Health Technology Assessment international (HTAi) is committed to safeguarding the personal information entrusted to us by our members and stakeholders. This policy outlines the principles and practices we follow in the collection, use, and protection of your personal information.
Since HTAi may have members in different jurisdictions, such as the E.U., HTAi is also bound by laws applicable to the protection of personal data of these other countries, which may or may not conflict with or contain more restrictive legal obligations than the Personal Information Protection Act (PIPA), including, for example, the European Union’s General Data Protection Regulation (“GDPR”).
It is our policy to comply with the privacy legislation within each of these countries. As such, this Policy outlines the minimum standards for HTAi’s treatment of personal data. Where applicable laws contain additional requirements, HTAi shall ensure compliance with those laws. Should there be any inconsistency between this Policy and applicable local privacy laws, this Policy shall be interpreted to give effect to and comply with the local privacy laws.
What is personal information? And what do we collect?
Personal information means any information that can be used to make an individual identifiable. Personal information that HTAi collects may include an individual’s:
- full name
- phone number
- email address
- job title
- passport number
- emergency contact information
- travel schedules/itineraries
- financial information for payment purposes.
Why do we collect personal information?
We collect only the personal information that we need for the purposes of providing services to our members, including personal information needed for:
- Membership registration
- Event registration, including: Annual Meetings, Policy Forums, and workshops
- Communications regarding events
- Communications regarding Interest Group Activities
- Communications regarding important information on the activities of the Society
Personal information is only collected directly from our members as need. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of HTAi services. These third parties include:
- Government authorities as required
- Our membership and registration software platform
- External contractors employed by the Secretariat
How do we ask for consent?
We ask for consent to collect, use or disclose personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We assume your consent to continue to use and, where applicable, disclose personal information that we have already collected, for the purpose for which the information was collected. Consent to the use and disclosure of personal information may be withdrawn at any time by contacting firstname.lastname@example.org.
We ask for your explicit consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Consent will be requested by opt-in form.
How can you access your personal information?
Individuals have the right to request access to their own personal information collected by HTAi. You must provide sufficient information in your request to allow us to identify the information you are seeking. We make every reasonable effort to ensure that personal information is accurate and complete, and in an easy to read format. We rely on individuals to notify us if there is a change to their personal information that may affect their relationship with HTAi. If you are aware of an error or omission in the information we retain about you, please let us know and we will correct it on request wherever possible. You also may request that HTAi erase all of your collected personal information.
You can make a request for access to your personal information or other requests by contacting email@example.com. We will respond to your request within 21 days.
How do we safeguard personal information?
We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information. We use appropriate security measures when destroying personal information, including shredding paper records and permanently deleting electronic records, both after a seven-year period.
Personal information is stored by HTAi on its servers, and on the servers of the cloud-based database management services HTAi engages, located in Canada.
Does HTAi have a Data Protection Officer (DPO) and how do I contact them?
The HTAi Secretariat is headquartered in Edmonton, Alberta, Canada. The Secretariat has appointed a Data Protection Officer for you to contact if you have any questions or concerns about HTAi’s privacy policies or practices. The DPO’s contact information are as follows:
Attn: Data Protection Officer
Address: 1200 – 10405 Jasper Avenue
Canada T5J 3N4
Who is the Data Protection Authority for HTAi and how do I contact them?
As the Secretariat is located in Alberta, Canada, it is under the purview of the Information and Privacy Commissioner of Alberta. Here is the office contact information:
Office of the Information and Privacy Commissioner of Alberta
Suite 2460, 801 – 6 Avenue, SW
Calgary, Alberta T2P 3W2
Phone: 403-297-2728 Toll Free: 1-888-878-4044
Email: firstname.lastname@example.org Website: www.oipc.ab.ca
Policy Last Updated: June 2020