Compliance Guard

Privacy Statement

1. Introduction

We specialize in the development of techniques, strategies, plans, and technologies for the purpose of providing various benefits to financial industry firms. We are committed to protecting the privacy of any and all information we obtain in the course of carrying out our functions.

2. Principles

Our management and protection of personal information (which is provided to us by clients, investors, applicants, members of the public, employees, and volunteers), including information that is subject to investor-client privilege, is guided by the following principles:

a. All personal information in our custody and control will be collected, used, and disclosed in accordance with the Freedom of Information and Protection of Privacy Act (FIPPA), and any other applicable legislation governing the sharing and security of private information.

b. We embodie a culture in which personal information is protected and respected.

3. Responsibilities

All employees, volunteers, interns, and service providers working on our behalf are responsible for maintaining the security of sensitive and personal information in our custody and control.

All managers are responsible for overseeing the collection, use, disclosure, retention, and disposal of personal information within their departments to ensure compliance with our policies.

The Information and Privacy Officer, under the supervision of management, has overall responsibility for dealing with requests for access to information under FIPPA.

The Privacy Compliance Officer, under the supervision of management, has overall responsibility for the following:

Ensuring that we have the appropriate policies and processes in place to safeguard the personal information in our custody and control.
Monitoring our compliance with all privacy policies and legislative requirements.

4. What is personal information?

Schedule 1 of FIPPA defines “personal information” as recorded information about an identifiable individual other than “contact information.” Examples of personal information include an individual’s name, home address, home phone number, age, financial information, and family status. Items that are considered to be “contact information” are an individual’s name, title, business telephone number, business address, business e-mail, and business fax number.

5. Acceptable reasons for collecting, using, disclosing, and retaining personal information

We collect, use, disclose, and retain personal information about client firm practices, client firm management, investors, applicants, employees, volunteers, and third parties in order to perform our duties and functions to protect the interests of our clients. This including information gathered for the following reasons:

To assess and administer applications for the collection of data
To receive, investigate, and manage complaints
To conduct disciplinary investigations regarding the misuse of private information
To act in an advisory capacity for clients
To audit and investigate financial records and accounts
To investigate client policies and procedures
For research and development
To enable our employees to carry out their functions
For statistical research and analysis purposes
To ensure compliance with any and all legal requirements
To inform and protect the public and clients in accordance with our duties under FIPPA
To receive and respond to requests for access to information in compliance with the law
To establish, manage, and terminate the employment and volunteer relationships between our organization and its employees, interns, and volunteers

6. Collecting personal information

We are authorized under FIPPA and other applicable laws to collect personal information for certain purposes.

When collecting personal information, we will do the following:

Limit the collection of personal information to what is necessary to undertake our functions, or limit the collection according to what is permitted by the applicable law
Be open and transparent about the information that is being collected by clearly communicating the lawful purpose for the collection
Ensure that all individuals and clients have the ability to request access to the personal information we hold about them
Ensure that all individuals have the ability to seek correction if personal information is incorrect
Only collect personal information directly from the subject of the information, unless consent is given to collect information from other sources or collection from another source is permitted by the applicable law

7. Collecting personal information over the Internet

In some instances, we may collect personal information over the Internet. The online forms on our website use SSL encryption to protect the data stream. Upon submission, the personal information is retained in a secure database.

8. Using or disclosing personal information

We will only access, use, or disclose personal information for the purposes for which it was collected — or for a use that is consistent with that purpose — unless consent for another access, use, or disclosure has either been obtained, is permitted by FIPPA rules, or is otherwise authorized by the law. Personal information will not be accessed, used, or disclosed by our employees, interns, or volunteers, except as authorized in the course of fulfilling their duties and responsibilities.

9. Retaining and disposing of personal information

We will only retain personal information for as long as necessary to fulfill the purposes for which the personal information was collected — including for the purpose of meeting any legal, accounting or other reporting requirements or obligations.

If we use personal information to make a decision that directly affects an individual or a client, we will keep that information for at least one year after using it so that individuals or clients have a reasonable opportunity to obtain access to it.

We have a file classification system that sets out specific retention periods for different types of information within our custody and control. These schedules will be reviewed periodically to ensure that personal information is not kept for longer than necessary to serve the original purpose. When personal information is no longer required, we will dispose of it securely.

10. Safeguarding personal information

We protect personal information in accordance with the applicable laws. Our organization has made reasonable security arrangements to secure against the unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction of personal information. All of our employees, interns, and volunteers are required to comply with our policies and procedures in relation to the security, management, and protection of all personal information within our custody and control. Service providers working on behalf of our company are required to comply with FIPPA and will be made aware of and reminded of this requirement as necessary.

