Privacy Policy
  • Privacy Policy
  • Privacy Policy

Privacy Policy

Introduction

en francais

Ateb Canada Ltd., is a corporation incorporated under the laws of Ontario, with its registered office at 3760 14th Avenue, Suite 300, Markham, Ontario L3R 3T7.When the term Ateb is used in this policy, it means Ateb Canada Ltd. Its servers for Canadian operations are located in Canada.  Ateb will not transfer personal information outside of Canada without the prior authorization of Ateb’s customers.

Ateb is engaged in providing services to Canadian pharmacies and other healthcare institutions to better serve their customers for pharmaceutical preparations and to achieve better health outcomes for their patients.

As technology increasingly facilitates the circulation and exchange of information, there is a need for rules to govern the collection, use and disclosure of personal health information in a manner that recognizes the privacy rights of individuals in Canada with respect to their personal information, and the needs of Canadian businesses, communities and other organizations to collect, use or disclose personal information for purposes that a reasonable Canadian would consider appropriate in the circumstances.

Definitions

The following definitions apply in this Privacy Policy:

Collection” – the act of gathering, acquiring or obtaining personal information from any source, including from third parties, by any means.

Consent” – voluntary agreement with what is being done or proposed.  Consent can be either expressed or implied.  Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the persons seeking the consent.  Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.

Disclosure” – making personal information available to other persons outside of Ateb and, where applicable, the particular pharmacy or healthcare institution that Ateb is servicing.

“Personal health information” – with respect to an individual, whether living or deceased, means

(a) information concerning the physical or mental health of the individual;

(b) information concerning any health service provided to the individual;

(c) information concerning the donation by the individual of any body part or any bodily substance of the individual or information derived from the testing or examination of a body part or bodily substance of the individual;

(d) information that is collected in the course of providing health services to the individual; or

(e) information that is collected incidentally to the provision of health services to the individual.

Personal information” – means information about an identifiable individual, including personal health information, but does not include business contact information unless the individual is using such contact information for personal purposes.

PIPEDA” – means the Canadian Personal Information Protection and Electronic Documents Act, as amended from time to time.

Use” – treatment and handling of personal information within Ateb.

PRINCIPLE 1:  ACCOUNTABILITY

Accountability for Ateb Canada Ltd.’s compliance with the privacy principles shall rest with an individual as appointed by the Board of Directors from time to time.  This individual may delegate other individuals to act in his or her behalf.  The individual will be known as the “Privacy Officer”.

Ateb is responsible for all personal information in its possession or custody, including information that has been transferred to it through any third party, such as a pharmacy, a healthcare institution, or one of their customers or patients.  It is the responsibility of the Ateb staff person proposing or supervising such activities to ensure that the contract with the outside party will afford a comparable level of protection while the personal information is being processed by such third party, and that when Ateb is acting as a service provider for other organizations that Ateb complies with the privacy policies of such organizations.  Such third party arrangements will usually mean the provision of a copy of the relevant privacy policy to such other party and the written acknowledgement from such other party that it will be bound by the policy Ateb shall implement policies and practices to give effect to this privacy policy, including:

  • implementing procedures to protect personal information;
  • establishing procedures to receive and respond to complaints and inquiries;
  • training staff and communicating to staff information about Ateb’s policies and practices; and
  • developing information to explain Ateb’s policies and procedures.

PRINCIPLE 2:  IDENTIFYING PURPOSES

The purposes for which personal information and personal health information are collected shall be identified by Ateb before or at the time the information is collected.

Members of Ateb shall collect personal information only for the purposes of:

  • Providing services including but not limited to delivering emergency and vitally important information to patients about their prescriptions, medication therapies, delivery devices, discharge instructions, and other communications to patients of the companies that have signed a service agreement with Ateb;
  • Improving its services and developing new methods for improving health care outcomes for Canadians.
  • complying with governmental regulations, including rules and regulations of the Canadian Radio-television and Telecommunications Commission (also known as the “CRTC”) with respect to Canada’s Anti-Spam Law (also known as “CASL”);
  • hiring and employment purposes;
  • training its staff;
  • operating its web site;

Ateb generally uses such personal information to carry on its business and serve its customers as described above.  If the business is transferred to a new owner, subject to the limitations of Principle 5, the personal information will also be transferred. Personal health information will only be transferred for the purposes of providing health care or assisting in providing health care, or where it has been provided by a third party, back to that third party.

