PRIVACY POLICY

Introduction

The Canadian Administrator of VRS (CAV) is committed to protecting Customers’ privacy and confidentiality in accordance with our obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA), and Canadian Radio-television and Telecommunications Commission (CRTC) Telecom Regulatory Policy CRTC 2014-187, as such laws and policies relate to the delivery of the video relay service (“the Service”).

The “Service” is a telecommunications service that enables people with hearing or speech disabilities and who use sign language to communicate with voice telephone users. The sign language user connects to a Video Relay Service (VRS) operator using Internet-based videoconferencing. The operator then places a voice telephone call to the other party and relays the conversation from sign language to voice and vice versa.

This Privacy Policy (the “Policy”) explains how CAV collects, uses and discloses Customers’ Personal Information. You must read the Policy carefully in order to gain a clear understanding of how CAV collects, uses or discloses Customers’ Personal Information in the course of providing the Service. By registering for and using the Service, you agree to the terms of the Policy.

This Policy covers the following:

  1. What is Personal Information?
  2. What Personal Information does CAV collect?
  3. Why does CAV collect Customer’s Personal Information?
  4. How does CAV collect Customer’s Personal Information?
  5. How does CAV collect Personal Information from Minors?
  6. How does CAV use Customer’s Personal Information?
  7. When may CAV disclose Customer’s Personal Information?
  8. How can Customers access or correct any inaccuracies in their Personal Information?
  9. How does CAV protect Customer’s Personal Information?
  10. Links to other websites.
  11. Resolving Customer privacy concerns.
  12. Changes to this Privacy Policy.

In the delivery of the Service, CAV complies with the following principles set out in Schedule I to PIPEDA:

Principle 4.1 (Accountability) – An organization is responsible for personal information under its control and must designate an individual responsible for compliance with PIPEDA;

Principle 4.2 (Identifying Purposes) – An organization must specify why it is collecting personal information, and such purposes must be identified at or before the information is collected;

Principle 4.3 (Consent) – An organization must obtain an individual’s consent for the collection of personal information and subsequent use and disclosure;

Principle 4.4 (Limiting Collection) – An organization must limit the collection of information to that which is necessary for the identified purposes;

Principle 4.5 (Limiting Use, Disclosure, and Retention) – An organization must not use or disclose personal information for a purpose other than for which it was collected, except with the consent of the individual or where required or permitted by law;

Principle 4.6 (Accuracy) – An organization must ensure that personal information it maintains is accurate, complete, and up to date;

Principle 4.7 (Safeguards) – An organization must take appropriate safeguards to protect personal information;

Principle 4.8 (Openness) – An organization must be open about its policies and practices;

Principle 4.9 (Individual Access) – An organization must provide individuals with a right of access to their personal information, subject to certain restrictions as set out in PIPEDA; and

Principle 4.10 (Challenging Compliance) – An organization must advise individuals of its complaint procedures.

1. What is Personal Information?

“Personal Information” means any information, recorded in any form, about an identified individual or an individual whose identity may be inferred or determined from such information, other than business contact information (e.g. name, title, business address).

This Policy does not cover business contact information or aggregated data from which the identity of an individual cannot be determined. CAV retains the right to use business contact information and aggregated data in any way that CAV determines appropriate.

2. What Personal Information does CAV collect?

A. Personal Information collected during the Registration Process

Some examples of the type of information CAV collects from Customers during the registration process to become a user of the Service are:

    1. Customer Name
    2. Customer complete physical address
    3. Customer alternate contact information
    4. Customer emergency contact information
    5. Customer birth month and year (for users under the age of majority). (If a Customer is under the age of majority, CAV will obtain parental consent prior to collection of their personal information)
    6. Password(s) Customer is asked to create in order to use the Service
    7. Answers to security questions Customer is asked when they register for the Service
    8. Type and version of the electronic device(s) Customer uses to access the Service
    9. Dates on which Customer uses the Service
    10. Customer’s Assigned VRS number
    11. Customer’s selected preferences, such as primary language of Service (English or French), etc.
    12. Confirmation of hearing impairment CAV may also collect non-personally identifiable information about Customers’ use of our Service or website when they interact with or use our Service or website, or respond to e-mails, newsletters or promotional or other information communications.

