Aspin Kemp & Associates (AKA) is a systems integration company specializing in developing, manufacturing, installing, maintaining and documenting engineering solutions.
1. Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Service Manager;
2. Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
3. Consent: organizations must obtain an Individuals express or implied consent when they collect, use, or disclose the individuals personal information;
4. Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
5. Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
6. Accuracy: organizations are required to keep personal information in active files accurate and up-to-date;
7. Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
8. Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
9. Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and
10. Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Service Manager, and respond promptly to a request or complaint by the individual.
"Personal information" means any information about an identifiable individual. It includes, without limitation, information relating to identity, gender, address, telephone number, e-mail address, and information relating to financial transactions as well as certain personal opinions or views of an Individual.
"Business information" means business name, business address, and business telephone number, name of owner, officer and director, job titles. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by AKA staff, members and Board members, as is required for individual personal information under PIPEDA.
"Individual" means the user of web forms on AKAs websites.
"Form" means the form or related forms completed by the individual(s) to request service or other responses from AKA.
"Database" means the list of names, addresses and telephone numbers of individuals held by AKA in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
"File" means the information collected in the course of processing a request, as well as information collected/updated to maintain record /provide service.
"Express consent" means the individual submits forms containing personal information, authorizing AKA to collect, use, and disclose the individual's personal information for the purposes set out in the application and/or forms.
"Implied Consent" means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
"Third Party" means a person or company that provides services to AKA in support of the programs, benefits, and other services offered by AKA, such as other companies, persons with whom the individual does business, but does not include any Government office or department to whom AKA reports in the delivery of such programs, benefits or services.
Personal information is collected in order to help provide accurate and detailed response to individuals.
Only that information which is required to make responses will be collected. Although the individual's detailed address may be requested in the form, provision of this personal information is optional.
At the time of collecting personal information, when an individual clicks the submit button of a form, AKA has the individual's implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
An individual can choose not to provide some or all of the personal information at any time, but if AKA is unable to collect sufficient information, the individuals request may not be fulfilled.
An individual can withdraw consent to AKAs use of personal information at any time, by making such request in writing.
Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:
AKA will use personal information without the individual's consent, where:
the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
an emergency exists that threatens an individuals life, health or security;
the information is for statistical study or research;
the information is publicly available;
the use is clearly in the individuals interest, and consent is not available in a timely way;
knowledge and consent would compromise the availability or accuracy of the information, and
collection is required to investigate a breach of an agreement.
Personal information will be disclosed to only those AKA employees and the Board of Directors that need to know the information for the purposes of their work or generating responses to the individual's request.
Personal information will be disclosed to third parties with the individual's knowledge and consent.
PIPEDA permits AKA to disclose personal information to third parties, without an individual's knowledge and consent, to:
a lawyer representing AKA;
collect a debt owed to AKA by the individual;
comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
a law enforcement agency in the process of a civil or criminal investigation;
a government agency or department requesting the information; or,
as required by law.
PIPEDA permits AKA to transfer personal information to a third party, without the individual's knowledge or consent, if the transfer is simply for processing purposes and the third party only uses the information for the purposes for which it was transferred. AKA will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was transferred.
Personal information will be retained in database for such periods of time as may be prescribed by applicable laws and regulations.
An individual can request AKA to remove related personal information from database at any time, by making such request in writing.
AKA endeavours to ensure that any personal information provided by the individual in his or her file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify AKA of any change in personal or business information for active sales/service cases.
Access to personal information will be limited to AKA employees who have to make a response to the individuals request. Personal information contained in AKA computers and electronic databases are password protected. Access to any of the AKAs computers also is password protected. AKAs Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and "sniffer" software arising from Internet activity.
An Individual who wishes to review or verify what personal information is held by AKA, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing, to the AKAs Service Manager. Upon verification of the individual's identity, the Service Manager will respond within 60 days.
If the individual finds that the information held by AKA is inaccurate or incomplete, upon notification AKA will make the required changes to the individual's record promptly.
If an individual has a concern about AKAs personal information handling practices, a complaint, in writing, may be directed to the AKAs Service Manager.
Upon verification of the individual's identity, AKAs Service Manager will act promptly to investigate the complaint and provide a written report of the investigation's findings to the individual.
Where AKA's Service Manager makes a determination that the individual's complaint is well founded, the Service Manager will take the necessary steps to correct the offending information handling practice and/or revise AKA 's privacy policies and procedures.
Where AKAs Service Manager determines that the individual's complaint is not well founded, the individual will be notified in writing.
If the individual is dissatisfied with the finding and corresponding action taken by AKAs Service Manager, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada
112 Kent Street, Ottawa,
Ontario K1A 1H3
Service Manager: Email address: email@example.com
9 Myrtle Street