The purposes for which a member of Ateb is collecting personal information shall be identified by the member at or before the time the information is collected. Only information that is necessary for the purposes that have been identified may be collected.  The purposes for the collection shall be communicated to the subject individual.

PRINCIPLE 3: CONSENT

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except as provided by law.

Consent is required for the collection of personal information and the subsequent use or disclosure of such information.  The exceptions to such requirement are specified in PIPEDA or other applicable legislation.

To the extent, if any, that Ateb acts as a service provider to another organization with respect to the collection, use or disclosure of personal information, a member of Ateb shall obtain and adhere to any form of consent previously obtained by such organization, subject to the exceptions provided for in PIPEDA purposes of providing health care or assisting in providing health care.

Where Ateb acts as a service provider to an organization that collects the personal information, Ateb may rely upon the consent obtained by such organization, provided that Ateb complies with the privacy policy of such organization and follows the directions or authorizations of such organization.

Ateb may not, as a condition for the supply of services or employment for example, require an individual to consent to the collection, use or disclosure of personal information beyond what is necessary for such purposes.

The adequacy of the form of consent depends upon the circumstances and the type of information that is being collected.  Generally speaking, the more sensitive the information (such as health records or employment evaluations), the more explicit or manifest is the form of consent that is required.  In obtaining consent, the reasonable expectations of the individual must also be taken into account.  Consent shall not be obtained through deception.

In the collection of personal health information consent may only be implied when it is for the purposes of providing health care or assisting in providing health care.

An individual may withdraw a consent at any time, subject to legal or contractual restrictions and reasonable notice.  The individual shall be informed of the implications of such withdrawal.

PRINCIPLE 4:  LIMITING COLLECTION

The collection of personal information shall be limited to that which is necessary for the purposes identified by Ateb.  The information shall be collected by fair and lawful means.

Personal information shall not be collected indiscriminately.  Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified.

PRINCIPLE 5: LIMITING USE, DISCLOSURE AND RETENTION

Personal information shall not be used or disclosed for purposes other than those for which the information was collected, except with the consent of the individual or as required by law.  Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

Personal information, and particularly personal health information, collected in Canada by Ateb will not be used or disclosed outside of Canada without the informed consent of the individual, except that for the purposes maintaining, troubleshooting or expanding the computer operations in Canada qualified individuals may access the relevant computer servers and programs, provided that they have signed appropriate confidentiality and privacy agreements.

Personal information that is no longer required to fulfil the identified purposes should be destroyed, erased or made anonymous. Ateb shall conduct regular reviews to determine whether information is still required.

Before disposing of electronic devices, such as computers, photocopiers and cell phones, Ateb shall ensure that all personal information is fully deleted.

As one of the purposes for which Ateb collects, uses and/or discloses personal information is the operation of its business, in the event that all or part of the assets of Ateb are sold to a new owner, all personal information, or that part of the personal information associated with the assets being sold, will be transferred (disclosed) to the new owner, subject to certain conditions.  Either the new owner must agree to maintain and abide by Ateb’s then existing Privacy Policy for a minimum of six months, or the new owner must agree to Ateb sending notices to all of its current customers advising them of the proposed transfer, the new owner’s privacy policy and providing its customers with an easy and effective means of withdrawing their personal information from the transfer, at Ateb’s option. However personal health information will only be transferred for the purposes of providing health care or assisting in providing health care, or where it has been provided by a third party, back to that third party.

PRINCIPLE 6:  ACCURACY

Personal information shall be accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

This is particularly important where the information is being used to make some evaluation or judgement about the individual, or as contact information for the delivery of sensitive personal information, such as personal health information.  The extent to which the personal information shall be accurate, complete and up-to-date will depend upon the use of the information taking into account the interests of the individual.

Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date.

PRINCIPLE 7:  SAFEGUARDS

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

The security safeguards shall take reasonable precautions to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.  The nature of the safeguards will vary according to the sensitivity of the information.

The methods of protection will include physical measures, organizational measures and technological measures.  All personal information shall be handled on a “need-to-know” basis and each member of Ateb shall be responsible for the protection of the personal information used in his or her job function.

Where personal information, and especially personal health information is maintained in an electronic form, Ateb shall implement additional safeguards for such information. Ateb shall create and maintain a record of user activity for any electronic information system it uses to maintain personal health information.

