Privacy policy

Privacy Code | AUCC web privacy policy | University Affairs magazine privacy policy

Privacy Code

Last amended March 30, 2012

Introduction

The Association of Universities and Colleges of Canada is committed to fair information practices in relation to individuals whose information it collects, uses, discloses and retains in the course of its operations.

This Privacy Code outlines the Principles and guidelines by which AUCC operates to protect the personal information of individuals that we collect, use, disclose and retain in the course of our operations, as subject to the provisions of the Personal Information Protection and Electronic Documents Act and applicable provincial privacy legislation.

This Privacy Code incorporates the ten Principles of the Canadian Standards Association Model Code on the Protection of Personal Information (CAN/CSA-Q830-96) which was published in March 1996 as a National Standard of Canada. It also incorporates the provisions of Part 1 of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5, and applicable provincial privacy legislation.

This Privacy Code does not apply to personal information about employees, former employees and potential employees (all referred to as “employees”) of AUCC.

Internet Aspects:

Personal information may be collected when a user conducts activities on or related to all AUCC websites, including at the universityaffairs.ca and affairesuniversitaires.ca websites, as well as our database sites containing job or Directory of Canadian University listings, found under the oraweb.aucc.ca domain.

Use of Cookies

AUCC websites automatically recognize your domain name, IP address, browser version, operating system, and other salient data about your computer, as well as the site you passed through to reach us. The AUCC uses a browser feature called a “cookie” to collect information anonymously and track user patterns on AUCC websites. This cookie is a small text file that is placed on your hard disk by our website and remains there unless it is deleted by you.

“Cookies” contain a unique identification number that identifies your browser, but not you, to our computers each time you visit one of our websites. Cookies tell us which pages of our websites are visited and by how many people. They also allow us to save your settings and preferences for future visits, enabling you to customize your experience of our websites. Information gathered through the use of cookies is not related to any personally identifiable details.

The use of cookies is an industry standard, and many major browsers are initially set up to accept them. You can reset your browser to either refuse to accept all cookies or to notify you when you have received a cookie. However, if you refuse to accept cookies, you may not be able to use some of the features available on our websites.

Advertisers and Links

Third-party advertising providers may use cookies when serving advertisements on the universityaffairs.ca, affairesuniversitaires.ca and oraweb.aucc.ca database sites. In some cases, advertisements from third-party advertisers are delivered to users (in conjunction with AUCC services) by such third-party advertisers, or by separately contracted advertising providers on their behalf, and not by AUCC websites; as such, the third-party advertisers’ use of cookies is subject to their own privacy policies, not the AUCC Privacy Policy, and users should consult the privacy policies of such third-party advertisers, which are clearly identified here.

Summary of Principles

Principle 1 – Accountability

AUCC is responsible for all personal information under its control, including personal information transferred to third parties for processing. AUCC has designated an individual who is accountable for the organization’s compliance with this Code.

Principle 2 – Identifying the purposes for personal information collection

AUCC will identify the purposes for which personal information is collected at or before the time the information is collected.

Principle 3 – Obtaining consent

AUCC will obtain the consent of individuals before or when it collects, uses,discloses and retains personal information, except where authorized by law.

Principle 4 – Limiting the collection of personal information

AUCC will limit the collection of personal information to that which is necessary for the purposes identified by AUCC. AUCC will collect personal information by fair and lawful means.

Principle 5 – Limiting use, disclosure and retention of personal information

AUCC will not use, disclose or retain personal information for purposes other than those for which it was collected, except with the consent of the individual, or as required or as authorized by law. Personal information will be retained only as long as necessary for the fulfilment of those purposes.

Principle 6 – Keeping personal information accurate

AUCC will keep personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.

Principle 7 – Safeguarding personal information

AUCC will protect personal information with security safeguards appropriate to the sensitivity of the information.

Principle 8 – Being open about policies and procedures

AUCC will make readily available to individuals specific information about its policies and procedures relating to the management of personal information.

Principle 9 – Providing access to personal information

On written request, and subject to exemptions stipulated by law, AUCC will inform an individual of the existence, use, disclosure and retention of their personal information and will provide access to that information. An individual will be entitled to challenge the accuracy and completeness of the information and have it amended where inaccuracies exist.

Principle 10 – Challenging compliance

An individual of AUCC will be entitled to address a challenge concerning compliance with the above Principles to the AUCC Privacy Officer.

Privacy code in detail

Principle 1 – Accountability

AUCC is responsible for all personal information under its control, including personal information disclosed to third parties for processing.

