North Pacific Anadromous Fish Commission

Privacy Policy

The North Pacific Anadromous Fish Commission (NPAFC) collects, uses and discloses personal information in the possession, or under the control of its stakeholders to the extent required to fulfill its professional responsibilities and to operate its business. NPAFC is committed to maintaining the privacy of personal information provided by its stakeholders and to protecting all personal information in its possession or control.

This Privacy Statement sets out the principles and procedures that NPAFC follows in meeting its privacy commitments to its stakeholders and in complying with the requirements of the federal Protection of Personal Information and Electronic Documents Act (“PIPEDA”) and the BC Personal Information Protection Act (“PIPA”).

Principle #1 – NPAFC is accountable for personal information in its possession or control.

NPAFC is accountable for all personal information in its possession or control. This includes any personal information NPAFC receives directly from stakeholders who are individuals, or indirectly through stakeholders that are organizations (e.g., corporations, government entities, not-for-profit organizations).

The NPAFC has established and put into effect policies and procedures aimed at properly protecting personal information; educated its principals and employees regarding its privacy policies, and of their roles and responsibilities in keeping personal information private; and appointed a Privacy Officer to oversee privacy issues within NPAFC.

If you have any questions about NPAFC’s privacy policies and practices, NPAFC’s Privacy Officer can be reached by email at secretariat@npafc.org, by phone at (604) 604-775-5550 and by letter at: Suite 502, 889 West Pender Street, Vancouver, B.C., Canada V6C 3B2.

Principle #2 – NPAFC identifies the purposes for which it collects personal information from stakeholders before it is collected.

NPAFC collects personal information from stakeholders and uses and discloses such personal information only to provide the requested professional services to those stakeholders.

Principle #3 – NPAFC obtains a stakeholder’s consent before collecting personal information from that stakeholder.

Our communications set out your responsibility to obtain any consents required under applicable privacy legislation, for collection, use and disclosure to us of personal information. By signing such engagement letters, you are formally acknowledging this responsibility.

Principle #4 – NPAFC collects only that personal information required to perform its services, and such information is collected by fair and lawful means.

The Secretariat and staff involved in a particular engagement will access only the information required to complete that engagement or to deal with firm matters such as invoicing and general correspondence.

Principle #5 – NPAFC uses or discloses personal information only for purposes for which it has consent, or as required by law.

NPAFC retains personal information only as long as necessary to fulfill those purposes. As required by professional standards, rules of professional conduct and regulation, NPAFC documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a stakeholder.

Working paper files and other files containing, for example, copies of resumes are retained for the time period required by law and regulation.

The personal information collected from a stakeholder during the course of a professional service engagement may be:

shared with NPAFC’s personnel participating in such engagement;
disclosed to principals and employees within NPAFC to the extent required to assess compliance with applicable professional standards, rules of professional conduct, and NPAFC’s policies, and to conduct quality control reviews of the work performed. NPAFC regularly and systematically destroys, erases, or makes anonymous personal information that is no longer required to fulfill the above collection purposes, and is no longer required by laws and regulations.

Principle #6 – NPAFC endeavours to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.

Individual stakeholders are encouraged to contact NPAFC’s engagement principal in charge of providing services to them to update their personal information.

Principle #7 – NPAFC protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.

Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Principals and employees are authorized to access personal information based on stakeholder assignment and quality control responsibilities.

Authentication is used to prevent unauthorized access to personal information stored electronically. For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), NPAFC obtains appropriate assurance to affirm that the level of protection of personal information by the third party is equivalent to that of NPAFC.

Principle #8 – NPAFC is open about the procedures it uses to manage personal information.

Up-to-date information on NPAFC’s privacy policy can be obtained from NPAFC’s Privacy Officer (see contact information under Principle #1 of this Privacy Statement).

Principle #9 – NPAFC responds on a timely basis to requests from stakeholders about their personal information that NPAFC possesses or controls.

Individual stakeholders of NPAFC have the right to contact the engagement principal in charge of providing services to them to obtain access to their personal information. Similarly, authorized officers or employees of organizations that are stakeholders of NPAFC have the right to contact the engagement principal in charge of providing services to them to obtain access to personal information provided by that stakeholder. In certain situations, however, NPAFC may not be able to give stakeholders access to all their personal information. In such situations, NPAFC will explain the reasons why access must be denied and any recourse the stakeholder may have, except where prohibited by law.

Principle #10 – Stakeholders may challenge NPAFC’s compliance with its Privacy Policy.

NPAFC has policies and procedures to receive, investigate, and respond to stakeholders’ complaints and questions relating to privacy.

To challenge NPAFC’s compliance with its Privacy Policy, stakeholders are asked to provide an email message or letter to NPAFC’s Privacy Officer (see contact information under Principle #1 of this Privacy Statement). NPAFC’s Privacy Officer will ensure that a complete investigation of the stakeholder complaint is undertaken and will report the results of this investigation to the stakeholder, in most cases, within 30 days.

Website Privacy

When you visit our website, our web server automatically collects a limited amount of information essential for the operation and security of our website. Some of this information (e.g., browser type) does not identify who you are, while other information, such as your Internet domain name or IP address may identify you. The extent of personal identification depends, in large part, on the “naming standards” followed by your Internet Service Provider. Some section of this website may distribute small pieces of information (called “cookies”) to web browsers to assist you when you return to specific areas on the site. If you have concerns about this, you can change your web browser to not accept this information or display warning messages.

When you voluntarily send us electronic mail or complete an electronic form that includes identifying information about you, we will keep a record of this information so that we can respond to you.

How we protect and use the personal information that we collect

Our collection, use, disclosure and retention of information complies with the requirements of the federal Protection of Personal Information and Electronic Documents Act (“PIPEDA”) and the BC Personal Information Protection Act (“PIPA”). Collected personal information will only be used by authorized to fulfill the purpose for which it was originally collected or for a use consistent with that purpose. We do not disclose your information to other public bodies or individuals except as authorized by law. We keep the information only for the length of time necessary to fulfill the purpose(s) for which it was collected.