Ateb shall regularly make all of its members aware of the importance of maintaining the security of personal information.

Care shall be used in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

Ateb shall review and update security measures regularly.

PRINCIPLE 8: OPENNESS

Ateb shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Ateb shall be open about its policies and practices with respect to the management of personal information.  Individuals shall be able to acquire information about Ateb’s policies and practices without unreasonable effort.  This information shall be made available in a form that is generally understandable. Ateb should also ensure front-line staffs are familiar with the procedures for responding to individual inquiries.

The information made available must include:

  • how the individual may contact the Privacy Officer of Ateb with respect to complaints or inquiries;
  • advice that the individual can gain access to the personal information held by Ateb by writing to the Privacy Officer of Ateb, confirming and verifying their identity, and requesting the specified information;
  • a description of the type of personal information held by Ateb including a general account of its use;
  • a copy of any brochures or other information that explain Ateb’s policies, standards or codes; and
  • what personal information is generally made available to related organizations.

This information is also to be made available on the website.

PRINCIPLE 9: INDIVIDUAL ACCESS

Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information.  An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Before granting an individual access to the personal information, a member of Ateb must consult the Privacy Officer or that person’s delegate. There are restrictions on the grant of access in PIPEDA where it would reveal personal information about a third party that cannot be severed from the information about the individual making the request, and in certain other circumstances there needs to be notification of governmental institutions before release.

Access may also be refused where the information is protected by solicitor-client privilege; where revealing the information would also reveal confidential commercial information; where revealing the information could reasonably be expected to threaten the life or security of another individual; if the information was collected during an investigation of a breach of an agreement or a contravention of the laws of Canada or a province on the expectation that the knowledge or consent or consent of the individual would compromise the availability or accuracy of the information; or where the information was generated in the course of a formal dispute resolution process.

Upon such a request, Ateb shall inform an individual whether or not Ateb holds personal information about the individual.  When disclosure is made to the individual, the organization shall provide an account of the use that has been made or is being made of the information and an account of the third parties to which the information has been disclosed.

Where the request for access is with respect to personal information collected, used or disclosed in the course of serving a customer or other third party, the customer or other third party shall immediately be provided with a copy of the request.

Ateb shall respond to an individual’s request within 30 days and at minimal or no cost to the individual.  Ateb may require a reasonable payment for the information provided only if it has informed the individual in advance of the approximate cost and the individual has advised Ateb that the request is not being withdrawn.

When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, Ateb must amend the information as required.  Depending upon the nature of the information challenged, amendment could involve the correction, deletion or addition of information.  Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

When a challenge is not resolved to the satisfaction of the customer, the substance of the unresolved challenge shall be recorded by the member of Ateb.  When appropriate, the existence of the unresolved challenge should be transmitted to third parties having access to the information in question.

PRINCIPLE 10:  CHALLENGING COMPLIANCE

An individual shall be able to address a challenge concerning compliance with the above privacy principles to the Privacy Officer of Ateb.

The individual accountable for Ateb’s compliance is the Privacy Officer as appointed by the Board of Directors of Ateb from time to time. The Board of Directors will establish procedures to receive and respond to complaints or inquiries about Ateb’s policies and practices relating to the handling of personal information.

Members of Ateb shall inform individuals who make inquiries or lodge complaints of the existence of the relevant complaint mechanisms of Ateb.  Ateb shall investigate all complaints.  If a complaint is found to be justified through either the internal or external compliant review process, Ateb will take appropriate measures, including amending its policies and practices if necessary.

Where the complaint arises out of a customer matter, the customer shall be informed immediately.

Alternatively, an individual could contact Office of the Information and Privacy Commissioner in Canada about alleged breaches of the law.

Changes

From time to time Ateb may make changes to this policy to adapt to changing business conditions and for other reasons.  In the event that in the opinion of Ateb acting reasonably such changes will allow Ateb to make materially greater use and/or disclosure of any personal information, the individuals affected by the changes will be clearly and concisely notified of the changes and their proposed effect, and provided with an opportunity to withdraw their consent to the collection, use and/or disclosure of their personal information.

