Ontario Bar Association Policy Concerning Members’ and non-members’ Personal Information
The Ontario Bar Association (“OBA”) is a professional voluntary organization with a mandate to enhance the interests of our diverse membership and to protect the independence of the judiciary and the Bar. The OBA and its branches are dedicated to maintaining high standards of privacy and confidentiality with respect to the Personal Information we receive from our Members and others, in accordance with our obligations under the Personal Information Protection and Electronic Documents Act and the applicable provincial privacy legislation.
This Policy details our practices concerning the collection, use and disclosure of Personal Information provided to the OBA. Our obligations apply to all of our officers, employees, agents or representatives who provide services to or on behalf of the OBA in connection with our delivery of products, services and information, as well as our website. We urge you to read this Policy to gain a clear understanding of how we may collect, use and disclose your Personal Information in the course of our delivery of products, services or information, or in the course of your use of our website(s).
If you do not consent to the collection, use and disclosure of your Personal Information in accordance with this Policy, do not provide us with any Personal Information. You also have the right to withdraw your consent to our collection, use and disclosure of your Personal Information at any time upon reasonable, advance notice. However, you cannot withdraw your consent retroactively. It is important to note that most of our products and services can only be provided if we receive the required Personal Information from you. Consequently, should you choose not to provide us with the required Personal Information, we may be unable to offer these products and services to you.
What is Personal Information?
We define “Personal Information” as any information, recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information, other than business contact information (e.g. name, title, business address, telephone and fax numbers, and e-mail address). This Policy does not cover aggregated data from which the identity of an individual cannot be determined. The OBA retains the right to use business contact information and aggregated data in any way that it determines appropriate.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The OBA collects Personal Information about Members and non-Members provided in writing, including via electronic media, verbally over the telephone or in person.
A visitor to the OBA’s website (www.OBA.org) is not required to reveal any information such as name, street address or telephone number. We do not passively collect this information by electronic means. To access and use the Members-only and exclusive portions of the site, Members and non-Members need to provide certain Personal Information. We will only use this Personal Information to provide our products, services and information to Members and non-Members.
We collect information when a person voluntarily completes an online membership application form, event registration or online survey. We collect, use or disclose this information in a manner consistent with this Policy. We also collect email addresses during the online membership application process, but you may indicate that you do not wish to receive unsolicited electronic communications from us. We comply with Canada’s Anti-Spam Legislation with respect to the sending of commercial electronic messages.
When a person wishes to place an order, purchase products or register for an event, he or she is asked to supply one or more items within the following classes of information:
- Corporate identification information;
- Personal identification information;
- Financial information (e.g. credit card information, purchase order numbers or any other payment information for billing purposes); and
- Delivery information.
We collect this information for billing and delivery purposes. We also use it to contact the individual about their order. In addition, we may use this information for future marketing and communications purposes. You may opt-out of such use of your information by sending an email request to firstname.lastname@example.org or contacting our Privacy Officer as set out in the Contact Information section below.
We may collect Personal Information about guests and visitors who attend our physical premises. This information may include the person’s name, organization and telephone number. We collect, use and disclose this information for safety, health, security and emergency preparedness purposes related to our staff, guests and visitors located on our premises.
We may install video cameras or other recording devices in the public access areas of our premises. We will post signs notifying individuals of the existence and purpose of recording devices.
We may also collect non-personally identifiable information about your use of our products, services or website(s) when you purchase our products, or register for, interact with, or use our services or website(s), contact us for information, or respond to emails, newsletters, or promotional or information communications.
COLLECTION OF INFORMATION THROUGH OUR WEBSITES
By accessing and browsing our website(s), you agree that we may collect, use and disclose any information we collect about you through our website(s) as described in this Policy.
Our web server automatically collects visitor information in the form of the visitor’s domain or Internet Protocol (IP) address, as well as information about the pages being accessed, the date and time of your visit to our websites, the documents that you downloaded, the searches you performed, and the website you were on prior to visiting our website(s). We use this information to better serve visitors by managing our sites, diagnosing any technical problems, and improving the content of our website(s). We may also track your activity on other websites or social media platforms that you visit after leaving the OBA website for the purposes of delivering advertising campaigns that may be of interest to you. For information on how you may opt-out of the collection of such information, please contact our Privacy Officer.