1.1 The AUCC Privacy Officer is responsible for compliance with this Code, even though other individuals within AUCC may be responsible for the day to day collection and processing of personal information, and may be delegated to act on behalf of the AUCC Privacy Officer.

1.2 The identity of the individuals designated by AUCC to oversee compliance with this Code will be made known internally and will be made available externally on request.

1.3 AUCC will use contractual or other means to protect personal information that has been transferred to service providers for processing, for example, for storage.

1.4 Where AUCC acts as a processor of personal information or as a service provider to others, AUCC will comply with this Privacy Code and any Privacy Statements issued by the AUCC program in question in respect of the personal information it collects, uses, discloses and retains on behalf of third parties or that is transferred to it.

Principle 2 – Identifying the purposes for personal information collection

AUCC will identify the purposes for which personal information is collected, used, disclosed and retained at or before the time the information is collected.

2.1 AUCC programs subject to this Privacy Policy will collect, use, disclose and retain personal information for the following purposes:

2.1.1 to process and evaluate scholarship applications, select scholarship recipients and administer the scholarships and scholarship payments once the scholarships are awarded and to assess the efficacy of scholarship programs;

2.1.2 to develop aggregate information and statistics in relation to the scholarship awards program;

2.1.3 to maintain a scholarship alumni contact list and administer subscriptions to University Affairs;

2.1.4 to market our publications program to potential purchasers or subscribers;

2.1.5 to identify and offer information services and products to meet subscriber needs or preferences;

2.1.6 to provide and administer payroll and benefits services to other associations and employers mostly in the higher education sector;

2.1.7 to comply with legal requirements;

2.1.8 to respond to inquiries about publications or our programs received by telephone or by the AUCC website.

2.2 AUCC collects and uses primarily business names and addresses of individuals and subscribers for purposes of marketing publications of interest to the higher education sector. AUCC collects from and discloses to third parties the names and mailing addresses of potential or existing subscribers to its publications. AUCC will require vendors of such information to represent that they have complied with applicable privacy legislation in disclosing this information to AUCC. AUCC will provide an opportunity to all individuals and subscribers to consent to or opt-out of the collection, use, disclosure and retention of their names and addresses for these purposes. (see Section 3.7 below).

2.3 On occasion, AUCC discloses subscriber business contact information to BPA International, for purposes of auditing readership levels.

2.4 Individuals will be advised of the purposes for which the information is collected at the time information is collected, or as soon as practicable thereafter. An individual may, at any time, request or be given an explanation of how their personal information is being used.

2.5 If AUCC proposes to use, disclose or retain personal information for a purpose not previously identified, the new purpose will be identified and documented prior to the new use. Unless the new purpose is required or permitted by law, the consent of the individual will be obtained before the information can be used, disclosed or retained for that purpose. (See Obtaining Consent below)

Principle 3 – Obtaining consent

AUCC will obtain the consent of individuals before or when it collects, uses, discloses or retains personal information, except where authorized by law.

3.1 AUCC may collect, use, disclose or retain personal information without the knowledge or consent of individuals. All of the circumstances in which AUCC may collect, use, disclose or retain personal information without the knowledge or consent of an individual shall be only as specified and permitted by legislation.

3.2 In obtaining consent, AUCC will use reasonable efforts to ensure that an individual is advised of the identified purposes for which personal information will be used, disclosed and retained. Purposes will be stated in a manner that can be reasonably understood by the individual.

3.3 Generally, AUCC will seek consent to use, disclose and retain personal information at the same time it collects the information. However, AUCC may seek consent to use and disclose personal information after it has been collected, but before it is used, disclosed or retained for a new purpose.

3.4 AUCC will require individuals to consent to the collection, use, disclosure and retention of personal information as a condition of the supply of information or services to the individual only if such collection, use, disclosure and retention is necessary to provide the information or services.

3.5 In determining the appropriate form of consent, AUCC will take into account the sensitivity of the personal information and the reasonable expectations of individuals in relation to the purposes for use, disclosure and retention of the information by AUCC.

3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Individuals may contact AUCC for more information regarding the implications of withdrawing consent.

3.7 Individuals may opt-out or refuse to consent to the use, disclosure or retention of their personal information for marketing purposes by contacting AUCC at (613) 563-3961, ext. 241 or by writing to Privacy Officer, Association of Universities and Colleges of Canada, 600 – 350 Albert Street, Ottawa, Ontario K1R 1B1.

Principle 4 – Limiting collection of personal information

AUCC shall limit the collection of personal information to that which is necessary for the purposes identified by AUCC. AUCC will collect personal information by fair and lawful means.

