Privacy Policy of Organization

What is a Privacy Policy of Organization?

A Privacy Policy of Organization is a document that is meant to be used by a private business, entity, or any private organization engaged in a commercial activity who collects, uses or discloses an individual's personal information. When businesses engage in commercial activity and collect personal information about clients or customers, this information needs to be gathered and stored in a secure manner that fully complies with Canada's federal privacy law: the Personal Information Protection and Electronic Documents Act (PIPEDA). This act governs how organizations collect, use, and disclose personal information.

This document is intended to be a policy on how the organization collects, uses, and discloses personal information of its clients. For example, an accounting firm uses personal financial information of its clients to serve the clients' needs. The accounting firm is therefore subject to PIPEDA.

What is the difference between a Privacy Policy Complaint (Mobile App/Website) and a Privacy Policy of Organization?

A Privacy Policy Complaint (Mobile App/Website) is a policy specifically used on a website that informs users what information is collected and how it's used. On the other hand, a Privacy Policy of Organization is used by private businesses such as offices where personal information of clients is obtained in the ordinary course of business. In other words, a privacy policy of organization is for specific information obtained from clients in the course of business, meanwhile a Privacy Policy Complaint (Mobile App/Website) can apply to any website.

What is Personal Information?

Personal information varies depending on the type of business. Generally, this means:

• age,
• gender,
• address,
• occupation,
• blood type,
• employment records,
• medical records,
• loan recods,
• and more.

The information a business collects about an individual must be information that identifies that individual, whether the information is subjective or objective.

What must a Privacy Policy of Organization contain?

A Privacy Policy of Organization must contain the following statements:

• How an organization uses, collects and discloses the client's personal information in the course of the organization's commercial activities;
• The purpose of the collection of the information;
• How the organization keeps that information safe; and
• An access to information request procedure.

What has to be done once a Privacy Policy of Organization is ready?

Once the document is ready, it may be added to a website or mobile app and placed in an easily accessible and intuitive location for users, such as the footer.

Also, whenever an organization invoices or deals with a new customer or client, the organization should send a copy of this policy to the customer or client alongside their invoice.

Which laws are applicable to a Privacy Policy of Organization?

The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) is a federal statute (law) that governs how private-sector organizations collect, use, and disclose personal information of individuals while in the course of commercial activities. Some Provinces will have a piece of legislation that parallels this law, including British Columbia, Alberta, and Quebec.

How to modify the template?

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.