Royal College Privacy Policy - Frequently Asked Questions

The Royal College of Physicians and Surgeons of Canada is committed to respecting your privacy and protecting your personal information.

Note: In this FAQ, all references to the Royal College include its affiliates Royal College International and the Royal College Foundation.

What is Personal Information?

Personal Information is defined as information about an identifiable individual and includes, but is not limited to, name, date of birth, residential address and phone number, personal email address, social insurance number and identification number. Personal Information does not include job titles and business contact information (including business email addresses) when used solely for the purpose of communicating with a person in relation to their employment, business or profession.

Is the Royal College subject to PIPEDA?

The Royal College is not subject to PIPEDA, as it is not engaged in commercial activities; however, it endeavours to comply with the ten principles of the Canadian Standards Association (CSA) Model Code, on which PIPEDA is based, on a voluntary basis.

What are the guiding principles of PIPEDA?

PIPEDA sets out ten privacy principles that apply to all Canadian organizations engaged in commercial activities. The ten principles are.

  • Accountability
  • Identifying Purposes
  • Consent
  • Limiting Collection
  • Limiting Use, Disclosure, and Retention
  • Accuracy
  • Safeguards
  • Openness
  • Individual Access
  • Challenging Compliance

What personal information does the Royal College collect?

The Royal College collects personal information from individuals it interacts with in the course of providing services and carrying on its operations. This information may include any of the following, depending on the circumstances:

  • Name
  • Name change documentation
  • Contact information (e.g. personal email address, home address)
  • Date of birth
  • Education and employment
  • Personal Maintenance of Certification (MOC) and Continuing Professional Development (CPD) activities
  • Social Insurance Number
  • Personal medical or training details (e.g. maternity leave, post-graduate training) that may affect membership dues or MOC/CPD cycle
  • Assessment and performance data
  • Medical Information Number for Canada (MINC)
  • Banking information (e.g. credit card numbers for e-commerce transactions)
  • Other personal information required for the purposes identified at the time of collection

Accurate and up-to-date personal information collected for specific purposes enables us to improve our services and to better serve our members, client groups and employees.

You have the right to know the types of personal information collected by the Royal College, as well as how and why we collect and use the information. It is also your right to choose whether or not you wish to provide the Royal College with this information. In some cases, a decision to withdraw consent or withhold personal information may prevent the Royal College from providing you with a product or service, or limit your ability to participate in Royal College activities.

How does the Royal College use the personal information that is collected?

Personal information collected by the Royal College may be used to:

  • verify identity,
  • communicate with candidates, certificants, affiliates, members, subject matter experts, and other clients and health care professionals regarding
    • Royal College activities, services and benefits,
    • MOC participation reporting,
    • seminar/conference registration,
    • annual dues renewal,
    • feedback requests (e.g. on Royal College products and services),
    • fundraising, and
    • other matters relating to the business of the Royal College,
  • collaborate and share points of view and expertise,
  • for recruitment of members and volunteers, and,
  • other purposes identified at the time of collection.

The Royal College may also use personal information for other purposes, subject to applicable legislation, agreements and this policy; for example, the Royal College may conduct statistical analyses that are likely to be of interest to Royal College audiences and may be used to develop new services, programs and information products. This data would be provided in aggregate form only. Anonymized personal information may also be shared with members or other organizations for research purposes.

Personal information the Royal College collects will only be used for the purposes originally stated prior to collection, unless additional consent is obtained. Once the requirements of the original purpose have been met, your personal information will be destroyed in a timely and appropriate manner, in accordance with legal and business purposes.

How does the Royal College dispose of personal information that is collected?

Personal information collected by the Royal College will only be used for the purposes consistent with those originally stated prior to collection, unless additional consent is obtained. Once the requirements of the original purpose have been met, your personal information will be destroyed in a timely and appropriate manner, in accordance with legal and business requirements.

Does the Royal College use or share personal information for research purposes?

The Royal College is committed to being scholarly in its work and contributing to the evidence base in specialty medicine through research. To that end, any analysis involving personal information for scholarly purposes (disseminated internally and externally) will be strictly compliant with the Royal College privacy policy. All data used for research purposes will be collected and stored in a confidential and secure manner that restricts accessibility only to those directly involved with the research project. The Royal College ensures that all personal identifiable information is summarized in aggregate form to ensure confidentiality. Scholarly activities intended for external publication would be subject to research ethics standards, including, where appropriate, formal ethics approval, confidentiality, and subject consent.

Does the Royal College disclose personal information to third parties?