4.1 AUCC collects personal information primarily from individuals directly.

4.2 AUCC may also collect personal information from other sources including:

4.2.1 publishers, list brokers or other associations;

4.2.2 employers using AUCC payroll and benefit services who represent that they have the right to disclose the information;

4.2.3 AUCC may collect personal information about an individual’s family members or beneficiaries from that individual for purposes of providing benefits administration services to the individual, employer, and will in such circumstances rely on the individual to obtain the consent of these other parties.

Principle 5 – Limiting use, disclosure and retention of personal information

AUCC will not use, disclose or retain personal information for purposes other than those for which it was collected, except with the consent of the individual, or as required or authorized by law. Personal information will be retained only as long as necessary for the fulfilment of those purposes.

5.1 AUCC may disclose personal information about an individual to the following for the purposes set out in Section 2:

5.1.1 a person who, on the basis of a written authorization from a scholarship applicant or recipient, is seeking the information as an agent of the applicant or recipient;

5.1.2 to the employers using AUCC payroll and benefit services in relation to their employees;

5.1.3 to third parties, for marketing or readership audit purposes (see Sections 2.2 and 2.3);

5.1.4 to a third party, where the individual consents to disclosure or where disclosure is required or authorized by law.

5.2 AUCC has a records retention policy that specifies the length of time that records are maintained. All personal information is accessible only by AUCC’s personnel, or service providers, who need access to that information for the performance of their duties or services.

Principle 6 – Keeping personal information accurate

AUCC will keep personal information as accurate, complete and up to date as necessary for the purposes for which it is to be used.

6.1 Information will be sufficiently accurate, complete and up to date so as to minimize the possibility that inappropriate information may be used to make a decision about an individual.

6.2 AUCC will update personal information about individuals on an on-going basis, only when necessary to fulfill the purposes identified in this Code, or upon notification by the individual.

Principle 7 – Safeguarding personal information

AUCC will protect personal information with security safeguards appropriate to the sensitivity of the information.

7.1 AUCC will protect personal information against loss or theft as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held, using appropriate security safeguards.

7.2 AUCC shall protect personal information transferred to third parties providing services to AUCC through contractual measures or other arrangements stipulating the confidentiality of the information, restricting the purposes for which the information is to be used and prohibiting its disclosure to third parties upon direction from AUCC in accordance with this Privacy Code.

Principle 8 – Being open about policies and procedures

AUCC will make readily available to individuals specific information about AUCC policies and procedures relating to the management of personal information.

8.1 AUCC will be open about its policies and procedures with respect to the management of personal information. Individuals will be able to acquire information about our policies and procedures at minimal or no cost and without unreasonable effort. This information will be made available in a form that is generally understandable.

Principle 9 – Providing access to personal information

On written request, and subject to the exemptions stipulated by law, AUCC will inform individuals of the existence, use, disclosure and retention of their personal information and provide access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended where inaccuracies exist.

9.1 In certain situations, AUCC may not be able to provide access to all of the personal information that it holds about an individual. These situations shall be limited to those required or stipulated by law.

9.2 When an individual successfully challenges the accuracy or completeness of personal information, the AUCC will correct, delete or add information as required. When appropriate, the amended information will be transmitted to any third parties having access to the information in question.

Principle 10 – Challenging compliance

An individual will be able to address a challenge concerning compliance by AUCC with this Code to the AUCC Privacy Officer.

10.1 AUCC will implement procedures to receive and respond to complaints or inquiries about its policies and procedures relating to the handling of personal information.

10.2 AUCC will investigate all complaints. If a complaint is found to be justified, AUCC will take appropriate measures, including amending its policies and procedures if necessary.

10.3 Individuals will be able to obtain more information on AUCC’s privacy practices, or make a complaint, by contacting:

Privacy Officer
Association of Universities and Colleges of Canada
600 – 350 Albert Street
Ottawa, Ontario K1R 1B1
Phone: (613) 563-3961, ext. 234
E-mail: privacy@aucc.ca

10.4 Individuals also have recourse to the Office of the Privacy Commissioner of Canada if they consider that AUCC has not responded satisfactorily to their complaint or inquiry.

Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario K1A 1H3
Phone: (613) 995-8210
Toll-free: 1-800-282-1376
Fax: (613) 947-6850
Website: http://www.privcom.gc.ca/index_e.asp

For a copy of the Personal Information Protection and Electronic Documents Act, please access the website of the Privacy Commissioner of Canada at www.privcom.gc.ca.

The CSA Model Code is Schedule 1 to the Personal Information Protection and Electronic Documents Act. For copies of the CSA Model Code for the Protection of Personal Information, please contact the Canadian Standards Association, 178 Rexdale Blvd., Etobicoke, Ontario M9W 1R3.