Privacy Policy

Care Factory 

Privacy Policy and Procedures 

For Personnel Working at Client Locations 

Effective Date: December 2025 

Policy Overview 

Care Factory is dedicated to protecting the privacy and maintaining the confidentiality of personal information in alignment with relevant privacy legislation, standards, and the Personal Information Protection and Electronic Documents Act (PIPEDA). This document establishes the protocols and procedures that our personnel must adhere to while providing services at client facilities, ensuring the safeguarding of personal information in accordance with Canadian federal and provincial privacy regulations, including but not limited to the Ontario Personal Health Information Protection Act (PHIPA) and Alberta’s Health Information Act (HIA). 

Relevant Privacy Legislation 

Federal Legislation 

  • Personal Information Protection and Electronic Documents Act (PIPEDA): Regulates the handling, utilization, and sharing of personal information during commercial operations throughout Canada, except where superseded by provincial legislation.  

Provincial and Territorial Legislation 

Alberta: 

  • Health Information Act (HIA): Establishes requirements for the handling, utilization, and sharing of health-related information. 
  • Personal Information Protection Act (PIPA): Oversees the management of personal information by private sector entities. 

British Columbia: 

  • Personal Information Protection Act (PIPA): Governs private sector handling of personal information. 
  • Freedom of Information and Protection of Privacy Act (FOIPPA): Applicable to public institutions and their contracted service providers. 

Manitoba: 

  • Personal Health Information Act (PHIA): Safeguards personal health information within the province. 
  • Freedom of Information and Protection of Privacy Act (FIPPA): Regulates public sector entities. 

New Brunswick: 

  • Personal Health Information Privacy and Access Act (PHIPAA): Ensures the protection and privacy of health information. 

Newfoundland and Labrador: 

  • Personal Health Information Act (PHIA): Regulates the management of personal health information. 

Nova Scotia: 

  • Personal Health Information Act (PHIA): Establishes standards for the handling of personal health information. 

Ontario: 

  • Personal Health Information Protection Act (PHIPA): Safeguards patient health information and regulates healthcare service providers. 

Prince Edward Island: 

  • Health Information Act (HIA): Defines standards for health information management. 

Quebec: 

  • Act Respecting the Protection of Personal Information in the Private Sector: Governs private sector operations. 
  • Act Respecting Health Services and Social Services: Contains provisions related to health information. 

Saskatchewan: 

  • Health Information Protection Act (HIPA): Ensures the protection of health information. 

Northwest Territories: 

  • Health Information Act (HIA): Protects health-related information. 
  • Access to Information and Protection of Privacy Act (ATIPPA): Governs public sector institutions. 

Nunavut: 

  • Access to Information and Protection of Privacy Act (ATIPPA): Regulates public institutions. 
  • Health Information Act (HIA): Maintains health information privacy standards. 

Yukon: 

  • Health Information Privacy and Management Act (HIPMA): Safeguards health information. 
  • Access to Information and Protection of Privacy Act (ATIPPA): Applies to public sector entities. 

1. Scope and Application 

  1. This Privacy Policy is applicable to all Care Factory personnel who manage personal information while delivering services at client locations on behalf of the organization. 
  2. This policy regulates the gathering, utilization, disclosure, retention, and secure disposal of personal information in compliance with PIPEDA, provincial privacy statutes, and other applicable Canadian regulatory frameworks. 

2. Duties of Confidentiality 

  1. Personnel shall regard all personal information acquired while performing their responsibilities at client facilities as strictly confidential and must refrain from disclosing, utilizing, or accessing such information for purposes beyond their assigned work functions on behalf of Care Factory. 
  2. Personal information shall be employed exclusively for the delivery of care services as instructed by the organization and in accordance with client directives. 

3. Gathering and Utilization of Personal Information 

  1. Personnel shall collect personal information only to the extent required for the delivery of care services and in accordance with Care Factory’s directives and client protocols. 
  2. Personal information gathered shall be utilized exclusively for meeting service requirements and ensuring the delivery of high-quality care. 

4. Protection and Security Measures 

  1. Personnel shall implement suitable safeguards to protect personal information from unauthorized access, utilization, disclosure, modification, or destruction, in accordance with organizational protocols, PIPEDA, and provincial requirements such as PHIPA and HIA. 
  2. Any security incidents or violations involving personal information must be immediately communicated to Care Factory’s designated Privacy Officer and the affected client, adhering to established incident reporting protocols. 

