Skip Ribbon Commands
Skip to main content
About us
Who we are
Who we are Plan history
Plan history Governance
Governance Management
Management News
News Glossary
Glossary Contact us
Contact us Address change
Address change
About us Members Members Employers
Remit contributions
Remit contributions Employer procedures
Employer procedures Bulletins and updates
Bulletins and updates Employer FAQ
Employer FAQ
Employers Investing
Investment funds
Investment funds Making investment decisions
Making investment decisions Changing your investments
Changing your investments Historical unit prices
Historical unit prices Rates of return
Rates of return Pensions Fund
Pensions Fund
Investing Forms and resources Forms and resources

​​​​​​​​​​​

​​​Privacy Policy


Revision date: September 2018
Effective date: September 5, 2018

Introduction 

The Co-operative Superannuation Society is committed to maintaining the accuracy, confidentiality and security of personal information collected, used and retained for the administration of the CSS Pension Plan (the Plan). To guide decision-making, CSS has committed to follow the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) and such provincial privacy legislation as is applicable. In accordance with these Acts, we limit the use of personal information to the stated purposes for which it was collected and retain personal information only for as long as required for those purposes, or as long as is required to fulfill the Plan’s legal obligations. CSS may also have contractual obligations to maintain the confidentiality and security of information entrusted to CSS and to limit use of that information. 

This Policy is a formal statement of principles and privacy management program guidelines for the protection of personal information collected, used and retained by CSS. The Policy outlines the responsibilities of CSS and its employees for adherence to applicable privacy laws and the related privacy policies and practices of CSS.

CSS will comply with privacy laws within each jurisdiction in which it operates. Sometimes the privacy laws and/or an individual’s right to privacy may vary from one jurisdiction to another. This Policy was developed to help treat Plan members, CSS employees, and job applicants consistently. Specific privacy practices may be adopted to address the specific privacy requirements of a particular jurisdiction.
 
This Policy explains the obligations of CSS employees in collecting, using, disclosing and maintaining the security of personal information. In addition, the Policy provides CSS employees with information on the purposes for which their own personal information is collected, used, retained and disclosed. 

The Policy must be read in conjunction with other CSS policies governing its information and communications practices. These include, without limitation: 

The CSS Communications Policy 
The CSS Complaints Policy
The CSS Website Privacy and Data Use Statement 
The CSS Privacy Policy
The CSS Membership Application
The CSS Computer Use  policy
The CSS Social Media Policy

Summary of principles

Principle 1 - Accountability​​ 

CSS is responsible for personal information under its control and has designated a Privacy Officer who has overall accountability for compliance with the following principles. However, each employee of CSS is responsible for following the Policy and assisting in complying with applicable laws. 

Principle 2 - Identifying Purposes for Collection of Personal Information​​ 

CSS identifies the purposes for which personal information is collected at or before the time the information is collected. CSS employees who collect personal information on behalf of CSS must be prepared to explain the purposes for collection. 

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information 

Meaningful, express consent (or, where reasonable, and allowed by law, meaningful implied consent) of a Plan member or employee is required for the collection, use or disclosure of personal information, unless a legal exception applies. 

Principle 4 - Limiting Collection of Personal Information 

Personal information is collected only if it is necessary to achieve the purposes identified to the individual.
 

Principle 5 - Limiting Use, Disclosure and Retention of Personal Information​ 

The fact that CSS has personal information of a member does not mean that the personal information can be used for any purpose, disclosed for any purpose or retained indefinitely. When employees use personal information, they must consider whether the use was one that was identified to the person from whom the information was collected. Personal information shall not be disclosed without consent unless required by law. Personal information shall not be retained for longer than is necessary to fulfill the purpose and to comply with regulatory requirements or to protect CSS’ legal rights.  

Principle 6 - Accuracy of Personal Information 

CSS employees shall take care to keep personal information that they are responsible for maintaining as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. 

Principle 7 - Security Safeguards​ 

CSS uses administrative procedures, technical controls and physical security safeguards to protect personal information. CSS employees must never circumvent or attempt to circumvent these safeguards. If a CSS employee believes that there is a security breach or the safeguards are not being complied with, that employee must report the issue to his or her supervisor or to the Privacy Officer.  

