Mitacs has a legal and ethical obligation to protect and appropriately manage personal information collected from program participants and other individuals. This Privacy Commitment lets you know the commitments that Mitacs has made to ensure your personal information is handled appropriately, and identifies your rights with regards to your own personal information.
1. What is personal information?
Personal information includes identifying information about an individual. Personal information could include home address, personal contact information, employment background, educational history, CVs or resumes, signatures, social insurance numbers, passport numbers, date of birth, financial information (including awards received), demographic information, medical information, photos or video depicting an individual, evaluations about an individual, and other details.
2. How does Mitacs manage personal information?
At Mitacs, we take responsibility for the personal information in our possession. Our Chief Financial Officer (CFO) is designated as our Chief Privacy Officer (CPO), and has ultimate accountability, but all staff share in the responsibility.
We have established a series of procedures to:
- Receive and respond to inquiries or complaints;
- Train and communicate our privacy policies and practices to our employees; and
- Develop public information to explain our policies and practices.
Purposes for collection
Mitacs only collects personal information from you that we require for business purposes. All staff are required to ensure that any personal information collected in the course of our programs is collected with your consent, and that your consent has been granted for all purposes the information is used for.
There are a variety of reasons why we collect your personal information. These might include (but are not limited to):
- To communicate information about our programs and services and establish or maintain ongoing relationships with you;
- To meet legal, regulatory or contractual requirements, such as providing information about program participation and outcomes to our funding partners;
- To evaluate an applicant’s eligibility for a Mitacs program or award;
- To administer Mitacs events (for example, processing payments and arranging accommodations); and
- To evaluate and enhance our programs and services.
When collecting personal information, we must identify which of these purposes (or any others) we are collecting the information for.
We must obtain consent when we collect, use, or disclose your personal information. (In very rare cases, such as an emergency or when required by law – for example, to comply with a subpoena, warrant, or other court order – Mitacs is allowed to disclose personal information without consent.)
What is consent? Consent is your agreement to share your personal information with Mitacs for the purposes we define when we ask for your consent. There are two types of consent: express and implied.
- Express consent means that you are clearly presented with a statement regarding the intended use of the information, to which you can agree or not. For example, Mitacs’ funding proposals contain a statement on the Memorandum signed by each applicant in which the applicants consent to the information in the proposal being provided to our government funders.
- Implied consent can be reasonably inferred from your action or inaction. For example, when applicants submit a funding proposal, we can reasonably infer that we can use the information within the proposal to adjudicate it.
In most circumstances we request consent to use and disclose your personal information at the same time as we collect it. We may ask you to sign and return a form, or check off a box on a website. If we later want to use the information for a different purpose from the one for which it was originally collected, we must obtain a new consent from you.
You are free to withdraw consent you gave us to collect, use, or disclose personal information at any time (subject to legal or contractual restrictions and reasonable notice.) If you wish to withdraw your consent, contact us at privacy(at)mitacs.ca.
Disclosure and retention
Within Mitacs, only employees with a business need to know, or whose duties require it, have access to your personal information. We keep your personal information only as long as we have a business need to do so, after which we dispose of it in a safe and confidential manner according to our security safeguards.
Third parties to whom we might disclose personal information include:
- Mitacs’ government funders, for reporting purposes
- We must have obtained your express consent to disclose information
- Third-party companies or individuals engaged by Mitacs to perform functions on its behalf
- We do not need express consent from you in this case, BUT we must ensure the third party has agreed to keep the information confidential and only use it for the specific purpose for which we provide the information
- An individual who is seeking the information as your agent
- Although express consent is not required, we must ensure that the person requesting the information is your bona fide agent
- Other third parties, if your consent has been obtained, or if disclosure is required or permitted by law.
We take steps to ensure your personal information is accurate and current. If you have questions about the accuracy of your information, or want to update your information, you may do so. (See Individual Access section below.)
We safeguard the personal information we collect. We have procedures in place to protect personal information from loss, theft, unauthorized access, disclosure, copying, use, modification or destruction. We also protect personal information disclosed to third parties, for example by stipulating in our contractual agreements that the information is confidential and can only be used for specific purposes.
We will share with you information about the existence, use, and disclosure of your personal information. Personal information can be accessed by contacting privacy(at)mitacs.ca. We will respond to requests within 30 days or as required by applicable laws. We are required to ensure that requests come from eligible parties (i.e., from you about your own information), so proof of identity is required.
In some cases, we may not be able to provide access to all the information we hold about you. If providing access to personal information would reveal personal information about a third party, for example, or confidential commercial information, or information that could threaten the life or security of another person, we wouldn’t be able to approve the request. If information is protected by solicitor-client privilege, if it was generated in the course of a formal dispute resolution process, or if it was collected in relation to the investigation of a breach of an agreement or a contravention of a law, Mitacs would also not be able to approve the request to access information.
In these cases, we will provide the reasons for denying access to personal information.
Inquiries and challenges
Chief Privacy Officer
301, Technology Enterprise Facility
University of British Columbia
6190 Agronomy Road
Vancouver, BC V6T 1Z3