Canada Privacy Services

Privacy Policy

Part 1

A. INTRODUCTION

At CanadaPrivacy Services Inc. (CPSI), we take your privacy very seriously. In addition to our established policy of dealing with personal information in a sensitive manner, we are required by law (Canada’s Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 (PIPEDA)) to ensure that our collections, uses, retention, disclosures and disposals of personal information are carried out in accordance with the established privacy principles set forth in that Act.

This Privacy Policy has been designed to reflect the 10 Principles contained in the Canadian Standards Association’s Model Code for the Protection of Personal Information (as incorporated in PIPEDA). It deals with:

(a) our accountability for our privacy practices;

(b) the purposes for which we collect personal information and the sorts of personal information that we collect across all channels of communication;

(c) consent;

(d) the manner in which we use and disclose personal information;

(e) our security, retention and disposal processes relating to personal information;

(f) your right to access your personal information and to request corrections of same;

(g) how you can get answers to questions or raise concerns about our dealings with your personal information and/or our compliance with this Privacy Policy; and

(h) our right to amend this Privacy Policy.

B. SCOPE

This Privacy Policy applies to all personal information that is held by, or is under the control of, CPSI, with the exception of any employment-related personal information of our employees. CPSI employees may obtain a copy of our Employee Privacy Policy by contacting their supervisor.

This Privacy Policy also applies to personal information that is collected, used or disclosed by us through this web site. In that respect, please seeOur e-Privacy Commitment for CanadaPrivacy.ca/CanadaPrivacy.com that forms Part 2 of this Privacy Policy. Our dealings with your personal information that may occur through the medium of this web site, as contemplated by Our Privacy Commitment, nonetheless remain subject to our broader privacy commitments in Part 1 of this Privacy Policy.

C. DEFINITIONS

The following definitions have been created to explain terms that are used extensively in this Privacy Policy:

“Collect” or “Collection” means the act of gathering, acquiring or obtaining identifiable personal information from you or from third parties, by any means.

“Consent” means your voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally, electronically or in writing. In appropriate circumstances, consent may be implied from an individual’s conduct. Consent can also be given by an authorised representative, such as a legal guardian or a person having power of attorney.

“Disclose” or “Disclosure” means providing your personal information to anyone other than to you, your authorized agents, our clients if we are processing your personal information on their behalf or to service providers retained by us to process or otherwise deal with personal information on our behalf.

“Personal Information” means information about an identifiable individual.

“Transfer” means to receive personal information from, or to provide personal information to, an organization for which we provide personal information processing services pursuant to a service contract containing appropriate privacy-related provisions or to of from an organization that performs a similar function on our behalf.

“Use” means the treatment and handling of personal information by us or by service providers retained by us to process or otherwise deal with personal information on our behalf.

ARTICLE 1 – ACCOUNTABILITY

1.1 Our Privacy Co-ordinator is responsible for our compliance with this Privacy Policy. The Privacy Co-ordinator may be contacted at:

CanadaPrivacy Services Inc.
P.O Box 72090 Kanata North RPO
Ottawa, Ontario
K2K 2P4

Attention: Rick Shields

Phone: (613) 254-8652
Fax: (613) 254-8628

Alternatively, you may contact the Privacy Co-ordinator via the open-text message functionality incorporated in our Contact Us web screen.

While the Privacy Co-ordinator is primarily responsible for our Privacy Policy, other CPSI personnel may be responsible for day-to-day collection and processing of personal information or for acting on behalf of the Privacy Co-ordinator from time to time.

1.2 We are responsible for the personal information under our control, including any personal information that we may transfer to a third party service provider for processing. Any service provider that we may engage to process or to otherwise deal with personal information on our behalf is not permitted to use, retain or disclose personal information transferred to it by us except in accordance with the terms of its services agreement with us.

1.3 We have implemented policies and practices to give effect to our privacy commitment to you, including:

(a) personal information security processes (see Article 7 below);

(b) access, complaint and correction procedures (see Articles 9 and 10 below);

(c) a personal information retention and disposal policy;

(d) staff training regarding customer privacy; and

(e) development of information to explain our privacy policy and procedures.

