Privacy of personal information is an important principle to Organization and Management Solutions (OMS). We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services we provide. We strive to be open and transparent regarding how we handle personal information. This document describes our privacy policies.
What is Personal Information?
Personal information is information about an identifiable individual. Personal information includes information that relates to: an individual’s personal characteristics (e.g., gender, age, income, home address or phone number, ethnic background, family status); health (e.g., health history, health conditions, health services received by them); or, activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is different from business information (e.g., an individual’s business address and telephone number), which is not protected by privacy legislation.
We Collect Personal Information: Primary Purposes
Like all consulting firms, we collect, use and disclose personal information in order to serve our clients.
For our clients, the primary purposes for collecting personal information are as follows: to deliver high-quality consulting services and to fulfill our obligations to our clients. This may include test and survey administration, scoring, analysis and reporting, validation studies and other research activities. Examples of the type of personal information we generally collect for these purposes include the following: the name and contact information of the client, the name(s) and title(s) of the person(s) who can release confidential information about the client, the date and nature of each material service provided to the client, a copy of all agreements and correspondence with the client, and a copy of each report that is prepared for the client.
OMS does not collect personal information on members of the general public.
For contract staff (e.g., temporary workers), our primary purposes for collecting personal information are as follows: to manage the organization effectively and to fulfill our obligations to our employees. Examples of the type of personal information we collect for those purposes include the following: home address and telephone number, amount of time worked for OMS, amount paid by OMS for that work.
When OMS assesses a person for someone else (e.g., an assessment of behaviour in the workplace, our primary purpose for collecting personal information is: to make recommendations to our client regarding the effectiveness and the appropriateness of an individual’s workplace functioning. Examples of the type of personal information we collect for those purposes include the following: sex, age, other demographic variables, occupation, duties at work, opinions expressed about other persons in the workplace, observations and ratings of work behaviour, scores on intelligence, behaviour and personality tests, information obtained from surveys.
We Collect Personal Information: Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
Invoicing and Collection
Brief Description: To invoice clients for goods and services and to collect unpaid accounts
Personal Information Collected that is not already collected as part of the Primary Purpose: usually none
Authority to Collect Information for this purpose: verbal and written consent
Limitations in Collection: Appropriate only for clients who have an outstanding or overdue invoice for services delivered
Quality Control and Risk Management
Brief Description: OMS may review client and other files for the purpose of ensuring that we provide high quality services, including assessing the performance of our staff. In addition, external consultants (e.g., auditors, lawyers) may on our behalf do audits and continuing improvement quality reviews of our organization, including reviewing client files and interviewing our staff.
Personal Information Collected that is not already collected as part of the Primary Purpose: Usually none. In rare cases, OMS or our consultants may make inquiries to verify that the information we have about you is correct.
Authority to Collect Information for this purpose: verbal and written consent
Limitations in Collection: Appropriate for all categories of individuals from whom we collect personal information.
Responding to Questions
Brief Description: Clients or other individuals we deal with may have questions about our services after they have been received. We also provide on-going services for many of our clients over a period of months or years for which previous records are helpful. We retain our client information for a minimum of 10 years after the last contact to enable us to respond to those questions and provide those services. We destroy our information ten years after the last entry or at the first reasonable opportunity in order to reduce the risk of accidental or inadvertent disclosure.
Personal Information Collected that is not already collected as a part of the Primary Purpose: Usually none.
Authority to Collect Information for this purpose: Not applicable. This is a use of information that is already collected.
Limitations in Collection: Not applicable. This is a use of information that is already collected.
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used to control access to client data on computers. All OMS cell phones are digital as these signals are more difficult to intercept.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
- Electronic information is transmitted either through a direct line or has identifiers removed or is encrypted.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
Retention and Destruction of Personal Information
OMS retains personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies. We do not want to keep personal information too long, in order to protect your privacy. We keep our client files for a minimum of 10 years. As soon as practicable after that time, client files are destroyed. Our client and contact directories are much more difficult to systematically destroy, so we remove any personal information we may have in such directories when we can if it does not appear that we will be contacting you again. However, if you ask, we will remove such information right away. We keep any personal information relating to our general correspondence with people who are not our clients, newsletters, seminars and marketing activities for about 12 months after the newsletter, seminar or marketing activity is over.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed. Alternatively, if our clients prefer, rather than destroy the file, we will send some or all of the file to the client.
You Can Look at Your Information
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
If there is a problem, we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and, where appropriate, notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will agree to include in our file a brief statement from you on the point and, as appropriate, we will forward that statement to anyone else who received the earlier information.
Organization & Management Solutions
4010 MacKinnon Ext
University of Guelph
Guelph, Ontario N1G 2W1