This policy aims to establish guidelines and procedures for the management, use, and security of Centre de santé communautaire de l’Estrie “CSCE” online properties, including the website and social media accounts such as Facebook, Instagram, X, etc.
CSCE is committed to ensure consistency, professionalism, and compliance with relevant laws and regulations in all online communications and interactions representing the organization.
The Community Health Center must ensure that it issues a privacy notice that describes how and why it could collect, store, use and/or share (“process”) the personal information of users of its platforms on the Web (“Online Properties” and/or “Services”), for example when they:
Communicate with CSCE online through other related means, including making inquiries, registering and/or accessing services, receiving promotional communications, or responding to online surveys.
When a person uses or browses CSCE’s online properties and services, it is possible that personal information may be collected, including, but not limited to, name, contact details, location, and/or IP address, depending on how the user interacts with CSCE and the services, the choices they make, and the products and features they use.
Certain information, such as the Internet Protocol (IP) address and/or user device browser characteristics (e.g., Google, Edge, etc.), is automatically collected when the user visits CSCE online properties.
As a healthcare organization, CSCE may process sensitive personal information as well as personal health information as part of its normal activities. It does so only with consent or as otherwise authorized by applicable law.
CSCE processes user information online to provide, improve, and administer its services, communicate with its users, for security and fraud prevention, and to inform them of the law. CSCE may also process user information for other purposes with their consent. CSCE may process user information when there is a valid legal reason to do so.
CSCE has implemented organizational and technical processes and procedures to protect the personal information of its users. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Therefore, CSCE cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and collect, inappropriately access, steal, or modify information on various platforms used. If a privacy breach is detected, it will be reported to the concerned web users as soon as possible.
All CSCE web users have privacy rights established by the Canadian privacy protection legislation. Individuals who share personal health information with CSCE through our website or other online properties also benefit from legal protections under the Ontario Personal Health Information Protection Act (2014). Users have the right to control when and how their information is used.
The easiest way to exercise user rights is to contact the Privacy Officer at CSCE ([email protected]). CSCE will review and act upon any request in accordance with applicable privacy laws.
Scope
This policy applies to all employees, contractors, interns, and volunteers involved in the creation, management, or use of the organization’s online properties.
Procedures
Ownership and liability:
CSCE owns all online properties associated with its brand and mission.
The Assistant Executive Director is responsible for the overall management and administration of online properties.
Content management:
Content published on the organization’s online properties must align with its vision, mission, values, and goals.
Content creators must ensure accuracy, relevance, and professionalism in all communications.
All content must comply with copyright laws and respect intellectual property rights.
Confidentiality:
Personal data collected via online properties must be processed in accordance with applicable privacy laws and CSCE’s privacy policies.
Only employees who need the information to perform their work will have access to the data collected through the CSCE website.
CSCE ensures that users are informed about data collection practices and their rights regarding their personal information.
The user’s data will not be sold to a third party.
The user’s web data will be shared with third parties only when necessary for CSCE to carry out its work, such as with a web analytics service and the company hosting CSCE’s webpage.
Security measures and data protection:
Robust security measures are in place to protect online properties against unauthorized access, data breaches, and cyber threats.
The employee responsible for communications deletes all confidential data received through the website.
The company hosting CSCE’s website deletes collected data every three months.
Annual security audits and updates are conducted to identify and address vulnerabilities.
Employees managing online properties must adhere to password management and authentication protocols to prevent unauthorized access.
Conduct of users of the CSCE webpage and social media accounts:
Users who interact with the organization’s online properties must follow acceptable use guidelines.
Prohibited activities include, but are not limited to, harassment, discrimination, defamation, spam, and the dissemination of malicious content.
Users are encouraged to report any inappropriate or suspicious behaviour to designated administrators.
Roles and responsibilities
Assistant Executive Director:
Ensure the supervision of all online properties.
Ensure compliance with this policy and relevant regulations.
Provide guidance and support to content creators and administrators.
Content Creators/Administrators:
Develop and publish content in accordance with CSCE guidelines and standards.
Monitor the user’s engagement and respond promptly to requests or comments.
Report any security incidents or policy violations to the Executive Director or Assistant Executive Director.
Compliance and Application:
Failure to comply with this policy may result in disciplinary actions, including termination of employment or contract termination.
CSCE reserves the right to delete or modify any content that violates this policy or poses a risk to its reputation or security.
Review:
This policy must be periodically reviewed to ensure its effectiveness and relevance. Changes may be made as needed to reflect technological, regulatory, or CSCE’s needs.