Last Updated: July 2018
Over the years, there has been a lot of development in the area of privacy, data protection, and more specifically the collection, use, and protection of personal information. In January of 2004, The Privacy Commissioner of Canada released the Personal Information Protection and Electronic Documents Act often referred to as PIPEDA. In May 2018, the European Union introduced into law the General Data Protection Regulation (GDPR). While each of these are unique in some ways, for the most part these regulations place the focus on commercial operators to address the collection, care, handling, processing and security of personal data. These initiatives are not only laws that govern commercial organizations with regards to personal data, but they have set in place good handling practices to essentially protect any personal data that they collect.
Since Sensors Quality Management Inc. (SQM), which is the parent company of EvaluateItbySQM, first started collecting personal data, we have always been concerned with the collection, handling and protection of this information. Within this document we would like to remove any mystery associated with what we collect, why we collect information, how we process, and the procedures in place to protect the data. For understanding and clarification, Sensors Quality Management Inc. and EvaluateitbySQM will be referred to herein as SQM.
SQM is committed to following the obligations, guidelines and expectations of these initiatives. We are completely transparent about how personal data is handled, while protecting the privacy and security of personal information we collect and hold.
The Principles of Data Protection
Under most legislation associated with personal data, including the new GDPR, there are generally six different expectations that SQM is required to comply with. They are:
Personal data is to be processed in a transparent, fair and lawful manner.
Personal data is to be collected only for legitimate purposes for which it was clearly explained. It is not to be used in any manner that is not aligned with the initial purpose.
The data collected is to be adequate, relevant and limited to what is necessary in the relationship and only to those purposes.
Personal data should be accurate and maintained up-to-date.
Personal data should be held for a period no longer than necessary to the original purpose.
Data security processes and procedures are to be in place to ensure the security of all personal data held by SQM.
SQM Privacy Statement
At Sensors Quality Management Inc., the privacy and protection of your personal information is of paramount importance. We do not share, sell, provide, lend or otherwise transmit personal data to anyone or any group outside of our organization.
All pages on the EvaluateITbySQM public website are free to navigate without the requirement to provide any personal information. The web hosting systems used by SQM do collect and retain a log of the domains that visited our website, however, this information is only used for security purposes. Logs are never used for any marketing, advertising, or purposes other than the maintenance of a secure system.
A cookie is a small file that a website or service provider transfers to your computer when you access that system using a web browser. This file then permits the site or service provider to recognize you and even capture and/or retain certain attribute type information.
Cookies are not used on the EvaluateIt website for any other purpose. No personal or user behaviour type information is collected or shared with others.
The personal data that we collect is done so for the sole purposes of being able to provide the best relationship possible between SQM and our field force team members. This information is only collected through the process of joining our team. Some of the information we collect will be identified as required fields and is part of our contractual relationship, while other personal details can be provided on a voluntary basis. The collected information helps us to:
- send emails, place phone calls, or otherwise communicate with the most appropriate field team individuals
- avoid the need to unnecessarily reach out or spam team members through appropriate filtering.
- improve on the website experience
- continuously improve on our team member customer support
- create a personalized experience tailored to the team member profile.
When signing up, each individual is required to review and sign the legal agreement, which in part, includes that each active member of the team accepts that email messages (to inform or follow up) are an expectation of the relationship. As such, there is no opt out option which allows individuals to remain an active member of the organization, yet not receive email, phone or other communication from SQM. Should and individual require that email, phone or other attempts to communicate be suspended by SQM, then the member account will need to be deactivated.
Why is it necessary for us to collect information?
Your information is used for the sole purposes of being able to fulfill the relationship established with you. Our role is to design, schedule, communicate, assign, track, follow up, report on, and compensate for the work completed. Through the customized SQM systems, only authorized Sensors Quality Management Inc. individuals have access to your personal information.
Your personal information is used to:
Contact you with available field evaluations in your area
Follow up with you regarding any completed evaluations.
Administer the agreement we have entered into with each of our field staff
Determine the fit or suitability for a particular evaluation.
Not unnecessarily contact you for assignments (or otherwise) to which do not apply or are not suitable for.
Ensure that you are paid/refunded correctly and in a timely manner
To maintain records of performance
To manage, plan, and organize available assignments.
To provide feedback and possible corrective action
Manage the suitability for future work
Manage the booking process on your behalf when personal data is required to be shared with a third party (airline, rail, hotel, etc.)
Ensure that each field force member is adhering to company rules, policies and procedures.
Enable SQM to handle any possible legal matters associated with the relationship.
Who owns and controls these systems?
From the very start of this organization, Sensors Quality Management Inc. has retained 100% ownership and control over all hardware, operating systems, software, databases and data. We do not use third party organizations for any of data systems.
Links to the Third Party
From time to time, SQM will link some of our support for our field force to a third party system. These links will appear on our public pages, general field force pages, program instructions, and/or questionnaires and will redirect the user via a link to another website outside of the SQM systems. These third party websites could include government, security, support, social media, client, or otherwise. We provide these links only for support purposes.
While SQM makes every effort to ensure that any link setup is in the best interest of both SQM and the user, SQM takes no responsibility for the content, security, data collection processes, or activities of these linked sites. As the integrity of the SQM systems and the experiences of any of our authorized users is important to us, we encourage users to report any concerns to our Chief Data Officer.
