This Personal Information Protection Policy of the Canadian Reiki Association (CRA) outlines a commitment to principles and practices intended to protect the security and privacy of personal information it collects. The Policy reflects compliance with the CRA  Code of Ethics and the Personal Information Protection and Electronics Documents Act (PIPEDA).

CRA is committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for the effective delivery of the membership, goods and services it provides.


What is Personal Information?

Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics (e.g., gender, age, home address or telephone number), education (e.g. degree, year of graduation, institution and specialization) or activities and views (e.g. options expressed by an individual, evaluation of an individual). Personal information is to be contrasted with business information (e.g. an individual’s business address and telephone number), which is not protected by privacy legislation.


Access to Personal Information:

Individuals have a right to inspect their personal information that is in the possession of CRA

Requests to review their personal information, change or correct it or to make a complaint to CRA about the collection and/or use of personal information should be directed to the CRA Executive Officers.

Employees of CRA, in the course of their duties, have access to personal information we hold. There are a limited number of individuals, outside the Association, that may, in the course of their duties, have limited access to personal information. We restrict their access and obtain their assurance that they follow appropriate privacy principles and practices. These individuals include, but are not limited to, bookkeepers, auditors, legal counsel and contractors.



Expressed consent is sought whenever personal information is collected. However, there is sometimes implied consent, such as when an applicant or member completes and submits a membership application to CRA. It is implicit in such a process that CRA is collecting this personal information as part of the application process and that applicant is consenting to this collection.


Safeguards to Maximize Security of Personal Information

Location of Paper Information

Office areas restricted to staff

  • Policy that all files be locked after hours
  • Policy that secure areas be locked after hours
  • Policy defining levels of access

While in transit to another location

  • Policy that files must be in personal custody of staff
  • Policy that files be locked away while unattended

Home office

Policy regarding removal of files from office

  • Policy that files be locked away while unattended

Location of Electronic Information

Computer access restricted to staff only

  • Password protection for each terminal
  • Unique users identification with passwords
  • Policy defining levels of access

Transfer of Paper Information

In sealed envelope marked private and confidential, sent by Canada Post or reputable courier.

  • In sealed envelope delivered by staff.
  • In sealed envelope to be picked up by person – envelopes kept out of sight in public areas.

Transfer of Electronic Information

Through e-mail with the consent of the person

  • Through fax with a cover sheet with a privacy clause
  • Through a disk, CD or other storage medium that is treated with the same safeguards as paper information

General Safeguards

Staff  is trained in the following

  • The importance of personal information
  • Access to personal information is on a need-to-know basis
  • CRA’s Personal Information Protection Policy
  • Sensitivity in collecting and using personal information when others might hear
  • When to remove or mask unnecessary information when providing copies
  • To recognize and avoid being “pumped” for information
  • How to discard personal information
  • To avoid discussing personal information public places
  • That breach of the Association’s privacy policy will result in discipline up to and including dismissal.
  • Annual review of privacy policy and practices with staff.

Privacy and security agreements with the following

  • Temporary/contract employees
  • Bookkeeping and accounting
  • Legal
  • Building management

Regular and systemic monitoring of compliance by the Information Officer or designate.

Systematic approach to ensure staff  change passwords.

A policy to notify individuals when their personal information is misused or misappropriated.

Retention and Disposition of Personal Information

Personal information held by CRA about members and employees will be destroyed seven years after cessation of CRA membership or employment with CRA. Such information will be destroyed in a manner designed to protect member/employee privacy.


CRA is committed to ensuring this Personal Information Protection Policy is available to the public. We endeavour to do this in the following ways:

  • Staff are trained to provide the Policy to anyone who requests it
  • The Policy will be provided to each employee.
  • The Policy will be posted in the reception area of our Association.
  • The Policy will be posted on our website.
  • The Policy will be sent to members.
  • The Policy will be provided to each new member at the time a consent form is signed.
  • The Policy will be provided to each new individual about whom we collect data.

Information Collected

CRA collects personal information about its members, employees, and contractors as follows:

Category: Members

Information Gathered

Personal Characteristics

  • Name
  • Age
  • Home contact information
  • Other contact information
  • Membership category requested
  • Membership category requested
  • Language preference
  • Gender
  • Educational information
  • Years of counseling experience
  • Work setting
  • Continuing education experiences

Activities and Views

  • Transaction history with the Association
  • Letter(s) written to the Association by the individual, and by referees.
  • CRA disciplinary action against the individual, within appropriate time limits.
Primary Purpose of Collecting Data:
  • Database for membership admission and maintenance
  • Database for Certified Canadian Counselors and its maintenance

Authority to Collect Information for this Purpose

  • Implied

Category: Employees/Contractors


Information Gathered

Personal Characteristics

  • Name
  • Home Contact Information
  • Emergency Contact Information
  • Credit/Bank Information
  • Social Insurance Number
  • Gender
  • Age
  • Education or Training
  • Marital Status

Activities and Views

  • Transaction history with the Association
  • Occupation/profession
  • Community involvements
  • Work hours
  • Disciplinary actions against the individual
  • Financial Data
  • Existence of a dispute with the Association
  • Letter written to the Association by the person
  • Views, evaluations, or opinions about the person

Primary Purpose of Collecting Data

  • Employment Suitability

Authority to Collect Information for this Purpose

  • Implied
    Written consent

Secondary Purpose of Collecting Data

  • On-going suitability of employment

Authority to Collect Information for this Purpose

  • Implied

All members/employees/contractors with complaints about the collection, use, or security of their personal information held by CRA will be directed to the CRA Executive Officers. All such complaints will be discussed with the complainant, appropriately investigated, and a timely response will be given. The CRA Privacy Officer will inform complainants of the Office of the Privacy Commissioner of Canada,


CRA Privacy Officers are the Executive Director

CRA,  March 31, 2017

Mailing Address
Canadian Reiki Association
24-2350 New Street
Burlington, Ontario L7R 4P8
Local: 905-739-0612
Toll Free: 1-800-835-7525
Office Hours
10:00 AM to 3:00 PM
Eastern Standard Time
Monday through Friday