Who we are
Our website address is: https://qoasis.com.
Personal and health information is collected and used by the Qoasis team for the following purposes:
- to provide Qoasis or to carry out the services requested functions
- to assist Qoasis and its employees to fulfil its duty of care to children
- to plan, fund, monitor and evaluate Qoasis’ and functions
- to comply with Privacy Commissioner of Canada reporting requirements
- to investigate incidents and/or defend any legal claims against the Qoasis, or its employees
Qoasis has adopted the ten information privacy principals (IPP) developed by the Privacy Commissioner of Canada and search ‘IPP’) as minimum standards in relation to handling personal and health information.
In broad terms, this means that Qoasis:
- collect only information which is required for a specified primary purpose
- ensure that the person supplying the information knows why the information is
collected and how it will be handled
- use and disclose it only for the primary or a directly related purpose, or for another
purpose with the person’s consent (unless otherwise required, permitted, or authorised
- store it securely, protecting it from unauthorised access retain it for the authorized period
and take reasonable steps to permanently de-identify personal or health information when it is no longer needed
- provide people with access to their own personal information and permit people to seek corrections if necessary. This will usually be handled under the Access to Information Act 1985. For Qoasis not covered by this Act, access will be available as prescribed by Canadian privacy laws.
Qoasis in collecting personal and health information will:
- address the privacy issues relevant to their functions and only collect and use this information in accordance with the privacy principles
- manage this information according to privacy policies in accordance with the privacy principles.
Qoasis in using personal and health information but do not directly collect personal and health information will apply the privacy principles when handling personal and health information.
Research: Qoasis will usually only use or disclose an individual’s personal or health information for research or the compilation of statistics with the individual’s consent. When research or the compilation of statistics which is in the public interest cannot be undertaken with de-identified information, and where it is impractical to seek the individual’s consent, the research or compilation of statistics will be carried out in accordance with the Ethical Conduct for Research Involving Humans and in accordance with the Province of Ontario Ministry of Health guidelines.
A complaint about information privacy is an expression of dissatisfaction with Qoasis procedures, staff, agents, or quality of Qoasis associated with the collection or handling of personal or health information. Qoasis will be efficient and fair when investigating and responding to information privacy complaints.
The process for investigation and response to these complaints is set out in Qoasis Policy and Procedures.
The key Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) Principles
are listed here. Only the key principles have been selected and are provided in summary.
The full exceptions qualifying many of the principles are not included.
Collection: Qoasis must collect only personal and health information that is necessary for performance or functions. Individuals should be told why this information is required, what it will be used for and that they can gain access to their personal and health information.
Use and disclosure: Qoasis must only use or disclose personal and health information:
- for the primary purpose for which it was collected
- for a related secondary purpose (which must be a directly related purpose in the case
of health or sensitive information) that the person would reasonably expect
- with the consent of the person
- unless otherwise required, permitted, or authorised by law principles
Data quality: Qoasis must make sure personal and health information is accurate, complete, and up to date.
Data security: Qoasis must take reasonable steps to protect personal and health information from misuse, loss, unauthorised access, modification, and disclosure.
Openness: Qoasis must document clearly expressed policies on management of personal and health information and make these policies available to anyone who asks for them.
Access and correction: Individuals have a right to seek access to their personal and health information and make corrections.
Unique identifiers: A unique identifier is usually a number assigned to an individual in order
to identify the person for the purposes of an organisation’s operations. Tax File Numbers
and Medicare numbers are examples. Unique identifiers can facilitate data matching.
Data matching can diminish privacy. Privacy laws limit the adoption and sharing of unique
numbers. Qoasis will limit the use of unique identifiers as required by the
Office of the Privacy Commissioner of Canada and its legislation.
Anonymity: When lawful and practicable, individuals should be able to remain anonymous
in transactions with Qoasis.
Transborder data flows: Transfer of personal and health information outside Canada is
restricted by privacy laws. Personal and health information may be transferred only if the
recipient protects privacy under standards similar.
Sensitive information: The Access to Information of 1985 restricts collection of sensitive
information about an individual’s racial or ethnic origin, political views, religious beliefs,
sexual preferences, membership of groups or criminal record.