Privacy Policy
Please note: As of March 10, 2020, the following sections have been added to this version of the Privacy Policy.
- Section 2C. Automated Technologies or Interactions
Introduction
The Canadian Administrator of VRS (“CAV”) is committed to protecting Customers’ privacy and confidentiality in accordance with principles set out in the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and our obligations under applicable privacy law and Canadian Radio-television and Telecommunications Commission (“CRTC”) Telecom Regulatory Policy CRTC 2014-187, as such laws and policies relate to the delivery of the Video Relay Service (“VRS Service” or “Service”).
The “Service” is a telecommunications service that enables people who are Deaf, Hard of Hearing or Speech-Impaired and who use sign language to communicate with voice telephone users. The sign language user connects to a VRS operator using Internet-based videoconferencing. The operator then places a voice telephone call to the other party and relays the conversation from sign language to voice and vice versa.
This Privacy Policy (this “Policy”) explains how CAV collects, uses and discloses Customers’ Personal Information in the course of providing the Service. By registering for the Service, you agree to the terms of this Policy. This Policy covers the following:
This Policy covers the following:
- What is Personal Information
- What Personal Information does CAV collect
- Why does CAV collect Customer’s Personal Information
- How does CAV collect Customer’s Personal Information
- How does CAV collect Personal Information from Minors
- How does CAV use Customer’s Personal Information
- When may CAV disclose Customer’s Personal Information
- Where Personal Information may be Used or Disclosed Without Consent
- How Customers may access or correct their Personal Information
- How CAV protects Customer’s Personal Information
- Links to other websites
- Resolving Customer privacy concerns
- Changes to this Privacy Policy
In the delivery of the Service, CAV complies with the following principles set out in Schedule I to PIPEDA:
Principle 4.1 (Accountability) – An organization is responsible for personal information under its control and must designate an individual responsible for compliance with PIPEDA;
Principle 4.2 (Identifying Purposes) – An organization must specify why it is collecting Personal Information, and such purposes must be identified at or before the information is collected;
Principle 4.3 (Consent) – An organization must obtain an individual’s consent for the collection of Personal Information and subsequent use and disclosure;
Principle 4.4 (Limiting Collection) – An organization must limit the collection of information to that which is necessary for the identified purposes;
Principle 4.5 (Limiting Use, Disclosure, and Retention) – An organization must not use or disclose Personal Information for a purpose other than for which it was collected, except with the consent of the individual or where required or permitted by law;
Principle 4.6 (Accuracy) – An organization must ensure that Personal Information it maintains is accurate, complete, and up to date;
Principle 4.7 (Safeguards) – An organization must take appropriate safeguards to protect Personal Information;
Principle 4.8 (Openness) – An organization must be open about its policies and practices;
Principle 4.9 (Individual Access) – An organization must provide individuals with a right of access to their Personal Information, subject to certain restrictions as set out in PIPEDA; and
Principle 4.10 (Challenging Compliance) – An organization must advise individuals of its complaint procedures.
1. What is Personal Information?
“Personal Information” means any information, recorded in any form, about an identifiable individual.
This Policy does not cover business contact information (e.g., name, title, business address) used solely for the business purposes, or aggregated data from which the identity of an individual cannot be determined. CAV retains the right to use business contact information and aggregated data in any way that CAV determines appropriate.
2. What Personal Information does CAV collect?
A. Personal Information collected during the Registration Process
Some examples of the type of information CAV collects from Customers during the registration process to become a user of the Service are:
1. Customer name
2. Customer complete physical address
3. Customer email address
4. Customer birth month and year. For users under the age of majority: if a Customer is under the age of majority, CAV will obtain parental consent prior to collection of their personal information).
5. Password(s) Customer is asked to create in order to use the Service
6. Type and version of the electronic device(s) Customer uses to access the Service
7. Customer’s Assigned VRS number
8. Customer’s selected preferences, such as primary language of Service (English or French), etc.
9. Confirmation of Deaf, Hard of Hearing or Speech-Impaired and use of sign language.
CAV may also collect certain information about Customers’ use of our Service or website when they interact with or use our Service or website, or respond to e-mails, newsletters or promotional or other information communications.
B. Personal Information collected during a VRS Telephone Call
CAV has contractual agreements with third-party sign-language interpreters (“Interpreters”), which obligate the Interpreters to maintain strict confidentiality with respect to the contents of the VRS call, as follows:
- Interpreters must respect the privacy of the Customers of the Service, hold in strict confidence, and not disclose to any other party, any and all information the interpreter may obtain during the course of providing the Service to users;
- confidentiality obligations shall survive forever, and the interpreter shall only be released from these obligations with the prior written consent of CAV, when required by law or where, in order to provide consistent quality services, it is necessary to disclose pertinent information to a colleague who is subject to similar confidentiality obligations as contained in the confidentiality agreement with the interpreter; and
- where it is necessary to exchange pertinent information with a colleague in order to provide consistent quality of service, this shall be done in a manner that protects the Personal Information of the Customers.
