Canrich
Corporation Privacy Code
Introduction
To The Code
On
January 1, 2004, Canadian federal privacy legislation, and in some
cases provincial privacy legislation, will apply to provincially
incorporated and regulated entities that collect, use and disclose
information about identifiable individuals in the course of
business and commercial activities. Canrich Corporation (“Canrich”)
is required to comply with the requirements of such legislation as
of
January 1, 2004
.
This Privacy Code deals with the collection, use, disclosure and
protection of personal information by Canrich. It also deals with
the rights that each individual who is a Canrich customer has to
gain access to personal information that Canrich has about him or
her, and to have that information corrected if it is inaccurate.
Canrich
is committed to protecting the privacy and safeguarding the
personal data and information of individuals who are its
customers. In merging its respect for each individual’s privacy
with its business objectives, Canrich has adopted the ten Privacy
Principles outlined below. Canrich limits the collection of
personal information from individuals to that which is permitted
by law and which is necessary to provide training, products and
services with respect to the Canrich software tools. Periodically,
Canrich may ask for feedback from customers on products or
services that Canrich is providing or is considering providing.
There
are situations specific to the Canrich business where service and
product providers, such as Canrich, will disclose personal
information to third parties in order to provide effective and
efficient services to their customers. For example, personal
information may be disclosed to:
Service
Providers:
businesses such as real time data suppliers, processors and record
keepers that provide other goods and services with respect to TSX
Inc. and other marketplaces.
Canrich
will only disclose to such third parties the personal information
of Canrich customers that these service providers require in order
to fulfil their service obligations to Canrich and hence to
Canrich’s customers. Every such disclosure will be made subject
to specific protection measures.
In
addition, Canrich may identify products or services that it
believes to be of value to current, past and prospective customers
and to inform you of these products or services. If you would
prefer that Canrich does not use your personal information for
this purpose, please advise us by writing to the Privacy Officer
at our
Winnipeg office.
Principles of the Privacy Code
Canrich
has prepared a detailed Privacy Code expanding upon the following
ten Privacy Principles to ensure that your privacy is protected.
If you would like a copy of this Privacy Code, you may print this
page or call us at 204-480-2780.
Principle
1 — Accountability
Canrich
is accountable for maintaining and protecting personal information
that it has collected. A Privacy Officer has been designated to
ensure Canrich’s compliance with the principles described in
this Privacy Code.
Principle
2 — Identifying Purposes
Canrich
will identify the purpose of all personal information collected by
it at the time of, or prior to, the information being collected.
Principle
3 — Consent
The
knowledge and consent of Canrich’s customers are required for
the collection, use, or disclosure of personal information, except
as permitted by law or for security reasons.
Principle
4 — Limiting Collection
The
collection of personal information will be limited to that which
is necessary for the purposes identified by Canrich. Information
will be collected only by fair and lawful means.
Principle
5 — Limiting Disclosure & Retention
Canrich
will not use or disclose personal information for purposes other
than those for which the information was collected, except with
the consent of the subject customers or as may be permitted by
law. Canrich will retain personal information only as long as is
necessary for the fulfillment of those purposes.
Principle
6 — Accuracy
Canrich
will maintain personal information in an accurate, complete, and
timely manner as is necessary for the purposes for which it is to
be used.
Principle
7 - Safeguards
Canrich
will protect personal information with security safeguards
appropriate to the sensitivity of the information.
Principles
8 — Openness
Canrich
will make readily available to its customers specific information
about its policies and practices relating to the management of
personal information.
Principle
9 — Customers Access
Upon
making a request in writing to our Privacy Officer, Canrich
Corporation,
449 Provencher Boulevard,
Winnipeg
,
Manitoba
,
R2J 0B8
, a Canrich customer will be informed within thirty (30) days of
the existence, use and disclosure of his or her personal
information, and will be given access to that information, except
where refusal is permitted by law. A Canrich customer will have
the right to challenge the accuracy and completeness of the
information and have it amended as appropriate.
Principle
10 — Customer Inquiries and Challenges
A
customer may inquire about or challenge Canrich’s compliance
with these principles by contacting our Privacy Officer.
