Privacy Policy

HKA Data’s attention to detail in ensuring the privacy of our clients' database information is unsurpassed. Our sterling reputation has gained us the confidence of Canada’s leading non-profit organizations.

Our Guiding Principles

HKA Data has prepared a list of the principles outlining the details of the Privacy Act and the expectations of both us and that of clients as it relates to data maintenance. As a third party, we commit to you our adherence to the principles below.

PIPEDA Privacy Principles

Principle 1: Accountability

Definition: An organization is responsible for the personal information within its possession or custody. This includes information supplied to a third party for processing. We hold all personal information in-house. If, with your permission, a third party holds data, we ensure that they are PIPEDA compliant. A third party clause will be implemented in the event that private information is made available to third parties for production purposes. This will be handled with the consent of you, our client, and with the procedures outlined within our contractual obligation.

Principle 2: Identifying Purposes

Definition: The purposes for which personal information is collected shall be identified at or before the time the information is collected. New uses must be disclosed. HKA Data operates as a service bureau to a number of organizations and corporations. We are often asked to perform services on behalf of our clients, such as inbound/outbound communication and order fulfillment. Our staff will always identify themselves prior to commencing any dialogue and request the time and attention of the participant prior to any questions. Should the participant request that they be taken off a list, we will notify our clients of this request when all solicitation calls are complete. Additional fields to track this new information are available for audit and can be embedded in the data we forward to you.

Principle 3: Consent

Definition: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate. No grandfathering. This principle applies within a third party relationship at the time of updating contact information in the database. When updating information on the client’s behalf, it is the obligation of the customer service representative to identify themselves, the reason for the telephone call and to secure the consent of the called party to use the information for a specific purpose. Alternately, we can provide fulfillment services outlining the details of the information collected and have the individual sign-off and make any necessary revisions for accuracy. No grandfathering simply means that information collected prior to January 1, 2004 is no longer valid without the consent of the individual.

Principle 4: Limiting Collection

Definition: The collection of personal information must be limited to what is necessary for the purposes identified by the organization. It is wise to limit the amount of information collected regarding an individual. This enables you to lower your administration cost in collecting, storing, retaining and archiving data. Determine what information you require and eliminate unnecessary data.

Principle 5: Limiting Use, Disclosure & Retention

Definition: The use and disclosure of personal information is to be limited to the purposes for which it was collected, except with the consent of the individual or as required by law.

HKA Data will work with you determine the following:

• Hold all information for only as long as has been predetermined as necessary.

• Put guidelines in place for retaining and/or destroying personal information

• Destroy, erase or render anonymous information that is no longer required for an identified purpose or a legal requirement

• Maintain the integrity of your customer information and make sure the information is up-to-date and accurate. With a regular data cleansing, usually twice per year, we will identify and eliminate any data that is no longer deemed necessary.

Principle 6: Accuracy

Definition: Personal information will be accurate, complete and up-to-date. HKA Data will work with you to minimize the possibility of inaccurate data. For data management, your customers can access the information they require by calling our customer service representatives. To ensure privacy, we will install a number of questions that must be answered to clearly identify a person prior to releasing any of their information. You predetermine the list of questions.

Principle 7: Safeguards

Definition: An organization has an obligation to ensure that any personal information collected is protected. Protection should include physical, organizational and technological measures. We will work with you to develop security systems that clearly identify a person who requests access to their information. Our internal computer systems are restricted to personnel who "need-to-know" and have access to databases for their intended purpose. All information is secure from the rest of the company.

Principle 8: Openness

Definition: An organization must make public information about its privacy policies and practices. That includes:

• The name of the Privacy Officer

• The methods by which an individual can access their information

• The type of personal information that will be made available to related organizations

• Description of the type of information held by an organization

• A copy of any policies, standards, and procedures the organization has

This principle, for a third party, is the most important aspect in our relationship with our clients. As we have always stated "Any information we store on behalf of our clients is the property of our clients. The information is always readily available in any format they would like to view it-portal, FTP site, spreadsheet, etc). This service has never changed nor will it in the future.

Policies & Procedures

1. A request in writing must be made in order to retrieve data on our clients' behalf. The request must be made to the Privacy Officer or his designate and must allow three business days to process the order.

2. The request must clearly define the intended purpose.

3. Our Policy Officer will have the authority to refuse a request if:

4. The request is too broad and does not clearly define its use

5. There is no approval signature by your organization’s Privacy Officer

6. The request is from an individual in the organization who does not have authority to request information. The client must provide a list to HKA Data Processing Corporation. HKA Data Privacy Officer: Kevin Andrien, (905) 479-8661

Principle 9: Individual Access

Definition: Upon request, an individual must be given access to any personal information held by an organization. The organization must inform the individual of how the information will be used, as well as any third parties to whom the information has been disclosed. Individual requests must be made in writing and an organization must respond within 30 days. Although we are not directly involved in how the information is used by our clients, we can provide a history or file on the consumer, based on all the information stored to date and will retrieve any information upon our clients' request. We ask that you provide HKA Data a request in writing and allowing for three business days in order to retrieve the information and securely pass it along.

Principle 10: Challenging Compliance

Definition: Organizations shall put procedures in place to receive and respond to complaints or enquiries about the policies and practices relating to the handling of personal information. An individual may challenge the accuracy and completeness of the information. If an individual demonstrates his/her personal information is inaccurate or incomplete, the organization must amend the information. HKA Data will respond and update any inaccuracy of information on the databases held by our clients. A request to amend or change information shall be put in writing and allow two weeks to process the request. Clients will receive a copy of the revised report.