Purpose of the Privacy Code
The Privacy Code is based on the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the "CSA Code"), which was published as a National Standard of Canada and which forms the basis for the new Personal Information Protection and Electronic Documents Act. We have attempted to apply the principles of the CSA Code specifically to the online environment.
Scope and Application
The Privacy Code is a voluntary code that represents a formal statement of principles and guidelines concerning the minimum protection that we will provide to users regarding the protection of personal information. The Code applies to the management of personal information about a user in any form whether oral, electronic or written that is collected, used or disclosed. The Code consists of ten principles that are closely related.
Because the following words have specific meanings, they have been defined at the beginning of the Code.
Click stream data - data derived from a user's navigational choices expressed during the course of visiting a World Wide Web site or other online areas.
Collect - to gather or acquire record or obtain personal information, from any source, by any means.
Consent - voluntary agreement with the collection, use and disclosure of personal information. Consent can be express or implied, and provided directly by the user or through an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference by the member seeking consent. We rely primarily on electronic or written consent given the uncertainties inherent in oral consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the user.
Disclose - to make personal information available to a third party.
Personal information - information about a user, but not aggregated information that cannot be associated with a specific user. Personal information includes but is not limited to information such as a user's name, postal and electronic addresses, age, gender, income, employment, credit information, billing records, and the like. Clickstream data is only considered personal information if it is linked to other personal information about a user.
Third party - an individual or organization other than us.
Use - our own management of personal information.
User - an individual who uses, or applies to use, our products or services, or who corresponds with us.
The Nine Privacy Principles
Principle 1 - Accountability
Principle 2 - Identifying purposes of personal information
Principle 3 - Getting consent
Principle 4 - Limits for collecting personal information
Principle 5 - Limits for using, disclosing and keeping personal information
Principle 6 - Keeping personal information accurate
Principle 7 - Safeguarding personal information
Principle 8 - user access to personal information
Principle 9 - Handling complaints and question
1. Our accountability
We are accountable for all personal information in our control, including any personal information disclosed to third parties for processing. We will not rent, sell, or share personal information about users with other people or nonaffiliated third parties except to provide products or services the user has requested, when we have the user's express permission, or when required by law.
2. Identifying the purposes of personal information
Personal information may be used for the purposes of: customizing the content users see, fulfilling users' requests for products and services, improving our services, contacting users, and conducting research.
3. Getting the user's consent
We will make a reasonable effort to make sure users understand how the personal information may be used and disclosed by us. We will get consent from our users before or when we collect, use or disclose personal information. We will not deceive a user into giving consent.
A user's consent can be expressed, implied, or given through an authorized representative. A user can withdraw consent at any time, with certain exceptions. We, however, may collect, use or disclose personal information without the user's consent for legal, security, processing reasons or when it is in the public domain.
4. Limits for collecting personal information
We will limit the amount and type of personal information we collect. We will collect personal information for the purposes we have already identified to the user. We will collect personal information using procedures which are fair and lawful.
5. Limits for using, disclosing, and keeping personal information
We will use or disclose personal information only for the reasons it was collected, unless a user gives consent to use or disclose it for another reason.
Under certaincircumstances, we may be obliged to retain or disclose personal information to protect our or the public interest, without user consent.
We will keep personal information only as long as necessary for the identified purposes.
6. Keeping personal information accurate
We will keep personal information as accurate, complete, current and relevant as necessary for its identified purposes. Users may challenge the accuracy and completeness of their personal information and have it amended as appropriate.
7. Safeguarding personal information
We will protect personal information with safeguards appropriate to the sensitivity of the information.
8. Providing user access to personal information
When users request it, we will tell them what personal information we have, what it is being used for, and to whom it has been disclosed.
When users request it, we will give them access to their personal information. In certain situations, however, we may not be able to give users access to all their personal information. We will explain the reasons for this lack of access when users ask.
9. Handling users' complaints and questions
Users may challenge our compliance with our own privacy code. We will promptly investigate user's complaints and questions.