CAV shall also obtain appropriate forms of consent from Customers with respect to the Interpreters’ access to the contents of the VRS call.
CAV makes recordings of Call Record Details, such as time, duration, completion status, source number, and destination number. CAV does not make any audio or video recordings of the contents of the VRS calls and will not be collecting any Personal Information Customers may reveal in conversation during a VRS call.
C. Automated Technologies or Interactions
As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this information by using cookies, server logs and other similar technologies. The information is used for website analytics purposes only.
3. Why does CAV collect Personal Information?
CAV only collects Personal Information for purposes that would be considered reasonable in the circumstances and only such information as is required for the purposes of providing the Service. CAV collects Customers’ Personal Information to enable Customers to use the Service and associated purposes, including the following:
- initiating or providing Customers with the Service and access to the website;
- providing Customers with ongoing technical support;
- providing ongoing administration of Customer registration;
- complying with legal requirements;
- facilitating 911 calls or other emergencies;
- detecting, preventing, or otherwise addressing fraud, identity theft, security or other technical issues;
- protecting the rights, property or safety of CAV, our employees or Customers, or the public, as required or permitted by law; and
- other purposes consistent with these purposes.
Information regarding Customers’ physical addresses is collected solely for the purposes of facilitating 911 calls.
Information regarding the type of electronic device and software version that Customers use to access the Service is collected for the purpose of enabling CAV to distribute the correct VRS user software to the Customers and provide appropriate customer service, including the distribution of patches and upgrades. In addition, this information is used for the purposes of providing technical support and planning for future software development.
4. How does CAV collect Customers’ Personal Information?
CAV uses only fair and lawful methods to collect Personal Information. Unless permitted by law, no Personal Information is collected, without first obtaining the consent of the individual. Consent may be express or implied as required by the circumstances and applicable laws. CAV may seek additional consent from Customers after Personal Information has been collected where CAV wishes to use or disclose the information for a new or different purpose.
Subject to legal and contractual restrictions, Customers are free to refuse or withdraw their consent at any time upon reasonable, advance notice to CAV. In certain circumstances, the Service can only be offered if Customers provide their Personal Information to CAV. Consequently, if a Customer chooses not to provide us with the required Personal Information, CAV may not be able to offer the Service to said Customer. CAV will inform the Customer of the consequences of the withdrawal of consent.
5. How does CAV collect Personal Information from Minors?
An individual under the legal age of majority (a “Minor”) may use the Service, as long as CAV obtains a Parental/Guardian Consent Form to allow the Minor to use the Service. A written notice of our privacy practices and a Parental/Guardian Consent Form Request may be found on our website or by contacting Customer Service at support@srvcanadavrs.ca. The Consent Form must be signed and returned to CAV by email or regular mail prior to the Minor having access to the Service.
When a Customer registers to use the Service on behalf of their Minor child, in addition to the Personal Information CAV collects from all Customers, CAV collects the Minor’s month and year of birth to determine such time when parental consent is no longer required.
6. How does CAV Use Customers’ Personal Information?
CAV uses Customers’ Personal Information to provide Customers with the Service and the website, and to respond to Customers’ questions. CAV also uses it to provide a better user experience and to continue improving the quality of our products and services. CAV may use Personal Information and other information to communicate with Customers about our Service, including updates or newsletters, or to deliver content that may be of interest to Customers.
CAV also uses the information collected to ensure that our Service and website remain functioning and secure, or to investigate, prevent or act on any illegal activities or violations of our Service Agreements. Our use of Personal Information is limited to the purposes described in this Policy and CAV does not otherwise sell, trade, barter, exchange or disclose for consideration any Personal Information it has obtained.
CAV may use Personal Information to generate aggregate or non-identifying information, which CAV may use and disclose in its sole discretion.
7. When may CAV Disclose Customers’ Personal Information?
CAV may disclose Customers’ Personal Information to:
- Individuals or organizations who are our advisers or service providers; and
- Individuals or organizations who are, or may be, involved in maintaining, reviewing and developing our systems, procedures and infrastructure including testing or upgrading our computer systems.
- Third party service providers or contractors: CAV contracts with third-party Interpreters to provide sign language interpretation required during the provision of the Service. Where CAV transfers Personal Information to service providers or contractors that perform services on our behalf, CAV will require those third parties to use such information solely for the purposes of providing services to CAV or our users, and to have appropriate safeguards for the protection of that Personal Information. Sharing of information with third-party service providers and contractors will occur only after those entities have entered into a confidentiality agreement that:
- prohibits them from using, allowing access to, or disclosing Customer Personal Information to any other party (unless required to do so by law);
- requires them to have appropriate protections in place to ensure the ongoing confidentiality of Customer’s Personal Information; and
- in the case of Interpreters, prohibits them from disclosing the contents of any VRS call.
