|During the course of conducting business OSQA collects information about its members and customers. For example, when an individual joins the organization we collect basic information such as their name, postal address, and email address.
For the data that OSQA collects, we adhere to the following principles, as defined in the Canadian Standards Association Model Privacy Code:
Principle 1: Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
The person responsible for the privacy of OSQA data is the president. He can be reached at firstname.lastname@example.org.
Principle 2: Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Personal data collected by OSQA is used to inform quality professionals of events and offers that are of interst to them (through the mailing list). We also use the data to fulfill orders. For example, when someone orders a book from the OSQA web site we need to send it to them.
Principle 3: Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
When an individual becomes a member of OSQA or attends one of the OSQA events their contact details (at a minimum their name and email address, and at a maximum their name, email address, and postal address) are added to our mailing list. We send out an email every two weeks during the OSQA meetings season (that is all months except July and December), and another mailing around Christmas / New Year. Individuals can opt out of the mailing list by following the instructions at the bottom of the email. Members of OSQA may receive additional communications containing special events or special announcements from OSQA. OSQA does not sell or share its mailing list. Monthly meetings are co-organized and held jointly with the Ottawa chapter of the American Society for Quality, and they add attendees to their mailing list as well. The ASQ may have their own policy regarding the data that they collect. If an individual does not wish to have their information shared with the ASQ, they can request that it not be shared at the registration desk of the meeting.
Principle 4: Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purpose identified by the organization. Information shall be collected by fair and lawful means.
The only information that OSQA collects is contact information provided by individuals during event registration and/or membership application.
Principle 5: Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
The personal data that OSQA collects is only destroyed when the individual requests it or when the contact information is no longer valid (e.g., invalid emails).
Principle 6: Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
The contact information that we have is updated when individuals attend subsequent events, and are deleted when they cease to be valid.
Principle 7: Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
The contact information database is kept in encrypted storage with role based access control. Individual emails that contain contact information may be generated for OSQA to conduct its business (e.g., email receipts).
Principle 8: Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Here it is.
Principle 9: Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Please contact the president of OSQA to inspect your individual record.
Principle 10: Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
Please contact the president of OSQA to challenge compliance.