PREAMBLE
Ralan Canada Inc. o/a WE’:) (hereinafter “WE’:)”) is committed tomaintaining the accuracy, security and privacy of Personal Information inaccordance with the Personal Information Protection and Electronic DocumentsAct (the “Act”). This policy is a statement of principles and guidelinesconcerning the collection, storage, use, disclosure, protection and accuracy ofPersonal Information collected and controlled by WE’:).
The Act defines “Personal Information” as any factual orsubjective information, recorded or not, about an identifiable individual, including:
(a) age, name, ID numbers, income, ethnic origin, or bloodtype,
(b) opinions, evaluations, comments, social status, ordisciplinary actions; and
(c) employee files, credit records, loan records, medicalrecords, existence of a dispute between a consumer and a merchant, intentionalregarding purchases or change in job.
PRINCIPLES GOVERNING COLLECTION, USE AND DISCLOSURE OFPERSONAL INFORMATION
1. ACCOUNTABILITY
WE’:) is responsible for protecting all personal information held by itor transferred to a third party for processing. WE’:) has appointed aPrivacy Officer who is responsible for WE’:)’s compliance with the Act. The Privacy Officer may be contacted by e-mail at [email protected]
WE’:) has developed personal information policies and practices that:
(a) protect personal information,
(b) require any third party contracting with WE’:) to guaranteethe same level of protection;
(c) train employees on privacy policies and procedures; and
(d) make the privacy policy available to individuals.
WE’:) may, from time to time, retain the services of consultantsand agencies that will, in the course of their duties, have limited access topersonal information held. Access is restricted to any held personalinformation as much as is reasonably possible, without hindering the processfor which they have been engaged. WE’:) also obtains the third party’sassurance that they follow appropriate privacy principles and not use anycollected information for any other purpose other than those specificallyrelating to the on-going business activities of WE’:). From time to timeWE’:)’s website may contain links to or from other websites. WE’:) is notresponsible for the privacy practices of those websites or their affiliatedorganizations/partners. WE’:)’s privacy policy is in effect only forinformation that is collected from this site.
2. PURPOSE
WE’:) identifies the purposes for which it collects personal informationbefore or at the time of collection. Before or when personal informationis collected, WE’:) identifies, documents, and informs the individual why it isneeded and how it will be used. WE’:) obtains the individual’s consent,either verbally, electronically or in writing, before using the personalinformation for any new purpose.
WE’:) collects personal information for the following purposes:
(a) verifying creditworthiness;
(b) communicating information and offers to individuals;
(c) understanding and analyzing sales, needs andpreferences;
(d) developing and providing services, including facilitatingproduct pickup;
(e) marketing and advertising products and services;
(f) participating in promotions and programs;
(g) participating in research or focus groups;
(h) processing exchanges or returns;
(i) improving services andstore appearances; and
(j) responding to requests and/or complaints.
3. CONSENT
WE’:) makes every reasonable effort to obtain express consent forthe collection, use or disclosure of personal information. WE’:) makesevery effort to explain how it will use the personal information, that consentmay be withdrawn, and any consequences arising from the withdrawal. WE’:)does not accept consent from a party lacking the capacity to give it. Regardless of any personal information supplied to WE’:), you have the right toopt out of receiving any future communications. All electronic communicationswill always have an unsubscribe link within the body of the document. You mayalso have your name removed from WE’:)’s mailing list by completing the form atWE’:).com/myprofile.
4. LIMITING COLLECTION
WE’:) does not collect personal information indiscriminately anddoes not deceive or mislead individuals about the reasons for collectingit. WE’:) limits the amount and type of information gathered to what isnecessary for the identified purpose. WE’:) obtains personal informationin the following manner:
(a) Verbally: over the telephone or in person throughinteraction with our Client Services Representatives, Advisors, Managers andTeam Leaders.
(b) In Writing: through registration forms, application forms,authorizations, surveys, questionnaires, and resumes communicated by e-mail,regular mail, fax, website, and the internet or through exchange and refundtransactions.
5. LIMIT USE DISCLOSURE AND RETENTION
WE’:) uses or discloses personal information only for the purpose thatit was collected, unless the individual consents or the use or disclosure isauthorized by the Act. WE’:) only keeps personal information as long asnecessary to satisfy the purpose. WE’:) does not give or sellclient/guest lists to any organization or individual other than companiescontracted to implement direct mailings/marketing or to analyzedata. WE’:) has guidelines and procedures in place for retainingand destroying personal information. Any personal information that hasnot been used for its identified purpose within a consecutive 24-month periodor 2 years is destroyed or deleted, unless otherwise dictated by legislation.
6. ACCURACY
WE’:) keeps personal information as accurate, complete and up-to-date asnecessary, taking into account its use and the interests of theindividual. WE’:) updates personal information from time to time asprovided by the individual.
7. SAFEGUARDS
WE’:) protects personal information against loss or theft and safeguardsit from unauthorized access, disclosure, copying, use or modificationregardless of the format in which it is held.
WE’:) has implemented security safeguards including, but not limitedto,:
(a) physical measures (locked filing cabinets, restrictingaccess to offices, alarm systems);
(b) technological tools (passwords, encryption, firewalls,security policy); and
(c) organizational controls (limiting access on a“need-to-know” basis and to secure areas).
8. OPENNESS
WE’:) makes policies and practices for the management of personalinformation available and easily understandable. Individuals areencouraged to contact the Privacy Officer to discuss WE’:)’s privacy policies,how to obtain access to his or her personal information, and to make privacyrelated complaints, comments, or recommendations.
9. ACCESS
Upon request, WE’:) will provide individuals access to their personalinformation. All requests should be forwarded to the Privacy Officer.WE’:) may ask the individual to supply enough information to enable it toaccount for the existence, use and disclosure of the personal information,including a recent form of identification. WE’:) will attempt to respondto requests within thirty (30) business days. This time frame may beextended pursuant to the Act. WE’:) will correct or amend any personalinformation if its accuracy and completeness is challenged and found to bedeficient. All amended information will be sent to third parties havingaccess to it, where appropriate. In the event that access is denied,WE’:) will provide written reasons. WE’:) will also delete any personalinformation upon request.
10. RECOURSE
An individual may make a complaint in writing to the PrivacyOfficer. WE’:) has a procedure in place and will investigate allcomplaints. WE’:) will notify individuals of the outcome ofinvestigations within sixty (60) business days of receipt of a complaint. If justified, WE’:) will correct any inaccurate Personal Information or modifypolicies and procedures based on the outcome of the investigation and ensurethat all relevant staff is aware of any change.