The revisions to the Privacy Act, which will go into effect on January 1, 2004, it requires
MERIDIAN HOLIDAYS to provide the following information to all our customers.
Terms of Reference:
Personal information includes any factual or subjective information, recorded or not,
about an identifiable individual. This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type
- Opinions, evaluations, comments, social status, or disciplinary actions
- Employee files, credit records, loan records, medical records, existence of a dispute
between a consumer and a merchant, intentions (for example, to acquire goods or
services, or change jobs)
Personal information does not include the name, title, business address or telephone
number of an employee of an organization.
The Provisions of the Privacy Act require compliance in 10 areas: We have listed those
areas below, as well as information on how MERIDIAN HOLIDAYS complies with each requirement.
1) Be accountable:
- MERIDIAN HOLIDAYS will comply will all 10 principles of the Privacy Act.
Kenny Wong, Managing Director, is responsible for MERIDIAN HOLIDAYS' compliance with the act.
- MERIDIAN HOLIDAYS will protect all personal information held by MERIDIAN HOLIDAYS
- MERIDIAN HOLIDAYS does not transfer information to third parties, nor have we ever made our customer lists available to third parties, either voluntarily or for sale.
- MERIDIAN HOLIDAYS makes every reasonable attempt to correct customer information and keep them up to date.
- MERIDIAN HOLIDAYS has had occasion to destroy obsolete files over the years. In these cases, the services of a shredding company have been used, to ensure that personal customer information is destroyed, and not simply discarded.
What personal information do we collect?
Each customer file lists:
- Business Title/ Position
- Dates on which pertinent information was sent
- Customer Number
- Canada location code
- Birthday (to send out Birthday cards)
- Preferred Language of correspondence
- Preferred place of correspondence
- Method of Payment (we do not keep credit card records in our database--we only note whether payment was made by cash, cheque or credit card)
- Home Contact information
- Business Contact information
2) Identify the Purpose
Why do we collect it?
We collect information to maintain correspondence with MERIDIAN HOLIDAYS customers, past and present. We collect mailing information from consumers who have requested to be placed on mailing lists. The information allows us to contact individuals at the place of their choosing.
How do we collect it?
Generally, information is conveyed to MERIDIAN HOLIDAYS Customers:
- Verbally--over the telephone, in person at MERIDIAN HOLIDAYS functions, and during office visits
- Electronically-via email
3) Obtain Consent
What is consent?
MERIDIAN HOLIDAYS considers consent to be an expression of permission to collect and use information for the purpose of providing customer services and benefits, or for the provision of consumer information.
We obtain consent by:
- Written permission via mail, email or fax.
- Verbal permission with a dated notation in the customer's file, along with the initials of the staff who recorded the information.
- Third party consent, as long as the third party is well known to MERIDIAN HOLIDAYS and/ or is in a reasonable position to give such consent (e.g. The Office manager correcting the information on an associate's file).
What do we use your personal information for?
To maintain the accuracy of customer records; to better communicate with our
customers; to establish customer eligibility for services and benefits, to mail
information to consumers who have specifically requested MERIDIAN HOLIDAYS information.
Where do we keep your personal information?
Information at MERIDIAN HOLIDAYS is kept:
- In the database, on the computer.
- Paper records are kept in file cabinets.
How is your personal information secured?
MERIDIAN HOLIDAYS computers are backed up regularly, with back up tapes kept in the on-site safe. The office is secured in off-hours, and the building in which the office is located has strict off-hours security.
Who has access to your personal information, or uses it?
Only employees of MERIDIAN HOLIDAYS have access to customer records. When part time help is used for filing, all activities take place under the direct supervision of a MERIDIAN HOLIDAYS full time employee.
To whom is your personal information disclosed?
Information is used in the office and by MERIDIAN HOLIDAYS employees to service the customer. MERIDIAN HOLIDAYS does not disclose information without the express permission of MERIDIAN HOLIDAYSíS customers.
In cases that request immediate contact with a customer, MERIDIAN HOLIDAYS will telephone or email the customer before giving out any contact information.
When does MERIDIAN HOLIDAYS dispose of your personal information?
MERIDIAN HOLIDAYS disposes of obsolete customer files, usually those with whom we have had no correspondence for a period of 5 years. We use the services of a shredding company to dispose of all records that include personal information.
4) Limit Collection
In order to make our database as efficient as possible with regard to responding to
customer inquiries, MERIDIAN HOLIDAYS maintains one "screen" for all customer information. Neither do we collect information that is extraneous to the efficient operation of the organization, nor do we collect information on behalf of third parties. The only instance where "other" information is collected is through regular industry surveys for the purpose of obtaining general industry trends. Surveys returned anonymously, as well as those that contain personal information (for instance if an incentive prize is involved for survey completion) are destroyed after the information is recorded.
5) Limit use, disclosure and retention
- MERIDIAN HOLIDAYS only collects information for the purpose of maintaining customer files.
- Obsolete customer records are shredded every five years. Financial records are maintained for a period of 7 years.
6) Be Accurate
- MERIDIAN HOLIDAYS endeavors to keep customer records as up-to-date as possible, through regular communication with customers via the MERIDIAN HOLIDAYS newsletter or electronic mail.
- Personal information on individual customers can be retrieved from the database by a
MERIDIAN HOLIDAYS employee in order to verify the accuracy of the information, in consultation with a customer.
7) Use Appropriate Safeguards
MERIDIAN HOLIDAYS' security policy regarding customer records includes:
- Physical measures: The MERIDIAN HOLIDAYS office is situated in a secure building where after-hours access is restricted to employees with a pass-card or secure alarm code.
- Technological Tools: MERIDIAN HOLIDAYS computers are password protected. All computer forms that relate to financial transactions are "secure". The MERIDIAN HOLIDAYS computer system is firewall protected.
- Organizational Controls: MERIDIAN HOLIDAYS employees are vigilant with regard to the access of customer files. Staff training includes awareness of the provisions of the Privacy Act, as well as this policy document.
8) Be Open
- MERIDIAN HOLIDAYS has always made it known, and will continue to inform customers, industry associates, sponsors and the public, of MERIDIAN HOLIDAYS' policies and practices for the management of personal information.
- Kenny Wong, the Managing Director is responsible for MERIDIAN HOLIDAYS' privacy policies and practices.
- While any full time employee is able to update customer information files,
correspondence should be sent to the Customer Services Coordinator at
303-1177 West Hastings St, Vancouver, BC Canada V6E 2K3; by telephone at
(604) 688-9877, or firstname.lastname@example.org.
- Customers may contact the sources listed above for a copy of the personal
information in their files.
- Individuals can complain to MERIDIAN HOLIDAYS using the contact information listed above.
9) Give individuals access
- Individuals may visit the MERIDIAN HOLIDAYS office during regular office hours to review their customer records. They may also request a copy of the information MERIDIAN HOLIDAYS has in their file, as long as they satisfy verification of their identity.
- MERIDIAN HOLIDAYS will correct information in customer files on a timely basis, usually within 24 hours of notice.
- There are no costs or charges associated with the correcting of information in customer files
- MERIDIAN HOLIDAYS attempts to translate all abbreviations, short-forms and codes used in customer files. This information is readily available should a customer be unable to decipher any aspect of their customer record.
10) Provide Recourse
by a MERIDIAN HOLIDAYS employee, they should:
- Bring the complaint directly to the attention of the Chief Operating Officer.
- If still not satisfied they should bring the complaint to the attention of the Chair of the Board of Directors
- If still not satisfied they should bring the complaint to the attention of the Privacy Commissioner of Canada.