We specialize in the development of techniques, strategies, plans, and technologies for the purpose of providing various benefits to financial industry firms. We are committed to protecting the privacy of any and all information we obtain in the course of carrying out our functions.
Our management and protection of personal information (which is provided to us by clients, investors, applicants, members of the public, employees, and volunteers), including information that is subject to investor-client privilege, is guided by the following principles:
b. We embodie a culture in which personal information is protected and respected.
All employees, volunteers, interns, and service providers working on our behalf are responsible for maintaining the security of sensitive and personal information in our custody and control.
All managers are responsible for overseeing the collection, use, disclosure, retention, and disposal of personal information within their departments to ensure compliance with our policies.
The Information and Privacy Officer, under the supervision of management, has overall responsibility for dealing with requests for access to information under FIPPA.
The Privacy Compliance Officer, under the supervision of management, has overall responsibility for the following:
Schedule 1 of FIPPA defines “personal information” as recorded information about an identifiable individual other than “contact information.” Examples of personal information include an individual’s name, home address, home phone number, age, financial information, and family status. Items that are considered to be “contact information” are an individual’s name, title, business telephone number, business address, business e-mail, and business fax number.
We collect, use, disclose, and retain personal information about client firm practices, client firm management, investors, applicants, employees, volunteers, and third parties in order to perform our duties and functions to protect the interests of our clients. This including information gathered for the following reasons:
We are authorized under FIPPA and other applicable laws to collect personal information for certain purposes.
When collecting personal information, we will do the following:
In some instances, we may collect personal information over the Internet. The online forms on our website use SSL encryption to protect the data stream. Upon submission, the personal information is retained in a secure database.
We will only access, use, or disclose personal information for the purposes for which it was collected — or for a use that is consistent with that purpose — unless consent for another access, use, or disclosure has either been obtained, is permitted by FIPPA rules, or is otherwise authorized by the law. Personal information will not be accessed, used, or disclosed by our employees, interns, or volunteers, except as authorized in the course of fulfilling their duties and responsibilities.
We will only retain personal information for as long as necessary to fulfill the purposes for which the personal information was collected — including for the purpose of meeting any legal, accounting or other reporting requirements or obligations.
If we use personal information to make a decision that directly affects an individual or a client, we will keep that information for at least one year after using it so that individuals or clients have a reasonable opportunity to obtain access to it.
We have a file classification system that sets out specific retention periods for different types of information within our custody and control. These schedules will be reviewed periodically to ensure that personal information is not kept for longer than necessary to serve the original purpose. When personal information is no longer required, we will dispose of it securely.
We protect personal information in accordance with the applicable laws. Our organization has made reasonable security arrangements to secure against the unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction of personal information. All of our employees, interns, and volunteers are required to comply with our policies and procedures in relation to the security, management, and protection of all personal information within our custody and control. Service providers working on behalf of our company are required to comply with FIPPA and will be made aware of and reminded of this requirement as necessary.
In conducting crisis prevention practices, we handle information subject to privilege or confidentiality between client firms and their investors. When we obtain information from any client relating to a current or former client, we assume all obligations in relation to the protection of privilege and the disclosure of that information, subject to FIPPA rules.
We will not sell or rent personal information. Where we are permitted by FIPPA rules — or are otherwise authorized by law — to disclose personal information to a third party, we will inform the third party that it must not disclose the personal information for any purpose other than the purpose for which we gave the personal information to the third party.
Privacy protections will be in place for all service providers. All contracts entered into by our company with service providers that may have access to personal or confidential information will contain specific provisions requiring compliance with FIPPA and applicable laws relating to the security and privacy of personal information. Managers may determine it is adequate for service providers to sign a confidentiality agreement if service providers do not have access to personal or confidential information or if managers consider it is appropriate in the circumstances.
All service providers that may have access to personal information in our custody or control will be advised and reminded as necessary of our privacy policies and our obligations to ensure the security and protection of personal information.
Information or records available to the public through routine channels, such as our website and publications, may be disclosed to individuals without requiring the submission of a formal request.
Formal requests for access to information are processed under FIPPA. Any individual can formally request access to personal information in the custody or control of our organization by submitting a request in writing to our Information and Privacy Officer.
Before providing the personal information, we may need to ask individuals to verify their identity.
Under FIPPA, we have 30 business days after the information is requested to respond to a request. If we need more time to process the request, we will give an individual written notice before the expiry of the 30 business days.
We may refuse access to certain personal information when such refusal is authorized or required by law. In the event that we refuse access, we will notify the individual of this decision in writing and outline the reasons for the refusal.
When an individual’s or client’s personal information is in the custody and control of our company and when the personal information will be used by us to make a decision that directly affects the individual, we will make every reasonable effort to ensure that the personal information is accurate and complete.
Individuals may write to us and request that any errors or omissions be corrected. If we are satisfied that a request for correction is reasonable, we will correct the personal information as soon as reasonably possible. If we do not agree with the request, we will advise the requesting party accordingly, and note both the request and our reason for not making the requested change on our file.
If individuals are dissatisfied with the way we have handled their personal information, they are entitled to submit a complaint to us.
Our Privacy Compliance Officer will investigate all complaints concerning compliance with our privacy policies and with the information and privacy laws. The Privacy Compliance Officer will make every reasonable effort to resolve complaints including, if necessary, recommending changes to policies and procedures. The complainant will be informed of the outcome of the investigation regarding his or her complaint.
When you browse our website, the following information is collected and stored:
d. Our web pages or online tools that you used
We use this information to analyze the use and performance of the website — using Google Analytics and other tools — to enable us to improve the website, evaluate our technical infrastructure and to monitor compliance with our terms and conditions of use. We do not use this information to identify website users, unless you choose to provide your identity to us through one of the means available on the website or unless we are required to identify website users by law.
A person must be an authorized user in order to access our secure server and use our online tools. Personal information will only be used for the purpose provided by us — or for a use consistent with that purpose — by persons authorized by us. If you believe your personal information is being used for a purpose other than what you intended, please contact our Privacy Compliance Officer.
We protect personal information by using a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and is then encrypted into our database. This information is accessed only by individuals who are authorized with special access rights to our systems and are required to keep the information confidential.
A cookie is a file that is stored on your computer by your web browser when you use an Internet site. We only use session cookies, which remain in existence only during the course of your session. Authorized users who wish to access the secure section of our website must therefore enable their computers to accept cookies.
We do not sell or trade any personally identifiable information. Trusted third parties who assist us in operating our website and conducting our business may have access to personal information if necessary. Information provided by anyone through this website will be used and disclosed as necessary for regulatory and compliance purposes. In some cases, we may be required to disclose information by law.
We feature links to third-party websites on our website. These third-party sites have separate and independent privacy policies. We therefore assume no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about the sites we link to.
Our Terms and Conditions set out the use, disclaimers, and limitations of liability governing your use of our website.