Privacy Policy

TPPA is responsible for personal information and is compliant with the following principles:

• Responsibility for ensuring compliance with the provisions of the TPPA Privacy Policy rests with the Chief Privacy Officer. The Chief Privacy Officer may, however, delegate to other TPPA employees to act on their behalf for certain responsibilities.
• TPPA shall make known, upon request, the title of the person(s) acting on behalf of the Chief Privacy Officer, and for what responsibilities.
• TPPA is responsible for personal information in its possession or control. TPPA shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).

TPPA shall implement policies and procedures to give effect to the TPPA Privacy Policy, including:

• implementing procedures to protect personal information and to oversee TPPA’s compliance with the TPPA Privacy Policy;
• establishing procedures to receive and respond to inquiries or complaints;
• training and communicating TPPA’s policies and procedures to staff;
• developing public information to explain TPPA’s policies and practices.

2. Identifying Purposes

TPPA shall identify the purposes for which personal information is collected at or before the time the information is collected.

TPPA collects personal information only for the following purposes:

• to establish and maintain responsible relations with members and customers and to provide ongoing service;
• to understand member and customer needs and preferences;
• to develop, enhance, market or provide products and services;
• to manage and develop TPPA’s business and operations, including personnel and employment matters;
• to meet legal and regulatory requirements

Further references to “identified purposes” mean the purposes identified in this principle.

• TPPA shall specify orally, electronically or in writing the identified purposes to the member, customer or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within TPPA who shall explain the purposes.
• Unless required by law, TPPA shall not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer or employee.

3. Consent & Disclosure

The knowledge and consent of a member, customer or employee are required for the collection, use or disclosure of personal information, except where inappropriate. In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual.

For example, TPPA may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as where the individual is seriously ill or mentally incapacitated.

TPPA may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law.

TPPA may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

TPPA may disclose personal information without knowledge or consent to a third party representing TPPA, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.

• In obtaining consent, TPPA shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.
• Generally, TPPA shall seek consent to use and disclose personal information at the same time it collects the information. however, TPPA may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
• TPPA will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.
• in determining the appropriate form of consent, TPPA shall take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees.
• In general, the use of products and services by a member or customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for TPPA to collect, use and disclose personal information for all identifiable purposes.
• A member, customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Members, customers and employees may contact TPPA for more information regarding the implications of withdrawing consent.
• In circumstances of member discipline, TPPA shall disclose to our members, via the Association’s website, the disciplinary sanction(s) imposed upon our members. In such circumstances the member information disclosed shall be limited to:

4. Limiting Collection

TPPA shall limit the collection of personal information to that which is necessary for the purposes identified by TPPA. TPPA shall collect personal information by fair and lawful means.

• TPPA collects personal information primarily from its members, customers or employees.
• TPPA may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.

5. Limiting Use, Disclosure and Retention

TPPA shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. TPPA shall retain personal information only as long as necessary for the fulfillment of those purposes.  

TPPA may disclose a customer’s or member’s personal information to:

• a person who in the reasonable judgment of TPPA is seeking the information as an agent of the member or customer;
• a company or individual employed by TPPA to perform functions on its behalf, such as research or data processing;
• another company or individual for the development, enhancement, marketing or provision of any of TPPA’s products or services;
• a third party or parties, where the member or customer consents to such disclosure or disclosure is required by law.

TPPA shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a member, customer or employee, TPPA shall retain, for a period of time that is reasonably sufficient to allow for access by the member, customer or employee, either the actual information or the rationale for making the decision.

TPPA shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

6. Accuracy

Personal information shall be accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

• Personal information used by TPPA shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.
• TPPA shall update personal information about members, customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.

7. Safeguards

TPPA shall protect personal information by security safeguards appropriate to the sensitivity of the information.

• TPPA shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. TPPA shall protect the information regardless of the format in which it is held.
• TPPA shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
• All of TPPA’s employees with access to personal information shall be required to respect the confidentiality of that information.

8. Openness

TPPA shall make readily available to members, customers and employees specific information about its policies and practices relating to the management of personal information.

TPPA shall make information about its policies and practices easy to understand, including:

• the title and address of the person or persons accountable for TPPA’s compliance with the TPPA Privacy Policy and to whom inquiries or complaints can be forwarded;
• the means of gaining access to personal information held by TPPA;
• a description of the type of personal information held by TPPA including a general account of its use.

TPPA shall make available information to help members, customers and employees exercise choices regarding the use of their personal information.

9. Individual Access

TPPA shall inform a member, customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A member, customer or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

• Upon request, TPPA shall afford members, customers and employees a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time, and at minimal or no cost to the individual.
• in certain situations, TPPA may not be able to provide access to all the personal information that it holds about a member, customer or employee. For example, TPPA may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor–client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, TPPA shall provide the reasons for denying access upon request.
• Upon request, TPPA shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, TPPA shall provide a list of organizations to which it may have disclosed personal information of the individual when it is not possible to provide an actual list.
• In order to safeguard personal information, a member, customer or employee may be required to provide sufficient identification information to permit TPPA to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
• TPPA shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, TPPA shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
• Members and customers can seek access to their personal information by contacting a designated representative at TPPA’s business offices.

10. Challenging Compliance

A customer or employee shall be able to address a challenge concerning compliance with the above principles to the Chief Privacy Officer of TPPA who is accountable for TPPA’s compliance with the TPPA Privacy Policy.

• TPPA shall maintain procedures for addressing and responding to all inquiries or complaints from its members, customers and employees about TPPA’s handling of personal information
• TPPA shall inform its members, customers and employees about the existence of these procedures as well as the availability of complaint procedures.
• The Chief Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints.
• TPPA shall investigate all complaints concerning compliance with the TPPA Privacy Policy. If a complaint is found to be justified, TPPA shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.
• A member, customer or employee may seek advice from the Office of the Privacy Commissioner of Canada at 1-800-282-1376 or info@privcom.gc.ca and, if appropriate, file a written complaint with that office, however, the member customer or employee is encouraged to use TPPA’s internal information and complaint procedures first.