Employee Data Privacy Policy - Template, Sample Form Pro · EN-CA-law

EMPLOYEE PERSONAL INFORMATION AND PRIVACY POLICY

of

________

§ 1. INTRODUCTION

(a) This Employee Personal Information and Privacy Policy (the "Policy") of ________ (the "Employer", "we", "us" or "our") is effective and was last revised as of ________.

(b) The purpose of this Policy is to describe what personal information the Employer collects about its employees, how and why such information is collected, used, disclosed, retained and protected, and the rights of employees with respect to their personal information.

(c) The Employer is committed to handling personal information in accordance with all applicable privacy legislation, including, as applicable, the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA"), any substantially similar provincial private-sector privacy legislation applicable in the Province of ________, the Personal Health Information Protection legislation where applicable, and applicable human rights legislation. The Employer applies the principles of accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, and challenging compliance.

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim.

§ 2. SCOPE

(a) This Policy applies to all individuals who provide personal information to the Employer for work-related purposes, including employees (full-time, part-time, temporary, casual or permanent), officers, directors, agents, consultants, independent contractors, volunteers, and applicants who have received a conditional offer of employment (each, an "employee").

(b) Any collection, use or disclosure of an employee's personal information for a purpose outside this Policy or an applicable employment agreement will be undertaken only with the employee's prior knowledge and consent, or as otherwise permitted or required by law.

(c) Where this Policy refers to information concerning third parties provided by or relating to an employee (including emergency contacts, dependants and beneficiaries), the Employer will handle that information in accordance with the principles set out herein, and the employee represents that they have authority to provide such third-party information.

§ 3. WHAT IS PERSONAL INFORMATION

(a) "Personal information" means information about an identifiable individual, but does not include the name, title, business address or business telephone number of an employee of an organization where collected, used or disclosed solely for the purpose of communicating with the individual in relation to their employment.

(b) Personal information collected by the Employer may include, without limitation, identifying and contact information, recruitment information, financial and payroll information, employment records, leave and accommodation information, and electronic records, as further described in § 5.

§ 4. COLLECTION OF PERSONAL INFORMATION

(a) The Employer collects personal information that is reasonably necessary for the establishment, management or termination of the employment relationship, including during recruitment, payroll processing, benefits administration, and the use of information technology and equipment provided by the Employer.

(b) Personal information will, wherever reasonable and practicable, be collected directly from the employee. The Employer may also collect personal information from third parties, such as former employers, educational institutions, references, regulatory and law enforcement bodies, and benefits providers, where permitted or required by law or with the employee's consent.

(c) The Employer limits the collection of personal information to that which is necessary for the purposes identified in this Policy and will not collect information indiscriminately. The purposes for which personal information is collected will be identified to the employee at or before the time of collection.

(d) Employees may be electronically monitored when using the Employer's networks, devices, equipment, premises and systems, and workplace correspondence may be reviewed, to the extent reasonable for the purposes of security, safety, legal compliance and the proper functioning of the workplace, all in accordance with applicable law and the Employer's IT and Acceptable Use Policy.

(e) Information created by the Employer in the ordinary course of the employment relationship, such as job title, function, performance records and similar records, may form part of the employee's file.

(f) Any additional personal information required by the Employer for purposes not described in this Policy will be collected only with the employee's knowledge and consent, except as otherwise permitted or required by law.

§ 5. INFORMATION HELD AND RETAINED

(a) Personal information may be held and stored in electronic form within the Employer's databases and systems and/or in physical form within the employee's file. Personal information may be stored or processed by third-party service providers, including outside the Province or Canada, in which case the Employer remains accountable and will use contractual and other means to provide a comparable level of protection.

(b) Access to stored personal information is restricted to authorized personnel, including Human Resources, who require access in the course of their duties.

(c) Only personal information that is necessary for the orderly functioning of the Employer, for legitimate workplace purposes, or for compliance with the law shall be held and retained.

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris.

(e) Personal information or work product created for work-related purposes, whether on the Employer's premises or in the course of duties performed remotely, may be held and retained.

(f) Information relating to criminal record checks or prior convictions shall be collected and retained only with the employee's express consent or where otherwise permitted or required by applicable law, and only where reasonably related to the employment in question.

(g) Following an employee's departure, personal information shall be retained only for as long as is reasonably necessary to fulfil the purposes for which it was collected, to satisfy any continuing relationship, or to comply with applicable legal, regulatory or limitation-period requirements. The Employer's retention period is ________, or such longer period as may be required by law.