Principle 8 - Openness Concerning Policies and Practices 

CSS makes available to members and employees specific information about its policies and practices relating to the management of personal information. 

Principle 9 - Member and Employee Access to Personal Information​ 

Upon request, CSS will inform a member or employee of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. A CSS member or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate. 

Principle 10 - Challenging Compliance 

CSS employees shall direct any person who wishes to challenge CSS’ compliance with this Privacy Policy, or relevant privacy legislation, to the Privacy Officer.  

Cookies and Analytic Tools Used on our Website


Changes to Our Privacy Policy


Scope and Application

​The scope and application of the Policy are as follows: 

  • ​​The Policy applies to personal information about CSS Plan members and CSS employees that is collected, used or disclosed by CSS. 
  • The Policy applies to the management of personal information in any form whether oral, electronic or written. 
  • The application of the Policy is subject to the requirements or provisions of any applicable legislation, regulations, or agreements, or the order of any court or other lawful authority 

Definitions

“Authorized Third Party” – means a firm or individual properly authorized by CSS to share personal information.

“Collection” – means the act of gathering, acquiring, recording or obtaining personal information from any source (including third parties) by any means. 

“Consent” – means voluntary agreement to the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual's action or inaction in the circumstances. Consent of an individual is only valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of personal information to which they are consenting. 

"Cookies" - means digital files that are downloaded to the device used to access the CSS website. CSS uses them generally to help improve the website visitors’ experience (e.g., to remember visitor preferences, visitor login information, and recognizing that the visitor has previously visited the CSS website).

“CSS” – means the CSS Pension Plan. 

“Disclosure” – means making personal information available to a third party for the third party’s own use and purposes. 

“Employee” – means an employee of the CSS Pension Plan.

“Identified Purposes” – means the purposes identified in Principle 2. 

“Member” – means an active, inactive or retired member of the CSS Pension Plan as defined in the Plan text and includes Plan members’ spouses and beneficiaries. 

“Personal Information” – means information about an identifiable individual but not aggregated information or de-identified information that cannot be associated with a specific individual. 

  • For a member, such information includes their pension records, personal mailing or email addresses and telephone numbers, birth dates, banking information, social insurance number and other particular information which identifies the individual.   
  • For an employee, such information also includes information found in personnel employment files, performance appraisals and medical and benefits information. 
“Plan” – means the CSS Pension Plan.

“Privacy Officer” – means the individual designated by CSS to oversee compliance with this Policy. 

“Share” – means making personal information available to an authorized third party who processes or performs services required to administer the Plan subject to appropriate safeguards.  

“Use”
- the treatment, handling, and management of personal information by CSS, or by an authorized third party. 


Policy in Detail

Principle 1 - Accountability

CSS is responsible for personal information under its control and has designated a Privacy Officer who has overall accountability for compliance with the following principles. However, each CSS employee is responsible for following the Policy and assisting CSS in complying with applicable laws. 

(a)  CSS management monitors, audits and enforces the provisions of the Policy. CSS has designated a Privacy Officer to oversee compliance with the Policy. The Privacy Officer can be contacted at: 

CSS Privacy Officer
PO Box 1850
Saskatoon, SK  S7K 3S2
Email: privacy@csspen.com

(b) Every CSS employee is responsible for complying with this Policy.  

(c) CSS employees are responsible for personal information in their possession or control during the course of their duties, including information that has been shared with an authorized third party for processing. When information is transferred to third parties, CSS’ employees will use appropriate means to provide a comparable level of protection as provided for by the Policy. If a CSS employee requires assistance in determining whether the arrangements with the affiliate or third party are comparable, the CSS employee shall contact the Privacy Officer.
  
(d) Individuals and organizations that deal with CSS have the right to know who is accountable for CSS’ privacy practices. In addition, individuals have the right to access their personal information. CSS employees will make known to an individual with a privacy inquiry the name and contact information for the Privacy Officer. If a CSS employee receives a request for information about CSS’ privacy practices that the CSS employee cannot answer, or if a CSS employee receives a request for access, the CSS employee shall notify the Privacy Officer.  

