Canrich
Corporation Privacy Code
Introduction
To The Code
On
January 1, 2004, Canadian federal privacy legislation,
and in some cases provincial privacy legislation, will
apply to provincially incorporated and regulated
entities that collect, use and disclose information
about identifiable individuals in the course of business
and commercial activities. Canrich Corporation
(“Canrich”) is required to comply with the
requirements of such legislation as of
January 1, 2004
.
This Privacy Code deals with the collection, use,
disclosure and protection of personal information by
Canrich. It also deals with the rights that each
individual who is a Canrich customer has to gain access
to personal information that Canrich has about him or
her, and to have that information corrected if it is
inaccurate.
Canrich
is committed to protecting the privacy and safeguarding
the personal data and information of individuals who are
its customers. In merging its respect for each
individual’s privacy with its business objectives,
Canrich has adopted the ten Privacy Principles outlined
below. Canrich limits the collection of personal
information from individuals to that which is permitted
by law and which is necessary to provide training,
products and services with respect to the Canrich
Elevate TraderTM & Elevate InvestorTM
software.
Periodically, Canrich may ask for feedback from
customers on products or services that Canrich is
providing or is considering providing.
There
are situations specific to the Canrich business where
service and product providers, such as Canrich, will
disclose personal information to third parties in order
to provide effective and efficient services to their
customers. For example, personal information may be
disclosed to:
Service Providers:
businesses
such as real time data suppliers, processors and record
keepers that provide other goods and services with
respect to TSX Inc. and other marketplaces.
Canrich
will only disclose to such third parties the personal
information of Canrich customers that these service
providers require in order to fulfil their service
obligations to Canrich and hence to Canrich’s
customers. Every such disclosure will be made subject to
specific protection measures.
In
addition, Canrich may identify products or services that
it believes to be of value to current, past and
prospective customers and to inform you of these
products or services. If you would prefer that Canrich
does not use your personal information for this purpose,
please advise us by writing to the Privacy Officer at
our Winnipeg office.
Principles of the Privacy Code
Canrich
has prepared a detailed Privacy Code expanding upon the
following ten Privacy Principles to ensure that your
privacy is protected. If you would like a copy of this
Privacy Code, you may print this page or call us at
204-480-2780.
Principle
1 — Accountability
Canrich
is accountable for maintaining and protecting personal
information that it has collected. A Privacy Officer has
been designated to ensure Canrich’s compliance with
the principles described in this Privacy Code.
Principle
2 — Identifying Purposes
Canrich
will identify the purpose of all personal information
collected by it at the time of, or prior to, the
information being collected.
Principle
3 — Consent
The
knowledge and consent of Canrich’s customers are
required for the collection, use, or disclosure of
personal information, except as permitted by law or for
security reasons.
Principle
4 — Limiting Collection
The
collection of personal information will be limited to
that which is necessary for the purposes identified by
Canrich. Information will be collected only by fair and
lawful means.
Principle
5 — Limiting Disclosure & Retention
Canrich
will not use or disclose personal information for
purposes other than those for which the information was
collected, except with the consent of the subject
customers or as may be permitted by law. Canrich will
retain personal information only as long as is necessary
for the fulfillment of those purposes.
Principle
6 — Accuracy
Canrich
will maintain personal information in an accurate,
complete, and timely manner as is necessary for the
purposes for which it is to be used.
Principle
7 - Safeguards
Canrich
will protect personal information with security
safeguards appropriate to the sensitivity of the
information.
Principles
8 — Openness
Canrich
will make readily available to its customers specific
information about its policies and practices relating to
the management of personal information.
Principle
9 — Customers Access
Upon
making a request in writing to our Privacy Officer,
Canrich Corporation,
449 Provencher Boulevard,
Winnipeg
,
Manitoba
,
R2J 0B8
, a Canrich customer will
be informed within thirty (30) days of the existence,
use and disclosure of his or her personal information,
and will be given access to that information, except
where refusal is permitted by law. A Canrich customer
will have the right to challenge the accuracy and
completeness of the information and have it amended as
appropriate.
Principle
10 — Customer Inquiries and Challenges
A
customer may inquire about or challenge Canrich’s
compliance with these principles by contacting our
Privacy Officer.
