TABLE OF CONTENTS
- The Ten Principles of PIPEDA Summarized
- Personal Information Defined
- PURPOSES OF COLLECTING PERSONAL INFORMATION
- LIMITING COLLECTION
- Application and Registration Forms
- Website or App Visitors
- Video Surveillance
- Audio Surveillance
- LIMITING USE, DISCLOSURE AND RETENTION
- Use of Personal Information
- Disclosure of Personal Information
- Retention of Personal Information
- INDIVIDUAL ACCESS
Singer’s Edge s a music education company with professional staff whose purpose is to create educational materials and learning experiences for music students by providing private and group music instruction on-site in a safe, supportive learning environments for all students at our locations and by developing curriculum for musical development that are used in music schools around the world.
- The Ten Principles of PIPEDA Summarized
- Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer;
- Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
- Consent: organizations must obtain an Individual’s express or implied consent when they collect, use, or disclose the individual’s personal information;
- Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
- Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
- Accuracy: organizations are required to keep personal information in active files accurate and up-to-date;
- Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
- Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
- Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and
- Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual.
- Personal Information Defined
“Personal information” means any information about an identifiable individual. It includes, without limitation, information relating to identity, nationality, age, gender, address, telephone number, email address, Social Insurance Number, date of birth, marital status, education, employment health history, income and information relating to financial transactions as well as certain personal opinions or views of an Individual.
“Business information” means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (HST, RST, source deductions), financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by Singer’s Edge’s staff, members and Board members, as is required for individual personal information under PIPEDA.
“Individual” means any student, client who are student of our schools, or licensees of our programs and any staff member of a Singer’s Edge company (Singer’s Edge or Toronto Arts Academy) including employees and contractors.
“Member” means a person who volunteers on a Singer’s Edge committee, but who is not a current or active board member, or chair of the committee.
“Data base” means the list of names, addresses and telephone numbers of clients and individuals held by Singer’s Edgein the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
“Express consent” means the individual signs a registration or agreement, or other forms containing personal information, authorizing Singer’s Edge to collect, use, and disclose the individual’s personal information for the purposes set out in the application and/or forms.
“Implied Consent” means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
“Third Party” means a person or company that provides services to Singer’s Edge in support of the programs, benefits, and other services offered by Singer’s Edge, with whom the individual or client does business.
2.0 Purposes of Collecting Personal Information
Personal information is collected in order to register students for lessons, for communication purposes, to ensure the ongoing safety and security of our families and staff, and for monitoring employee performance and conduct.
An individual’s express, written consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the individual at the time of seeking his or her consent.
Canada’s privacy law is also clear and states that any building which has recording types of devices must display signs stating that video recording devices are present and in use. Our lobby area has a posted sign near or camera stating that the area is under surveillance. If you choose to enter the establishment, then you are in fact acknowledging you are being recorded and that you automatically agree to it by entering said premises, thereby affirming the legality of installing security cameras.
4.0 Limiting Collection
Singer’s Edge’s mandate is to provide a safe, supportive learning environment for students of all ages. Given the nature of our mandate, our operational environment, and our need to maintain public trust, registration and application forms, video monitoring and audio recording technology is a necessary tool to ensure the safety, security, integrity and quality assurance of our services and programs. As an educational facility where our teaching staff work in private environments with adults and children, and front desk interact with the public in the lobby and on the phone regularly, we must maintain a high level of credibility and public confidence.
Personal information is collected in 3 forms: Application and registration forms, Video surveillance, and audio surveillance.
4.1 Application and Registration Forms
Information is collected with Singer’s Edge’s staff applications, student and staff registration forms, police check forms as well as credit card and address information. This information is collected for the verification of payment information and communication purposes. Payment information is shared with our secure payment processor to process payments.
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under 13.
4.2 Website or App Visitors
We may collect your email address in order to send information, respond to inquiries, and/or other requests or questions. We may market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM we agree to the following:
- NOT use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled. It won’t affect the user’s experience that make your site experience more efficient and some of our services will not function properly. However, you can still place orders .
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. For more info, visit; //support.google.com/adwordspolicy/answer/1316548?hl=en
We may have implemented the following:
- Remarketing with Google Analytics and Google Adwords
- Google Display Network Impression Reporting
- Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.
4.3 Video Surveillance
Videos surveillance cameras are located in public space areas, as well as areas where our lessons and programs are administered. This means that employees would reasonably expect to be observed by members of the public, managers, and colleagues in these areas in the course of performing their duties. Our cameras are also fixed with no ability to tilt or zoom.
No video equipment will be installed in places where the expectation of privacy is higher, such as washrooms, and staff rooms. In addition, signage will be posted to inform all individuals that an area is subject to video monitoring and recording.