(e) CSS has implemented policies and procedures to give effect to the Policy, including: 
A. implementing procedures to protect personal information and to oversee the company's compliance with the Policy; 
B. implementing an Information Technology and Internet Security Policy, a Social Media 
Policy, and a Website Privacy and Data Use Statement;  
C. establishing procedures to receive and respond to inquiries or complaints; 
D. training and communicating to employees about CSS’ policies and practices; and 
E. developing public information to explain CSS’ policies and practices. 


Principle 2 - Identifying Purposes for Collection of Personal Information 

CSS identifies the purposes for which personal information is collected at or before the time the information is collected. CSS employees who collect personal information on behalf of CSS must be prepared to explain the purposes for collection. 

(a) CSS collects the personal information of Plan employees for the purposes of establishing, managing or terminating employment relationships. These purposes include: 
A. determining eligibility for initial employment, including the verification of references and qualifications; 
B. assessing qualifications for a particular job or task; 
C. administering pay and benefits;  
D. establishing a contact point in the event of an emergency (such as next of kin); 
E. compiling company directories; 
F. ensuring the security of company-held information; 
G. complying with applicable labour or employment obligations;  
H. processing employee work-related claims (e.g. worker’s compensation, insurance claims, etc.); 
I. establishing training, performance and/or development requirements; 
J. conducting performance reviews and providing constructive feedback; 
K. engaging in progressive discipline or termination of employment; and  
L. for any additional purposes that CSS advises an employee of and for which CSS either receives an employee’s express or implied consent or is permitted to collect information by law.  

(b) CSS collects personal information from Plan members, vendors, contractors, and employers for the purposes of administering the CSS Pension Plan. These purposes include: 
A. enrolling members in the Plan;
B. receiving and crediting contributions;
C. investment of members’ pension funds;
D. designating beneficiaries;
E. paying retirement benefits; 
F. developing new retirement products and services; 
G. increasing brand awareness and loyalty; 
H. managing and developing the Plan’s operations; 
I. complying with legal and regulatory requirements;  
J. enforcing legal rights and defending CSS in litigation; 
K. securing and protecting the Plan’s interests, including intellectual property; 
L. protecting CSS employees;  
M. providing support services to employee and employer members; 
N. for any additional purposes that CSS advises members and for which CSS either receives their express or implied consent or is permitted to collect information by law. 

(c) CSS collects information regarding the use of its websites and social media sites for the purposes of developing its brand and relationships with members and potential members, potential employees, and managing the Plan’s information technology and social media assets as well as continually improving the experience of visitors to our website. More information on how cookies are used on our website can be found in the section “Cookies and Information About Our Website” later in this document. The primary purposes we collect information from visitors to our website include: 
A. to process requests, such as providing members with information and updates that they request; 
B. to permit users of social media sites to post a review;  
C. to prepopulate information in forms so that users of CSS’ websites do not need to enter it more than once;  
D. to help members find information and services; 
E. to understand the general retirement savings marketplace and the interests of visitors to CSS’ websites and social media sites; 
F. to research and test improvements to CSS’ website, including the content and layout of CSS’ websites; and  
G. to monitor and preserve the integrity and security of CSS’ websites, such as to monitor traffic, to administer CSS’ systems, to troubleshoot problems, and to detect attempts at unauthorized access or modification of CSS’ websites or systems. 

(d) Subject to certain exceptions, personal information may only be used for those identified purposes for which it was collected and for which CSS has the expressed or implied consent of the individual to whom the personal information relates. The exceptions are discussed under Principle 5

(e) Before collecting personal information, CSS employees must specify the identified purposes for which the personal information is collected. CSS employees must, upon request, explain the identified purposes or refer the requester to a designated person within CSS or the Privacy Officer who will explain or assist in explaining the identified purposes.
 
(f) When explaining or describing the identified purposes, CSS employees shall be as specific as possible. However, CSS employees shall also consider whether there are any future purposes for which CSS may require the personal information. Unless permitted by law, CSS may not be able to use or disclose, for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the individual. 

