PTAG Inc. provides computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives and must manage them responsibly to maintain the confidentiality, integrity, and availability of its information assets.
1.2. Ten Principles of PIPEDA
- Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer;
- Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
- Consent: organizations must obtain an Individual’s express or implied consent when they collect, use, or disclose the individual’s personal information;
- Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
- Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
- Accuracy: organizations are required to keep personal information in active files accurate and up-to-date;
- Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
- Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
- Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and
- Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual.
“Personal information“ means any information about an identifiable individual. It includes, without limitation, information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, marital status, education, employment health history, assets, liabilities, payment records, credit records, loan records, income and information relating to financial transactions as well as certain personal opinions or views of an Individual.
“Business information“ means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (GST, RST, source deductions), financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by PTAG staff, members and Board members, as is required for individual personal information under PIPEDA.
“Data base” means the list of names, addresses and telephone numbers of clients and individuals held by PTAG in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
“File” means the information collected in the course of processing an application, as well as information collected/updated to maintain /service the account.
“Express consent“ means the individual signs the application, or other forms containing personal information, authorizing PTAG to collect, use, and disclose the individual’s personal information for the purposes set out in the application and/or forms.
“Implied Consent” means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
“Third Party” means a person or company that provides services to PTAG in support of the services offered by PTAG.
2. Purpose of Collecting Personal Information
PTAG collects personal information about clients to enable us to serve them better and to develop our business and operations. More specifically, we collect, use and disclose personal information for the following purposes:
- To establish, maintain and manage our client relationships in order to provide products and services that have been requested
- To be able to inform clients of our products other than those that have been specifically requested, including sending information promoting other PTAG Inc. services.
- To be able to comply with client requests or inquiries
- To establish and maintain commercial relationships including to issue invoices, administer accounts, collect and process payments, and to fulfill contractual obligations
- To understand and respond to client needs and preferences, including to contact and communicate with clients and to conduct surveys, research and evaluations
- To monitor quality control and respond to questions and concerns through correspondence with clients
- As permitted by and to comply with any legal or regulatory requirements or provisions, including in relation to adverse event reporting
- For any other purpose to which clients give consent
It is important that where we collect, use or disclose your personal information we have your consent to do so. In general, we seek to obtain your express informed consent before collecting your information.
Express consent can be given orally, electronically or in writing.
Subject to legal or contractual restrictions and reasonable notice, you may change or withdraw your consent at any time by contacting us at the address indicated below.
In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide products, services or information that you requested or that could be offered to you. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to us.
4.Limited Collection of Personal Information
5.Limiting Use, Disclosure and Retention
5.1. Use of Personal Information
Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:
- The organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
- An emergency exists that threatens an individual’s life, health or security;
- The information is for statistical study or research;
- The information is publicly available;
- The use is clearly in the individual’s interest, and consent is not available in a timely way;
- Knowledge and consent would compromise the availability or accuracy of the information; and
- Collection is required to investigate a breach of an agreement.
5.2. Use of Personal Information
From time to time, we may use and disclose your personal information: for the purposes described in this Policy or for any additional purposes for which we have obtained your consent. We may share your personal information with our employees, contractors, consultants and other parties who require such information to assist us with establishing, maintaining and managing our relationship with you. We will never disclose your personal information for 3rd party purposes.
In particular, we may disclose your personal information to:
- Service providers, including an organization or individual retained by PTAG Inc. to perform functions on its behalf, such as marketing, data processing, document management and office services
PTAG will ensure, by contractual or other means that the third party protects the information and uses it only for the purposes for which it was transferred.
5.3. Retention of Personal Information
Personal information will be retained in client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.
PTAG endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed.
Individuals are requested to notify PTAG of any change in personal or business information.
Information contained in inactive files is not updated.
Physical Safeguards: All personnel handling personal information will take reasonable steps to ensure the confidentiality and privilege of the physical information being handled.
Organizational Safeguards: Access to personal information will be limited to approved personnel. Members of PTAG are not permitted to copy or retain any personal information on individuals or clients and must return for destruction all such information given to them to review once the purpose for being provided with this information has been fulfilled.
All employee contracts contain confidentiality clauses binding them to maintaining the confidentiality of all personal information to which they have access.
Technological Safeguards: Personal information contained in PTAG computers and electronic databases are password protected in accordance with PTAG’s Information Security Policy. Information sent to PTAG Inc. via email is considered unsecure and the individual sending the information should take proper precautions to protect the data prior to sending. Any information sent in error will be destroyed or deleted at the request of the sender. Access to any of the PTAG’s computers also is password protected. PTAG’s Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from Internet activity.
Upon written request, subject to certain exceptions, PTAG will inform our clients of the existence, use, and disclosure of their personal information and will give clients access to that information.
Access requests should be sent to PTAG, using the contact information in the “Contact us” section of this Policy.
When requesting access to personal information, we will request specific information from the client to enable us to confirm their identity and right to access, as well as to search for and provide the personal information that we hold about the client.
PTAG reserves the right to charge a fee to access a client’s personal information to cover PTAG’s costs; we will advise clients of this fee in advance.
A client’s right to access personal information is not absolute. Applicable law or regulatory requirements may allow or require PTAG to deny a client access where access would inhibit the ability of PTAG Inc. to comply with a legal obligation; where it has already been destroyed due to legal requirements or because we no longer need it for our business purposes and where access would reveal personal information about a third party.
In the event that PTAG cannot provide a client with access to their personal information, the client will be informed of the reasons, subject to any legal or regulatory restrictions.
9.Complaints / Recourse
Clients are to advise PTAG Inc. if they believe that their personal information is inaccurate. Clients have the right to ask for it to be corrected or updated. PTAG will ask clients to provide documentation to support their request for correction or updating.
An individual who has a concern about PTAG’s personal information handling practices may issue a complaint, in writing, directed to PTAG’s Security & Privacy Officer.
Upon verification of the individual’s identity, PTAG’s Security & Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.
Where PTAG’s Security & Privacy Officer makes a determination that the individual’s complaint is well founded, PTAG’s SPO Officer will take the necessary steps to correct the offending information handling practice and/or revise PTAG’s privacy policies and procedures.
Where PTAG’s Security & Privacy Officer determines that the individual’s complaint is not well founded, the individual will be notified in writing.
10.Changes to This Policy; Interpretations
PTAG Inc. reserves the right to modify or supplement this Policy at any time.
If any changes are made to PTAG Inc. use, collection or disclosure of your personal information that require your consent, we will not implement such changes until your consent has been obtained. This Policy does not create or confer upon any individual any rights, or impose upon PTAG Inc. any rights or obligations outside of, or in addition to, any rights or obligations imposed by Canada’s federal and provincial privacy laws, as applicable.
Should there be, in a specific case, any inconsistency between this Policy and Canada’s federal and provincial privacy laws, as applicable, this Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.
PTAG Inc. has a responsible compliance with this Policy. Should you have questions about this Policy or collection, use and disclosure practices of PTAG, you may contact:
Att: Privacy Officer
15 Allstate Parkway, Suite 102