Date Adopted: January 5th, 2016

Contacting Ateb Canada Ltd.:

Privacy Officer

Robert Mernar

Address: 3760 14th Avenue, Suite 300, Markham, Ontario L3R 3T7

Phone No.: 919.872.1275

Email Address: PrivacyOfficer@atebcanada.ca

 

Offices of the Information and Privacy Commissioners in Canada

Office of the Privacy Commissioner of Canada

Information Centre

30 Victoria Street, Gatineau, Quebec, K1A 1H3

Toll-free: 1-800-282-1376
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591

Web Site: https://www.priv.gc.ca/index_e.asp

 

Alberta

Office of the Information and Privacy Commissioner of Alberta

Suite 410, 9925 109 Street, Edmonton, Alberta T5K 2J8

Phone: (780) 422-6860

Toll Free: 1 (888) 878-4044

Email: generalinfo@oipc.ab.ca

Web Site: http://www.oipc.ab.ca

 

British Columbia

Office of the Information and Privacy Commissioner for British Columbia

P.O. Box 9038, Stn. Prov. Govt.

756 Fort Street, 3rd Floor

Victoria, British Columbia V8V 1X4

Phone: (250) 387-5629

Tollfree:

1 (800) 663-7867

(free within B.C.)

Email: info@oipc.bc.ca

Web Site: http://www.oipc.bc.ca/

 

New Brunswick

Office of the Ombudsman

Sterling House

P. O. Box 6000

767 Brunswick Street

Fredericton, NB E3B 5H1

Phone: (506) 453-2789

Email: nbombud@gnb.ca

Web Site: http://www.gnb.ca/0073/indexe.asp

 

Newfoundland and Labrador

Office of the Information and Privacy Commissioner for Newfoundland and Labrador

2nd floor, 34 Pippy Place

P.O. Box 13004, Station A

St. John’s, NL A1B 3V8

Phone: (709) 729-6309

Email: commissioner@oipc.nl.ca

Web Site: http://www.oipc.gov.nl.ca/default.htm

 

Northwest Territories

Information and Privacy Commissioner of the Northwest Territories

5018, 47th street

Yellowknife, Northwest Territories X1A 2N2

Phone: (867) 6690976

Fax: (867) 920-2511

Email: atippcomm@theedge.ca

 

Nova Scotia

Nova Scotia Freedom of Information and Privacy Review Office

P.O. Box 181

Halifax, Nova Scotia B3J 2M4

Phone: (902) 424-4684

Email: foipopro@gov.ns.ca

Web Site: http://www.gov.ns.ca/foiro/

 

Nunavut

Information and Privacy Commissioner of Nunavut

5018, 47th street

Yellowknife, Northwest Territories X1A 2N2

Phone: (867) 669-0976

Fax: (867) 920-2511

Email: atippcomm@theedge.ca

Web Site: http://www.infoprivacy.nu.ca/en/home

 

Ontario

Office of the Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Phone: (416) 326-3333

Tollfree:

1 (800) 387-0073

(free within Ontario)

Email: info@ipc.on.ca

Web Site: http://www.ipc.on.ca/

 

Prince Edward Island

Office of the Information and Privacy Commissioner of Prince Edward Island

180 Richmond Street

P.O. Box 2000

Charlottetown, Prince Edward Island

C1A 7N8

Telephone: (902) 368-4099

Email: mlsmith@gov.pe.ca

Web Site: www.oipc.pe.ca

 

Québec

Commission d’accès à l’information du Québec

575 St. Amable Street

Suite 1.10

Québec, Québec G1R 2G4

Phone: (418) 528-7741

Tollfree:

1 (888) 528-7741

(free within Québec)

Email: Cai.Communications@cai.gouv.qc.ca

Web Site: http://www.cai.gouv.qc.ca/indexen.html

 

Saskatchewan

Office of the Information and Privacy Commissioner of Saskatchewan

5031801

Hamilton Street

Regina, Saskatchewan

S4P 4B4

Phone: (306) 787-8350

Email: gdickson@oipc.sk.ca

Web Site: http://www.oipc.sk.ca

 

Yukon

Office of the Yukon Ombudsman and Information and Privacy Commissioner

211 Hawkins Street, Suite 201

P.O. Box 2703

Whitehorse, Yukon Territory Y1A 2C6

Phone: (867) 667-8468

Email: email.ombudsman@ombudsman.yk.ca

Web Site: http://www.ombudsman.yk.ca/