The Royal College may disclose information to third parties with the consent of the affected individual. In addition, the Royal College may disclose information in circumstances including the following:

Member, affiliate and Maintenance of Certification (MOC) Program participant contact information (business information only), certification/attestation information, and Fellowship/Affiliation status is available to the public through the Royal College public online directory as well through its in-house collaboration environment. The directory allows the public to locate a medical specialist in a specific region or confirm that the specialist is a Fellow of the Royal College or participating in the MOC Program.

On occasion, the Royal College may also release limited data, including data on the Royal College Directory, to third parties who organize approved continuing medical education programs, university departments, other organizations, and researchers. Data released for these purposes includes names, business addresses, certification/attestation information, and Fellowship/Affiliation status, but does not include business phone/fax numbers, email addresses or any other personal information. Contractual agreements with third parties restrict use to Royal College approved purposes, in accordance with Royal College policies.

On an annual basis, the Royal College provides name, business address, certification and fellowship information to the Scott’s Canadian Medical Directory, but does not include business phone/fax numbers, email addresses or any other personal information.

Like many other organizations, the Royal College may hire external companies to provide certain administrative services that require access to member, affiliate and MOC Program participant information. These services include credit card payment processing, conference registration, printing of annual dues statements, and mailing and distribution services. In addition, the Royal College shares aggregate, non-personal information with the media, other medical organizations, government agencies, and other third parties. For example, the Royal College may publish statistics on the number of members certified within a specific specialty, or the geographic distribution of our members. This data, however, does not permit identification by member name and cannot be linked to other personal information.

Does the Royal College share personal information with organizations outside Canada?

The Royal College may, from time to time, use a third party service provider outside Canada to process or store data. In cases where the Royal College uses a third party outside Canada, contractual means are in place to ensure there is a comparable level of protection while the information is in the possession of a third party. However, where personal information is stored outside of Canada (e.g. the United States), it may be subject to the laws of that country and no contractual provision can override those laws. Similar to Canadian law, law enforcement agencies in other countries may obtain access to personal information but only where access is permitted by law. Confidentiality and the security of information are key considerations for the Royal College in any outsourcing arrangement to third parties, both inside and outside Canada.

Does the Royal College sell or rent personal information?

The Royal College does not sell or rent personal information to telemarketers, mailing list brokers, pharmaceutical companies, or medical equipment companies.

Are there any other circumstances whereby the Royal College will release personal information?

The Royal College and any third party organization may release Personal Information when required to do so by law or in situations where there is a need to protect the rights or property of the Royal College, or the safety of individuals working on behalf of the Royal College. The Royal College reserves the right, at its discretion, to contact the appropriate authorities when activities appear to be illegal or inconsistent with Royal College policies.

How does the Royal College protect personal information?

The Royal College utilizes a number of ways and means to ensure your personal information is protected. Security measures are in place to protect Royal College buildings, computer systems, and your personal information from unauthorized access and use. The safeguards used vary, and depend on the sensitivity of the information being protected, i.e., a higher level of protection is used to safeguard more sensitive information.

Physical measures include building alarm systems, perimeter fences, locked filing cabinets and restricted access areas.

Organizational measures include security clearances and restricting access to data on a "need-to-know" basis.

Technological measures include passwords, encryption, firewalls, and software programs that detect intrusion attempts and viruses.

Employees of the Royal College are knowledgeable about and comply with the requirements that have been established to safeguard your information. Protecting the confidentiality of information is specified in Royal College employment agreements and the Employee Code of Conduct and is confirmed in writing. Royal College volunteers, who may have access to personal information as a function of their role, must also agree to confidentiality agreements.

Can I access the personal information the Royal College maintains on me?

You have the right to access your personal information. To request access to your personal information send an email to privacy@royalcollege.ca or mail your request to Privacy Officer, The Royal College of Physicians and Surgeons of Canada, 774 Echo Drive, Ottawa, Ontario, K1S 5N8.

You may be required to provide sufficient information to allow us to verify your identity (e.g., your Royal College Identification Number).

How long will it take to receive a response to my request?

Is there a fee involved? The Royal College will respond to a written request within 30 days after receipt of the request. Under extenuating circumstances, the Royal College may extend the time limit for responding to a maximum of 30 additional days. If a fee is required in order to provide access to your information, the Royal College will provide you with an estimate of the cost. If you wish to withdraw your request, please inform the Royal College in writing.

Are there any restrictions that may prevent me from receiving access to my personal information?