11. Certain matters privileged

In conducting crisis prevention practices, we handle information subject to privilege or confidentiality between client firms and their investors. When we obtain information from any client relating to a current or former client, we assume all obligations in relation to the protection of privilege and the disclosure of that information, subject to FIPPA rules.

12. Third parties

We will not sell or rent personal information. Where we are permitted by FIPPA rules — or are otherwise authorized by law — to disclose personal information to a third party, we will inform the third party that it must not disclose the personal information for any purpose other than the purpose for which we gave the personal information to the third party.

13. Service providers

Privacy protections will be in place for all service providers. All contracts entered into by our company with service providers that may have access to personal or confidential information will contain specific provisions requiring compliance with FIPPA and applicable laws relating to the security and privacy of personal information. Managers may determine it is adequate for service providers to sign a confidentiality agreement if service providers do not have access to personal or confidential information or if managers consider it is appropriate in the circumstances.

All service providers that may have access to personal information in our custody or control will be advised and reminded as necessary of our privacy policies and our obligations to ensure the security and protection of personal information.

14. Right to request access to personal information

Information or records available to the public through routine channels, such as our website and publications, may be disclosed to individuals without requiring the submission of a formal request.

Formal requests for access to information are processed under FIPPA. Any individual can formally request access to personal information in the custody or control of our organization by submitting a request in writing to our Information and Privacy Officer.

Before providing the personal information, we may need to ask individuals to verify their identity.

Under FIPPA, we have 30 business days after the information is requested to respond to a request. If we need more time to process the request, we will give an individual written notice before the expiry of the 30 business days.

We may refuse access to certain personal information when such refusal is authorized or required by law. In the event that we refuse access, we will notify the individual of this decision in writing and outline the reasons for the refusal.

15. Right to seek correction of personal information

When an individual’s or client’s personal information is in the custody and control of our company and when the personal information will be used by us to make a decision that directly affects the individual, we will make every reasonable effort to ensure that the personal information is accurate and complete.

Individuals may write to us and request that any errors or omissions be corrected. If we are satisfied that a request for correction is reasonable, we will correct the personal information as soon as reasonably possible. If we do not agree with the request, we will advise the requesting party accordingly, and note both the request and our reason for not making the requested change on our file.

16. Complaints

If individuals are dissatisfied with the way we have handled their personal information, they are entitled to submit a complaint to us.

Our Privacy Compliance Officer will investigate all complaints concerning compliance with our privacy policies and with the information and privacy laws. The Privacy Compliance Officer will make every reasonable effort to resolve complaints including, if necessary, recommending changes to policies and procedures. The complainant will be informed of the outcome of the investigation regarding his or her complaint.

Website Privacy

1. What information do we collect when you visit your website?

When you browse our website, the following information is collected and stored:

a. The IP (Internet Protocol) address of your Internet service provider or your computer which also identifies the domain name (such as shaw.ca or yourcompany.com) of your service

b. The operating system of your computer and the browser you use (Internet Explorer, Firefox, Safari, etc.)

c. The time and date that you visited our site

d. Our web pages or online tools that you used

We use this information to analyze the use and performance of the website — using Google Analytics and other tools — to enable us to improve the website, evaluate our technical infrastructure and to monitor compliance with our terms and conditions of use. We do not use this information to identify website users, unless you choose to provide your identity to us through one of the means available on the website or unless we are required to identify website users by law.

2. What do we do with information provided directly by you?

A person must be an authorized user in order to access our secure server and use our online tools. Personal information will only be used for the purpose provided by us — or for a use consistent with that purpose — by persons authorized by us. If you believe your personal information is being used for a purpose other than what you intended, please contact our Privacy Compliance Officer.

3. How do we protect personal information?

We protect personal information by using a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and is then encrypted into our database. This information is accessed only by individuals who are authorized with special access rights to our systems and are required to keep the information confidential.

4. Do we use cookies?

A cookie is a file that is stored on your computer by your web browser when you use an Internet site. We only use session cookies, which remain in existence only during the course of your session. Authorized users who wish to access the secure section of our website must therefore enable their computers to accept cookies.

5. Do we disclose any information to third parties?

We do not sell or trade any personally identifiable information. Trusted third parties who assist us in operating our website and conducting our business may have access to personal information if necessary. Information provided by anyone through this website will be used and disclosed as necessary for regulatory and compliance purposes. In some cases, we may be required to disclose information by law.

6. Third-party links

We feature links to third-party websites on our website. These third-party sites have separate and independent privacy policies. We therefore assume no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about the sites we link to.

7. Terms and Conditions

Our Terms and Conditions set out the use, disclaimers, and limitations of liability governing your use of our website.

8. Consent

By using our site, you accept the terms of this Privacy Statement.

Privacy

We have a strong commitment to privacy and we treat all personal information in our possession with the utmost care and attention to privacy standards.