Privacy Code Definitions
The
following definitions apply to the Canrich Corporation
Privacy Code:
“customer”
—
a person (an identifiable individual) about whom Canrich
collects information in carrying out its computer
software, information provision and customer service
business. This includes persons who have dealt with or
intend to deal with Canrich, and any other person who
has contacted Canrich and provided his or her own
personal information to Canrich. This definition is
intended to include both customers and potential
customers of Canrich.
“collection”
—
the act of gathering, acquiring or obtaining personal
information from any source, including from third
parties, by any means.
“consent”
— voluntary
agreement with what is being done or proposed.
Consent can be either express or implied. Express
consent is given explicitly, either orally or in
writing. Express consent is unequivocal and does not
require any inference on the part of Canrich seeking
consent. Implied consent arises where consent may
reasonably be inferred from the action or inaction of
the customer.
“control”
—
Canrich controls personal information if the personal
information is in the possession of Canrich or a person
to whom Canrich has disclosed the personal information,
excluding a person to whom such disclosure was permitted
by law.
“disclosure”
—
making personal information available to others outside
Canrich’s administration department for which the
personal information was or is collected.
“personal
information” —
data or information about an identifiable customer.
This definition of “personal information” includes
information about a customer or about any other
individual if the customer or other individual is
identifiable as the subject of the information, but does
not include aggregate information that cannot be
associated with a specific customer or individual.
“Personal information” may include, but is not
limited to an individual’s name, social insurance
number, address, telephone number, e-mail address, date
of birth, family status, marital status, occupation,
assets, investments, liabilities, income, credit rating,
whether or not credit was extended or refused to the
individual, credit and payment records of the
individual.
“Canrich”
—
includes Canrich Corporation, a Manitoba
corporation.
“use”
—
the treatment and handling of personal information
within the Canrich business department for which the
personal information is collected.
Detailed
Explanation Of Privacy Principles:
Principle
1 — Accountability
Canrich
is accountable for maintaining and protecting any
personal information it has collected. A Privacy
Officer has been designated to ensure Canrich’s
compliance with the principles described in this Privacy
Code.
The
identity of the individual designated by Canrich as its
Privacy Officer will be available upon request.
Canrich
is responsible for personal information in its
possession, custody or control, including information
that has been transferred to a third party for
processing. Prior to disclosing
any personal information to any third party,
Canrich will use contractual or other means to provide a
comparable level of protection while the personal
information is in the possession, custody or control of
a third party.
Principle
2 — Identifying Purposes
Canrich
will identify the purposes of the collection of all
personal information collected by it at the time of, or
prior to, the actual collection of the information.
Identifying
the purposes for which personal information is collected
at or before the time of collection allows Canrich to
determine the information it needs to collect to fulfill
these purposes. The identified purposes will be
specified to the customer at or before the time of
collection, either orally or in writing.
When
personal information that has been collected is to be
used for a purpose not previously identified, such new
purpose will be identified before use. The consent
of the customer will be required before personal
information can be used for that purpose, unless the new
use of that information is permitted by law.
Principle
3 — Consent
The
knowledge and consent of the customer are required for
the collection, use, or disclosure of personal
information, except as may be permitted by law or for
security reasons.
Such
consent is required for the collection of personal
information and the subsequent use or disclosure of this
information. Canrich will obtain consent for the use or
disclosure of the information at the time of collection.
In certain circumstances, consent with respect to the
use or disclosure may be sought after the information
has been collected, but before its use for a purpose not
previously identified.
Canrich
will make a reasonable effort to ensure that the subject
customer is advised of the purposes for which the
personal information will be used. To make the consent
meaningful the purposes must be stated in such a manner
that the customer can reasonably understand how the
personal information will be used or disclosed. Consent
can also be given by an authorized representative (such
as a legal guardian or a person having power of
attorney).
A
customer may withdraw his or her consent at any time,
subject to legal or contractual restrictions and
reasonable notice. Canrich will inform the customer of
the implications of such withdrawal. Absent any such
withdrawal, a customer’s consent is valid for the
length of time needed to achieve the identified
purposes.
