|Statement of Policy and Procedure|
|Subject:||Privacy – Policy||Page:||1 of 5|
|Distribution:||All Employees||Issued:||January 2018|
|Issued by:||Human Resources||Reviewed/Revised:||January 3, 2023|
|Effective:||January 3, 2023|
Windley Ely (or “the Company”) provides claims management solutions – workers’ compensation, absence management, and occupational health and safety – for employers across Canada (“Services”). Employers (our “Clients”) provide information to us about their employees in order to provide the Services. We may also receive information directly from the employees to deliver our Services to their employers. We, in turn, provide information back to our Clients related to effective workplace injury and cost management.
Because Windley Ely is a service provider, our Clients are responsible for some of the requirements set out in the Applicable Laws, we are responsible for other obligations and in certain cases share the obligations with our Clients. This Policy sets out how Windley Ely protects the privacy of the employees and the confidentiality and security of their Personal Information that it receives in order to provide Services to its Clients; it identifies the instances in which the Applicable Laws require our Clients to take steps to appropriately manage the Personal Information of their employees.
SCOPE OF APPLICATION
By visiting the Site, or using any of our Services, you agree that your personal information will be handled as described in the Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy
Windley Ely is responsible for Personal Information under its control and has designated an individual who is accountable for the company’s compliance with this Policy and Applicable Laws.
- Windley Ely has identified the Director of Human Resources as the Windley Ely Privacy Officer, the individual responsible for its compliance
- The identify of this individual is made known upon request
- Windley Ely enters agreements/contracts with its employees and third parties who require access to the Personal Information of Windley Ely Clients to provide the Services
- Windley Ely has developed and implemented policies and procedures to give effect to this Policy and comply with Applicable Laws, including:
- implementing procedures to protect Personal Information.
- establishing procedures to receive and respond to complaints and inquiries.
- training staff and communicating to staff information about Windley Ely’s policies and practices; and
- developing information to explain Windley Ely’s policies and procedures.
Windley Ely identifies the purpose for which Personal Information is collected at or before the time the information is collected.
- Our Clients have the primary responsibility to identify the purposes for which they collect the Personal Information of their employees and indicate that they provide the information to service providers, such as Windley Ely, in order to manage the employment relationship
- Where Windley Ely collects the Personal Information directly from its Client’s employees, it advises them of the purposes for which it is collecting their Personal Information.
Windley Ely does not collect, use, or disclose Personal Information except with the knowledge and consent of the individual and where consent is inappropriate.
- Because our Clients directly collect Personal Information from their employees, it is their responsibility to obtain employee consent for the provision of their Personal Information to Windley Ely if such consent is required by the Applicable Law.
- Where Windley Ely collects Personal Information directly from our Clients’ employees, we obtain employee consent by signature.
Windley Ely limits the collection of Personal Information that which is necessary for the purposes identified by the Company to provide Services to its Clients.
- The Company collects Personal Information by fair and lawful means; we make clear the purposes for which we collect the Personal Information
- The Company relies on its Clients who are required to obtain employee consent to be clear that one of the purposes for which they are collecting the Personal Information to Windley Ely to provide Services to our Clients.
- When we collect Personal Information directly from employees, we are transparent about the purposes for which we are collecting the information.
LIMITING USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
Windley Ely does not use or disclose Personal Information purposes other than those for which it was collected, except with the consent of the individual or as required by law. The Company retains Personal Information only as long as necessary for the fulfilment of those purposes or as legally required.
- Windley Ely has developed guidelines and implemented procedures with respect to the retention of Personal Information. These guidelines include minimum and maximum retention periods. Personal Information that has been used to make a decision about an individual is retained long enough to allow the individual access to the information after the decision has been made. The Company is subject to legislative requirements with respect to retention periods.
- Personal Information that is no longer required to fulfil the identified purposes is destroyed, erased, or made anonymous. Windley Ely has developed guidelines and implemented procedures to govern the destruction of PHI.
Windley Ely makes reasonable efforts to ensure that personal information of individuals is accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
- Because the Company receives employee Personal Information from our Clients on an ongoing basis, we rely on our Clients to ensure that the information is as is accurate and up to date as required for us to provide the Services.
Windley Ely protects Personal Information by security safeguards appropriate to the sensitivity of the information.
- We use administrative, physical, and technical means to protect the Personal Information received from our Clients against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format (e.g., electronic, paper) in which it is held.
- We make our employees aware of the importance of maintaining the confidentiality of Personal Information.
- We use care in the disposal or destruction of Personal Information, to prevent unauthorized parties from gaining access to the information.
Windley Ely makes readily available to individuals’ specific information about its policies and practices relating to the management of Personal Information that is under the control of the Company.
- the name or title, and the address, of the person who is accountable for the Company’s policies and practices – our Privacy Officer – and to whom complaints or inquiries can be forwarded.
- the means of gaining access to Personal Information in the control of Windley Ely.
- a description of the type of Personal Information held by the Company, including a general account of its use; and
- a copy of any brochures or other information that explain our privacy policies and standards.
Upon receipt of a written request, Windley Ely will inform an individual of the existence, use, and disclosure of his or her Personal Information that is under our control.
- We will provide the individual with access to their Personal Information subject to certain limited exemptions in the Applicable Laws.
- Individuals who receive access to their Personal Information are able to challenge the accuracy and completeness of the information and have it amended if appropriate to do so.
- Windley Ely will respond to requests for access to, and/or correction of Personal Information within a reasonable time and at no charge.