Privacy Code Definitions
The
following definitions apply to the Canrich Corporation Privacy
Code:
“customer”
— a person (an
identifiable individual) about whom Canrich collects information
in carrying out its computer software, information provision and
customer service business. This includes persons who have dealt
with or intend to deal with Canrich, and any other person who has
contacted Canrich and provided his or her own personal information
to Canrich. This definition is intended to include both customers
and potential customers of Canrich.
“collection”
— the act of gathering,
acquiring or obtaining personal information from any source,
including from third parties, by any means.
“consent”
— voluntary agreement
with what is being done or proposed. Consent can be either
express or implied. Express consent is given explicitly, either
orally or in writing. Express consent is unequivocal and does not
require any inference on the part of Canrich seeking consent.
Implied consent arises where consent may reasonably be inferred
from the action or inaction of the customer.
“control”
— Canrich controls
personal information if the personal information is in the
possession of Canrich or a person to whom Canrich has disclosed
the personal information, excluding a person to whom such
disclosure was permitted by law.
“disclosure”
— making personal
information available to others outside Canrich’s administration
department for which the personal information was or is collected.
“personal
information” — data
or information about an identifiable customer. This
definition of “personal information” includes information
about a customer or about any other individual if the customer or
other individual is identifiable as the subject of the
information, but does not include aggregate information that
cannot be associated with a specific customer or individual.
“Personal information” may include, but is not limited to an
individual’s name, social insurance number, address, telephone
number, e-mail address, date of birth, family status, marital
status, occupation, assets, investments, liabilities, income,
credit rating, whether or not credit was extended or refused to
the individual, credit and payment records of the individual.
“Canrich”
— includes Canrich
Corporation, a Manitoba corporation.
“use”
— the treatment and
handling of personal information within the Canrich business
department for which the personal information is collected.
Detailed
Explanation Of Privacy Principles:
Principle
1 — Accountability
Canrich
is accountable for maintaining and protecting any personal
information it has collected. A Privacy Officer has been
designated to ensure Canrich’s compliance with the principles
described in this Privacy Code.
The
identity of the individual designated by Canrich as its Privacy
Officer will be available upon request.
Canrich
is responsible for personal information in its possession, custody
or control, including information that has been transferred to a
third party for processing. Prior to disclosing
any personal information to any third party, Canrich will
use contractual or other means to provide a comparable level of
protection while the personal information is in the possession,
custody or control of a third party.
Principle
2 — Identifying Purposes
Canrich
will identify the purposes of the collection of all personal
information collected by it at the time of, or prior to, the
actual collection of the information.
Identifying
the purposes for which personal information is collected at or
before the time of collection allows Canrich to determine the
information it needs to collect to fulfill these purposes. The
identified purposes will be specified to the customer at or before
the time of collection, either orally or in writing.
When
personal information that has been collected is to be used for a
purpose not previously identified, such new purpose will be
identified before use. The consent of the customer will be
required before personal information can be used for that purpose,
unless the new use of that information is permitted by law.
Principle
3 — Consent
The
knowledge and consent of the customer are required for the
collection, use, or disclosure of personal information, except as
may be permitted by law or for security reasons.
Such
consent is required for the collection of personal information and
the subsequent use or disclosure of this information. Canrich will
obtain consent for the use or disclosure of the information at the
time of collection. In certain circumstances, consent with
respect to the use or disclosure may be sought after the
information has been collected, but before its use for a purpose
not previously identified.
Canrich
will make a reasonable effort to ensure that the subject customer
is advised of the purposes for which the personal information will
be used. To make the consent meaningful the purposes must be
stated in such a manner that the customer can reasonably
understand how the personal information will be used or disclosed.
Consent can also be given by an authorized representative (such as
a legal guardian or a person having power of attorney).
A
customer may withdraw his or her consent at any time, subject to
legal or contractual restrictions and reasonable notice. Canrich
will inform the customer of the implications of such withdrawal.
Absent any such withdrawal, a customer’s consent is valid for
the length of time needed to achieve the identified purposes.