(g) If a CSS employee is in doubt about the proper explanation or description of an identified purpose or whether there are future purposes not captured in the explanation or description being used by CSS, the CSS employee shall raise the issue with his or her supervisor or the Privacy Officer. 

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information 

Meaningful, express consent (or, where reasonable, and allowed by law, meaningful implied consent) of a member or employee are required for the collection, use or disclosure of personal information, unless a legal exception applies. 

(a) Meaningful consent requires that CSS employees disclose information regarding the identified purposes (see Principle 2) and provide the individual providing the personal information with an opportunity to make a choice as to whether or not to provide the personal information to CSS. 

(b) Before obtaining consent to the collection of personal information, CSS employees shall advise the individual of the identified purposes for which personal information will be used or disclosed. CSS employees shall state the purposes in a manner that can be reasonably understood by the individual. 

(c) CSS may not require members to consent to the collection, use or disclosure of personal information as a condition of supplying of a product or service, unless such collection, use or disclosure is required to fulfill the identified purposes. For example: 
A. CSS may not require a member to agree to be added to an email list as a condition of being a CSS member.   
B. However, CSS may require a member to provide personal information to verify their identity when contacting CSS in relation to their account.   

(d) CSS employees shall not develop content (including scripts and software) or design websites, social media pages/channels/sections or sites, or online messaging in ways that collect information or install tracking cookies or other online tracking technologies without the consent of users and without the involvement of the Privacy Officer. When entering into contracts with third parties for website and online marketing, CSS employees will ensure that third parties disclose all online tracking technologies that will be used to gather information on CSS’ behalf or on CSS’ websites and social media sites. Tracking by third parties must be approved by and is subject to review by CSS. 

(e) Sometimes it will not be possible or practical to anticipate all of the proposed uses of personal information before collection. It is not acceptable to use vague language to obtain consent to future unknown and unspecified purposes. Instead, CSS will seek new consent to use and disclose personal information for the new purpose once that purpose is known. 

(f) In general, CSS will seek to obtain express consent to the identified purposes. However, in some circumstances, it will be reasonable for CSS to rely on implied consent, where allowed by law. For example: 
A. If a member emails CSS with a question, CSS may rely on implied consent to use the member’s email address or other contact information in the email to respond to the question. However, CSS may not add the member to an email newsletter list without the member’s express consent. 
B. If an individual accepts employment at CSS, CSS may rely on implied consent to use the individual’s personal information for payroll and other employment purposes. However, CSS may not provide employment information to the individual’s bank or credit union without the employee’s express consent. 
C. If a CSS employee is a member of a public social network (such as Facebook), CSS may rely on implied consent to monitor the CSS employee’s compliance with CSS’ Social Media Policy in posts made publicly. 
D. If a former CSS employee refers a prospective employer to CSS for a reference, CSS may rely on implied consent to disclose personal information relating to the former CSS employee’s employment history and competencies. 

(g) Consent to collect, use and disclose sensitive personal information is done with express consent. 
A. Sensitive personal information includes information that could be used for identity theft purposes such as a person’s Social Insurance Number, driver’s licence number, health card number, and credit card number or other financial information.   
B. Sensitive personal information also includes information that could be used or could be perceived to be used to discriminate against a person, such as race, ancestry, place of origin, colour, ethnic origin, citizenship, creed, sex, sexual orientation, gender identity, gender expression, age, marital status, family status or disability. 
CSS employees must not collect personal information from a credit or consumer reporting agency (a credit check) without obtaining the express consent of the person who is the subject of the credit check. 

(h) In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. See Principle 5 for details. 

(i) A CSS member or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. CSS members and employees may contact CSS for more information regarding the implications of withdrawing consent. 


Principle 4 - Limiting Collection of Personal Information 

Personal information is collected only if it is necessary to achieve the purposes identified to the individual.
 
(a) Where feasible, CSS employees will assess the privacy implications of new initiatives before implementing them to ensure that only personal information that is necessary to fulfill the purpose of the initiative is collected and that the means that are proposed to be used to obtain consent are adequate. For example: 
A. Requiring a Social Insurance Number from all applicants for a job (prior to any offer being made) may not be required and may lead to allegations of discrimination, since it may be possible to tell whether the applicant is a citizen or permanent resident or a temporary worker. The applicant may be asked instead to confirm eligibility to work in Canada. 