- Third party service providers or contractors: CAV contracts with third-party Interpreters to provide sign language interpretation required during the provision of the Service. Where CAV transfers Personal Information to service providers or contractors that perform services on our behalf, CAV will require those third parties to use such information solely for the purposes of providing services to CAV or our users, and to have appropriate safeguards for the protection of that Personal Information. Sharing of information with third-party service providers and contractors will occur only after those entities have entered into a confidentiality agreement that:
8. Where Personal Information may be Used or Disclosed Without Consent
There are circumstances where the use and/or disclosure of Personal Information by CAV may be permitted or required without consent. Such circumstances may include, without limitation:
1. where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
2. where CAV believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
3. where it is necessary to permit CAV to pursue available remedies or limit any damages that CAV may sustain;
4. where the information is public as permitted by law;
5. where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
6. where it is necessary for the purpose of a prospective business transaction as permitted by PIPEDA.
Where required or permitted by applicable privacy law to disclose information without consent, CAV will not disclose more information than is required.
9. How can Customers access or correct any inaccuracies in their Personal Information?
CAV endeavors to ensure that any Personal Information in its control is as accurate, current and as complete as necessary for the purposes for which CAV uses that information. If a Customer advises CAV that Personal Information is inaccurate, incomplete or out of date, CAV will revise the Personal Information and, if necessary, use its best efforts to inform third-party service providers or contractors so that those third parties may also correct their records.
CAV permits the reasonable right of access and review of Personal Information held by CAV and will endeavour to provide the information within a reasonable time, generally no later than 30 days following the request. CAV requires sufficient information to confirm that the individual making the request is authorized to do so. CAV will not charge Customers for verifying or correcting their information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.
CAV keeps Customers’ Personal Information only as long as it is required for legal or business purposes. The length of time CAV retains information varies, depending on the purpose for which it was collected, the nature of the information and applicable data retention requirements. When Customers’ Personal Information is no longer required for CAV’s purposes, CAV has procedures to destroy, delete, erase, or convert it into an anonymous form.
10. How does CAV protect Customers’ Personal Information?
CAV endeavours to maintain appropriate physical, procedural, and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information. CAV restricts access to Personal Information to those employees that require access for provision of the Service.
If any officer, employee, or volunteer of CAV misuses Personal Information, this will be considered a serious offence for which disciplinary action may be taken, up to and including termination of employment/volunteer contract. If any third-party individual or organization misuses Personal Information obtained solely for the purpose of providing services to CAV, this will be considered a serious issue for which action may be taken, up to and including termination of any agreement between CAV and that individual or organization.
Given the use of Interpreters outside Canada, as identified above, the privacy laws in the U.S. may offer different levels of protection from those in Canada, and the Personal Information may be subject to access by and disclosure to law enforcement agencies under the applicable legislation in the U.S. There is also the risk of hacking or other form of unintended intrusion.
A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of Personal Information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving Personal Information under CAV’s control, CAV will comply with applicable privacy law, which may include notifying the applicable privacy commissioner and notifying the individual, if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.
11. Links to other websites
CAV may provide links to, or automatically produce search results for, third-party websites or resources or third-party information referencing or linking to third-party websites or resources. CAV has no control over such third-party websites and resources, and Customers acknowledge and agree that CAV is not responsible for the content or information contained therein. When Customers follow such a link, they are no longer protected by our Privacy Policy, and CAV encourage all Customers to read the privacy statements or other disclaimers of such other parties. CAV is not responsible for the privacy or security practices or the content of non-CAV websites, services or products.
CAV cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. CAV does not endorse the content or information of any third-party website or resource and, further, CAV does not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of CAV’s systems or websites to search for or link to a third-party website, Customers agree and understand that CAV shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with their use of, or reliance on, CAV to obtain search results or to link to a third-party website.
12. Resolving Customer privacy concerns
In the event of questions or complaints about CAV’s privacy practices or questions on how a Customer can access their Personal Information, contact CAV’s Privacy Officer by sending an e-mail to ExecDirector@cav-acs.ca.
13. Changes to this Privacy Policy
CAV will update this Policy from time to time if our practices change or if the law requires changes. CAV will update the Effective Date of this Policy to reflect changes and post any changes on our website and, if the changes are significant, CAV will provide a more prominent notice and a summary of the relevant changes at the top of the page. Customers should review this Policy regularly for changes. If Customers do not agree to the terms of this Policy or any other CAV policy, agreement, or disclaimer, they should exit the site and cease use of all CAV services immediately.
Customers’ continued use following the posting of any changes to this Policy means they agree to be bound by the terms of this Policy.
Effective Date: This Policy was last updated on March 10, 2020 and will be effective as of the date of the opening of online registration for the VRS service.