Applicants For Employment – Personal Information

FGC Health is committed to safeguarding the personal information of our Consumers and Employees, and we do so in compliance with Canadian legislation. FGC Health observes Canada’s federal private sector privacy law, which is called The Personal Information Protection and Electronic Documents Act (PIPEDA.)

The following policy explains how we care for your personal information as an Applicant for employment at FGC Health.

What is personal information?

Per PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type
  • opinions, evaluations, comments, social status, or disciplinary actions
  • employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs.)

What is NOT covered by legislation?

There are some instances where the legislation does not apply. Some examples include:

  • personal information handled by federal government organizations listed under the Privacy Act
  • provincial or territorial governments and their agents
  • business contact information such as an employee’s name, title, business address, telephone number or email address that is collected, used, or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
  • an individual’s collection, use, or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
  • an organization’s collection, use, or disclosure of personal information solely for journalistic, artistic, or literary purposes.

What are the 10 Fair Information Principles?

The principles are:

  1. Accountability
  2. Identifying purposes
  3. Consent
  4. Limiting collection
  5. Limiting use, disclosure, and retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual access
  10. Challenging compliance

How does FGC Health comply with the 10 Fair Information Principles as they relate to Applicants for employment with the Company?

The principles are:

1) Accountability

FGC Health has designated Dan Curle, our Vice-President, Business Development as the Company’s Privacy Officer. He has the support of senior management and the authority to intervene on privacy issues.

Should you have a question or concern about FGC’s privacy policy and procedures, or should you wish to request access to any personal information you have submitted to the Company, please contact our Privacy Officer in writing at dcurle@fgchealth.com. Ensure you provide specifics about your question, concern, or request to help our Privacy Officer understand how best to assist you.

2) Identifying Purposes

To administer the Applicant/Company relationship, FGC Health needs to collect and store certain personal information. This information is used for reviewing and considering your qualifications and candidacy for employment; contacting you to arrange and conduct pre-employment interviews; verifying employment references, education, licensing, designations, work permits, and other factors relevant to the role for which you are applying; and extending offers of employment.

In some cases, this involves sharing Applicants’ personal information with third party providers so they may provide services and supports to the Applicant/Company relationship. Examples include but may not be limited to internal management and People & Culture personnel; external recruitment and employment testing consultants; Applicant-provided employment referees; and background checking consultants.

The information shared by FGC Health with third parties is limited to the minimum information necessary to provide the services and/or as required by law. Third party providers will refer any other parties seeking to access our Applicant information to our Company. They will use appropriate security measures to protect our Applicants’ personal information, permit our Company to audit their compliance with the terms of our contract as necessary, and dispose of transferred information upon completion of the contract.

3) Consent

Applicants provide express consent during the initial application process when seeking employment with the Company and subsequently through various stages of the recruitment process. Consent to conduct Applicant testing and background checking is obtained as Applicants proceed through each stage in the process.

 

4) Limiting Collection

As stated above, FGC Health limits the collection of Applicant information to what is necessary to administrate the recruitment and selection process. This includes any information that may be required by law.

Information collected for the above-stated purposes may include but not be limited to: full legal name; contact information (address, telephone number(s), personal email address); employment history; work permit, education/training documentation, professional licensing/designations, criminal record, credit record, employment references, and/or driver’s abstract as may be relevant according to the employment role; compensation and employment expectations; and results of skills and abilities testing.

5) Limiting Use, Disclosure and Retention

Access to personal Applicant information is limited to those who are authorized for the purposes of carrying out their responsibilities pertaining to administration of the Applicant/Company relationship and/or as required by law. Those who are authorized are provided access only to the information they require to perform their duties.

Those authorized with full access to Applicant personal information or portions of Applicant information may include: members of the Company’s People & Culture team; FGC management; consultants providing and/or supporting recruitment and selection-related services; and personnel from law enforcement, regulatory bodies, or other institutions that are legally entitled to receive or be privy to Applicant information.

Applicant information is retained for up to six (6) months unless specific permission is obtained to retain the information for a longer period as part of a talent pool. Once hired, information provided during the application process is retained as part of the Employee file.

FGC Health will conduct regular reviews to ensure information that is no longer needed or required by law to be retained, is expunged from Company records. Following expiration of the retention timeframe, the Applicant’s information will be destroyed, erased, or anonymized from the digital Human Resources Management Software solution (HRMS) along with any hard copies that may have been produced.