(b) CSS employees will collect personal information in a transparent way. Whenever possible, CSS employees will collect personal information directly from the person regarding whom the personal information relates. 

(c) CSS may also collect personal information from other sources including employers or personal references, or other third parties that represent that they have the right to disclose the information. This information will only be collected where it is necessary and where the possibility of this collection has been disclosed.   


Principle 5 - Limiting Use, Disclosure and Retention of Personal Information 

The fact that CSS has personal information of a member does not mean that the personal information can be used for any purpose, disclosed for any purpose or retained indefinitely. When CSS employees use personal information, they shall consider whether the use was one that was identified to the person from whom the information was collected. Personal information shall not be disclosed without consent unless required by law. Personal information shall not be retained for longer than is necessary to fulfill the purpose and to comply with regulatory requirements or to protect CSS’ legal rights. 

(a) CSS employees are responsible for ensuring that CSS complies with its obligations relating to personal information throughout the lifecycle of that information.  

(b) CSS’ responsibilities begin at the point of collection and remain in place until secure destruction. CSS’ responsibilities do not end when information is transferred to authorized third parties. 

(c) CSS employees may share information for identified purposes with authorized third parties who process or perform services with respect to that personal information on behalf of CSS. For example: 
A. CSS may share an employee’s personal information with a benefits service provider for the purpose of the administration of employee benefits. 
B. CSS may share member email or street addresses with authorized third parties for purposes of distributing Plan information and statements. 
C. CSS may retain a third party to host servers and software programs in which employee and member personal information is stored and processed. 

(d) Third parties with whom CSS shares or stores members’ pension plan information must be located in Canada as prescribed by legislation. CSS is responsible for ensuring that personal information transferred to authorized third parties is subject to the levels of security protection provided by this policy.
  
(e) Before CSS shares personal information with an authorized third party, CSS employees shall consider the administrative, technical and physical security precautions in place to prevent unauthorized access, use or disclosure of the personal information while the information is transferred to and used by the third party. For example: 
A. CSS employees will not email a spreadsheet containing sensitive personal information unless the email or spreadsheet is encrypted. 
B. CSS employees will ensure that third parties only receive personal information that is necessary to perform the service for CSS. The third party will be required to maintain the security of the personal information at all times. 
C. CSS employees will ensure that third parties are aware of any restrictions on the uses of personal information that is being transferred to them. 

(f) Authorized third parties may not use information shared by CSS for purposes other than identified purposes unless consent is obtained from the individual whose personal information is being used for a new purpose. See Principles 2 and 3

(g) Only those CSS employees who require access for business reasons or whose duties reasonably so require are granted access to personal information about CSS members and employees.   

(h) Unless CSS has issued a hold on destruction of records (sometimes called a “legal hold” or “litigation hold”) in order to comply with its obligations to retain records that may be relevant to a legal risk, CSS employees must comply with CSS record retention and information classification policies to ensure that personal information is not retained for unreasonable periods of time. 
A. In general, personal information will only be kept as long as it is necessary for the identified purposes. 
B. In certain cases, personal information may be required to be maintained for longer periods of time in accordance with pension or other laws. For example, records relevant to members’ benefits may be required to be kept for significant periods of time. In addition, CSS will require employees to suspend record destruction processes for records that may be relevant to actual or anticipated litigation. 
C. CSS employees are required to comply with CSS retention and destruction schedules and procedures. If personal information is to be kept beyond what is necessary to fulfill the identified purposes or to comply with laws regarding the retention of documents, the information must be de-identified and rendered permanently anonymous.  

(i) CSS employees must always seek advice from their supervisor or, if appropriate, the Privacy Officer, before disclosing personal information to a third party without the consent of the individual whose information has been collected.  

