PURPOSE
Private Service Realty Ltd (“PSR”) has adopted this Privacy Policy in accordance with The Personal Information Protection and Electronic Documents Act (PIPEDA). The protection of personal information is important to us. We as a company are committed to protecting the privacy of our clients, customers and other individuals. Our Privacy Policy sets out how we collect, use, safeguard and disclose the personal information of clients, customers, and applicants applying for a job. Our commitment is to maintain the confidentiality of all personal information and to preserve rights to privacy.
SCOPE
This Privacy Policy contains ten principles as defined by PIPEDA that are observed by PSR regarding the collection, use and disclosure of personal information. Each principle must be read in conjunction with the accompanying commentary. The commentary in the PSR Privacy Policy has been tailored to reflect the personal information issues specific to PSR.
APPLICATION
This policy applies to all employees of PSR who are covered by the ESA, regardless of their location of workplace, remote, at home, on site, on the road in office or a combination of any or all of the above.
PSR’s Ten Privacy Principles:
POLICY
The Policy applies to personal information about PSR’s customers, clients, applicants and other individuals, that is collected, used or disclosed by PSR.
The Policy does not apply to information about PSR’s employees; however, such information is protected by PSR’s Employee Privacy Policy.
This Policy is subject to change and may be supplemented or modified by additional terms applicable between PSR and an individual.
DEFINITIONS:
Collection – the act of gathering, acquiring, recording, or obtaining personal information.
Consent – voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either expressed, implied or deemed, and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual's action or inaction. Deemed consent is consent that is deemed to be given pursuant to applicable legislation or other regulations.
Disclosure – making personal information available to a third party.
PSR – Private Service Realty Ltd and its subsidiaries and certain designated affiliates, as they may exist from time to time.
Personal information – information about an identifiable individual, but does not include aggregated information that cannot be associated with a specific individual. Personal information also excludes certain information as is excluded pursuant to applicable legislation or other regulations, such as publicly available information or business contact information, as and when applicable.
Third party – an individual or organization outside PSR.
Use – the treatment, handling and management of personal information by and within an organization.
PRINCIPLE 1 – ACCOUNTABILITY
PSR is responsible for personal information under its control and shall designate one or more persons who are accountable for PSR’s compliance with the following principles.
PSR designates the Chief Privacy Officer as the person accountable for compliance with the Policy. From time to time, the Chief Privacy Officer is entitled to delegate day-to-day responsibility for administration of this Privacy Policy and related privacy policies and practices to other employees and consultants.
PSR shall make known, upon request, the title of the person or persons designated to oversee PSR’s compliance with the Policy.
PSR is responsible for personal information in its possession or under its control. PSR shall use appropriate means to protect personal information while information is being processed by a third party on behalf of PSR (see Principle 7).
PSR shall implement policies and procedures to give effect to the Policy, including: Implementing procedures to protect personal information and to oversee PSR’s compliance with the PSR Privacy Policy;
PRINCIPLE 2 – IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
PSR shall identify and document the purposes for which personal information is collected at or before the time the personal information is collected or, when appropriate, at or before the time the personal information is used for a new purpose.
PSR collects personal information for the following purposes:
Further references to “identified purposes” mean the purposes identified in this Principle.
PSR shall, as appropriate, specify orally, electronically or in writing the identified purposes to the individual at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within PSR who shall explain the purposes.
PRINCIPLE 3 – CONSENT
The knowledge and consent of an individual are generally required for the collection, use or disclosure of personal information. In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual, such as in the case of an emergency where the life, health or security of an individual is threatened.
PSR may disclose personal information without knowledge or consent to a lawyer or other advisor representing PSR, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.
In obtaining consent, PSR shall use reasonable efforts to ensure that an individual is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the individual.
Generally, PSR shall seek consent to use and disclose personal information at the same time it collects the information. However, PSR may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
PSR will require individuals to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is reasonably required to fulfill the identified purposes.