4.4 Audio Surveillance
Employee compliance is an important component to maintaining public confidence and credibility. As an educational institution, adherence to our Code of Conduct, and the dissemination of information as outlined in our front desk manual, has a direct and meaningful impact on the organization’s ability to fulfill our mandate. Because of the limited space available in our schools, it is not possible for the Director to be present during operating hours to ensure that the company is achieving it’s mandate at the front desk area, the main communication hub of the school.
Audio surveillance will be provided only in our entrance/exit front desk areas, where this is no expectation of privacy for those involved in the conversations in the area. This area is the communication hub of our schools, where the requirement to maintain our code of conduct, professionalism, interpersonal skills, and representation of our company’s ethics and values is of the utmost importance.
No audio equipment will be installed in any other place in the school, where the expectation of privacy is higher, such as washrooms, staff and teaching rooms. In addition, signage will be posted to inform all individuals that an area is subject to audio monitoring and recording.
If any employee wishes to engage in a private conversation, they may leave the entrance/exit front desk area at any time.
5.0 Limiting Use, Disclosure and Retention
5.1 Use of Personal Information
Personal information will be used for only those purposes to which the individual has consented.
Video surveillance is stored in a secure area on site, and will be accessed only when a security issue arises.
Audio surveillance will be used to follow up on ongoing or repeated issues that have already been identified through other means.
5.2 Disclosure and Transfer of Personal Information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We do not include or offer third-party products or services on our website.
Personal information will be disclosed to only those Singer’s Edge’s employees, and the Board of Directors that need to know the information for the purposes of their work, with the exception of audio and video surveillance which shall only be accessed by the Director.
PIPEDA permits Singer’s Edge to disclose personal information to third parties, without an individual’s knowledge and consent, to:
- a lawyer representing Singer’s Edge;
- collect a debt owed to Singer’s Edge by the individual or client;
- comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
- a law enforcement agency in the process of a civil or criminal investigation;
- a government agency or department requesting the information; or,
- as required by law.
PIPEDA permits Singer’s Edge to transfer personal information to a third party, without the individual’s knowledge or consent, if the transfer is simply for processing purposes and the third party only uses the information for the purposes for which it was transferred. Singer’s Edge will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was transferred.
5.3 Retention of Personal Information
Personal information will be retained in client and staff as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.
A file will be deemed inactive when a client or staff relationship or contract is terminated. Information contained in an inactive file will be retained for a period of seven (7) years.
Singer’s Edge endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify Singer’s Edge of any change in personal or business information.
Information contained in inactive files is not updated.
Organizational Safeguards: Access to client personal information will be limited to employees of Singer’s Edge, who administer our client accounts.
Employees of Singer’s Edge are required to sign a confidentiality agreement binding them to maintaining the confidentiality of all personal information to which they have access.
Access to surveillance information is limited solely to the Director of Singer’s Edge, and Singer’s Edge’s Chief Privacy Officer.
Physical Safeguards: Active files are stored in our company’s cloud accounts – no physical files are maintained. Access to these online files is restricted to Singer’s Edge director and management only.
All inactive files or personal information no longer required are permanently deleted to prevent inadvertent disclosure to unauthorized persons.
Technological Safeguards: Personal information contained in Singer’s Edge computers and electronic databases are password protected in accordance with Singer’s Edge’s Information Security Policy. Access to any of the Singer’s Edge’s computers also is password protected. Singer’s Edge’s Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from Internet activity. Personal information is not transferred to volunteer committee members, the Board of Directors, or third parties by e-mail or other electronic form.
9.0 Individual Access
An Individual who wishes to review or verify what personal information is held by Singer’s Edge, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing, to the Singer’s Edge’s Chief Privacy Officer. Upon verification of the individual’s identity, the Chief Privacy Officer will respond within 60 days.
If the individual finds that the information held by Singer’s Edge is inaccurate or incomplete, upon the individual providing documentary evidence to verify the correct information, Singer’s Edge will make the required changes to the individual’s active file(s) promptly.
If an individual has a concern about Singer’s Edge’s personal information handling practices, a complaint, in writing, may be directed to Singer’s Edge’s Chief Privacy Officer.
Upon verification of the individual’s identity, Singer’s Edge’s Chief Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.
Where Singer’s Edge’s Chief Privacy Officer makes a determination that the individual’s complaint is well founded, the Chief Privacy Officer will take the necessary steps to correct the offending information handling practise and/or revise Singer’s Edge’s privacy policies and procedures.
Where Singer’s Edge’s Chief Privacy Officer determines that the individual’s complaint is not well founded, the individual will be notified in writing.
If the individual is dissatisfied with the finding and corresponding action taken by Singer’s Edge’s Chief Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free 1-800-282-1376
5 Clarence Square
Toronto, ON M5V1H1
Email address: email@example.com
Amendment to Singer’s Edge’s Privacy Policies