Privacy Notice

(Updated Tuesday 19 November 2024)

At Civica we take data privacy seriously and we are committed to protecting and respecting the rights of all individuals. We are dedicated to ensuring the confidentiality and privacy of information entrusted to us and aspire to be transparent when we collect and use personal information.

This policy relates to Civica Canada, incorporated in the province of Manitoba, Canada and our responsibilities under the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and all other applicable regulations.

Civica Canada’s customers are primarily healthcare organizations subject to data protection laws in their own jurisdictions. As such, to provide its services, Civica may process personal information on behalf of its customers. In these circumstances, Civica only processes data under a written agreement as instructed by the customer.

This privacy notice covers the following:-

  • Our contact details
  • How Civica collects personal information
  • The types of personal information we collect and why
  • Secondary use of personal information and disclosures
  • International transfers
  • Security
  • Your rights
  • How to make a complaint
  • Cookies
  • Changes to this Privacy Notice

Our contact details

Civica is located at:
109 James Avenue
Winnipeg, Manitoba
Canada R3B 0N6

If you have questions or comments about this Privacy Notice or how we handle personal information, please direct your correspondence either to the above postal address (marking the envelope FAO – Data Protection Officer), or to dpo@civica.co.uk.

How Civica collects personal information

Personal information is any information about an identifiable individual. If the information that we collect personally identifies you, or you are reasonably identifiable from it, then we will treat that information as personal information.

At Civica we may obtain personal information directly from individuals in a number or ways, including:

  • through your access to and use of our website
  • during conversations between you and our representatives
  • when you give us your business card
  • when you submit a job application
  • when you visit our offices or attend events, conferences and meetings, including through CCTV located at our office which may be operated by Civica or a third party
  • when you subscribe to our newsletters and user groups
  • when you communicate with us via email, post or fax
  • through your interaction with us on social networking platforms
  • during the course of providing our services to our customers.

As we process health information on behalf of customers, this information may subject to provincial or territorial laws governing its use.

We may also, for the purposes of recruitment, collect personal information about you from third parties where it is unreasonable or impracticable for us to collect the personal information directly from you, such as:

  • your employer
  • your authorised representatives (e.g., recruiters who provide us with your CV)
  • data brokers that share business contact information with us or your other professional advisors
  • companies providing security background checks, or
  • publicly available sources such as LinkedIn, or freely available news articles.

Civica also collects your name and contact details where you are named as a colleague’s next of kin, in order to contact you on their behalf in our emergency situation.

Civica provides data management services to other organisations and businesses in the healthcare industry. As a result, certain personal information about you which we collect and use, will come from other organisations to whom we provide services and products as described on our website from time to time. These organisations are required to inform you of the purposes for their collection and use of your personal information. When processing personal information on behalf of its customers, Civica does so only under documented instructions.

The types of personal information we collect and why

We collect and hold personal information necessary to run our business and to enable us to provide services to our customers.

Where we are accountable for the collection, we will only solicit and collect personal information that is reasonably necessary for, or directly related to, one or more of our functions as a business.

The types of personal information we collect will depend on the purpose for collection. For our own recruitment or business purposes, this may include (but is not limited to):

  • your name
  • contact details including mailing or street address, email address, and telephone number(s)
  • gender
  • age
  • financial details
  • government identifiers (including driving license, social security numbers, passport numbers or birth/death certificates)
  • income
  • details about your health or ethnicity
  • details about your education, employment and skills, or
  • details of any fines, penalties or offences.

The purposes for which we collect, hold, use, and disclose your personal information include the following:

To fill job vacancies

If you submit a job application either directly or through a recruiter, we will use your information in connection with the specific job that you have applied for and will store your information for 12 months in case any legal claim or privacy complaint is made.

To consider you for other vacancies for which you may be suitable, which may arise during this 12-month period, we will add your information to our talent pool. If you’d rather not be added to the talent pool, or wish to be removed at any time, please let us know

Sometimes we use publicly available sources of data such as LinkedIn to source candidate information. However, you will always be contacted before we add your information to our recruitment system and provide you with the opportunity to opt-out.

For all roles we also request equality and diversity data for monitoring purposes. This information is not mandatory, although we encourage you to provide it. We make every attempt to anonymise this information and ensure it cannot be linked back to an individual.

For purposes of financial management

We gather and retain business contact details for financial management purposes. Personal information such as names and contact information will be needed to ensure purchase orders, requisitions, invoices and debts are handled appropriately. We retain this type of information in line with legal and tax regulations.

To invite you to conferences or exhibitions

We use your data to invite you to conferences and events. Sometimes Civica uses this information to provide assistance with travel and/or hotel arrangements at the request of the individual.

To manage the security of our facilities

Our office has CCTV systems that monitor the perimeter of the building. These collect location and time-based images of you and, sometimes, of your vehicle in order to our protect buildings and assets from damage, vandalism or another crime.

If necessary, we may share CCTV images with law enforcement and, where applicable, the landlords of our premises, in order to support investigations into security incidents.

To provide customer support and service delivery

When you submit a ticket via our customer support service, Civica Support Cloud, we collect data including your work contact details, company details, and job title in order to provide technical support. We may also require details of your management and office location to fulfil your request for support.

