Privacy Policy
The College of Family Physicians of Canada Privacy Policy
Last Updated: January 4, 2024Overview
The College of Family Physicians of Canada (“CFPC” or “we”) is committed to protecting the privacy and security of the personal information that it handles in the course of conducting its business operations and in the provision of its products, programs and services. The CFPC fulfills this commitment by voluntarily complying with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and by adopting the practices set out in this privacy policy (the “Policy”). It includes our practices in respect of the personal information that is collected and used in connection with our corporate website, www.cfpc.ca, and all other websites owned by the CFPC (the “Websites”).Personal Information, Defined
“Personal information” means any information about an identifiable individual, or an individual whose identity may be inferred or determined from the information and includes but is not limited to an individual’s name, date of birth, residential address and phone number, personal (but not business) email address, social insurance and other non-public ID numbers, income, evaluations, opinions, and individual interests and preferences. Personal information also includes personal health information about an identifiable individual, such as their physical or mental health, any health services provided to the individual, and information that is collected in the course of determining or providing reasonable accommodations to the individual.For the purposes of this Policy, personal information does not include information that can be found within the public domain, including, for example, business contact information such as job titles, business email addresses, or phone/fax numbers. Additionally, the granting of the special designation “CCFP” (Certification from the College of Family Physicians of Canada) and any certificates of added competence (“CACs”) that are awarded to members is public information, and the names of individuals who have earned such designations is made available on our Websites and is shared with the provincial and territorial Medical Regulatory Authorities (“MRAs”). Personal information also excludes anonymous or de-identified data that is not associated with a particular individual, including the aggregate-level outputs produced through research, analysis and evaluative functions.
Application
This Policy applies to all personal information that we collect, use or disclose in the course of our business operations and in the provision of our products, programs and services, and includes the personal information that we handle relating to candidates for employment, members (including non-member Mainpro+® participants), examinations and other certification candidates, Board and committee members, volunteers, and members of the public with whom we may deal (collectively and individually, “you”).In an effort to protect your privacy, we follow the ten (10) fair information principles under PIPEDA, as set out below.
Principle 1 – Accountability
We are responsible for personal information under our control and have designated a Privacy Officer who is accountable for organizational compliance with this Policy. This Policy and our information-handling practices are reviewed annually, and CFPC staff are regularly informed about this Policy, and they receive training and guidance on the appropriate management of personal information.Principle 2 – Identifying Purposes
We only collect personal information for purposes that are appropriate in the circumstances and only such personal information as is required for the purposes of conducting our operations and/or providing our products, programs and services.Under no circumstances will we sell, trade, barter, exchange or disclose for consideration any personal information that we obtain from you.
Principle 3 – Consent
Except where the law authorizes collection, use and disclosure of personal information without consent, and prior to collecting, using and disclosing such information, we will obtain your meaningful consent, as follows:- Wherever practical, we will put additional emphasis on key elements such as (a) what personal information is being collected, (b) with which parties your personal information will be shared, and (c) potential harms and/or other consequences that may arise from the collection, use or disclosure of your personal information;
- We will be transparent and prepared to explain why any given collection, use or disclosure is a condition of service; and,
- We will draft consent requests and processes in ways that are user-friendly and provide information in a generally understandable format so that you can understand that to which you are consenting.
You may refuse to consent to the collection, use or disclosure by us of your personal information or you may withdraw your consent at any time by providing us with reasonable notice in writing. In certain circumstances, however, your refusal or withdrawal of consent may limit our ability to offer our services, products or programs and may likewise limit your eligibility to participate or benefit from our services, products or programs.
Principle 4 – Limits on the Collection of Information
We only collect the amount and type of information that is necessary for the identified purposes of collection, and we will do so by fair and lawful means.We may collect personal information from you, or we may receive it from third parties (including, for example, from a reference, university program, or one of the provincial or territorial MRAs), with your consent. This information may include any of the following, depending on the circumstances:
- Full name(s)
- Gender preference
- Contact information (includes personal email, home address, phone numbers)
- Date of birth
- Education, training and employment information
- Medical Information Number for Canada (MINC)
- Personal medical or training details (e.g. parental leave) that may affect membership dues or CPD cycles
- Licensure information (includes professional conduct, complaints, licensing status)
- Payment information (e.g. credit card numbers for e-commerce transactions)
- Government-issued identification numbers such as social insurance or driver’s licence numbers
- Assessment and performance data
- Health information to accompany accommodation requests
- Browsing and technical data, including internet protocol addresses
- Photographs
- Other personal information required for the purposes identified at the time of collection.
