This policy applies to all employees, contractors and consultants of SureHire and is meant to clearly outline SureHire’s responsibilities regarding privacy. This policy replaces all previous policies and other representations or agreements relating to privacy as well as collection, use and/or disclosure of information.
Scope and Application
- This policy applies to all information about SureHire’s clients, participants, employees, contractors and consultants that is collected, used and/or disclosed by SureHire;
- This policy applies to the management of information in both physical and digital formats;
- This policy does not impose limitations on the collection, use or disclosure of the following information:
- Names, addresses, telephone numbers and email addresses listed in a directory or available through directory assistance;
- Employee’s/contractor’s names, titles, business addresses (including email addresses), business telephone numbers, and/or business fax numbers; or
- Other information about clients, participants or employees/contractors that is publicly available and is specified by federal or provincial/territorial legislation.
- This policy does impose limitations on disclosure of certain information to clients and/or participants, including:
- Proprietary information (organizational testing policies and procedures) unless otherwise required by a client through an agreement or by law; or
- If disclosing the information meets criteria established in section 4.9 of the Personal Information Protection and Electronic Documents Act, section 24 of Alberta’s Personal Information Protection Act, section 23 of British Columbia’s Personal Information Protection Act, and/or division 4 of the Act Respecting the Protection of Personal Information in the Private Sector (Quebec).
- Employees and contractors are required to be educated on this policy through SureHire’s training module regarding privacy and testing practices, including:
- Consent form: Ensuring comprehension and proper completion by the participant, and how to handle questions pertaining to the form;
- How to handle general privacy-related questions from participants;
- Who to direct candidates to with privacy-related questions that are outside of your role’s scope; and
- Escalation procedures for challenges to compliance with privacy legislation
- Employees and contractors are in very sensitive and confidential positions and must strictly adhere to this policy. Violations to the above will result in the individual being disciplined per SureHire’s progressive discipline policy
PIPEDA Privacy Principles
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs commercial organizations on the collection, use, and disclosure of personal information in Canada, except in jurisdictions where legislation has passed that is deemed substantially similar to PIPEDA. SureHire adheres to PIPEDA’s 10 privacy principles as outlined below:
Accountability:An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.
- Privacy Officer: Dean McDougall
- Phone: 587-979-0730
- Email: firstname.lastname@example.org
- Address: Unit #142, 150 58 Avenue SW
- Calgary, AB T2H 0A2
Identifying Purposes: The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection. Compliance with this principle is through the following:
- Use of SureHire’s privacy notice that is sent to the individual at the time their appointment is booked. Our privacy notice is also available by requesting a copy at one of our power centres, by contacting our results department at 1-866-944-4473, or by visiting surehire.ca/resources/legislation.
- Use of a consent form.
Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
- Compliance with this principle is through the use of a consent form which needs to be read (or verbally communicated if the individual is unable to read or is visually impaired), understood and signed prior to provisioning any testing with the individual.
Limiting Collection: The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.
- Compliance with this principle is through a completed audit of all divisions of the organization whereby each type of information collected was identified, evaluated for its level of sensitivity and relevance to the purpose for which it is being collected.
Limiting Use, Disclosure, and Retention: Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.
- Compliance with this principle is through establishment of a retention period of 30 years for all personal information collected from the date of collection in order to comply with all applicable legislation, including but not limited to privacy legislation, health information legislation and occupational health and safety legislation.
Accuracy: Personal information must be as accurate, complete and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
- Compliance with this principle is through collection directly from the individual in which the information relates as well as through an established review process after collection has occurred. Individuals have the opportunity to correct any information they deem false or inaccurate through principle 9 of PIPEDA (Individual access).
Safeguards: Personal information must be protected by appropriate security relative to the sensitivity of the information.
- Compliance with this principle is through the establishment of the following safeguards:
- Storage of Physical data – protected at our power centres, ETF network, ITF network and corporate office under lock and key in a secure location within the facility. Physical data collected through mobile testing is kept in the possession of the staff member provisioning testing until it can be transferred to our corporate office for processing.
- Storage of Digital data – protected through use of cloud-based servers provided by third-party organizations that are compliant with federal, provincial and territorial legislation. For information on our third-party’s privacy and security policies, please go to the following URL’s:
Please refer to SureHire’s Data Breach Response Policy, for information on how the organization deals with information/data breaches.
Openness: An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.
Individual Access:Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Compliance with this principle is through use of a consent form which needs to be read (or verbally communicated in situations where the individual is unable to read or is visually impaired), understood and signed prior to provisioning any testing with the individual. SureHire has also established policies and procedures with regards to individuals who request access to copies of their testing results and paperwork from testing. These policies and procedures are available upon request.
Challenging Compliance:An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.
- Compliance with this principle is through designation of a Privacy Officer within the organization. The organization’s Privacy Officer is responsible for responding to all complaints, challenges and queries regarding SureHire’s compliance with PIPEDA.
Shortcode & Text Messaging FAQs
SureHire uses SMS/Short Code messaging for appointment notifications/reminders and provides the option to communicate with our clients using SMS (text messages).
What is a text message or SMS?
A text message or SMS is an alphanumeric message that you can send or receive on your wireless device.
What is a shortcode?
A shortcode is a 5- to 6-digit number used by companies to receive/send text messages. All the major wireless carriers in Canada recognize shortcodes on their networks through the Common Short Code initiative.
How much does it cost to send a text message to your shortcode?
SureHire does not charge for sending messages to, or receiving messages from, our shortcode. Standard messaging and data rates from your wireless carrier may apply.
What is a standard rate?
Depending on your particular wireless plan, your wireless service provider may charge extra for each text message that is sent to and received from a shortcode. Any message and data charges from your service provider will appear on your wireless bill or be deducted from your prepaid account. You should consult your wireless service provider regarding what’s included in your price plan.
What do you do with the information you collect from me through text messages?
By sending text messages to SureHire, you accept to receive information about us and about your upcoming appointments and services.
How do I STOP/ARRET short code messages?
Reply STOP (or ARRET) to 94473. All specified messages that you provided opt-in consented to, will stop immediately.
How do I get more information regarding your shortcode or service?
Reply HELP (or AIDE) to 94473. It will provide you with the most up to date information on how to contact SureHire.