Securiv Inc. - Privacy And Information Collection/Disclosure
Scope and Application
- information about an individual that is publicly available and is specified by regulation pursuant to PIPEDA;
- non-personally identifiable information; and
- the name, title, business address or telephone number of an employee of an organization, where collection, use or disclosure of such information is solely for the purpose of communicating with the person about his or her employment, business or profession.
collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent: Voluntary agreement for the collection, use and disclosure of personal information for defined purposes. The form of consent we seek may vary, depending upon the circumstances and the type of personal information. In determining the form of consent, we take into account the sensitivity of the personal information and your reasonable expectations. Consent may be provided directly by you, or by your authorized representative, in accordance with applicable law.
client: An organization who purchases or otherwise acquires or uses any of our services in the course of our commercial activities.
disclosure: Making personal information available to a third party.
employee: An employee of, or an independent contractor to, us. The inclusion of independent contractors within the definition of “employee” is for convenience of reference only, and should in no manner imply that such independent contractors are our employees within the meaning of employment legislation or are in an employee-employer relationship with us.
personal information: Information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization.
third party: An individual or organization outside of our organization.
use: The treatment, handling, and management of personal information by and within our organization or by a third party with our knowledge and approval.
we: Means (and “us”, “our”, and “ours” refer to) Securiv Inc. and our affiliates, parents and subsidiaries.
you: Means (and “your” refers to) the user of our services and products, and your heirs, administrators, executors and assigns.
PRINCIPLE 1 – ACCOUNTABILITY
We are responsible for personal information under our control and shall designate one or more persons who are accountable for our compliance with the following principles.
PRINCIPLE 2 – IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
We shall identify the purposes for which personal information is collected at or before the time the information is collected.
As part of our services, we have collected and collect personal information for the following purposes:
- to establish and maintain responsible business/relations with individuals;
- to develop, enhance and market our services;
- to manage and develop our business and operations, including personnel and employment matters;
- to conduct investigations relating to breaches of agreements or contraventions of laws;
- to carry out any other purpose that an individual has authorized or that is required or permitted by law.
Further reference to “identified purposes” means the purposes identified in this Principle.
Our internet servers may passively and automatically collect certain information about website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique internet “addresses” assigned to all internet users by their internet service providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.
PRINCIPLE 3 – OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
The knowledge and consent of an individual are required for the collection, use, or disclosure of personal information, except where inappropriate. In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual.
We generally collect, use, retain and disclose personal information only with the individual’s knowledge and consent. Such consent may be obtained by third parties or agents that you have authorized to provide consent on your behalf. We may depart from the general consent principle only in accordance with the limited exceptions set forth in applicable laws, such as PIPEDA.
In obtaining an individual’s consent, whether express or implied, we will explain the purposes for which we will handle the personal information. We will not depart from these original and stated purposes unless the individual provides further consent or unless otherwise required or permitted by law. In determining the appropriate form of consent, we take into account the sensitivity of the personal information and the reasonable expectations of the individual.
Individuals may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. You may contact us for more information regarding the implications of withdrawing consent.
PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION
We shall limit the collection of personal information to that which is necessary for the purposes identified by us. We shall collect personal information by fair and lawful means.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
We shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. We shall retain personal information only as long as necessary for the fulfillment of those purposes.
We will not disclose personal information for purposes other than those purposes for which it was collected, except with the consent of the individual or as required or permitted by law.
We may disclose an individual’s personal information:
- when we have your consent, whether express or implied;
- to your authorized representatives;
- to third party agents or suppliers engaged by us to perform functions on our behalf;
- if and when we are involved in a corporate reorganization or we sell or lease all or part of our business;
- to meet legal and regulatory requirements; and
- where required or permitted by law.
In such circumstances, we will not disclose more information than is required for the purpose for which the information is being disclosed. We will also, whenever it is reasonable and practicable to do so, enter privacy agreements with third parties with whom we share personal information.
We will retain personal information for a period of time only as long as it remains necessary or relevant for the identified purposes or as required or permitted by law (subject to such shorter or longer periods as may be set out in agreements between us and you). Depending on the circumstances, where personal information has been used to make a decision about an individual, we shall retain, for a period of time that is reasonably sufficient to allow for access by the individual, either the actual information or the rationale for making such decision.
Only our employees who require access for legitimate reasons or whose duties reasonably so require, are granted access to personal information.
We maintain reasonable controls, schedules and practices for personal information management retention and destruction. Personal information that is no longer necessary or relevant for the identified purposes or is required by law to be retained is destroyed, erased or made anonymous, as appropriate in the circumstances.
PRINCIPLE 6 – ACCURACY OF PERSONAL INFORMATION
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
We make reasonable efforts to ensure that personal information we collect, use or disclose is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. If an individual finds any errors in our personal information holdings, we should be informed, and we will make the appropriate corrections. We will convey these corrections to any third party to which we may have conveyed the inaccurate personal information. For personal information that remains in dispute, we will make note in our records of an individual’s opinion as to accuracy of the relevant personal information.
PRINCIPLE 7 – SECURITY SAFEGUARDS
We shall protect personal information by security safeguards appropriate to the sensitivity of the information.
We protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held. We protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the personal information and the purposes for which it is to be used.
All of our employees with access to personal information are required to respect the confidentiality of that personal information.
PRINCIPLE 8 – OPENNESS CONCERNING POLICIES AND PROCEDURES
We shall make readily available to individuals specific information about our policies and procedures relating to the management of personal information.
Individuals should forward questions or concerns regarding our policies and procedures relating to the management of personal information to the Privacy Officer.
PRINCIPLE 9 – ACCESS TO PERSONAL INFORMATION
Upon request, we shall inform an individual of the existence, use, and disclosure of his or her personal information and shall give the individual access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual may access any personal information that we have concerning them by sending a written request to the Privacy Officer. We may advise an individual in advance if there is a minimal charge to conduct a search of our records and will respond within 30 days.
In order to protect the privacy of individuals, individuals may be required to provide sufficient identification in order to permit us to account for the existence, use and disclosure of certain personal information and to authorize access to such information. Any such information will only be used for this purpose.
We may not be able to provide personal information to an individual if doing so would violate the privacy of a third party or if certain personal information is subject to legal privilege, contains information proprietary to us or a third party, is too costly to retrieve, or cannot be disclosed for other legal reasons. If we are unable to provide access to all or part of an individual’s personal information, we will explain our reasons for such a decision.
Where an individual has been provided with access to their personal information, they shall be able to challenge the accuracy and completeness of their personal information and have it amended as appropriate.
Personal information that is disclosed to third parties by us will be subject to the general laws applicable in the jurisdiction in which the third party conducts business. As a result, and in certain limited situations, we may not be legally permitted to account for certain collections, uses or disclosures of personal information. In most circumstances, however, we shall provide an account of the collection, use and disclosure of personal information and, where reasonably possible, we shall state the source of the personal information. In providing an account of disclosure, we shall provide a list of organizations to which we may have disclosed your personal information when it is not possible to provide an actual list.
PRINCIPLE 10 – CHALLENGING COMPLIANCE
All questions or concerns regarding our privacy practices should be directed to the Privacy Officer.
36 Prairieview Drive
La Salle, MANITOBA R0G 0A2
Attention: Privacy Officer
Telephone: 204 202 3239
E-mail: [email protected]
Please also visit the Office of the Privacy Commissioner of Canada’s internet website at https://www.priv.gc.ca/en/.