Where personal data information is concerned, SQM does NOT share personal information with any third-party individuals or organizations. There is one exception to this which relates to the arrangement of any travel bookings such that SQM is required to collect and then transfer selected personal data under the booking requirements. These could include (but not limited to) airlines, hotels, resorts, rail, bus or other organizations where by SQM books or makes the arrangements on your behalf. For international travel, this could also include passport and citizenship details, but only what would have been required had you booked directly with the third party organization.
Sensors Quality Management Inc. uses a variety of software, hardware, and procedures to protect data from unauthorized use.
All data of a personal nature is collected first during the application process, then further updated upon the first website visit during the sign up process. This personal data is stored within our system is built on a highly respected, password protected, encrypted software system which is owned and managed entirely by SQM. This data is cloned across a family of identical servers which reside locked behind a firewall and housed within our own operation. A replication process between the servers ensures that all systems are fully updated, allowing for limited downtime even for unexpected maintenance, with no loss of data.
SQM staff, including managers, schedulers, reviewers, and our technical team access the data using password protected computers and unique user IDs. Any data which is added, removed, modified or accessed by staff is logged. All desktops are consistently reviewed by SQM technical staff, updated, and equipped with anti-virus protection, desktop passwords, as well as software user passwords which are access level controlled.
SQM has in place procedures to deal with any suspected data security breach.
No third party individuals, technicians, or organizations are ever provided with access to personal data. SQM does not provide any independent contractors, independent schedulers or scheduling organizations with access to collected personal data.
No personal data is stored in paper form.
In the rare occasion that any personal data be printed, it is shredded before disposal.
Processing of Field Reports
When reports are collected from a field representative, the personal ID of that field representative is embedded into that report. This allows SQM staff to know which field representative completed the work, follow up as necessary, and ensure that any compensation and/or reimbursement is made available to that individual. If a completed evaluation report is made available to a client to review, the client reader is unable to know the identity or any personal information about the individual that completed the evaluation except for any field within the report that might identify simple attributes such as your age, sex or some other general description. In short, we do not share with the client any information that would allow them the identity of the field representative or direct access back to the field representative that completed the evaluation.
The party requesting the information does so in writing.
The request is carefully reviewed by the Chief Data Officer and that it meets with one or more of the following criteria:
SQM has reasonable grounds to believe that the information could be useful in the prevention or apprehension of an individual involved in a federal, provincial or foreign investigation or breaking of law.
Regarding an event of an emergency nature which presents the threat of an individual's life, health or security
When it involves a witness statement and the use is necessary to access, process or settle an insurance claim.
When it involves the protection of the rights or property belonging to Sensors Quality Management Inc.
When the circumstances involve the protection, health, or security of any SQM staff, managers, employees, independent contractors, field force members, or users of the services provided by Sensors Quality Management Inc., clients, or the public in general.
When it involves any tax authorities and their investigation regarding any monies paid by SQM.
When required to comply with a warrant, court order, subpoena, or other body with appropriate jurisdiction to enforce.
When the legal council for Sensors Quality Management Inc. is consulted in a mattered related to your personal data.
How long does SQM hold onto your personal information?
SQM will hold your personal information and update as necessary for as long as you are an active member of our field force team.
Should your account be deactivated or the relationship be terminated, SQM will generally hold onto your personal data for seven (7) years from date of inactivation. This allows us to maintain history on previous assignments, user performance, records of payments, and be available for possible legal challenges.
Personal information which is no longer required will be permanently erased from our technical systems or destroyed in an effective but secure process. It may be necessary to involve a third party in the process of destroying or erasing personal data.
In some circumstances, it may become necessary to retain data, reports or other information beyond the period identified above. Should this be required, under these circumstances, SQM will anonymise any personal information contained within so that it no longer permits identification.
Rights Associated with Your Personal Information
It is important that any personal information held by SQM is accurate and up-to-date. As we provide options to do this, we ask that individuals keep their EvaluateitbySQM accounts updated by checking the account periodically or when details on your personal account should change
Subject to certain conditions or circumstances, field force team members do have the following statutory rights. The right to:
Request access to your personal information.
Request that the user account holding your personal information be inactivated
Request that the user account holding your personal information be reactivated
Request that the user account holding your personal information be updated or modified
Request the erasure of your personal information
Restrict the processing of your personal information.
Accessing Your Information
Each member of our field force is provided with a personalized ID and password. Using this access account, a field force member can access their own account and see what information is currently on file.
Should there be any concerns with person information that we have on file, or you wish to receive a copy, you can either address a letter to our head office or email our Chief Data Officer.
Requests for your information
We will follow up with all requests in a timely fashion, and within the required 30 day period.
Initial requests will not be charged, however, should there be 2 or more requests, each subsequent request(s) will be charged $10.00 US per request. Should a subsequent request be filed, no actions will be taken until the fee has been paid.
As part of the requirement to protect all personal data, all requests will be challenged to determine your right to access the personal information or to exercise any of your associated rights. This is a security measure to ensue that your personal information is not disclosed to unauthorized individuals or organizations.
All information will be provided by email and as an attachment in the format of a pdf document.
Should you not receive acknowledgement or you feel that the matter was not addressed to your satisfaction, we encourage you to contact the Privacy Commissioner of Canada, 30 Victoria Street, 1st floor, Gatineau, QC or via the Privacy Commissioner website www.priv.gc.ca
Chief Data Officer
Sensors Quality Management Inc.
156 Duncan Mill Rd, Suite 19.
This policy was last modified July 2018