5. Adherence to PIPEDA and Provincial Privacy Statutes 

  1. Personnel shall follow the core principles established in PIPEDA, encompassing the gathering, utilization, disclosure, retention, and secure disposal of personal information. 
  2. Personnel shall observe supplementary privacy obligations as mandated by provincial legislation such as PHIPA, HIA, and other applicable statutes. 
  3. Personnel shall honor individual rights to access their personal information, submit correction requests, and file privacy-related grievances, in accordance with PIPEDA and provincial provisions. 

6. Information Retention and Secure Disposal 

  1. Personnel shall maintain personal information only for the timeframe necessary to accomplish the purpose for which it was gathered, as directed by Care Factory and the client, and in compliance with PIPEDA and relevant provincial legislation. 
  2. Upon conclusion of their assignment at the client facility or termination of their relationship with Care Factory, personnel must ensure the secure disposal or return of any personal information in their custody, following organizational policies and client instructions. 

7. Education and Knowledge 

  1. Personnel shall engage in privacy and security education programs delivered by Care Factory and/or the client to strengthen their comprehension of privacy responsibilities, industry standards, and procedures, including PIPEDA and provincial legislation. 
  2. Personnel shall remain informed about modifications to privacy legislation, standards, and organizational policies pertinent to their work, including updates to PIPEDA and provincial privacy regulations. 

8. Incident Reporting and Non-Disclosure 

  1. Personnel shall immediately report any privacy violations, incidents, or concerns to Care Factory’s designated Privacy Officer. 
  2. Personnel shall not reveal any personal information obtained during their work at client facilities to unauthorized parties or external entities, unless mandated by law or authorized by Care Factory or the client. 

Personnel Communication Policy: Notifications and Mass Communications 

Policy Overview 

Care Factory is committed to fostering transparent, efficient, and prompt communication with all personnel. To ensure that all team members receive information about service opportunities, special announcements, and critical updates, we employ various communication channels, including telephone calls, electronic mail, and text messaging. By supplying their contact details, personnel agree to receive these communications. However, personnel maintain the right to decline non-essential communications at any time. 

Objective 

This policy defines how Care Factory utilizes personnel contact information for communication purposes and establishes guidelines for opting out of non-essential communications while maintaining compliance with applicable privacy legislation. 

Application 

This policy applies to all Care Factory personnel who have furnished their contact information (telephone number and/or electronic mail address). 

Communication Channels 

1. Telephone Communications: 

  • Employed for urgent notifications, assignment updates, or important operational information. 
  • Communications will maintain a professional standard and focus on work-related matters. 

2. Electronic Mail: 

  • Utilized for transmitting comprehensive information regarding assignments, professional development opportunities, policy modifications, and special announcements. 
  • Messages may include organization-wide communications regarding company announcements. 

3. Text Messaging (SMS/MMS): 

  • Employed for rapid updates, service opportunities, special promotions, or time-sensitive reminders. 
  • Bulk text messages may be distributed for assignment opportunities or organizational announcements. 

Authorization to Communicate 

  1. By providing their telephone number and electronic mail address, personnel authorize receipt of communications through these channels. 
  2. Care Factory may utilize bulk communication systems to effectively distribute information about service opportunities and special announcements. 
  3. Contact information will be utilized solely for the purposes specified in this policy and in accordance with applicable privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA). 

Declining Communications 

  1. Personnel may elect to decline non-essential communications (such as promotional messages and bulk notifications) at any time by responding with the phrase: “STOP” to any communication received. 
  2. Upon receipt of a decline request: 
  • Personnel will be removed from non-essential communication distribution lists within a reasonable period (typically 5 business days). 
  • Essential work-related notifications (such as assignment confirmations and policy updates) will continue to be transmitted as necessary. 

Information Privacy and Protection 

  1. Personnel contact information will be maintained securely and utilized exclusively for authorized communication purposes. 
  2. Care Factory will not disclose personnel contact information to external parties without authorization, unless mandated by law. 

Compliance and Responsibility 

  1. This policy conforms with Canadian privacy legislation, including PIPEDA, to ensure personnel privacy is respected. 
  2. Any personnel member experiencing difficulties with communications or wishing to verify their opt-out status may contact Care Factory’s Privacy Officer. 

Policy Assessment 

This policy will undergo annual review to ensure alignment with evolving communication technologies, privacy legislation, and the needs of personnel.


© 2026 Care Factory. Created for free using WordPress and Colibri