(j) There are rare situations in which CSS may use personal information or CSS may disclose personal information to a third party without the consent of the individual whose information has been collected. For example: 
A. CSS may use personal information if CSS has reasonable grounds to believe that the information would be useful in the investigation of a breach of Canadian, provincial or foreign laws. 
B. CSS may use personal information in an emergency that threatens the life, health or security of an individual. 
C. CSS may disclose personal information, in confidence, to a lawyer representing it, in order to obtain legal advice.  
D. CSS may disclose personal information to non-member spouses as required by pension legislation.
E. CSS may disclose personal information for the purpose of collecting a debt owed by the individual to CSS or in connection with legal proceedings in which CSS has an obligation to disclose the personal information. This may include responding to a subpoena or warrant issued or an order made by a Canadian or foreign court with jurisdiction. 
F. In certain circumstances, CSS may disclose personal information to a government institution with lawful authority to request the information for the purposes of enforcing the laws of Canada, a province or a foreign jurisdiction such as Maintenance Enforcement. 


​Principle 6 - Accuracy of Personal Information 

CSS employees will take care to keep personal information that they are responsible for maintaining as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. 

(a) CSS is responsible for instituting processes to minimize the possibility that inappropriate information may be used to make a decision about a CSS member or employee.  

(b) CSS may update personal information about members and employees as and when necessary to fulfill the identified purposes or upon notification by the individual. 

(c) CSS employees are responsible for following CSS processes to ensure that personal information is accurate, complete and up-to-date. 


Principle 7 - Security Safeguards 

CSS uses administrative procedures, technical controls and physical security safeguards to protect personal information. CSS employees must never circumvent or attempt to circumvent these safeguards. If a CSS employee believes that there is a security breach or the safeguards are not being complied with, that CSS employee must report the issue to his or her supervisor or, if necessary, to the Privacy Officer.
 
(a) A CSS employee who becomes aware of unauthorized access, use or disclosure of personal information shall report that unauthorized access, use or disclosure to his or her supervisor and the Privacy Officer. In some cases, CSS will have mandatory breach notification responsibilities to members and privacy commissioners, which will be coordinated by the Privacy Officer. See Principle 1

(b) CSS employees with access to personal information are required as a condition of employment to respect the confidentiality of personal information. 

(c) CSS protects personal information against risks such as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. The methods of protection include: 

A. Physical Measures:  For example, CSS employees must not leave documents containing personal information in open areas or on their desk whenever they leave their desk. Documents must be placed in secure locations such as locked cabinets or drawers. Employees must lock their computers whenever they leave their desk. CSS employees must carry security passes and issue visitor credentials to ensure that access to CSS offices is restricted to authorized personnel and approved guests. All employees must destroy personal (and other confidential and sensitive) information by means of deposit in secure shredding bins at designated locations in the Plan’s offices. Employees will ensure that they collect print jobs containing personal (and other confidential and sensitive) information immediately from the printers so that they are not accessed by unauthorized individuals. 

B. Organizational Measures:  CSS restricts access to personal information to a “need-to-know” basis. CSS employees must not disclose personal information to other employees who do not require access to that information to fulfill their job functions. 

C. Technological Measures:  CSS employees are required to use IT passwords (as per CSS’ password policy) and to keep those passwords secure. CSS employees must not download personal information to unencrypted devices, such as USB drives, or devices that have not been authorized by CSS, such as a smart phone. Only authorized and licensed software and hardware is permitted to be connected to the CSS information technology system. CSS will take appropriate measures to ensure that the confidential and personal information residing on its computer systems and servers is protected from unauthorized access and encrypted where appropriate. Confidential emails, and those containing personal information, must be encrypted before being sent to recipients unless consent is first obtained. CSS will take appropriate measures to secure its computer network and electronic resources from unauthorized access by using tools and hardware subject to regular security testing. 

(d) CSS employees must ensure that any personal information shared with authorized third parties is protected by stipulating the confidentiality of the information and the purposes for which it is to be used.
 

Principle 8 - Openness Concerning Policies and Practices 

CSS makes available to members, employees and regulators, specific information about its policies and practices relating to the management of personal information. 

(a) CSS maintains a privacy notice on its website, which summarizes its privacy practices for members. 

(b) A CSS employee who has questions or concerns about this Privacy Policy will discuss his or her questions or concerns with a supervisor or the Privacy Officer. See Principle 1

(c) Individuals have the right to obtain information about CSS’ privacy practices. Individuals also have the right to obtain access to personal information held by CSS about them. See Principle 9.  

