Privacy Policy

Summerhill Group Code for the Management of Personal Information

Based on PIPEDA, a federally enacted act which protects personal information that is collected, used and disclosed.

Responsibility:
We hereby adopt the policies and procedures contained herein and confirm that the management is committed to ensuring that they are applied consistently across the organization.

Ian Morton/James Alden
Principals – Summerhill Group

1. Scope

This code is based on the CSA Model Code for the Protection of Personal Information (CAN/CSAQ830-96). It describes how Summerhill Group Inc. (“Summerhill Group”) subscribes to the principles of the CSA Model Code with respect to the personal information described in Clauses 2.1.1 2.1.7 and 2.1.8 below, collected after June 30, 1999 .

Collection of Personal Information by Summerhill Group

Summerhill Group collects personal information on behalf of its affiliated non-profit organizations, Clean Air Foundation, Canadian Energy Efficiency Alliance and Health Indoors Partnership from the individuals themselves, third party vendors and other sources of publicly-available information, across Canada . The information collected may include personal information about the individual including: the name or other identifier, age, gender, office and mailing address, phone number, e-mail and purchasing behavior and preferences.

Use of the Information by Summerhill Group

The information collected is processed and analyzed and is used for business purposes specific to the Summerhill Group and its managed organizations. This data is not sold to third-party agencies for external marketing purposes.

2. Definitions

2.1 The following definitions apply in this code:

2.1.1 Basic information means the name of an individual, together with any of the following: age, gender, preferred
mailing address, e-mail address, preferred language of communication, and responses to specific questions administered on-line or in-person.

2.1.2 Collection means the act of gathering, acquiring or obtaining personal information from any source, including third parties, by any means.

2.1.3 Consent means voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.

2.1.4 Disclosure means making personal information available to others outside the organization.

2.1.5 Organization means any association, business, charitable organization, club, government body, institution, professional practice, union or other person or entity from which personal information is collected or to which personal information is disclosed.

2.1.6 Personal information means information about an identifiable individual that is recorded in any form.

2.1.7 Use means the treatment or handling of personal information within an organization.

3. Principles

3.1 Principle 1 – Accountability 

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.

3.1.1 Accountability for Summerhill Group's compliance with the principles in this code rests with the principals of the Summerhill Group, even though other individuals within our organization are responsible for the day-today collection and processing of personal information.

3.1.2 The identity of the individual designated by Summerhill Group to oversee our organization's compliance with the principles will be made known upon request.

3.1.3 Summerhill Group is responsible for personal information in its possession or custody. No personal information is transferred to a third party for processing.

3.1.3.1 Summerhill Group requires, as a condition of providing personal information to any organization, that:
(a) such information shall not be used for any purpose other than the purpose for which such information was provided (see Clause 3.2.2); and

3.1.4 Summerhill Group has implemented policies and practices to give effect to the principles, including:

(a) implementing procedures to protect personal information and to ensure that our organization manages that information confidentially;

(b) establishing procedures to receive and respond to complaints and inquiries;

(c) training staff and communicating to staff information about our organization's policies and practices; and

(d) developing information to explain our organization's policies and procedures.

3.2 Principle 2 - Identifying Purposes

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

3.2.1 The purposes for which Summerhill Group collects personal information are documented in Clause 3.2.2, and on our website (www.summerhillgroup.ca), in order to comply with the Openness principle (Clause 3.8) and the Individual Access principle (Clause 3.9).

3.2.2 Summerhill Group collects personal information on behalf of the Clean Air Foundation, Healthy Indoors Partnership and Canadian Energy Efficiency Alliance. This information is processed and analyzed and is used for business purposes specific to the Summerhill Group and its managed organizations. This data is not sold to third-party agencies for external marketing purposes. It is provided to third parties for use, only with express consent from those individuals.

3.2.3.1 Where Summerhill Group collects basic information Summerhill Group uses means including written agreement showing the purposes for which such information is being collected, or direct mailing or through various media, to inform the public of the purposes for which the information is being collected.

3.2.4 Summerhill Group will not use or disclose any personal information, for any purpose not previously identified pursuant to Clause 3.2.3.1 or 3.2.3.2, except as required or permitted by law. Should these purposes change with respect to Clause 3.2.3.1, Summerhill Group will specify these changes. Should these purposes change with respect to Clause 3.2.3.2, Summerhill Group will info rm the public using similar means as described in Clause 3.2.3.2.