(6) Accuracy

FGC Health uses a digital Human Resources Management Software solution (HRMS) to record and store Applicant personal information and documentation. The Company shares joint accountability with Applicants for ensuring the information contained within their records is up-to-date and accurate.

(7) Safeguards

FGC Health protects all Applicant personal information against loss, theft, or any unauthorized access, disclosure, copying, use, or modification. This is done through secure data storage within our HRMS, which includes technological security such as passwords, encryption, firewalls, and security patches. Organizational controls are also in place, including limits to information according to hierarchical/role settings within HRMS; confidentiality agreements signed by our Employees, contractors, and consultants; mandated review and sign-off upon our Privacy and Confidentiality policy; and staff training on administering FGC’s Consumer and Employee information privacy policies.

(8) Openness

FGC Health informs our Consumers and Employees about the policies and practices we have in place for managing personal information. We focus on making these policies and practices easily understandable and available.

Our policies and practices pertaining to Consumer information, including Applicants for employment with the Company, are housed on our Company website and within our Stores and offices. Our Privacy Officer, Dan Curle, Vice-President, Business Development, is available to respond to any questions, concerns, or access requests. He may be reached by email at rdaneshi@fgchealth.com.

(9) Individual Access

Applicants generally have a right to access personal information that FGC Health holds about them. They also have the right to challenge the accuracy and completeness of the information, and have that information amended as appropriate.

FGC Health will provide Applicants access to their information at minimal or no cost, or, explain our reasons for not providing access. If we deny access, we will also advise of any recourse available to the requestor, including the option of complaining to the Office of the Privacy Commissioner (OPC.) If FGC Health holds no personal information on the requestor, they will be advised as such.

Access may be granted in a variety of formats. This may include providing a written or electronic copy of the information, allowing the Applicant to view the information, or permitting the Applicant to listen to a recording of the information. The Company will ensure the requested information is understandable and will explain acronyms, abbreviations, and codes, as necessary.

The Company will correct or amend personal information in cases where accuracy and completeness is confirmed as being deficient. FGC Health will note any disputes on file and advise third parties where appropriate. If amendments are made to the information, the revised information will be sent to any third parties that have access to the information in cases where doing so is appropriate.

The Company will help Applicants prepare their request for access to personal information, to ensure sufficient detail is provided to allow FGC Health to locate personal information and determine how it has been used or disclosed. If there is a cost, FGC Health will notify the requestor of the approximate cost before processing the request and confirm they still wish to proceed.

FGC Health will respond to the request for access as quickly as possible, and no later than thirty (30) days after receiving it. The normal 30-day response time limit for access requests may be extended for a maximum of 30 additional days when responding to the request within the original 30 days would unreasonably interfere with the activities of the Company; if the Company needs additional time to conduct consultations; or if more time is required to convert personal information to an alternate format. If FGC Health extends this response time, we will notify the Applicant making the request within 30 days of receiving the request and advise them of their right to complain to the OPC.

(10) Challenging Compliance

Any challenges to FGC Health’s compliance with the fair information principles should be addressed in writing to the Privacy Officer by email at rdaneshi@fgchealth.com.

 

The Privacy Officer will:

  • record the date on which the complaint is received, and its nature
  • acknowledge receipt of the complaint promptly, and seek clarification if needed
  • assign the matter to a person with the skills necessary to review it fairly and impartially
  • provide that person with access to all relevant records, employees, or others who handled the personal information or access request
  • notify the requestor of the outcome of complaint reviews, clearly and promptly, and inform them of any steps taken
  • correct any inaccurate personal information or modify policies and procedures based on the outcome of the complaint
  • ensure Employees are made aware of any changes to policies and procedures.

How would a privacy breach be handled?

FGC Health will keep records of all breaches of privacy for a period of two (2) years. Any breaches of security safeguards that pose a real risk of significant harm will be reported to the OPC. Affected individuals and relevant third parties will be notified of any breaches with a real risk of significant harm, which is determined through an assessment of the sensitivity of the personal information involved, as well as the probability that the personal information could be misused.

Significant harm includes: humiliation; damage to reputation or relationships; loss of employment, business, or professional opportunities; financial loss, identity theft, or negative effects on the credit record; or damage to or loss of property.

Breach reports will include: a description of the circumstances of the breach and, if known, the cause; approximately when the breach occurred; as much as possible, a description of the personal information that is the subject of the breach; the approximate number of individuals affected by the breach; and what steps the Company has taken to reduce the risk of harm to affected individuals.