(d) CSS has a responsibility to provide information to help members and employees exercise choices regarding the use of their personal information and the privacy-enhancing services available from CSS. Therefore, CSS employees will: 
A. ensure that they are familiar with this Privacy Policy; 
B. be able to explain CSS’ privacy practices to members who make inquiries; and 
C. refer questions that the CSS employee cannot answer and any access requests to the Privacy Officer. See Principle 1


Principle 9 – Member and Employee Access to Personal Information 

Upon request, CSS will inform a member or employee of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. A member or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate. Subject to applicable data protection and other laws, a member or other stakeholder for whom CSS holds personal information may object to the processing of their personal information and request that we erase or restrict our processing of it.  
 
(a) CSS is responsible for providing individuals with a reasonable opportunity to review personal information collected about that individual. This includes a description of the type of personal information held by CSS, including a general account of its use, and the authorized third parties to whom the personal information has been disclosed. 

(b) CSS employees will take care to ensure that access requests are identified and properly processed. Many privacy complaints are related to the failure to identify and refer access requests to be dealt with in accordance with applicable privacy legislation.  
A. A member can obtain information or seek access to his or her individual file by contacting the Privacy Officer. 
B. A CSS employee can obtain information or seek access to his or her individual personnel file by contacting the CSS Executive Director. 
C. In all other cases, refer the request to the Privacy Officer. See Principle 1

(c) In certain situations, CSS may not be able to provide access to all of the personal information that it holds about an individual. For example: 
A. CSS may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual.  
B. CSS will not provide access if the information is protected by solicitor-client privilege or if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law.  

(d) If access to personal information is not provided, CSS will provide the reasons for denying access upon request. Copies of Access Denial letters will be maintained on file by the Privacy Officer. 

(e) In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit CSS to account for the existence, use and disclosure of personal information and to authorize access to the individual's file. Any such information shall be used only for this purpose. 

(f) CSS is responsible for promptly correcting or completing any personal information found to be inaccurate or incomplete. CSS employees will not refuse or neglect to correct or complete personal information. For example, if a member requests to be removed from a distribution list, CSS employees will promptly process or forward the request to the appropriate person for processing. 

(g) Any unresolved differences as to accuracy or completeness will be noted in the individual's file. In certain circumstances, CSS will also transmit to authorized third parties having access to the personal information in question any amended information or the existence of any unresolved differences. 

​Principle 10 - Challenging Compliance 

CSS Employees will direct any person who wishes to challenge CSS’ compliance with this Privacy Policy to the Privacy Officer. 

(a) CSS maintains procedures for addressing and responding to all inquiries or complaints about CSS’ handling of personal information. 

(b) If a CSS employee is not able to answer an inquiry about CSS’ handling of personal information, the CSS employee will refer the inquiry to the employee’s supervisor or the Privacy Officer. See Principle 1

(c) If a CSS employee receives a complaint, the complaint will be forwarded to the Privacy Officer who may delegate the investigation of the complaint and the response. See Principle 1

(d) In addition, CSS employees will ensure that they inform members that they are entitled to complain to the Privacy Officer in the event of a dispute and provide the member with information on how to contact the Privacy Officer. See Principle 1


Cookies and Analytic Tools Used on our Website

CSS uses several first-party and third-party cookies and analytics tools primarily to enhance the user experience when visiting our website. Please visit Use of Cookies and Analytic Tools for more information on our use of first-party and third-party cookies and other analytic tools.


Changes to Our Privacy Policy

This Privacy Policy may be updated periodically to reflect changes to our practices for handling personal information or to reflect changes in applicable law. The revised policy will be posted on the website. We encourage you to refer to this policy periodically for the latest information about our practices for handling personal information.

For additional inquiries about the policy and the procedures developed to implement it, or to voice concerns or complaints about the accuracy or protection of personal information, please contact the Plan’s Privacy Officer at:

CSS Privacy Officer
PO Box 1850
Saskatoon, SK  S7K 3S2

Fax: 306-244-1088
Telephone: 306-244-1539