The Royal College may not be able to provide you with information that

  • contain references to other individuals;
  • may cause harm to another person;
  • is protected by solicitor-client privilege, is the subject of litigation or where the Royal College has another legal basis for withholding the information;
  • contains confidential information (e.g. the Royal College considers exam content and the breakdown of exam results to be confidential and as a result does not release this information to requestors); or
  • may harm or interfere with a law enforcement investigation.

Can I update or correct my Personal Information?

The Royal College makes every reasonable effort to keep your information accurate and up-to-date, which allows the Royal College to provide the best possible service. You can help by keeping us informed of any updates such as address change, email change, or legal name change. If you find errors in our information, let us know and we will make the appropriate corrections.

In the event that the accuracy of your Personal Information is challenged and not resolved to your satisfaction, the Royal College will ensure that a record is kept of the process.

To update your member contact information on-line, please go to www.royalcollege.ca/coa. If you need assistance, call 613-730-6243 or 1-800-461-9598, or email the Royal College Services Center at membership@royalcollege.ca.

Is information collected via the Royal College website?

You may visit the Royal College web site anonymously or as a registered (signed in) user. Whether you visit the Royal College web site anonymously or in registered fashion, information may be collected from you. The Royal College web site is configured to collect both identifiable and anonymous information (e.g. internet browser in use, computer operating system, pages viewed, search results).

Does the Royal College website use cookies?

The Royal College web site uses "session cookies" to identify you during your site visit and to ensure that those who log into the site can access content areas reserved for members only.

How has the Royal College changed its use of cookies?

Effective January 16, 2018, we have extended our use of cookies so that third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from the Royal College website and use that information to provide measurement services and target ads. This change enables new communications opportunities for the Royal College to promote programs, products and services to our stakeholders.

How can I opt-out of the collection of this information?

Cookies are simple, alphanumeric identifiers that record information about your visit to our web site. Session cookies are managed by your Internet browser (i.e. Firefox, Internet Explorer), and are not stored on your computer's hard drive, they are non-intrusive and persist only for the duration of your current session at the Royal College web site.

You can choose to "enable" or "disable" cookies in your Internet browser. If you disable cookies in your browser, the Royal College web site cannot grant you access to the "Members Only" areas of the site. We recommend that you review your browser instructions for guidelines on cookie use and preference settings.

Alternatively, if you have a Facebook account, you can opt-out of the collection and use of information for targeted ads by changing your personal settings in Facebook, (we will provide a link to this information) or by logging out of Facebook when you leave the site.

The Royal College does not share information about its users with any external company, including Facebook. However, depending on a user’s Facebook privacy settings, an individual may have given Facebook permission to track when he/she visits our website (via cookies). Facebook’s algorithm identifies when a person visited the Royal College website and what specific pages, and shares this aggregated data with us (but does not identify personal details about individual people, i.e. John Smith from Toronto visits page X – but, we only receive notification that someone visited page X during a certain timeframe). This information is used by Facebook to show you relevant content based on visits to the Royal College website.

Instructions for changing Facebook account settings:

If you have a Facebook Account:

You can use your Facebook ad preferences to learn why you’re seeing a particular ad and control how we use information we collect to show you ads. Scroll to the bottom to learn more about managing your ad preferences.

Do we use third party services that use cookies?

Yes, we use Constant Contact for some of our marketing emails. Learn more about Constant Contact: https://www.constantcontact.com/ca/legal/about-constant-contact

How does the Royal College protect my credit card information in online transactions?

In the case of online transactions such as paying dues; credit card information is not stored in permanent or temporary files or in a database on the Royal College server. Data does not remain on the server for more than a few seconds during transaction processing.

What is the relationship between the Royal College and external links on the website?

The Royal College website may provide links to websites created and maintained by other organizations. These links are provided solely for your information and convenience. When you link to an external website, you are leaving the Royal College website. As a result, the Royal College has no control over, and is not responsible for, the content or privacy practices of these external sites. We encourage you to review the privacy practices of those websites.

Does the Royal College notify its members when there are changes to how personal information is managed?

The privacy Q & A document forms part of our privacy policy. As circumstances change in our internal or external environment, our privacy policy and the privacy Q & A may be updated. Changes to our privacy practices will be posted on our website. Policy changes will apply to information collected after the date of the change, as well as to existing information held by the Royal College at the time of the change.

Who do I contact for additional information regarding privacy at the Royal College?

Privacy related inquiries may be directed to:

Privacy Officer
The Royal College of Physicians and Surgeons of Canada
774 Echo Drive
Ottawa, Ontario
K1S 5N8

1-800-668-3740 ext. 239

privacy@royalcollege.ca