B. Personal Information collected during a VRS Telephone Call

CAV has contractual agreements with third-party sign-language interpreters (Video Interpreters or VIs), which obligate the interpreters to maintain strict confidentiality with respect to the contents of the VRS call, as follows:

    • interpreter must respect the privacy of the Customers of the Service, hold in strict confidence, and not disclose to any other party, any and all information the interpreter may obtain during the course of providing the Service to users;
    • confidentiality obligations shall survive forever, and the interpreter shall only be released from these obligations with the prior written consent of CAV, when required by law or where, in order to provide consistent quality services, it is necessary to disclose pertinent information to a colleague who is subject to similar confidentiality obligations as contained in the confidentiality agreement with the interpreter; and
    • where it is necessary to exchange pertinent information with a colleague in order to provide consistent quality of service, this shall be done in a manner that protects the Personal Information of the Customers.

CAV shall also obtain appropriate forms of consent from Customers with respect to the interpreters’ access to the contents of the VRS call. CAV also records Call Record Details, such as time, duration, completion status, source number, and destination number. CAV does not record the contents of the VRS calls and will not be collecting any Personal Information Customers may reveal in conversation during a VRS call.

3. Why does CAV collect Personal Information?

CAV may use the Personal Information Customers provide to enable Customers to use sign language to communicate with voice telephone users as follows:

  • initiate or provide Customers with the Service and access to the website;
  • provide Customers with ongoing technical support;
  • provide ongoing administration of Customer registration;
  • comply with legal requirements such as a law, regulation, search warrant, subpoena or court order;
  • facilitate 911 calls or other emergencies;
  • detect, prevent, or otherwise address fraud, identity theft, security or other technical issues;
  • protect the rights, property or safety of CAV, our employees or Customers, or the public, as required or permitted by law; and
  • other purposes consistent with these purposes.

Information regarding Customers’ full physical address is collected solely for the purposes of facilitating 911 calls. CAV will use Customers’ postal code only in order to provide them with the Service and for technical support purposes.

Information regarding the type of electronic device and software version that Customers use to access the Service is collected for the purpose of enabling CAV to distribute the correct VRS user software to the Customers and provide appropriate customer service, including the distribution of patches and upgrades. In addition, this information is used for the purposes of providing technical support and planning for future software development.

CAV may also use aggregated non-identifying information for research and analysis in order to improve the Service or our website, or in connection with promotional or other informational communications.

4. How does CAV collect Customers’ Personal Information?

CAV only collects Personal Information for purposes that would be considered reasonable in the circumstances and only such information as is required for the purposes of providing the Service. CAV uses only fair and lawful methods to collect Personal Information.

Unless permitted by law, no Personal Information is collected, without first obtaining the consent of the individual concerned to the collection, use and disclosure of that information. However, CAV may seek consent to use and disclose Personal Information after it has been collected in those cases where CAV wishes to use the information for a new or different purpose where the individual concerned has not already consented to such a use of their personal information.

In most cases and subject to legal and contractual restrictions, Customers are free to refuse or withdraw their consent at any time upon reasonable, advance notice. It should be noted that in certain circumstances, the Service can only be offered if Customers provide their Personal Information to CAV. Consequently, if a Customer chooses not to provide us with the required Personal Information, CAV may not be able to offer them the Service. CAV will inform the Customer of the consequences of the withdrawal of consent.

5. How does CAV collect Personal Information from Minors?

Children may use the Service, as long as appropriate consents have been obtained to collect, use and disclose their Personal Information in accordance with this Policy. However, CAV will obtain parental or guardian consent in order to allow a minor under the legal age of majority to use the Service.