Principle 5 – Limits on the Use, Disclosure and Retention of Information
We will not use or disclose personal information in our custody or control except as necessary in the course of conducting our business operations and in the provision of our products, programs and services. Moreover, we will only use or disclose your personal information for the purposes for which it was collected, unless you consent to the additional or secondary use, or the disclosure is authorized by law.Use of Personal Information
In the normal course of business, the personal information we collect may be used to:
- Verify your identity;
- Communicate with you about:
- Annual membership fee renewals and other fees,
- CFPC activities, services and benefits, including but not limited to:
- Membership applications
- Membership maintenance and updates
- Mainpro+® maintenance and updates
- Certification Examinations in Family Medicine
- CAC applications and Examinations of Added Competence in Emergency Medicine
- CFPC Library services
- Canadian Family Physician journal distribution (see below)
- CFPCLearn
- FM Pivot
- Self Learning Program and other courses provided by the CFPC
- Canadian Physician Database scientific research projects that are conducted or facilitated by the Canadian Family Physician (CFP)
- Event/conference registration, including the Family Medicine Forum,
- Donations to the College of Family Physicians of Canada’s Foundation for Advancing Family Medicine,
- Recipients of Honours and Awards,
- Feedback requests,
- Other matters relating to our business.
- Process applications and confirm eligibility for CFPC products, programs and services, including membership, examinations, special designations, fellowships, etc;
- Recruit and communicate with volunteers and candidates for employment, including to confirm eligibility for such volunteer activities or employment;
- Collaborate and share points of view and expertise;
- Conduct research and assess trends that affect training and the profession;
- Provide marketing and other information about the activities, services and benefits offered by the CFPC and its partners;
- Improve efficiency and effectiveness and to measure Website activity;
- To determine members’ local elected leadership in order to facilitate advocacy on their behalf;
- Send mailings or make deliveries;
- Respond to requests for assistance and general inquiries;
- Discharge our statutory and legal obligations; and
- Other purposes identified at the time the personal information is collected.
- Deliver physical and/or digital copies of the magazine;
- Fulfill circulation audit requirements;
- Renew/re-qualify subscribers;
- Help direct editorial content to satisfy readers’ needs;
- Identify and provide contact information of authors;
- Assure advertisers they are reaching their targeted audience; and,
- Determine whether an individual qualifies for a complimentary subscription to CFP.
We will not attempt to identify individual visitors to the Websites or associate the technical information we collect with any individual, unless required to do so by law. The information is used only for statistical analysis and administrative purposes and to assist us in making enhancements to the visitors’ experience with the Websites.
Browser software allows the disabling of cookie collection if users wish or may inform users when a cookie is being stored on a user’s hard drive. You may also be able to opt-out of a social media site’s targeted advertising program by adjusting your privacy or account settings.
Use of De-Identified or Aggregated Data
We may use your personal information, without your knowledge or consent, if the information is de-identified or aggregated and used for purposes that include to:
- safeguard it,
- improve our services,
- test and/or evaluate our practices, processes and systems,
- ensure continuous quality improvements,
- develop new products or services,
- conduct research or data analysis relating to matters of interest to the CFPC, family physicians and/or family medicine, or
- for any other purpose identified at the time the personal information is collected.
We may disclose the personal information that we have collected about you to third parties at your direction and with your consent, or otherwise in accordance with this Policy, as follows:
For CFPC Examination Administration Purposes
For residents or practitioners sitting the Certification Examination in Family Medicine and/or members sitting the Examination of Added Competence in Emergency Medicine (each, individually, an “Examination”), we will provide the relevant family medicine program directors (“program directors”) with a copy of the summary of Examination results for the purpose of tracking and improving the experience for future Examination candidates.To the Provincial College of Family Physician Chapters (the “Chapters”)
We may share the personal information of our members with the Chapter in the province or territory in which the member resides and/or practices. This disclosure will only be made in circumstances where the Chapter has entered into a Data Access and Sharing Agreement with us. In such cases, the members’ information will be accessed and used by the Chapters’ authorized users for the purposes of facilitating the Chapters’ ability to communicate with its members regarding Chapter products, services and programs; to survey Chapter members and obtain feedback on Chapter products, services and programs; and for general information and statistical or reporting purposes.To our Service Providers
We may employ third party service providers (for example, for the delivery and/or processing of Examination services, data analysis, data security monitoring and assessment, member support and management services, benefits providers, fee collection services, consulting services, etc.) and these third parties may be located in Canada and in other locations around the world. Therefore, some of your personal information may be retained in the United States, where privacy laws may offer different levels of protection from those in Canada and your personal information may be subject to access by and disclosure to law enforcement agencies under American legislation such as the USA Patriot Act.The employees of our service providers who require your personal information to fulfill their duties will have access to your personal information only when and to the extent required for their provision of services. Access to your personal information in these cases will be granted to perform specific tasks on our behalf and is restricted using contractual arrangements that prevent them from disclosing or using your information for any purpose other than those with which we specify.
To Other Professional Associations or Entities
We may share certain information that we hold about our members to the provincial and territorial MRAs to streamline the licensure process and as part of our role to track and record members’ continuing professional development (“CPD”) activities, including to confirm their enrollment in the Mainpro+ program and to provide their compliance status. Without Consent
In certain circumstances, we may disclose your personal information without your consent, for example where:
- Disclosure is permitted or required by law, including by order of a court or tribunal;
- We believe, on reasonable grounds, that it is necessary to protect the safety of an identifiable person or group;
- We believe it is necessary to permit us to provide requested services; or
- We believe the information is public.