Principle
4 — Limiting Collection
The
collection of personal information will be limited to that which
is necessary for the purposes identified by Canrich.
Information
will be collected only by fair and lawful means.
Canrich
will not collect personal information indiscriminately. Both
the amount and type of information collected will be limited to
that which is necessary to fulfill the purposes identified.
Canrich
may obtain personal information from customers through hard copy,
electronic or other means or media. Personal information
will be collected by fair and lawful means.
Principle
5 — Limiting Use, Disclosure and Retention
Canrich
will not use or disclose personal information for purposes other
than those for which the information was collected, except with
the consent of the customer or as may be permitted by law. Canrich
will retain personal information only as long as is necessary for
the fulfillment of those purposes.
As
regards any disclosure to any third party service provider, only
the provision of personal information which is necessary for the
provision of such services will be provided by Canrich to such
service provider. Every such disclosure will be made subject to
the protection measures specified
Personal
information that has been used to make a decision about a customer
will be retained long enough to allow the customer access to the
information after the decision has been made. Canrich is
subject to legislative requirements with respect to retention
periods.
Principle
6 — Accuracy
Canrich
will maintain personal information in such an accurate, complete,
and timely manner as is necessary for the purposes for which it is
to be used.
The
extent to which personal information must be accurate, complete
and up-to-date will depend upon the use of information, taking
into account the interests of the customer. Information must be
sufficiently accurate, complete and up-to-date to minimize the
possibility that inappropriate information may be used to make a
decision about the customer.
Canrich
will not routinely update personal information, unless such a
process is necessary to fulfill the purposes for which it was
collected. Personal information that is used on an on-going
basis, including information that is disclosed to third parties,
should generally be accurate and up-to-date, unless limits to the
requirement for accuracy are clearly set out.
Principle
7 – Safeguards
Canrich
will protect personal information with security safeguards
appropriate to the sensitivity of the information.
The
security safeguards must protect personal information against loss
or theft, as well as unauthorized access, disclosure, copying,
use, or modification. Canrich will protect personal information
regardless of the format or media in which it is held.
The
nature of the safeguards will vary depending on the sensitivity of
the information that has been collected, the amount, distribution,
and format of the information, and the method of storage.
Principle
8 — Openness
Canrich
will make readily available to its customers, specific information
about its policies and practices relating to the management of
personal information.
Canrich
will be open about its policies and practices with respect to the
management of personal information. Customers are able to acquire
information about Canrich’s policies and practices through its
publications, Website and by telephone.
Principle
9 — Customer Access
Upon
request in writing, a customer will be informed of the existence,
use and disclosure of his or her personal information and will be
given access to that information, except where permitted by law. A
Canrich customer will have the right to challenge the accuracy and
completeness of the information and have it amended as
appropriate.
Canrich
will respond to a written request for customer access within
thirty (30) days after receipt of the request. Canrich will allow
the customer access to this information unless to do so would:
•
reveal personal information about a third party;
•
breach a solicitor-client privilege;
•
potentially threaten the life or security of another individual;
•
disclose personal information collected to investigate a breach of
an agreement or contravention of law; or,
•
reveal information generated in the course of a dispute resolution
process.
In
addition, Canrich will provide an account of the use that has been
made or is being made of this information and an account of the
third parties to which it has been disclosed. If such a request is
denied, the customer will be given reasons for the denial.
Before
Canrich provides an account of the existence, use, and disclosure
of personal information of a particular customer, the customer may
be required to provide sufficient information to permit Canrich to
provide an account of the existence, use and disclosure of
personal information. The information provided will only be
used for this purpose.
Principle
10 — Customer Inquiries and Challenges
A
customer may inquire about or challenge Canrich’s compliance
with these principles by contacting Canrich’s Privacy Officer.
Canrich has procedures in place to receive and respond to
complaints or inquiries about its policies and practices relating
to the handling of personal information. The complaint procedures
are easily accessible and simple to use.
Canrich
will investigate all complaints. If a complaint is found to be
justified through either the internal or external complaint review
process, Canrich will take appropriate measures, including
amending its policies and practices, if necessary.
|