In determining the appropriate form of consent, PSR shall take into account the sensitivity of the personal information and the reasonable expectations of the individual.
Where consent is required for a particular use or disclosure, an individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Individuals may contact PSR for more information regarding the implications of withdrawing consent.
PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION
PSR shall limit the collection of personal information to that which is necessary for the purposes identified by PSR and as permitted by law.
PSR collects personal information primarily from the individual to whom the information relates.
PSR may also collect personal information from other sources including credit bureaus or other third parties who represent that they have the right to disclose the information, or as otherwise permitted by law.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
PSR shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. PSR shall retain personal information only as long as necessary for the fulfillment of those purposes or as required or permitted by law.
PSR may disclose an individual’s personal information to:
Only PSR employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about individuals.
Depending on the circumstances, where personal information has been used to make a decision about an individual, PSR shall retain, for a reasonable period of time, either the actual information or the rationale for making the decision.
PSR shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required or permitted by law to be retained. Such information shall be destroyed, erased or made anonymous.
Where appropriate, PSR may communicate updates of personal information to third parties.
PSR may engage affiliates or third-party service providers for the purpose of providing services or processing information on behalf of PSR, and we may transfer or disclose personal information to such parties in connection with such purposes. Some divisions, affiliates or third- party service providers may be located in other jurisdictions, and information in their custody (i) may or may not be subject to privacy legislation similar to that applicable to PSR, and (ii) may be subject to laws applicable in such jurisdictions that permit access to such information by foreign governments or law enforcement agencies or by others.
PRINCIPLE 6 – ACCURACY
PSR shall take steps to ensure that personal information is as accurate, complete and up-to-date as is appropriate for its purposes.
Personal information used by PSR shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
PSR shall take all reasonable steps to update personal information about individuals as and when reasonably necessary to fulfill the identified purposes or as reasonably requested by the individual.
PRINCIPLE 7 – SECURITY SAFEGUARDS
PSR shall protect personal information by security safeguards appropriate to the sensitivity of the information.
PSR shall take appropriate and reasonable steps to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction.
PSR shall take appropriate and reasonable steps to protect personal information disclosed to third parties, for example by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
PRINCIPLE 8 – OPENNESS
PSR shall make readily available to individuals’ specific information about its policies and practices relating to the management of personal information.
Copies of the Policy will be made available upon request.
PSR shall make information about its policies and procedures easy to understand, including:
PRINCIPLE 9 – INDIVIDUAL ACCESS
Upon request, PSR shall inform an individual of the existence, use and disclosure of his or her personal information, at a minimal or no cost to the individual. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
In certain situations, PSR may not be able to provide access to all the personal information that it holds about an individual. For example, PSR may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of an individual. Also, PSR may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a law. If access to personal information cannot be provided, PSR shall, upon request, provide the reasons for denying access.
In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit PSR to authorize access to the individual's file.
Individuals can seek access to their personal information by contacting the Privacy Officer at PSR.
PSR will endeavor to respond to all requests within 30 days or, in any event, as required or permitted by applicable law.
PRINCIPLE 10 – HANDLING INQUIRES AND CHALLENGES
An individual shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for PSR’s compliance within the Policy.
PSR shall maintain procedures for addressing and responding to all inquiries or complaints from individuals about PSR’s handling of personal information.
PSR shall inform its customers about the existence of these procedures as well as the availability of complaint procedures.
The person or persons accountable for compliance with this Policy may seek external advice where appropriate before providing a final response to individual complaints.
If you have questions or concerns about our privacy policy or practices, or would like changes to the communications we send you, please contact our Privacy Office.
Chief Privacy Officer: Elaine Crossland, VP, Legal & General Counsel
Email: [email protected]
Phone: (416) 781-5699 Ext 142
Mail: Attn: Chief Privacy Officer
552 Wellington Avenue West, Suite 1500, Toronto, ON, M5V 2V5