logo

Privacy Policy


Personal Information

The Nova Scotia Association of Optometrists (NSAO) respects your privacy and strives to protect the privacy of our website visitors. Personal information, such as your name, phone number or email address, is not automatically gathered via this Website.

Personal information is collected on this website only when you voluntarily submit it for such things as, event registrations, membership applications or membership renewals.

The NSAO will only use information for the purpose for which it is intended. Personal information will not be shared, sold or disclosed to a third party outside of the NSAO without your consent.

The NSAO does reserve the right to access and disclose information required by law or at the lawful request of government agencies and/or law enforcement agencies.

 

Access

This site uses encryption technology to keep your personal information secure. There is always the chance however that your personal information could be intercepted over the Internet.

A secure third-party payment gateway is used to process credit card transactions. The NSAO does not store, nor does it have access to, credit card numbers provided on the site.

 

How to Contact Us

If you have concerns or comments regarding this website please contact the Nova Scotia Association of Optometrists at nsao@accesswave.ca

 

GDPR & Email Marketing

Are Canadian Companies Impacted?

The GDPR framework applies to any company who processes or collects, records, organizes, stores and or performs any operations on personal data of EU residents. Although a company may not be located in the EU, if the data collection includes EU residents, there is an impact.

Many North American companies are updating their privacy policies and consent forms for everyone—not just residents of the EU. It’s important to display the updated privacy policy/consent form wherever you capture data.

NOTE: Personal data is any form of data that can be used to identify an individual, thus an email address would be classified as “Personal Data”.


What are the Guiding Principals of the GDPR?

  • Right to be Informed EU residents have the right to ask how their data will be used at any time.
  • Right of Access – Copies of the personal information can be requested at any time by EU residents.
  • Right of Rectification – EU residents can request modifications or updates to their data at any point in time.
  • Right of Erasure – An EU resident can request to have their data erased and or request to have their data not be shared with any third party at any point in time.
  • Right to Object – EU email subscribers can request to have their emails removed from a list at any point in time.



What are the Best Practices Moving Forward?

Privacy Policy

  • Create and/or update your privacy policy and have this visible on your website.
  • Provide public access to your privacy policy.


Explicit Opt-in Consent

  • Be specific and easy to understand
  • Explain what data your company will be collecting,why you’re collecting it, how you’ll use it (outline how it will be processed), andhow long you’ll keep the data
  • Be clear about the consequences/risks to them for consenting to share their data
  • State the name of any third parties who will have access to the information
  • Inform consumersthatthey can withdraw their consent at any time
  • Notify them of any “special categories” of data that will be stored such as race, religion, health data, sexual orientation, political affiliations
  • It’s important to outline the options for each marketing activity subscribers are consenting to so they can choose to opt in to the ones they want (offers, coupons, newsletters, etc.)
  • It’s imperative to keep records of the completed consent forms for each subscriber/contact as regulators can ask for them at any time and the burden is in the data controller to produce them.


Share Your Data Request Process

  • On your website and within all communications, provide access to a clear and easy to understand process on how to request a copy of your personal information.
  • Provide step by step guidance on how to request personal information.
  • Deliver the information in a timely manner, in a common format. We would recommend a CSV file.

Share Your Process to Update Personal Data

  • On your website and within all communications, provide access to a clear and easy to understand process on how to update your personal information.
  • Provide step by step guidance on how to update a user’s personal data that you maintain.

Website Cookies

If you collect information through website cookies, you will need to either stop collecting the offending cookies or create a “Cookie Statement” on your website.

  • Ensure you have documentation (e.g., privacy notice) on your website informing visitors that their information is being collected, of the type of data being collected, why it’s being collected, and how long the information is being held for.
  • Implied consent is no longer sufficient. Simply visiting a site doesn’t count as consent.Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu.
  • ‘By using this site, you accept cookies’ messages are also not sufficient for the same reasons. If there is no free choice, then there is no valid consent. You must make it possible to both accept or reject cookies. This means websites will need to provide an opt-out option. Even after getting valid consent, sites must give people
    the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences.

These are just general guidelines. Consult with your legal and compliance teams to help you interpret the elements of the GDPR that are critical to your company and industry.