3.2.5.1 Where Summerhill Group collects basic information, the Privacy Officer of Summerhill Group or another individual delegated to act on his or her behalf will explain to the individual concerned, upon request, the purposes for which the information is being collected.

3.2.6 This principle is closely linked to the Limiting Collection principle (Clause 3.4) and the Limiting Use, Disclosure and Retention principle (Clause 3.5).

3.3 Principle 3 - Consent

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

Note : In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. Organizations that do not have a direct relationship with the individual may not always be able to seek consent.

3.3.1 Summerhill Group collects basic information directly from the individual concerned or from sources of publicly-available information.

3.3.1.1 Where Summerhill Group collects basic information; Summerhill Group considers that there is implied consent to the collection, use (processing) and disclosure of the information.

Where Summerhill Group collects personal information, Summerhill Group obtains the express consent of the individual concerned for the collection by Summerhill Group and the subsequent use (processing) of the information. Summerhill Group will not disclose personal information except with the express consent of the individual concerned or as required or permitted by law.

3.3.4 Summerhill Group has taken into account the sensitivity of each type of personal information, in determining the form of consent required. Given the context in which such information is used and disclosed, such information is not considered to be highly sensitive.

3.3.5 Summerhill Group also considers that the purposes for which personal information collected from a source other than the individual concerned (see Clauses 3.2.2 and 3.3.1) is used and disclosed are consistent with the purposes for which such information was originally collected, and are not in conflict with the reasonable expectations of any individual concerned.

3.3.6 Subject to the provisions of any written agreement, any consent obtained pursuant to Clause 3.3.1.1, may be withdrawn at any time upon 90 days prior written notice.

3.4 Principle 4 - Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

3.4.1 Summerhill Group collects only the amount and the type of personal information, which is necessary to fulfill the purposes identified in Clause 3.2.2, and specifies the type of information collected as part of its information-handling policies and practices, in accordance with the Openness principle (Clause 3.8).

3.4.2 If any new purposes are identified due to changing business needs, Summerhill Group will conduct an assessment to ensure that such purposes are consistent with the principles in this code.

3.4.3 The requirement that personal information be collected fairly and lawfully means that Summerhill Group will not mislead or deceive individuals about the purpose for which the information is being collected, or obtain consent to collect the information through deception.

3.4.4 This principle is closely linked to the Identifying Purposes principle (Clause 3.2) and the Consent principle (Clause 3.3).

3.5 Principle 5 - Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as is necessary for the fulfillment of those purposes.

3.5.1 Summerhill Group will not use or disclose personal information, for any new purpose, except in accordance with Clauses 3.2.4 and 3.4.2, and uses contractual means to ensure that any organization to which it discloses personal information is similarly obligated (see Clause 3.1.3.1).

3.5.2 The contractual means referred to in Clause 3.5.1 includes a contract drafted by the Summerhill Group to govern the use of collected data by other organizations.

3.5.3 Summerhill Group has developed guidelines and implemented procedures with respect to the retention of personal information, including a minimum retention period of two years and a maximum retention period of twenty years.

3.5.4 Summerhill Group destroys, erases or renders anonymous any personal information that is no longer required to fulfill the purposes identified in Clause

3.5.5 This principle is closely linked to the Consent principle (Clause 3.3), the Identifying Purposes principle (Clause 3.2) and the Individual Access principle (Clause 3.9).

3.6 Principle 6 - Accuracy

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

3.6.1 Summerhill Group uses its best efforts, to ensure that personal information collected by it is accurate and complete. Various data analysis techniques are also used to detect and correct errors.

3.6.2 The Summerhill Group will not routinely update personal information unless such a process in necessary to fulfill the purposes for which the information was collected. All basic information provided by Summerhill Group is stated to be as of a specified date.

3.7 Principle 7 - Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

3.7.1.1 Where Summerhill Group collects personal information directly from the individual concerned, such information is collected via questionnaires and our affiliated websites etc. Where Summerhill Group collects personal information in recorded form from a source other than the individual concerned, such information is sent to Summerhill Group by courier or electronic transmission.

Once received by Summerhill Group, Summerhill Group uses a variety of measures (see Clause 3.7.3) to ensure that the information is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. All information collected by Summerhill Group is kept in the format received and/or in computer format. Employees of the Summerhill Group who have access to personal information will be made aware of the importance of maintaining confidentiality of personal information.