ARTICLE 2 – IDENTIFYING PURPOSES

2.1 We may collect or use some or all of the following personal information from or about identifiable individuals in the course of providing services to our clients:

(a) contact information pertaining to client representatives with whom we interact, including: name; language of communication; position title; business address; business telephone number; business facsimile number and business email address; and

(b) personal information contained in, or concerning, requests for access to, or correction of, personal information that are directed to organizations that employ our services in processing such requests, together with personal information contained in client records that we review in the course of assisting our clients to respond to such requests or in assisting our clients to respond to subsequent complaints and/or regulatory interventions.

2.2 In any case where we collect personal information directly from the individual, we will explain our purposes (and/or those of our clients) for collection at or before the time of collection. If personal information that has been previously collected is to be used or disclosed for a purpose not previously identified, we will, subject to our (and/or our clients’) legal rights and obligations, identify that new purpose to you prior to the relevant use or disclosure.

2.3 We endeavour to ensure that any CPSI personnel that may collect personal information on our (or our clients’) behalf are able to adequately explain to you the purposes for which your personal information is being collected.

ARTICLE 3 – CONSENT

3.1 We do not obtain consents directly from individuals in most circumstances where we receive personal information in the course of providing privacy-related services to our clients. In most such cases, our clients are responsible for obtaining all necessary consents before transferring the data to us for processing, and our subsequent dealings with that data are subject to the privacy-related terms and conditions contained in our service contracts with our various clients. Otherwise, subject to our legal rights and obligations, we will obtain appropriate consent, as required by law, for the collections of personal information contemplated in Article 2 above.

ARTICLE 4 – LIMITING COLLECTION

4.1 We will collect only the amount of personal information that we require to achieve the purposes identified in Article 2 above. We collect personal information only by fair and lawful means.

ARTICLE 5 – LIMITING USE, DISCLOSURE AND RETENTION

5.1 Personal information is used by a limited number of our personnel, on a “need to know” basis, for a limited number of purposes while they are performing their duties. These purposes include: administering client relationships; servicing individual requests for access to, and correction of, personal information that are directed to us for processing by our clients; and assisting our clients to respond to subsequent complaints and/or regulatory interventions relating to their personal information processes.

5.2 Except as required or permitted by law, we will not disclose personal information without consent. However, in the course of providing privacy-related services to our clients, we will receive transfers of personal information from, and transfer personal information to, our clients on a non-consensual basis before, during and/or after processing it on their behalves.

5.3 Personal information may also be transferred non-consensually by us to third party service providers that process personal information for us as subcontractors. In any such case, the subcontractor will be made subject to the privacy-related terms and conditions contained in our service agreement with the relevant client on whose behalf the information is to be processed. We will seek to ensure that any personal information that is transferred to such a third party is returned or destroyed at the end of the processing relationship.

5.4 We retain and dispose of personal information collected for our own purposes in accordance with our personal information retention and disposal policy. Personal information that has been used to make a decision about an individual shall be retained for a reasonable period in order to permit the individual to access that personal information after the decision has been made. Personal information that has been transferred to us by our client organizations for processing will be retained or disposed of in accordance with our service agreements with such clients and with applicable law.

5.5 Subject to Section 5.4 above, personal information that is no longer required in order to meet our identified and legitimate purposes will be destroyed, erased or otherwise made permanently anonymous in accordance with our personal information retention and disposal policy.

ARTICLE 6 – ACCURACY

6.1 We will not routinely update personal information, unless it is necessary to fulfil the purposes for which the personal information was collected. However, we will seek to ensure that personal information under our control or in our possession is sufficiently accurate, complete and up-to-date to minimize the possibility that inaccurate personal information is used to make a decision about you.

ARTICLE 7 – SAFEGUARDS

7.1 We protect personal information under our control with safeguards that are appropriate to the sensitivity of that information. These safeguards are designed to protect personal information in all formats against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification.

ARTICLE 8 – OPENNESS

8.1 Additional information about our privacy-related policies and procedures is available upon request.

ARTICLE 9 – INDIVIDUAL ACCESS

9.1 Subject to our legal rights and obligations, we will, upon receipt by our Privacy Co-ordinator of a written request for access, inform you about our possession, use or disclosure of your personal information, if any, and permit you to access that personal information if it is controlled by us. If you request such information or access, you must provide sufficient information with your request to permit us to provide an account of the existence, use and disclosure of that personal information. Any personal information provided by us to you as a result of a request for access shall be in a generally understandable form.