For the transfer and receipt of certain types of sensitive information such as financial information, visitors may be re-directed to a secure server and will be notified through a pop-up screen on the site.
Why the OBA May Collect Personal Information
The OBA uses only fair and lawful methods to collect Personal Information. We collect certain information from you for the purposes of fulfilling our objectives and mandate. These purposes include:
- Communicating with our membership and determining their needs;
- Providing products, services and information to Members and non-Members;
- Permitting affiliated organizations and preferred suppliers to provide products, services and information to Members and non-Members;
- Managing our relationships with Members and non-Members;
- Distributing publications, invitations to events and programs, and other communications that may be of interest to Members and non-Members;
- Providing for the safety, health, security and emergency preparedness of our staff, guests and visitors who are located on our premises;
- Responding to questions and concerns;
- Meeting legal or regulatory requirements; and
- Communicating for any other purpose for which we have Members’ and non-Members’ consent.
HOW THE OBA USES YOUR PERSONAL INFORMATION
Our use of Personal Information is limited to the purposes described in this Policy, unless we expressly tell you otherwise. We do not otherwise sell, trade, barter, exchange or disclose for consideration any Personal Information we have obtained from you.
WHEN THE OBA MAY DISCLOSE YOUR PERSONAL INFORMATION
As a general rule, we hold all information concerning a Member or non-Member in strict confidence. Except in limited circumstances, we do not reveal this information to anyone unless you have expressly or implicitly authorized us to do so. We lease the name, address, telephone number and e-mail address of Members (“OBA membership information”) to affiliated organizations, preferred suppliers and reputable social media organizations when, in our opinion, the service or information is pertinent to our Members.
In such cases, we will secure written agreement from these organizations that they will use the information we provide to them solely for the purpose of providing services to you or to the OBA. We will also secure their agreement, in writing, that they will not use, allow access to, or disclose, your Personal Information to any other party, except with your consent or where required to do so by law. We will also require that these organizations have appropriate physical, technical and organizational safeguards to protect your Personal Information.
There are circumstances where the use and/or disclosure of Personal Information may be justified or permitted, or where the OBA is obliged to disclose information without consent. These circumstances may include:
- Where required by law or by order or requirement of a court, administrative agency or other governmental tribunal;
- Where the OBA believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
- Where it is necessary to establish or collect fees;
- Where it is necessary to permit the OBA to pursue available remedies or limit any damages that the OBA may sustain;
- Where the information is public as permitted by law;
- Where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
- Where it is necessary to determine whether to proceed with a prospective business transaction or complete the transaction, or where it is necessary to carry on the activity that was the object of a completed business transaction. A “business transaction” includes:
- The purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
- The merger or amalgamation of two or more organizations;
- The making of a loan or provision of other financing to an organization or a part of an organization;
- The creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
- The lease or licensing of any of an organization’s assets; and
- Any other prescribed arrangement between two or more organizations to conduct a business activity.
When this occurs, we will not disclose more information than is required.
Use of Third Party Web Analytics Tools
The OBA uses Hotjar analytics in order to help us measure traffic and usage trends for our website(s), analyze and track data, determine the popularity of certain content, better understand your online activity, and optimize the design and functionality of our website. We may also use Hotjar analytics to record user visits to our website. The OBA has no control over the privacy or security practices of Hotjar. For more information on Hotjar, please visit: https://www.hotjar.com/tour. For information on Hotjar’s privacy practices, please visit: https://www.hotjar.com/privacy. For information on Hotjar’s security practices, please visit: https://docs.hotjar.com/docs/data-safety-and-security.
CROSS-BORDER TRANSFER OF INFORMATION
The OBA may transfer Personal Information to a service provider which is located outside of Canada where privacy laws may offer different levels of protection from those in Canada. Your Personal Information may also be subject to access by and disclosure to the local courts, law enforcement and national security authorities under the applicable foreign legislation.