(h) Personal information that is no longer required for any legal or business purpose shall be securely destroyed, erased or anonymized.

§ 6. USE AND DISCLOSURE OF PERSONAL INFORMATION

(a) Personal information is used by the Employer only for the purposes for which it was collected and for purposes consistent with the employment relationship, or as otherwise permitted or required by law.

(b) Personal information shall be disclosed only on a need-to-know basis, with the employee's consent, or as permitted or required by law, including disclosure to governmental or law enforcement agencies where legally compelled.

(c) Personal information may be disclosed to third parties who assist the Employer in carrying out the purposes described in this Policy, including benefits, insurance, payroll and accounting providers, professional advisors, recruiters, regulatory bodies, courts, and, in case of emergency, family members or emergency contacts.

(d) Where the Employer engages a third-party service provider, it will require that the provider protect personal information in a manner consistent with this Policy and applicable law and use it only for the purposes for which it was disclosed.

(e) Where legally permissible and practicable, the Employer will advise employees of disclosures of their personal information and the reasons therefor.

§ 7. CONSENT

(a) Except where collection, use or disclosure without consent is permitted or required by law, the Employer will obtain the employee's consent before collecting, using or disclosing personal information. The form of consent may be express or implied, depending on the sensitivity of the information and the reasonable expectations of the employee.

(b) An applicant who provides personal information during the recruitment process (including resumes, cover letters and references) is deemed to consent to its use for the purpose of assessing the application.

(c) The Employer will obtain informed, and where appropriate written, consent prior to disclosing personal information, unless the Employer is permitted or required by law to collect, use or disclose such information without consent.

(d) Subject to legal or contractual restrictions and reasonable notice, an employee may withdraw consent at any time. The Employer will inform the employee of the implications of such withdrawal.

§ 8. ACCURACY, ACCESS AND CORRECTION

(a) The Employer will make reasonable efforts to ensure that personal information is as accurate, complete and up to date as is necessary for the purposes for which it is to be used.

(b) Subject to the exceptions permitted under applicable privacy legislation, an employee has the right, upon written request, to be informed of the existence, use and disclosure of their personal information and to be given access to that information, and to request correction of any inaccuracy. The Employer will respond to such requests within the time period required by applicable law.

§ 9. SECURITY AND SAFEGUARDS

(a) The Employer takes the protection of its employees' personal information seriously and shall implement reasonable physical, technical, organizational and administrative measures appropriate to the sensitivity of the information to safeguard it against loss, theft, and unauthorized access, disclosure, copying, use, modification or destruction.

(b) Access to personal information shall be restricted to authorized personnel who require such information in the course of their duties. The Employer shall ensure that all such personnel are aware of and comply with the obligations set out in this Policy.

(c) In the event of a breach of security safeguards involving personal information, the Employer shall take all reasonable steps to contain the breach, assess the real risk of significant harm, maintain records of the breach, and notify affected individuals and the Office of the Privacy Commissioner of Canada and/or the relevant provincial privacy authority where required by applicable law.

§ 10. PRIVACY OFFICER AND CONTACT

The Employer has designated a Privacy Officer who is accountable for compliance with this Policy. Should you have any questions, concerns or complaints regarding this Policy, the handling of your personal information, or wish to exercise your rights of access or correction, please contact the Privacy Officer using the information below. We shall respond to inquiries as soon as practicable and within any time limits prescribed by applicable law.

Privacy Officer: ________

________

________

________

________

If you are not satisfied with our response, you may have the right to make a complaint to the Office of the Privacy Commissioner of Canada or to the applicable provincial privacy authority.

§ 11. AMENDMENTS

The Employer reserves the right to amend or modify this Policy from time to time. Material changes will be communicated to employees, and the revised Policy will take effect on the date indicated therein.

§ 12. GOVERNING LAW

This Policy shall be interpreted in accordance with the laws of the Province of ________ and the applicable laws of Canada.

§ 13. SIGNED ACKNOWLEDGEMENT

I acknowledge that I have received, read and understood this Employee Personal Information and Privacy Policy and my obligations under it. I understand that the Employer reserves the right to amend or modify this Policy from time to time, and I consent to the collection, use, retention and disclosure of my personal information in accordance with this Policy and applicable law.

_________________________
Employee Signature

_________________________
Employee Name (Print): ________

________________
Date: ________