Collection and Use of Personal Information
Personal information that can be used to identify an individual will be collected upon registration for cord blood banking with CReATe. This personal information will include, but may not be limited to, a client’s name, address, other contact information, health card number, and date of birth. Personal information is necessary for accurate identification, to complete the registration process and to provide cord blood banking services to CReATe’s clients. The consent of the client will be obtained before personal information is used for any other purpose, unless the purpose is required by law. Consent for use of information may be given by an authorized representative (such as a legal guardian or power of attorney.) Personal financial information, such as credit card numbers, if provided by the client, will not be used for any purpose without the client’s consent.
Personal medical information, which may include medical history and blood test results will be collected upon registration for cord blood banking. This information will not be obtained without the client’s written consent, and will be used only for the purpose of assessing the eligibility of the client for cord blood banking.
Other personal information collected and maintained by CReATe will include but may not be limited to, birth and delivery information, cord blood processing information, cord blood testing results, maternal infectious disease testing results, and transplant outcomes, if applicable. This information is collected for the purposes of providing cord blood banking services, determining eligibility of the cord blood sample for storage, ensuring the safety of cord blood samples in storage at CReATe, complying with professional standards and other applicable regulations, and improving the quality of service.
Protection and Disclosure of Personal Information
CReATe takes appropriate measures and has procedures in place to ensure the security and confidentiality of all personal information. Access to personal information stored electronically or by other means is restricted to those employees that require access to carry out cord blood banking services, such as facilitating registration, payment of fees for cord blood banking, and shipping, processing, storing or releasing cord blood. Methods of information protection include physical, organizational, and technological safeguards.
Personal information will not be sold or exchanged with other organizations or disclosed for a purpose other than that for which it was collected, without the client’s consent unless required by law. If a client is referred by another individual to CReATe, however, then in this case, if the client being referred successfully banks their child’s cord blood at CReATe, the client making the referral will be informed in order to obtain their free year of storage. No other personal information will be disclosed to the client making the referral. Relevant personal information will be shared with outside parties such as external medical laboratories/testing facilities only to the extent that is necessary in providing cord blood banking services.
To verify CReATe’s compliance with applicable Health Canada regulations and other professional standards, files containing personal information might be accessed by Health Canada or other accreditation inspectors during routine laboratory inspections. Files are accessed by these individuals solely for this purpose, and only in the immediate presence of authorized CReATe personnel.
Personal information will be retained for a period of time that is in compliance with applicable laws, regulations, and standards, including, but not limited to, the standards set forth by Health Canada. Care shall be taken in destroying or disposing of personal information such that unauthorized individuals do not gain access to it.
CReATe takes measures to ensure the security of the information you submit online. We use high-grade encryption (128-bit encryption code) and the https security protocol to communicate with browser software. This method is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept your information.
To protect your online credit card payment, CReATe’s has created a secure environment for credit card transactions through the use of Secure Socket Layer (SSL) technology.
Email addresses provided to CReATe may be used, if required, to maintain communication with a client if a client cannot be reached by other means. Email addresses will not be sold or used to send unsolicited material.
While CReATe makes every effort to ensure the security of the information submitted, the security of information submitted electronically cannot be totally guaranteed.
Changes to Personal Information
Personal information maintained by CReATe should be accurate and up-to-date. CReATe should be informed of changes to personal information such as addresses and phone numbers by the client.
If a client believes that CReATe has inaccurate personal information the client may contact CReATe to request an amendment. Sufficient information must be provided for CReATe to verify the identity of the client.