To contact you in the event of an emergency involving our colleagues

We collect next of kin name and contact information from our colleagues for us to use in an emergency situation where we need to contact our colleagues’ next of kin on their behalf.

To comply with auditing requirements

In order to comply with our legal obligations, Civica is required to assist and cooperate with external third-party auditors. We may need to share your information as part of these audits.

Direct marketing

We may use your personal information for the purposes of sending you direct marketing communications (including via email, post, SMS, MMS, targeted digital advertising, phone calls or any other means).

You can opt-out of receiving direct marketing communications at any time by contacting us using the details above or by using the unsubscribe facilities provided in direct marketing communications.

To tell you about our products and services

If you complete an enquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest.

As a Civica customer you may wish to join our special interest and user group forums. These are groups of people that share a common interest in Civica products and services. In such cases Civica will store personal contact information such as name & email address to facilitate the organisation of group events and meetings. Civica may share this personal information amongst other group members to aid in discussions, knowledge sharing and distribute information relating to new products that the group may be interested in.

Secondary use of personal information and disclosures

We will only hold, use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:

  • we obtain your consent to use personal information for a different purpose (secondary use)
  • where the disclosure is consistent with the original purpose of collection
  • the secondary use or disclosure is required or authorised by or under a Canadian law or a court/tribunal order

We may disclose your personal information, for our own purposes, to a third party such as:

  • Civica-group businesses, contractors or third-party service providers in connection with the provision of Civica's services. This includes any suppliers of any third-party services that are integrated or embedded into the services we provide
  • third parties that we engage on behalf of our customers or which they engage directly in connection with the services we provide, including auditors, accountants, third-party experts and other consultants or advisors
  • our insurers and our professional advisors, including our accountants, business advisors and consultants
  • third-party service providers who provide marketing, marketing automation and lead-generation services for us
  • any legal industry regulatory body in any of the Provinces and Territories that we operate in
  • any other organisation or individual for any authorised purpose with your consent.

We will never sell your information to third parties. We may, however, share your information with companies with whom we have a direct business arrangement to jointly market Civica-related products.

We have contracts in place with our service providers that ensure adequate security measures are in place. Furthermore, they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation, and they will hold it securely and retain it only for the period we instruct.

Like many organisations, Civica may reorganise its business operations around the world from time to time, whether by buying new businesses or selling or merging existing businesses. This may involve us disclosing personal data to prospective or actual purchasers of parts of our business, or receiving personal data from potential sellers.

International transfers

Civica operates and provides services from its locations across the globe. As such we may transfer personal information to Civica group locations and third-party service providers outside of Canada when we have a business reason to do so.

Additionally, to support the provision of our services, we may transfer personal information to our third-party service providers outside of Canada. We only transfer this data where it is necessary to do so and where a legal safeguard is in place.

Security

We take reasonable steps to ensure your personal information is protected from misuse and loss, and from unauthorised access, modification or disclosure.

We have organisational and technical measures in place, including:

  • physical secure file storage
  • password protection of electronic databases
  • the provision of secure rooms where appropriate
  • electronic information ‘firewalls’ between sites
  • anti-malware protection and encryption
  • the provision of information to staff on a ‘need to know’ basis
  • breach management procedures

In addition, Civica will ensure that all staff and internal and external consultants are subject to contractual obligations of confidentiality and ensure personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later).

Your rights

You have a right to access personal information that we hold about you. We hold personal information if we are accountable for the manner in which such personal information is processed. In most cases, we only process personal information for and on behalf of a customer to provide our services, and our right to process such personal information is limited by our contractual obligations to that customer and our customers’ legal obligations.

Before we provide you with access to your personal information, we may require verification of proof of identity. This helps us to ensure that personal information is not disclosed to any person who has no right to receive it.

We can decline access to personal information in certain circumstances, as set out in PIPEDA. If we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.

You may withdraw consent at any time. This is subject to any legal or contractual provisions.

If you would like to remove the data that you've submitted to us in the course of the recruitment process, please contact our Recruitment Team at peopleteam@civica.co.uk. There may be occasions where we are unable to immediately fulfil this request. Depending on the circumstances, we may be unable to fulfil your request based on other lawful grounds.

How to make a complaint

If you would like to complain about a breach of PIPEDA, you may contact our Data Protection Officer. We ask that you to put your complaint in writing and to provide relevant details to dpo@civica.co.uk or in a letter to the Compliance and Improvement team at the Civica address listed in the ‘our contact details’ section.

We will respond to your complaint in a reasonable period of time (usually within 30 days). If you disagree with our decision, you may refer your complaint to the Office of the Privacy Commissioner of Canada (OPC). The OPC can be contacted at:

30, Victoria Street
Gatineau, Quebec
K1A 1H3

Cookies

We use cookies and similar technologies on our website. Cookies are data files that are placed on your device and often include an anonymous unique identifier. These technologies assist us to improve your experience on our websites. If you elect to disable cookies, this could affect your experience of our websites. Please refer to the Cookie Policy on our website for more information.

Changes to this Privacy Notice

We review our policies regularly and occasionally may need to change or update them. Any updated versions of this privacy policy will be posted on our website and will be effective from the date of posting.