Disclosure of De-identified or Aggregated Data
We may disclose your personal information without your knowledge or consent if the personal information is de-identified before the disclosure is made; if the disclosure is made for a socially beneficial purpose (as we determine, in accordance with any CFPC policies), including for research purposes where we believe the sharing of information is likely to advance the interests of family physicians or family medicine in Canada; and the disclosure is made under the terms of a properly executed data sharing agreement. We may also disclose aggregated information with third parties for similar purposes or to otherwise fulfill business operations.
By sharing your personal information and/or using our services, you agree that we may de-identify and/or aggregate your personal information for purposes consistent with this Policy.
Retention of Personal Information
We will keep records containing your personal information only as long as it is needed to fulfill the purpose(s) for which the personal information was collected, or as otherwise permitted or required by law. When your personal information is no longer required to fulfill the identified purposes, it will be safely and securely destroyed or de-identified.
Principle 6 – Accuracy
We strive to keep your personal information as accurate, complete and up-to-date as possible so that we can fulfill the purposes for which it was first collected. In certain cases, we may contact you to verify the accuracy of the information. Otherwise, you are encouraged to inform us, promptly, if there are any changes to your personal information so that we can better provide our products, programs and services.Principle 7 – Safeguards
We make every reasonable effort to protect your personal information and have implemented physical, organizational and technological measures to protect the personal information that we collect or retain, in whatever format in which it is held, against loss, theft, unauthorized access, use, copying, disclosure, or modification. This commitment also applies to the disposal or destruction of your personal information.The forms of security safeguards we have implemented vary depending on the sensitivity of the information, and include:
- Physical security of and restricted access to our physical premises;
- Locked file cabinets;
- Deployment of technological safeguards like security software, encryption, and industry-standard firewalls to prevent hacking or unauthorized computer access;
- Internal password protection systems and security policies;
- Restriction of staff’s access to personal information to those with a “need-to-know” only;
- Undertakings by all staff to comply with this Policy; and,
- Periodic audits of our information handling practices and training.
Payment Data
Access to your financial information is restricted to members of our staff or third-party service providers who are responsible for payments, payroll or for the collection and reconciliation of fees only. Credit card information collected by us is submitted in encrypted format to our credit card merchant for payment approval and processing and is never held or retained by us. The CFPC is fully compliant with Payment Card Industry requirements and staff who handle such information are regularly and appropriately trained on safe payment handling practices.
Principle 8 – Openness
We are dedicated to implementing the principles described in this Policy and to ensuring that our Policy and privacy practices are well known and understood by our staff, volunteers and stakeholders. To that end, this Policy is posted in a conspicuous place on our Website and staff receive periodic training on the Policy.Changes to this Policy
We may amend this Policy from time to time as circumstances change, in response to legal and legislative changes, as new technologies become available, or as we introduce new features, programs, products or services. When we make changes to the Policy, we will revise the “last updated” date at the top of the Policy and will re-post the Policy on our Website and advise our staff. Policy changes will apply to information collected from the date of the revised Policy, as well as to existing information held by us at the time of the amendment.
Your continued use of our programs, products, services and Website after we make any changes to the Policy signifies your consent to the revised terms of the Policy.
Principle 9 – Individual Access
You have a right to access and review the personal information that we hold about you in one of two ways:- Our members may access their own information in the “Member Profile” section of the member portal.
- Candidates for employment, volunteers, members whose desired information is not included within their Member Profile, and others may send a written request to the attention of [email protected].
In certain cases, applicable law may allow or require us to refuse to provide you with access to some or all of the information we hold about you, or we may have destroyed, erased or de-identified the personal information about you in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reason(s) why. Examples of such situations include, but are not limited to where:
- A legal privilege restricting disclosure applies;
- Another law prohibits the disclosure;
- The information contains references to other individuals;
- The information may cause harm to another person;
- The information may harm or interfere with law enforcement activities and other investigative or regulatory functions;
- The information is protected by solicitor-client privilege, is the subject of litigation or where we have another legal basis for withholding the information;
- The information would disclose our trade secrets or other confidential information (for example, we consider Examinations data, including the recordings of simulated office orals (“SOOs”), Examination content, and the breakdown of Examination results to be confidential and therefore we will not disclose this information);
- It does not exist, is not held, or cannot be found by us; or
- It is not readily retrievable and the burden or cost of providing the information would be disproportionate to the nature or value of the information.
Principle 10 – Challenging Compliance
Any questions or complaints about our handling of your personal information, or any requests to access or correct your personal information, should be directed to the CFPC’s Privacy Officer:Privacy Officer
The College of Family Physicians of Canada
2630 Skymark Avenue
Mississauga, Ontario L4W 5A4
Email: [email protected].
If your concerns are not resolved by us to your complete satisfaction, you are encouraged to contact the Federal Privacy Commissioner.