When a Customer registers to use the Service on behalf of their minor child, in addition to the Personal Information CAV collects from all Customers, CAV collects the minor’s month and year of birth in order to determine such time when parental consent is no longer required for the minor to use the Service.

A written notice of our privacy practices and a Parental/Guardian Consent Form may be found on our website or by contacting Customer Service at support@srvcanadavrs.ca. In order to provide parental or guardian consent for Customers under the age of majority, a consent form must be signed and returned to CAV by email or regular mail.

Customers have the right to ask CAV to allow them to review the information CAV has collected about their minor child, to stop collecting personal information about their minor child, or to delete information CAV has on file about their minor child at any time. CAV will comply with such requests, unless deleting the minor’s information would conflict with CAV’s legal retention obligations.

6. How does CAV Use Customers’ Personal Information?

CAV uses the information collected to provide Customers with the Service and the website, and to respond to Customers questions. CAV also uses it to provide a better user experience and to continue improving the quality of our products and services. CAV may use Personal Information and other information to communicate with Customers about our Service, including updates or newsletters, or to deliver content that may be of interest to Customers.

CAV also uses the information collected to ensure that our Service and website remain functioning and secure, or to investigate, prevent or act on any illegal activities or violations of our Service Agreements. Our use of Personal Information is limited to the purposes described in this Policy and CAV does not otherwise sell, trade, barter, exchange or disclose for consideration any Personal Information it has obtained.

7. When may CAV Disclose Customers’ Personal Information?

CAV may disclose Customers’ Personal Information to:

  • Individuals or organizations who are our advisers or service providers; and
  • Individuals or organizations who are, or may be, involved in maintaining, reviewing and developing our systems, procedures and infrastructure including testing or upgrading our computer systems.
    • Third party service providers or contractorsCAV contracts with third-party interpreters to provide sign language interpretation required during the provision of the Service.Where CAV transfers Personal Information to service providers or contractors that perform services on our behalf, CAV will require those third parties to use such information solely for the purposes of providing services to CAV or our users, and to have appropriate safeguards for the protection of that Personal Information. Sharing of information with third-party service providers and contractors will occur only after those entities have entered into a confidentiality agreement that:
      1. prohibits them from using, allowing access to, or disclosing Customer Personal Information to any other party (unless required to do so by law);
      2. requires them to have appropriate protections in place to ensure the ongoing confidentiality of Customer’s Personal Information; and
      3. in the case of sign language interpreters, prohibits them from disclosing the contents of any VRS call.
    • Cross border transfer of informationCAV may transfer Personal Information to a service provider which is located outside of Canada where privacy laws may offer different levels of protection from those in Canada. Customers’ Personal Information may also be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation.
    • Where disclosure can be made without consent. Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted or where CAV is obliged to disclose information without consent. Such circumstances may include:
      1. where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
      2. where CAV believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
      3. where it is necessary to permit CAV to pursue available remedies or limit any damages that CAV may sustain;
      4. where the information is public as permitted by law;
      5. where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
      6. where it is necessary for the purpose of a prospective business transaction if the information is necessary to determine whether to proceed with the transaction or to complete the transaction, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction. A “business transaction” includes:
        • the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
        • the merger or amalgamation of two or more organizations;
        • the making of a loan or provision of other financing to an organization or a part of an organization;
        • the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
        • the lease or licensing of any of an organization’s assets; and
        • any other prescribed arrangement between two or more organizations to conduct a business activity.

Where obliged or permitted to disclose information without consent, CAV will not disclose more information than is required.

8. How can Customers access or correct any inaccuracies in their Personal Information?

CAV endeavors to ensure that any Personal Information provided and in its possession, is as accurate, current and complete as necessary for the purposes for which CAV use that information.