By providing your Personal Information to us, you agree that we may collect, use and disclose it in accordance with this Policy and as otherwise permitted or required by law. However, we may seek your consent to use or disclose Personal Information after it has been collected in cases where we wish to use or disclose the information for a purpose not previously identified or expressed in this Policy.
If you need to provide us with Personal Information about other individuals (such as your employees, employer, supervisor, etc.), you represent and warrant to us that you will obtain their consent where required by law and prior to your disclosure to us. Consent is required for us to use and disclose the Personal Information of these individuals for the specific purpose(s) for which you made the disclosure.
Withdrawal of Consent
You may withdraw your consent to us collecting, using and disclosing your Personal Information at any time, subject to reasonable notice and any legal and/or contractual restrictions.
You may, at any time, ask us not to send you further marketing materials about our goods and services. If you do not wish to receive further invitations to events, you may unsubscribe or contact our Privacy Officer and ask that we not contact you for these purposes.
If you wish to withdraw your consent to have your OBA membership information disclosed to affiliated organizations, preferred suppliers and other reputable organizations, please contact our Privacy Officer as set out in the Contact Information section below.
THE ACCURACY AND RETENTION OF PERSONAL INFORMATION
We endeavour to ensure that any Personal Information provided to us and in our possession is accurate, current and complete. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use reasonable efforts to inform third parties. We do not actively maintain information of former Members and, for as long as we hold that information, we cannot assure the information is accurate.
We keep your Personal Information only as long as it is required for the reasons it was collected. This period may extend beyond the end of a Member’s relationship with us, but it will only be held as long as it is necessary for us to communicate with you or to have sufficient information to respond to any issues that may arise. When we no longer require your Personal Information, we have procedures to securely destroy, delete, erase or convert it into an anonymous form.
PROTECTION OF PERSONAL INFORMATION
We endeavour to maintain appropriate physical, procedural and technical security safeguards at our offices and information storage facilities to prevent any unauthorized access to, or loss, misuse, disclosure or modification of Personal Information. This also applies to our disposal or destruction of Personal Information.
We further protect Personal Information by restricting access to those employees who need access to provide products, services or information. If a OBA employee misuses Personal Information, we will consider the act a serious offence for which we may take disciplinary action up to and including terminating employment. If any individual or organization misuses Personal Information, we will consider it a serious issue and may take action up to and including terminating any agreement between the OBA and that individual or organization.
We audit our procedures and security measures from time to time to ensure that they remain effective and appropriate.
A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving your Personal Information under our control, we will notify you and the appropriate Privacy Commissioner(s) if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.
ACCESS TO YOUR PERSONAL INFORMATION
You have the right to access and review the Personal Information we hold about you. We will endeavour to provide the information in question within a reasonable time. When we will not or cannot disclose information, we will provide the individual making the request the reasons for non-disclosure.
Further information concerning the OBA’s access policy and procedures may be obtained by contacting our Privacy Officer as set out in the Contact Information section below.
Despite our efforts, errors sometimes do occur. If you identify any Personal Information that is out-of-date, incorrect or incomplete, please contact our Privacy Officer and we will make the corrections promptly. We will also use every reasonable effort to communicate these changes to other parties who may have inadvertently received incorrect or out-of-date personal information from us.
We will not charge you for verifying or correcting your Personal Information.
COOKIES AND SIMILAR TECHNOLOGIES
In browsing the Internet, you will encounter a technology called “cookies”, which are small data files that are saved to your device when you visit our website(s). These are commonly used to provide you specific information from a website, and to provide the website’s operator information about you. We may use both session cookies and persistent cookies. A session cookie is a temporary file which is only active while you are on the website and is erased once you close your browser. Unlike a session cookie, a persistent cookie is not deleted when you close your browser and will remain on your device indefinitely.
These cookies are used to improve navigation on websites and to collect aggregate statistical information. This information may be used for advertising and marketing initiatives after you conclude your session on the OBA website. The cookies may also track your activity on other websites or social media platforms that you visit after leaving the OBA website. You may opt out of such tracking by adjusting the cookie settings on your browser.