9.2 Notwithstanding Section 9.1 above, with respect to personal information that has come into our possession in the course of providing privacy services to any of our clients, we will refer any requests for access to, or correction of, such personal information to the appropriate client for handling.

9.3 We will respond to a request within a reasonable time and in any event within thirty (30) days of receipt of the request. We may extend this response deadline for up to an additional thirty (30) days if replying within thirty (30) days would unreasonably interfere with our operations, or if the time required to undertake any consultations necessary to respond to the request would make it impractical to meet that time limit. When necessary, we may also extend the response deadline for as long a period as is necessary to permit conversion of the personal information at issue into an alternative format that would allow a person with a sensory disability to read or listen to that personal information. We will provide written notice you of any response period extension within thirty (30) days of your request. We will respond to a request for access at minimal or no cost.

9.4 If you demonstrate to our satisfaction that your personal information that is held or controlled by us is inaccurate or incomplete, we will make appropriate amendments. These amendments may involve the correction, deletion, or addition of personal information. Where appropriate, the amended personal information will be transmitted to other parties that have previously received the inaccurate or incomplete personal information. Alternately, where your request for an amendment of or addition to your personal information is not granted by us, the nature of your request for correction will nonetheless be transmitted to third parties having access to the personal information in question.

ARTICLE 10 – CHALLENGING COMPLIANCE

10.1 In the event that you wish to enquire or complain about our personal information practices or our compliance with this Privacy Policy, a written enquiry or complaint should be sent to the attention of the Privacy Co-ordinator at the co-ordinates provided in Article 1 above. The Privacy Co-ordinator will investigate all complaints and respond to all written enquiries. If a complaint is found to be justified by the Privacy Co-ordinator, we will take all reasonable steps to amend our relevant privacy-related policies or procedures.

D. CHANGES TO CPSI’S PRIVACY POLICY

We reserve the right to modify or supplement this Privacy Policy. A revised Privacy Policy will only apply to personal information collected subsequent to its effective date.

Part 2

OUR e-PRIVACY COMMITMENT FOR CANADAPRIVACY.CA/CANADAPRIVACY.COM

Introduction

This e-Privacy Commitment explains the manner in which we deal with any personal information that CPSI gathers through this Web site. We are committed to providing you with an online experience that respects and protects your personal privacy-related choices and concerns. Our Privacy Commitment incorporates our Privacy Policy and practices as detailed in Part 1 above, as augmented by the provisions that follow. Please read them thoroughly.

Please note that this Web site is also governed by the CanadaPrivacy Terms of Use, which can be accessed by clicking on the link in this sentence. We urge you to review the CanadaPrivacy Terms of Use before proceeding further on this Web site.

Normal Web Site Usage

You can visit our Web site to read product and company information without telling us who you are or revealing any personal information.

The personal information that we collect and store during normal Web site usage is predominantly related to requests for information from prospective clients and other interested parties.

Dealings With Personal Information

The amount and type of personal information received about you during visits to the CanadaPrivacy Web site depends on how you use this site. We only collect personal information from you via the open-text message functionality incorporated in our Contact Us web screen. This information, including name, telephone and facsimile numbers, mailing and email addresses, language of communication and subject matter of request, is collected with your consent and is stored by us in a manner appropriate to the nature and sensitivity of that data.

Cookies

Our Web site does not issue or use cookies.

Links

The CanadaPrivacy site may contain links to other sites. When you click on links that take you to third party Web sites, you will be subject to the third parties’ privacy policies. While we support the protection of privacy on the Internet, we are not responsible for the actions of third parties or for their privacy practices. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every Web site with which they interact.

Security

We use industry-standard technologies when transferring personal information to and receiving personal information from CanadaPrivacy Web site users to help ensure the security and confidentiality of that data.

Children

We do not use this Web site to knowingly solicit personal information from or market to persons under the age of 18.

Additional Information

This Commitment applies only to our customers ordinarily resident in Canada that visit this Web site. If you are a Canadian resident, any questions that you may have regarding our Privacy Commitment should be directed to our Privacy Co-ordinator at:

CanadaPrivacy Services Inc.
P.O Box 72090 Kanata North RPO
Ottawa, Ontario
K2K 2P4

Attention: Rick Shields

Phone: (613) 254-8652
Fax: (613) 254-8628

Alternatively, you may contact the Privacy Co-ordinator via Contact Us