s possession or control, the SEIU has made reasonable security arrangements to protect personal information such as:
- Access to personal information is limited to selected employees and officers who require access to the information in the performance of their job function and/or duties
- Security safeguards are in place to prevent unauthorized access on computer systems
- The SEIU will endeavour to ensure that personal information is accurate and current
- Any membership lists or information will not print a member’s social insurance or employee number(s)
- Elected officers found to be abusing membership/user information, can be subject to the disciplinary procedures.
- Staff of the SEIU found to be abusing membership/user information, can be subject to disciplinary action.
It is important to remember that no method of transmitting or storing data is completely secure. Mail, voice communications, faxes, and data transmissions over the Internet are all susceptible to possible loss, misrouting, interception, and misuse of the information being communicated or transmitted. In order to prevent unauthorized access to a member’s/user’s account and personal information, the SEIU recommends selecting and securing access passwords properly and limiting access to computers, devices, and browsers used to communicate with the Website or use any App. Always log out after using the Website or an App.
The SEIU shall comply with, and provide members/users with, reasonable assistance in complying with applicable laws with respect to any unauthorized use, access, or disclosure of personal information.
The servers hosting members’/users’ personal information are located in Canada and follow industry standards pertaining to security.
Keeping members’ information accurate is a priority
The SEIU strives to ensure that the personal information we have on file is accurate and up-to-date as necessary for the identified purposes for which it is to be used.
How do members/users access their personal information?
Members/users have the right to access personal information that the SEIU processes about its members/users. Members/users may request information about:
- the personal information the SEIU has collected about the requesting member/user;
- the purposes of the processing;
- details to whom the member’s/user’s personal information has been/will be disclosed;
- how long the SEIU retains the member’s/user’s personal information;
- if the SEIU did not collect the information directly from the member/user, information about the source; and
- how to lodge a complaint with the correct supervisory authority.
The member/user may also request from the SEIU:
- corrections to any incomplete or inaccurate information about the requesting member/user; and
- deletions of the member’s/user’s personal information in accordance with applicable laws.
Requests should be in writing addressed to:
SEIU Healthcare Privacy Officer
125 Mural Street, Richmond Hill, Ontario, L4B 1M4
State as specifically as possible what personal information is being requested. Response to such requests will be within thirty (30) days or as soon as possible. If, for some reason, the SEIU is unable to respond within this timeline, the member/user will be advised.
In the case where the SEIU holds personal information as a result of a transfer for processing, the member will be referred to the collecting organization (Employer) for access. A member shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate by the collecting organization.
There may be some types of information the SEIU is prohibited from providing, such as information about another individual that cannot be separated from the requesting member’s/user’s information or information which cannot be disclosed for legal reasons.
Access, Questions or Concerns