Adjusting Cookie Settings on Your Browser
(b) Web Beacons
Web beacons are small graphic images or other programming code (also known as “web bugs”, “1x1 GIFs” or “clear GIFs”) used to keep track of your navigation through the website(s) and your electronic communication with us. We may include web beacons in our web pages and email messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or email can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes including, without limitation, to count visitors to our website, to monitor how users navigate the website, to count how many emails that were sent were actually opened, or to count how many particular articles or links were actually viewed. Web beacons may be used to collect certain personal information (for example, the email address associated with an email message).
(c) Embedded Scripts
An embedded script is a programming code that is designed to collect information about your interactions with our website(s), such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.
LINK TO OTHER WEBSITES
Our websites may contain links to other sites. This Policy only applies to Personal Information that we collect, use and disclose. We are not responsible or liable for the privacy practices of third parties, and we strongly recommend that you review their privacy policies before you disclose Personal Information to them.
We have relationships with ad server companies that may collect basic information such as your domain type, IP address and clickstream information. For information on how you may opt-out of such collection of your information, please contact our Privacy Officer as set out in the Contact Information section below.
From time to time, we may engage in digital marketing campaigns. These efforts may include using social media platforms to promote goods and services. You consent to us using your Personal Information to serve advertisements and other announcements. When we do so, we follow the protocols and procedures established by the social media platforms you use. You consent to us working with your social media platforms in this manner.
However, note that you cannot opt out of such tracking retroactively.
Advertising on Social Media and Other Websites
We may also use social media cookies to identify our members who are registered users of the following social media platforms: Facebook, Instagram, Twitter and LinkedIn. We create customs audiences by matching our members with users of social media platforms in order to deliver more useful and relevant advertising content. (See Facebook’s Custom Audiences (https://www.facebook.com/business/a/custom-audiences) for more information. And, see LinkedIn's Contact Targeting (https://business.linkedin.com/marketing-solutions/ad-targeting/contact-targeting) for more information.)
All data matching takes place using secure one-way hash functions, such that no Personal Information of our users is provided to the social media platforms if the user is not already registered with the social media platform.
You may opt out of advertisements via social media platforms by contacting our Privacy Officer at the Contact Information below. Note, however, that you cannot opt out of receiving tailored advertisements retroactively. Note also that the following social media platforms allow their users to opt out of receiving third party advertisements:
Instagram (https://help.instagram.com/1415228085373580); and
Email is our preferred method of communicating with you and others. Unless you object, we may use unencrypted plain text or HTML-based emails when communicating with you. These emails, and other electronic communications from us, may contain information that is confidential or privileged, unless you instruct us not to send such information electronically.
While we make every effort to secure all electronic communications within our control, there are inherent risks involved with exchanging information electronically. For example, third parties may accidentally or deliberately intercept this information. We are unable to accept responsibility or liability for any damages you may suffer as a result of the interception, alteration or misuse of information during electronic exchanges.
CHANGES TO THIS POLICY
This Policy is in effect as of September 14, 2016. From time to time, we may review this Policy. We reserve the right to change this Policy, and any of our policies or procedures concerning our practices for handling Personal Information, at any time and without any prior notice.
In the event of changes to this Policy, we will post a notice on our website at www.OBA.org and publish it in appropriate OBA publications. Policy changes will apply to the information collected from the date of posting to the OBA’s website, as well as to existing information in our records.
We will promptly respond to questions and concerns relating to our Personal Information handling practices and this Policy, and do our utmost to resolve your concerns. In every instance, we will consider our obligations with respect to privileged information, as well as our separate obligations under applicable privacy legislation. We may need to ask you for Personal Information to verify your identity.
Please direct your questions or concerns to our Privacy Officer as listed under Contact Information.
If we are unable to resolve your concerns to your satisfaction, you may contact the Privacy Commissioner of Canada by writing to:
The Privacy Commissioner of Canada
30 Victoria Street
In the event of questions about:
- access to your Personal Information;
- our collection, use, management or disclosure of Personal Information; or
- this Policy
please contact our Privacy Officer at info@OBA.org, 300-20 Toronto Street., Toronto, ON M5C 2B8Tel: (416) 869-1047 or 1-800-668-8900, Fax: (416) 869-1390.
Approved September 14, 2016