Privacy Policy Statement

Eastern Regional Service Board ("us", "we", or "our") operates the easternregionalserviceboard.com website (the "Service").

Introduction

As a public body, the Board is required to comply with Access to Information and Protection of Privacy Act, 2015, SNL 2015 c. A-1.2 ("ATIPPA"), The Board recognizes and respects the importance of data protection and an individual's right to privacy. We endeavour to collect, use and disclose Personal Information pursuant to the requirements of ATIPPA and in accordance with the guidelines published by the Office of the Privacy Commissioner of Newfoundland and Labrador.

Personal Information

Personal information consists of any data, recorded or not, about an identifiable individual. It may include such information as an individual's name, home address, telephone number, race, national or ethnic origin, colour, or religious or political beliefs or associations, age, sex, sexual orientation, marital status or family status, an identifying number, symbol or other particular assigned to the individual, the individual's fingerprints, blood type or inheritable characteristics, health care status or history, information about the individual's educational, financial, criminal or employment status or history, opinions of a person about the individual and the individual's personal views or opinions, except where they are about someone else. Not included is a person's "business card" information such as an individual's name, title, business address, telephone number or other contact information in relation to his or her employment by an organization.

Collection

The Board most often handles Personal Information through the course of providing regional services to municipalities and individuals in the Eastern Region of the Province of Newfoundland and Labrador and on their behalf. Provision of regional services may involve collection, use and, at times, disclosure of your Personal Information. Protecting your Personal Information is one of our highest priorities. While we have always respected your privacy and safeguarded all Personal Information, we have strengthened our commitment to this goal. This is to continue to provide exceptional service to you and to comply with all laws regarding the collection, use and disclosure of Personal Information. We will inform you of why and how we collect, use and disclose Personal information; obtain your consent, as required; and handle Personal Information according to applicable law. Our privacy commitment includes ensuring accuracy, confidentiality, and security of your Personal Information and allowing you to request access to, and correction of, your Personal Information.

We will only collect Personal Information that is necessary to fulfill the following purposes:

  • To verify identity
  • To identify your preferences;
  • To open and manage an account;
  • To ensure you receive a high standard of service;
  • To meet regulatory requirements;
  • Other legal reasons as apply to the goods and services requested.

Collection of Personal Information is carried out only through lawful and fair means, and only Personal Information that is reasonably necessary for the legitimate purposes identified and for which consent has been obtained or where consent is not required (see below). Whenever possible, we collect personal data directly from an individual or from persons identified and requested to provide us with such information. You can provide consent orally, in writing, electronically or through an authorized representative. You provide implied consent where our purpose for collecting, using or disclosing your Personal Information would be considered obvious or reasonable in the circumstances. Consent may also be implied where you have notice and a reasonable opportunity to opt-out of having your Personal Information used for mail-outs, marketing or fundraising and you do not opt-out.

We may collect, use or disclose Personal Information without consent:

  • When permitted or required by law;
  • In an emergency that threatens an individual's life, health, or personal security
  • When the Personal Information is available from a public source;
  • When we require legal advice from a lawyer;
  • For the purposes of collecting a debt or protection from fraud;
  • Other legally established reasons.

We will not sell your Personal Information to other parties unless consent has been provided or implied. We retain your Personal Information for the time necessary to fulfill the identified purposes of a legal or business purpose. We will make reasonable efforts to ensure that your Personal Information is accurate and complete. You may request correction to your Personal Information to ensure its accuracy and completeness. A request must be in writing and provide sufficient detail to identify your Personal Information and the correction being sought. We are committed to ensuring the security of your Personal Information and may use passwords, encryption, firewalls, restricted employee access or other methods, in our discretion. We will use appropriate security measures when destroying your Personal Information such as shredding documents or deleting electronically stored information, in our discretion.

Personal information may also be collected from other sources such as:

  • government agencies or registries;
  • accountants or other professional advisors;
  • real estate agents;
  • financial institutions;
  • insurance companies;
  • credit bureaus;
  • other third parties who represent that they have the right to disclose the information.

Additionally, we may on occasion request information from the files of consumer reporting agencies to assist us in making billing and account collection decisions, preventing fraud, confirming identity and preventing money-laundering. In certain specific circumstances, Personal Information about members of the general public may also be collected for the uses described in this Policy.

Use

The Board may use Personal Information for the following purposes:

  • To provide services;
  • For billing, record-keeping and other contact and service matters;
  • For audit and record-keeping purposes;
  • For account collection purposes;
  • To manage and develop the Board's operations;
  • To learn about the needs of current and potential users of services, to develop or offer services tailored to those needs and to communicate with users regarding current and future services;
  • To follow up on comments and suggestions.

Personal information about members of the general public is generally used for the following purposes:

  • To gather and review information that is relevant to the Board's operations;
  • To provide the public with information about developments and special events in the Eastern Region.

Disclosure

The Board will only disclose Personal Information for the legitimate purposes identified and for which consent has been obtained, or if required or authorized by law. For example, we may disclose information:

  • When the services we are providing require us to give information to third parties;
  • Where it is necessary to establish or collect fees;
  • If a court issues a subpoena;
  • If we engage a third party to provide administrative services for our benefit, in which case we shall use contractual or other means to protect the Personal Information that is being provided to the third party;
  • As required by regulations, to obtain legal advice and for insurance purposes.

The Board will disclose Personal Information only as permitted by law, including with the consent of individuals as appropriate.

