Applicants For Employment - Personal Information
FGC Health is committed to safeguarding the personal information of our Consumers and Employees, and we do so in compliance with Canadian legislation. FGC Health observes Canada’s federal private sector privacy law, which is called The Personal Information Protection and Electronic Documents Act (PIPEDA.)
The following policy explains how we care for your personal information as an Applicant for employment at FGC Health.
Per PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
There are some instances where the legislation does not apply. Some examples include:
The principles are:
The principles are:
FGC Health has designated Dan Curle, our Vice-President, Business Development as the Company’s Privacy Officer. He has the support of senior management and the authority to intervene on privacy issues.
2) Identifying Purposes
To administer the Applicant/Company relationship, FGC Health needs to collect and store certain personal information. This information is used for reviewing and considering your qualifications and candidacy for employment; contacting you to arrange and conduct pre-employment interviews; verifying employment references, education, licensing, designations, work permits, and other factors relevant to the role for which you are applying; and extending offers of employment.
In some cases, this involves sharing Applicants’ personal information with third party providers so they may provide services and supports to the Applicant/Company relationship. Examples include but may not be limited to internal management and People & Culture personnel; external recruitment and employment testing consultants; Applicant-provided employment referees; and background checking consultants.
The information shared by FGC Health with third parties is limited to the minimum information necessary to provide the services and/or as required by law. Third party providers will refer any other parties seeking to access our Applicant information to our Company. They will use appropriate security measures to protect our Applicants’ personal information, permit our Company to audit their compliance with the terms of our contract as necessary, and dispose of transferred information upon completion of the contract.
Applicants provide express consent during the initial application process when seeking employment with the Company and subsequently through various stages of the recruitment process. Consent to conduct Applicant testing and background checking is obtained as Applicants proceed through each stage in the process.
4) Limiting Collection
As stated above, FGC Health limits the collection of Applicant information to what is necessary to administrate the recruitment and selection process. This includes any information that may be required by law.
Information collected for the above-stated purposes may include but not be limited to: full legal name; contact information (address, telephone number(s), personal email address); employment history; work permit, education/training documentation, professional licensing/designations, criminal record, credit record, employment references, and/or driver’s abstract as may be relevant according to the employment role; compensation and employment expectations; and results of skills and abilities testing.
5) Limiting Use, Disclosure and Retention
Access to personal Applicant information is limited to those who are authorized for the purposes of carrying out their responsibilities pertaining to administration of the Applicant/Company relationship and/or as required by law. Those who are authorized are provided access only to the information they require to perform their duties.
Those authorized with full access to Applicant personal information or portions of Applicant information may include: members of the Company’s People & Culture team; FGC management; consultants providing and/or supporting recruitment and selection-related services; and personnel from law enforcement, regulatory bodies, or other institutions that are legally entitled to receive or be privy to Applicant information.
Applicant information is retained for up to six (6) months unless specific permission is obtained to retain the information for a longer period as part of a talent pool. Once hired, information provided during the application process is retained as part of the Employee file.
FGC Health will conduct regular reviews to ensure information that is no longer needed or required by law to be retained, is expunged from Company records. Following expiration of the retention timeframe, the Applicant’s information will be destroyed, erased, or anonymized from the digital Human Resources Management Software solution (HRMS) along with any hard copies that may have been produced.
FGC Health uses a digital Human Resources Management Software solution (HRMS) to record and store Applicant personal information and documentation. The Company shares joint accountability with Applicants for ensuring the information contained within their records is up-to-date and accurate.
FGC Health protects all Applicant personal information against loss, theft, or any unauthorized access, disclosure, copying, use, or modification. This is done through secure data storage within our HRMS, which includes technological security such as passwords, encryption, firewalls, and security patches. Organizational controls are also in place, including limits to information according to hierarchical/role settings within HRMS; confidentiality agreements signed by our Employees, contractors, and consultants; mandated review and sign-off upon our Privacy and Confidentiality policy; and staff training on administering FGC’s Consumer and Employee information privacy policies.
FGC Health informs our Consumers and Employees about the policies and practices we have in place for managing personal information. We focus on making these policies and practices easily understandable and available.
Our policies and practices pertaining to Consumer information, including Applicants for employment with the Company, are housed on our Company website and within our Stores and offices. Our Privacy Officer, Dan Curle, Vice-President, Business Development, is available to respond to any questions, concerns, or access requests. He may be reached by email at email@example.com.
(9) Individual Access
Applicants generally have a right to access personal information that FGC Health holds about them. They also have the right to challenge the accuracy and completeness of the information, and have that information amended as appropriate.
FGC Health will provide Applicants access to their information at minimal or no cost, or, explain our reasons for not providing access. If we deny access, we will also advise of any recourse available to the requestor, including the option of complaining to the Office of the Privacy Commissioner (OPC.) If FGC Health holds no personal information on the requestor, they will be advised as such.
Access may be granted in a variety of formats. This may include providing a written or electronic copy of the information, allowing the Applicant to view the information, or permitting the Applicant to listen to a recording of the information. The Company will ensure the requested information is understandable and will explain acronyms, abbreviations, and codes, as necessary.
The Company will correct or amend personal information in cases where accuracy and completeness is confirmed as being deficient. FGC Health will note any disputes on file and advise third parties where appropriate. If amendments are made to the information, the revised information will be sent to any third parties that have access to the information in cases where doing so is appropriate.
The Company will help Applicants prepare their request for access to personal information, to ensure sufficient detail is provided to allow FGC Health to locate personal information and determine how it has been used or disclosed. If there is a cost, FGC Health will notify the requestor of the approximate cost before processing the request and confirm they still wish to proceed.
FGC Health will respond to the request for access as quickly as possible, and no later than thirty (30) days after receiving it. The normal 30-day response time limit for access requests may be extended for a maximum of 30 additional days when responding to the request within the original 30 days would unreasonably interfere with the activities of the Company; if the Company needs additional time to conduct consultations; or if more time is required to convert personal information to an alternate format. If FGC Health extends this response time, we will notify the Applicant making the request within 30 days of receiving the request and advise them of their right to complain to the OPC.
(10) Challenging ComplianceAny challenges to FGC Health’s compliance with the fair information principles should be addressed in writing to the Privacy Officer by email at firstname.lastname@example.org.
The Privacy Officer will:
How would a privacy breach be handled?
FGC Health will keep records of all breaches of privacy for a period of two (2) years. Any breaches of security safeguards that pose a real risk of significant harm will be reported to the OPC. Affected individuals and relevant third parties will be notified of any breaches with a real risk of significant harm, which is determined through an assessment of the sensitivity of the personal information involved, as well as the probability that the personal information could be misused.
Significant harm includes: humiliation; damage to reputation or relationships; loss of employment, business, or professional opportunities; financial loss, identity theft, or negative effects on the credit record; or damage to or loss of property.
Breach reports will include: a description of the circumstances of the breach and, if known, the cause; approximately when the breach occurred; as much as possible, a description of the personal information that is the subject of the breach; the approximate number of individuals affected by the breach; and what steps the Company has taken to reduce the risk of harm to affected individuals.