3.7.1.2 Summerhill Group uses contractual means to ensure that any organization to which Summerhill Group discloses personal information is similarly obligated. All personal information disclosed by Summerhill Group to any user is sent in hard copy or computer format, by bonded courier or electronic transmission.

3.7.2 Summerhill Group affords the highest level of protection to all personal information, without distinction as to sensitivity.

3.7.3 The methods of protection used by Summerhill Group include:

(a) physical measures, such as a segregated computer system and restricted access to its premises and computer facilities;

(b) organizational measures, such as internal audits,

(c) technological measures, such as periodic testing of its computer security systems, and the use of secure transmission lines, confidential passwords and encryption.

3.7.4 All employees of Summerhill Group are made aware of the importance of maintaining the confidentiality of personal information on an annual basis.

3.7.5 Summerhill Group has developed guidelines and implemented procedures governing the disposal or destruction of personal information (see Clause 3.5.3), to prevent unauthorized parties from gaining access to the information.

3.8 Principle 8 - Openness

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

3.8.1 Summerhill Group is open about its policies and practices with respect to the management of personal information, and will provide to any individual upon request, easily understandable information about its policies and practices, and a copy of this code.

3.8.2 The information about our policies and practices is contained on our website or is available upon request and includes:

(a) the name/title and address of the person who is accountable for our organization's policies and practices and to whom complaints or inquiries can be forwarded;

(b) the means of gaining access to personal information held by our organization;

(c) a description of the type of personal information held by our organization, including a general account of its use;

(d) what personal information, if any, is made available to related organizations; and

(e) an explanation of our organization's policies and practices, and a copy of this code.

3.8.3 Summerhill Group's policies and practices are available at its place of business; on its website (at ww.summerhillgroup.ca); by mail, upon request to Summerhill Group, 1216 Yonge Street Suite 201 , Toronto , Ontario , M4T 1W1 other written communication by fax to (416) 922-1028 or telephone (416-822-9038).

3.9 Principle 9 - Individual Access

Upon request, an individual shall be info rmed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, an organization may not be able to provide access to all personal information it holds about an individual. Exceptions may include information that is prohibitively costly to provide.

3.9.1 Summerhill Group will, upon request by any individual at any time, provide the that individual with any identifiable personal information in Summerhill Group's possession concerning the health professional, provided that the request is made at reasonable intervals.

3.9.2 Summerhill Group requires only the name and evidence confirming the identity of the individual requesting the information, in order to provide the information referred to in Clause 3.9.1.

3.9.3 Summerhill Group will provide, as part of the information referred to in Clause 3.9.1, either a list of the third parties to which it has disclosed the information or to which it may have disclosed the information, depending upon the needs of the individual requesting the information.

3.9.4 Summerhill Group will respond to any request pursuant to Clause 3.9.1 as promptly as possible, and in any event within 30 days, at no cost to the individual requesting the information. The requested information will be provided or made available in an easily understandable form, together with any required explanation of abbreviations or codes.

3.9.5 Where an individual successfully demonstrates the inaccuracy or incompleteness of personal information concerning the individual, the information will be amended, within a maximum of 120 days, by correcting or deleting information, or adding information, as required. Where appropriate, Summerhill Group will promptly transmit the amended information to any third parties to which Summerhill Group has previously provided the information in question.

3.9.6 Where a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved dispute will be recorded by Summerhill Group. Where appropriate, the existence of the unresolved dispute will be promptly transmitted by Summerhill Group to third parties to which Summerhill Group has previously provided the information in question.

3.10 Principle 10 - Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the  above principles to the designated individual or individuals accountable for the  organization's compliance.

3.10.1 The individual accountable for Summerhill Group's compliance is discussed in Clause 3.1.1.

3.10.2 Summerhill Group has put procedures in place to receive and respond to complaints and inquiries about its policies and practices relating to the handling of personal information. The complaint procedures are easily accessible and simple to use.

3.10.3 Summerhill Group will, within a maximum of two weeks, info rm individuals who make inquiries or lodge complaints, of the existence of the relevant complaint procedures.

3.10.4 Summerhill Group will promptly investigate all complaints. If a complaint is found to be justified, our organization will take prompt and appropriate measures, including if necessary, amending its policies and practices.