Consent and Exceptions

The Board recognizes the importance of obtaining consent where required by law for collection, use and disclosure of your Personal Information. For the purpose of obtaining consent, we will consider the following:

  • We may obtain consent to our collection, use and disclosure of information either expressly for stated purposes or implicitly when the purposes are not stated expressly but are indicated by the relevant circumstances or follow logically from other expressly stated purposes;
  • For the consent to be informed, we will make reasonable efforts to advise of all the purposes for which the Personal Information is being sought, unless the purposes are plain and obvious;
  • We will make reasonable efforts to obtain consent for all anticipated purposes at the time of the collection of the Personal Information;
  • We will obtain additional consent if we propose to use Personal Information for a purpose for which express or implied consent was not initially obtained;
  • We will not, as a condition of the supply of a service, require consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified purposes;
  • Withdrawal or amendment of any consent previously given by contacting our Privacy Officer, subject to any legal or contractual restrictions and upon reasonable notice to us;
  • Consent may be given by an authorized representative, such as a legal guardian or a person having power of attorney.

The law provides certain exceptions to the usual requirement to obtain an individual's consent,
for example:

  • When collection and use is clearly in the interests of the individual and consent cannot be obtained in a timely manner;
  • In emergencies;
  • Where consent would compromise investigating a breach of contract or law;
  • To collect a debt;
  • To comply with rules of court relating to the production of information;
  • In other circumstances where permitted or required by law;
  • Where consent may not be required for certain publicly available Personal Information, as specified by regulation, including name, address, and telephone number in publicly available telephone directories.

Security

The Board is committed to taking reasonable steps to ensure Personal Information in its custody or control is protected against theft, loss, unauthorized collection, access, use or disclosure, unauthorized copying or modification and is retained, transferred and disposed of in a secure manner. The Board employs appropriate security measures to protect against loss, theft, unauthorized access, disclosure, use or modification of Personal Information under our control.

These measures vary depending on the sensitivity, amount, format, distribution, and method of storage of the information that has been collected. Where applicable, physical, organizational and electronic security measures will be utilized, including premises security, restricted file access, technological safeguards including security software and firewalls to prevent unauthorized computer access, and password and security policies. In communicating with us, please note that e-mail is not a fully secure medium.

Any Personal Information that we collect shall be retained as long as is necessary to fulfill the purpose for which the information was collected, and as required to satisfy any potential legal obligations that the Board may have in respect of the information.

Rights of the Individual

Subject to the legal obligations and restrictions set out above, an individual whose Personal Information is under our control shall, upon request, be informed of the existence, use and disclosure of his or her personal data and shall be given access to that information. He or she shall be able to challenge the accuracy and completeness of the information and have it amended as reasonably required. Furthermore, the Board shall make available to such individuals a copy of this Policy and any other information relating to our management of Personal Information that we deem appropriate for distribution.

Requests for access to Personal Information shall receive a prompt response. The cost for reasonable requests to such access will be the standard fee as per ATIPPA Regulations, unless copies of records of request involve significant retrieval costs. We will advise of the additional cost, if any, prior to retrieval of such records or information. We will not respond to requests for access to Personal Information that are frivolous, vexations or repetitions.

In certain circumstances, we may be unable to provide access to some or all of the Personal Information that we hold about. Such circumstances include those in which the Personal Information cannot be separated from the records of others, cannot be disclosed for reasons of personal security or commercial confidentiality or is protected by professional standards relating to confidentiality or solicitor-client privilege.

Privacy Breach

A privacy breach occurs when Personal Information is collected, retained, used, disclosed or disposed of in ways that do not comply with privacy laws. In the event of a privacy breach involving Personal Information under the Board's control, the Board will contain the breach as much as possible and notify those affected in order to eliminate the risk of significant harm as much as possible. The Board v/ill report any privacy breach involving Personal Information under the Board's control to the Office of the Privacy Commissioner of Newfoundland and Labrador. In the event of a complaint regarding a breach of privacy or failure to adequately respond to an access to information request, please contact the Board's Privacy Officer using the contact information provided below

Log Data

We may collect information that your web browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third-party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service's functionality. These third-party service providers have their own privacy policies addressing how they use such information. The Board is committed to taking reasonable steps to ensuring such use of aggregate data does not include individual Personal Information that can be used for unauthorized purposes and that individual Personal Information is protected.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. If you do not instruct your browser to refuse all cookies or to indicate when a cookie is being sent, your consent to our use of your Personal Information may be implied.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Compliance With Laws

As set out above, and for clarity, we will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

International Transfer

Your information, including Personal Information, may be transferred to - and maintained on computers located outside of your province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside Canada and choose to provide information to us, please not that we transfer the information, including Personal Information, to Canada and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer

Links to Other Sites

Our service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Minor"). We do not knowingly collect personally identifiable information from Minors. If you are a parent or guardian and you are aware that your Minor has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from Minors without verification or parental consent, we take steps to remove that information from our servers.

Changes

The Board uses Personal Information to provide services, and it is thus important that the information be accurate and up-to-date. If a client's information changes, is inaccurate or incomplete, we would like to be informed as quickly as possible so that we can make any necessary changes.

The Board regularly reviews its policies and procedures, and may revise its privacy policy from time to time as part of this review process. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

Contact Us

Individuals with questions or concerns, or who wish to file a complaint, make an inquiry, or obtain access to their Personal Information, may contact our Privacy Officer at:

Eastern Regional Service Board
255 Major's Path, Suite 3
St. John's, NL A1A OL5

Privacy Officer: Craig Drover
Director of Corporate Services
Telephone: (709) 579-7960
Facsimile: (709) 579-5392
Email: cdrover@ersbnl.ca

×

Search