The policy applies to all personal information that is not in the public domain that the Association has or will collect, use or share.
The Association is committed to keeping personal information private and secure.
Unless otherwise specified, or permitted by law, we do not collect, use or share information for anything other than the purpose for which it was intended or for another appropriate purpose that a reasonable person would consider appropriate in the circumstances.
The Association is committed to the 10 principles outlined in PIPEDA of
- Identifying Purposes
- Limiting collection
- Limiting use, disclosure, and retention
- Individual Access
- Challenging compliance and appropriateness
- Personal information is information about an individual that identifies them. It includes name, age, gender, registration/identification number, address, email address and credit card information. Sensitive information such as opinions or evaluations is also considered personal information.
- Information that does not identify an individual is not personal information. For example, aggregate information about numbers of members in a membership category is not personal information.
- Information such as business address, professional title, and any information that is available in the public domain is not personal information for the purpose of this policy.
- Information that is collected for purely artistic or literary purposes is also not considered personal information.
The Association identifies the reason for collecting personal information before or at the time of collection. The Association collects the following information:
- Personal information from members through the membership application process including name, birth date, address, email address, registration status and communication preferences.
- Other information is collected to help understand the Association’s membership as a whole, to develop programming and services such as area of practice, role, years of practice, years in practice, work environment, certification information and employer.
- Anonymous non-identifiable, non-personal information through the use of cookie technology.
- Information from responses to requests for feedback or other comments on products and services.
- Information to register for programs, conferences, and meetings.
Use of Personal Information
The Association uses personal information to establish eligibility for membership in the Association and to communicate with members about member benefits and services, as well as:
- To communicate with members regarding member rights such as the right to receive information, notice regarding meetings of members, elections, changes to bylaws and programming.
- To provide members with member benefits.
- To understand members’ needs for the purpose of developing programming and services.
- To provide members with information about the Association and their rights and benefits through electronic newsletters. Members can unsubscribe to electronic newsletters by using the UNSUBSCRIBE function or contacting the Association directly.
Sharing of information
- The Association shares personal information for the purpose of providing members with benefits they are entitled to receive as a member of the Association, including member benefits offered by the Canadian Nurses Protective Society (CNPS).
- The Association shares with the Canadian Nurses Association (CNA) the personal information of practising licensed practical nurses, nurse practitioners, registered nurses, and registered psychiatric nurses members that choose to access membership in the Canadian Nurses Association (CNA) through the Association. CNA uses such information to provide member benefits and services.
- The Association shares information with the College of Registered Nurses of Manitoba (College) regarding practising memberships for graduate nurse, registered nurse, and nurse practitioner members through a secure integrated process to confirm that members have the required CNPS professional liability protection. This information is communicated in real-time so registration application is not delayed.
- The Association ensures that these named organizations are compliant with the law and specifically:
- Limit use of the personal information to the purposes specified to fulfill the responsibility to enable members to access benefits and services
- Limit disclosure of the information to what is authorized by the Association, or required by law
- Refer any person looking to access their information back to the Association
- Return or dispose of the transferred information when member services end
- Use appropriate security measures to protect the information
- Permit compliance audits as necessary.
The Association tracks users’ access through information collected in server logs. This information does not identify particular users but tracks general usage trends on the Association website.
Accuracy and Corrections
The Association ensures members’ information is accurate by enabling members to review their personal information on their member profile and make needed edits at their convenience. The member profile is secure, and password protected by the member. The information in the Association database is taken directly from the information submitted and corrected by the member. Changes or corrections made to a member profile are tracked and logged.
- Personal information is stored briefly on our web server before it is transferred to our internal membership database when a membership is processed. The online registration form is SSL encrypted to protect the information.
- Information on the Association’s database is stored on a secure server in a secure facility.
- Credit card information is collected by a third party through an SSL encrypted Internet connection. Credit card information is not stored by the Association.
- All paper files are stored in locked cabinets with access provided on a need-to-know basis. The office is locked whenever the staff is not present. The building in which the office and files are located is locked after hours and protected by an alarm system.
- All electronic files are protected by firewall and password protected.
- Data is disclosed to the Canadian Nurses Protective Society and the Canadian Nurses Association through secure electronic means in an encrypted format before being sent as a private and confidential file to a specific person responsible for receiving and protecting the privacy of the information.
- Data disclosed to the College to confirm the correct type of professional liability protection through CNPS, is shared through a secure integrated process linking the database with the College database on a secure server.
Withdrawal of Consent
- Members may withdraw consent to receiving any electronic publication sent to them using the UNSUBSCRIBE function or by contacting the organization sending them the publication.
- Members can withdraw their consent to the collection, use, or disclosure of their personal information by contacting the Association at email@example.com or calling (204) 992-1520 or 1-844-355-1520 or the organization from whom they wish to withdraw their consent.
- If consent is withdrawn it may adversely affect the member’s ability to maintain membership in the Association. Withdrawal of consent regarding collection, use, or disclosure of information involving CNPS and CNA may also adversely affect the ability of those organizations to establish eligibility for member benefits and to provide member benefits and communication regarding eligibility and member benefits.
Retention and Destruction
- The Association retains information for only as long as is required to provide the services members are entitled to receive. This means that some information regarding membership in the Association and registration number and status will be retained for a period of up to 10 years in case it is necessary to establish member eligibility for CNPS liability protection for a valid practicing certificate with the member’s regulatory body or professional liability protection and legal services with CNPS in the event of legal action.
- Information regarding attendance at meetings, professional development sessions, conferences, or other events will be retained for a period of 5 years to enable members to access that information for the purpose of responding to a Continuing Competence audit with their regulatory body.
- Once the retention period expires, information is deleted in its entirety from the database and any other record in a secure manner. For example, paper documents are shredded.
- Credit card information collected for processing in-person transactions is shredded in batches no later than the end of the second business day in which the transaction took place.
- Before disposing of electronic devices such as computers, photocopiers, cellphones, the Association will ensure that all personal information contained thereon is fully deleted.
Issues or concerns related to this policy can be directed to:
Association of Regulated Nurses of Manitoba
PO Box 73027 RPO Bridgwater
Winnipeg, MB R3Y 2A9
Toll Free: 1-844-355-1520
Personal Information Protection and Electronic Documents Act S.C. 2000, c.5 (PIPEDA)
Office of the Privacy Commissioner of Canada (2015). A guide for Business and Organizations Privacy Toolkit. Ottawa: Author.
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23 (CASL)