Statement of Privacy Principles
The purpose of this Statement is to inform individuals with whom Johnson & Johnson Medical Products division of Johnson & Johnson Inc. (“JJMP”, “our”, or “we”) may interact in the course of its business and others who may use JJMP products (“you”), how we collect, use, disclose and protect your personal information.
We deal with individuals such as physicians and other health professionals, health facility administrators, potential employment candidates and, in limited cases, patients who use our products. “Personal information” as used in this Statement, means information about an identifiable individual, including name, address and other contact information, health information or information an individual may provide to us through product inquiries or comments but does not include name, title or business address or telephone of an employee of an organization.
This Statement of Privacy Principles is based on the principles outlined in the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”).
Requirements of PIPEDA
PIPEDA provides that organizations may collect, use or disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Additionally, PIPEDA requires organizations to comply with a set of legal obligations based on the following ten principles:
2. Identifying purposes
4. Limiting collection
5. Limiting Use, Disclosure, and Retention
9. Individual access
10. Challenging compliance
We are responsible for the personal information under our control and have designated an individual as our Privacy Officer who shall be accountable for the organization's compliance with the principles. Additionally, we shall implement policies and practices to give effect to these principles, including:
(a) the implementation of procedures to protect personal information;
(b) the establishment of procedures to quickly receive and respond to complaints and inquiries;
(c) training and communicating to staff about our policies and practices; and
(d) developing information explaining our policies and practices.
1.1 Although other individuals with the organization may be responsible for the day-to-day collection and processing of personal information, accountability rests with the Privacy Officer.
1.2 Since we are responsible for personal information in our possession or control, we will use appropriate means to ensure that all existing and future contracts ensure a level of privacy protection equal to our policies when information is being processed by third parties.
1.3 Additionally, where other individuals may be delegated to act on behalf of the Privacy Officer, we shall make known, upon request, the identity, title and contact information of the person designated to oversee our compliance with the policy.
2. IDENTIFYING PURPOSES
2.1 We shall identify the purposes for which personal information is collected at or before the time the information is collected. We will only use your personal information for the disclosed purposes or as permitted or required by law.
3.1 The knowledge and consent of the individual are required for the collection, use and disclosure of personal information.
3.2 The way in which we seek consent, including whether it is express or implied consent, may vary depending on the sensitivity of the information and the reasonable expectations of the individual. An individual may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice.
3.3 We will typically seek consent for the use or disclosure of personal information at the time of collection, but in certain circumstances consent may be sought after collection but before use.
3.4 We will only ask individuals to consent to the collection, use or disclosure of personal information as a condition of the supply or purchase of a product, if such use, collection or disclosure is required to fulfill an identified purpose.
3.5 We will only collect, use or disclose personal information without the knowledge and consent of the individual if it is permitted or required by law. Some such circumstances where this may occur is when personal information is publicly available as defined by regulation; where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way; to investigate a breach of agreement of a contravention of the law; to act in respect to an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.
4. LIMITING COLLECTION
4.1 We will limit the amount and type of personal information collected to that which is necessary for the identified purposes.
5. LIMITING USE, DISCLOSURE AND RETENTION
5.1 We shall not use or disclose personal information for purposes other than those for which it was collected, except with consent of the individual or as required by law. Personal information shall be retained only as long as is necessary to fulfill the the intended purposes.
5.2 Your personal information may only be disclosed in the following circumstances, and then only that information which is necessary:
a) External third parties we use in the ordinary course of our business, such as for conference organizing, marketing, data processing and associated printing and mailing;
b) Our related companies for use towards the same identified purpose; and,
c) Third parties as otherwise permitted or required by law.
5.3 We shall retain personal information only as long as it remains necessary or relevant for the identified purposes or as required by law.
5.4 Personal information that is no longer required to fulfill an identified purpose shall be erased, destroyed or made anonymous.
6. ACCURACY OF PERSONAL INFORMATION
6.1 We will use our best effort to keep your personal information as accurate, complete and up-to-date as is necessary for the identified purpose.
7.1 We have appropriate safeguards in place to protect personal information (regardless of format) against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
8.1 Upon request, we will make available to individuals specific information about our policies and practices relating to the management of personal information as outlined in this Privacy Statement. Our clients (when necessary) and employees are informed of our policies and practices for managing personal information.
9. INDIVIDUAL ACCESS
9.1 Upon written request, we will inform an individual of the existence, use and disclosure of his or her personal information and, where possible, give the individual access to that information.
9.2 We will respond to an individual's written request for information within a reasonable period of time and the information shall be provided in an understandable, timely and low-cost manner from the perspective of the individual.
9.3 An individual can challenge the accuracy and completeness of the information and have it amended as appropriate.
9.4 Should an individual successfully demonstrate any inaccuracy or incompleteness in the records, we will make the appropriate amendments to the information. When a challenge is not resolved to the satisfaction of the individual, a statement of disagreement shall be attached to the individual's records. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
9.5 In certain situations, we may not be able to provide access to all the personal information we hold about an individual. We will provide reasons for denying access; however, some exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
10. CHALLENGING COMPLIANCE
10.1 An individual can address a challenge concerning compliance with the above principles to the Privacy Officer listed below. If the complaint or challenge is found to be justified we will take appropriate action to address it.
10.2 How to contact the Privacy Officer:
Access request, inquiries or complaints should be addressed in writing to:
Johnson & Johnson Medical Products division of
Johnson & Johnson Inc.,
200 Whitehall Drive
Markham, Ontario L3R 0T5
Date of last revision: May 27, 2013