Principle
4 — Limiting Collection
The
collection of personal information will be limited to
that which is necessary for the purposes identified by
Canrich.
Information
will be collected only by fair and lawful means.
Canrich
will not collect personal information indiscriminately.
Both the amount and type of information collected will
be limited to that which is necessary to fulfill the
purposes identified.
Canrich
may obtain personal information from customers through
hard copy, electronic or other means or media.
Personal information will be collected by fair and
lawful means.
Principle
5 — Limiting Use, Disclosure and Retention
Canrich
will not use or disclose personal information for
purposes other than those for which the information was
collected, except with the consent of the customer or as
may be permitted by law. Canrich will retain personal
information only as long as is necessary for the
fulfillment of those purposes.
As
regards any disclosure to any third party service
provider, only the provision of personal information
which is necessary for the provision of such services
will be provided by Canrich to such service provider.
Every such disclosure will be made subject to the
protection measures specified
Personal
information that has been used to make a decision about
a customer will be retained long enough to allow the
customer access to the information after the decision
has been made. Canrich is subject to legislative
requirements with respect to retention periods.
Principle
6 — Accuracy
Canrich
will maintain personal information in such an accurate,
complete, and timely manner as is necessary for the
purposes for which it is to be used.
The
extent to which personal information must be accurate,
complete and up-to-date will depend upon the use of
information, taking into account the interests of the
customer. Information must be sufficiently accurate,
complete and up-to-date to minimize the possibility that
inappropriate information may be used to make a decision
about the customer.
Canrich
will not routinely update personal information, unless
such a process is necessary to fulfill the purposes for
which it was collected. Personal information that
is used on an on-going basis, including information that
is disclosed to third parties, should generally be
accurate and up-to-date, unless limits to the
requirement for accuracy are clearly set out.
Principle
7 – Safeguards
Canrich
will protect personal information with security
safeguards appropriate to the sensitivity of the
information.
The
security safeguards must protect personal information
against loss or theft, as well as unauthorized access,
disclosure, copying, use, or modification. Canrich will
protect personal information regardless of the format or
media in which it is held.
The
nature of the safeguards will vary depending on the
sensitivity of the information that has been collected,
the amount, distribution, and format of the information,
and the method of storage.
Principle
8 — Openness
Canrich
will make readily available to its customers, specific
information about its policies and practices relating to
the management of personal information.
Canrich
will be open about its policies and practices with
respect to the management of personal information.
Customers are able to acquire information about
Canrich’s policies and practices through its
publications, Website and by telephone.
Principle
9 — Customer Access
Upon
request in writing, a customer will be informed of the
existence, use and disclosure of his or her personal
information and will be given access to that
information, except where permitted by law. A Canrich
customer will have the right to challenge the accuracy
and completeness of the information and have it amended
as appropriate.
Canrich
will respond to a written request for customer access
within thirty (30) days after receipt of the request.
Canrich will allow the customer access to this
information unless to do so would:
•
reveal personal information about a third party;
•
breach a solicitor-client privilege;
•
potentially threaten the life or security of another
individual;
•
disclose personal information collected to investigate a
breach of an agreement or contravention of law; or,
•
reveal information generated in the course of a dispute
resolution process.
In
addition, Canrich will provide an account of the use
that has been made or is being made of this information
and an account of the third parties to which it has been
disclosed. If such a request is denied, the customer
will be given reasons for the denial.
Before
Canrich provides an account of the existence, use, and
disclosure of personal information of a particular
customer, the customer may be required to provide
sufficient information to permit Canrich to provide an
account of the existence, use and disclosure of personal
information. The information provided will only be
used for this purpose.
Principle
10 — Customer Inquiries and Challenges
A
customer may inquire about or challenge Canrich’s
compliance with these principles by contacting
Canrich’s Privacy Officer. Canrich has
procedures in place to receive and respond to complaints
or inquiries about its policies and practices relating
to the handling of personal information. The complaint
procedures are easily accessible and simple to use.
Canrich
will investigate all complaints. If a complaint is found
to be justified through either the internal or external
complaint review process, Canrich will take appropriate
measures, including amending its policies and practices,
if necessary.