If a Customer advises CAV that Personal Information is inaccurate, incomplete or out of date, CAV will revise the Personal Information and, if necessary, use its best efforts to inform third-party service providers or contractors which were provided with inaccurate information so that those third parties may also correct their records.

CAV permits the reasonable right of access and review of Personal Information held by CAV about an individual and will endeavour to provide the information in question within a reasonable time, generally no later than 30 days following the request. To guard against fraudulent requests for access, CAV may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.

CAV will provide information from our records in a form that is easy to understand. CAV reserves the right not to change any Personal Information, but will append any alternative text the individual concerned believes to be appropriate.

CAV will not charge Customers for verifying or correcting their information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.

CAV keeps Customers’ Personal Information only as long as it is required for the reasons it was collected. The length of time CAV retains information varies, depending on the purpose for which it was collected and the nature of the information. This period may extend beyond the end of the Customer’s relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date.

CAV does not make any audio or video recordings of the contents of the VRS calls. CAV does make recordings of VRS Call Record Details, which consist of information such as time, duration, completion status, source number, and destination number.

When Customers’ Personal Information is no longer required for CAV’s purposes, CAV has procedures to destroy, delete, erase, or convert it into an anonymous form.

9. How does CAV protect Customers’ Personal Information?

CAV endeavours to maintain appropriate physical, procedural, and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information. This also applies to our disposal or destruction of

Personal Information.

CAV further protects Personal Information by restricting access to it to those employees that require access to the information in order that CAV may provide our Service.

If any officer, employee, or volunteer of CAV misuses Personal Information, this will be considered as a serious offence for which disciplinary action may be taken, up to and including termination of employment/volunteer contract. If any third-party individual or organization misuses Personal Information obtained solely for the purpose of providing services to CAV, this will be considered a serious issue for which action may be taken, up to and including termination of any agreement between CAV and that individual or organization.

A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving your Personal Information under CAV’s control, CAV will notify you and the Privacy Commissioner of Canada if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial, or reputational harm. CAV will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.

10. Links to other websites

CAV may provide links to, or automatically produce search results for, third-party websites or resources or third-party information referencing or linking to third-party websites or resources. CAV has no control over such third-party websites and resources, and Customers acknowledge and agree that CAV is not responsible for the content or information contained therein. When Customers follow such a link, they are no longer protected by our Privacy Policy, and CAV encourage all Customers to read the privacy statements or other disclaimers of such other parties. CAV is not responsible for the privacy or security practices or the content of non-CAV websites, services or products.

CAV cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. CAV does not endorse the content or information of any third-party website or resource and, further, CAV does not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of CAV’s systems or websites to search for or link to a third-party website, Customers agree and understand that CAV shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with their use of, or reliance on, CAV to obtain search results or to link to a third-party website.

11. Resolving Customer privacy concerns

  • In the event of questions about:access to Customer’s Personal Information;
  • our collection, use, management, or disclosure of Personal Information; or
  • this Policy; Customers are to contact CAV’s Privacy Officer by sending an e-mail to Sue Decker at ExecDirector@cav-acs.ca.

CAV will investigate all complaints and if a complaint is justified, CAV will take all reasonable steps to resolve the issue.

12. Changes to this Privacy Policy

CAV will update this policy from time to time if our practices change or if the law requires changes to it. CAV will post any Privacy Policy changes on our website and, if the changes are significant, CAV will provide a more prominent notice and a summary of the relevant changes at the top of the page. Customers should review this policy regularly for changes, and can easily see if changes have been made by checking the Effective Date below. If Customers do not agree to the terms of this Privacy Policy or any other CAV policy, agreement, or disclaimer, they should exit the site and cease use of all CAV services immediately. Customer’s continued use following the posting of any changes to this Policy means they agree to be bound by the terms of this Privacy Policy.

Effective Date: This Privacy Policy was last updated on March 1st, 2017 and will be effective as of the date of the opening of online registration for the VRS service.