REACH ORTON-GILLINGHAM LEARNING CENTRE INC. (“REACH”)
OUR COMMITMENT TO PRIVACY
SCOPE OF POLICY
In accordance with PIPA, this Policy addresses personal information about individuals. It does not apply to information collected, used or disclosed with respect to corporate or commercial entities. However, corporate and commercial information is protected by other REACH’ policies and practices and through contractual arrangements.
This Policy does not impose any limits on the collection, use or disclosure of the following information by REACH:
- your business contact information; or
- publicly available information recognized under PIPA.
In this Policy:
“REACH” means Reach Orton-Gillingham Learning Centre Inc.
“collection” means the act of gathering, acquiring, or obtaining personal information from you and other sources (including third parties such as the police, provincial licensing bodies, security institutions and Equifax) by any means.
“consent” means voluntary agreement to the collection, use and disclosure of personal information for specified purposes. Consent may be express or implied. Express consent may be given orally or in writing, if it is unequivocal and does not require any inference on the part of REACH. Implied consent exists when REACH can reasonably infer consent based upon your action or inaction.
“disclosure” means making personal information available to a third party.
“personal information” means information about an identifiable individual but does not include his or her business contact information. Personal information does not include information concerning corporate or commercial entities. It also does not include information that cannot be associated with a specific individual.
“PIPA” means the British Columbia Personal Information Protection Act, S.B.C. 2003, c.63.
“third party” means an individual or organization other than you and REACH.
“Privacy Officer” means an individual designated by REACH who is accountable for compliance with this Policy by REACH and whose contact particulars are set forth at the end of this Policy.
“use” means the treatment and handling of personal information by and within REACH.
“we”, “it”, “our” or “its” means or refers to REACH.
REACH is responsible and accountable for personal information under its control. REACH has designated a single Privacy Officer who is accountable for our compliance with this Policy. Ultimate accountability for compliance by REACH rests with its Board of Directors who delegate day-to-day accountability to the Privacy Officer. Other individuals within REACH may be accountable for the day-today collection and processing of personal information or to act on behalf of the Privacy Officer. REACH will adopt procedures to protect personal information, receive and respond to complaints and inquiries, train staff regarding privacy policies and procedures and communicate policies and procedures to you.
When collecting personal information, REACH will state the purpose of collection and will provide, on request, contact information for the Privacy Officer who can answer questions about the collection.
REACH will collect your personal information for the following purposes:
- to provide and administer products and services requested and to use and disclose the information for any
- purpose related to operation of accounts and provision of requested products and services;
- to determine your potential needs and financial capabilities;
- to determine which of its products and services may meet your potential needs;
- to evaluate my application(s) and determine risks;
- to provide personal information to third party suppliers of products and services;
- to provide personal information to insurance carriers/agents and financial institutions in order to update your personal information;
- to protect us, you and others from fraud and error and to safeguard our financial interests;
- to authenticate your identity;
- to provide personal information in order to obtain quotations for or ordering of products and services requested by you;
- to collect debts owed to us;
- to manage or transfer assets or liabilities of REACH, for example in the case of an acquisition or merger, the provision of security for a credit facility or the change of a carrier;
- and to comply with legal and regulatory requirements.
REACH may be required by law to obtain your social insurance number to report interest or investment income to Canada Revenue Agency. The above collections, uses and disclosures are a reasonably necessary part of your relationship with REACH.
- REACH and its shareholders and associates may use your personal information to offer additional or alternate products and services to you and may add your personal information to lists which it prepares and uses for this purpose;
- REACH may share your personal information with its directors, officers, shareholders, franchisees, and associates and with reputable third parties so they may offer their products or services to you;
- REACH may use your social insurance number as an aid to identify you with credit bureaus and other financial institutions for credit history file matching purposes.
- REACH or its designate may contact you for survey, demonstration or seminar purposes and for newsletter delivery.
You may instruct REACH to refrain from using or sharing your personal information in any or all of the four ways described above at any time by providing written notification to our Privacy Officer. We acknowledge that the sharing of your personal information in any or all of the four ways described above is at your option and we confirm that you will not be refused access to any product or service merely because you have advised us to stop using or sharing your personal information in any or all of the four ways shown above.
When your personal information is to be used for a purpose not previously identified, the new purpose will be disclosed to you prior to such use, and your consent will be sought unless the use is authorized or required by PIPA or other law.
REACH will obtain your consent to collect, use or disclose personal information except where such consent is already authorized or required by PIPA or other law to do so without your consent. For example, REACH may collect, use or disclose personal information without your knowledge or consent, in any case when the following occurs:
- REACH is collecting or paying a debt;
- REACH is obtaining legal advice; or
- REACH reasonably expects that obtaining consent would compromise an investigation or proceeding.
Your consent may be express or implied, or given through an authorized representative such as a lawyer, agent or broker. Consent may be provided orally, in writing, electronically, through inaction (such as when you fail to notify REACH that you do not wish your personal information collected/used/disclosed for optional purposes following reasonable notice to you) or otherwise. For example, oral consent could be expressed over the telephone when information is being collected; electronically when submitting an agreement, application or other information; or in writing when signing an agreement or application form.
You may withdraw your consent at any time, subject to legal or contractual restrictions, provided reasonable written notice of withdrawal of consent is given by you to the Privacy Officer. Upon receipt of your written notice, the Privacy Officer will inform you of the likely consequences of the withdrawal, which may include the inability of REACH to provide certain products or services for which the delivery of that information is a prerequisite.
4. LIMITS ON COLLECTION OF PERSONAL INFORMATION
REACH will not collect personal information indiscriminately and will limit its collection of your personal information to what is reasonably necessary to provide a product or service to you or which is reasonably necessary for any other purpose consented to by you. REACH may also collect information as authorized by PIPA or other law.
5. LIMITS FOR USING, DISCLOSING AND RETAINING PERSONAL INFORMATION
Your personal information will only be used or disclosed for the purposes set out above and as authorized by PIPA and other law. We will keep personal information on an individual for at least one year after using it to make the decision. We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for legal or business purposes. We will take due care when destroying personal information so as to prevent unauthorized access to such information.
We will make a reasonable effort to ensure that personal information we are using or disclosing is accurate and complete. In most cases, we will rely on you to ensure that certain information, such as your street address, e-mail address or telephone number, is current, complete and accurate. If you contact our Privacy Officer to point out the inaccuracy or incompleteness of personal information, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed. When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, we will annotate the personal information under our control with a note that a correction was requested but not made.
7. SAFEGUARDING PERSONAL INFORMATION
We will protect the personal information in our custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks to such information.
We will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by our suppliers and agents who assist in providing products and services to you. Some specific safeguards include:
- physical measures such as fire-resistant computer server facilities, filing cabinets and relevant office shelving which are locked during non-business hours;
- organizational measures such as restricting employee access to files and databases as appropriate;
- electronic measures such as passwords and firewalls;
- investigative measures where the Privacy Officer has reasonable grounds to believe that your personal information is being inappropriately collected, used or disclosed.
- We will not be responsible for any loss or damage suffered as a result of a breach of security or confidentiality when you or we transmit information to each other by e-mail or other wireless communication or when one or both of them transmits such information by such means.
We are open about the joint policies and procedures we use to protect your personal information. Disclosure of our policies and procedures will be made available in writing and electronically. However, to ensure the integrity of our security procedures and business methods, REACH will not disclose sensitive information about our policies and procedures.
REACH will make available to you a description of the type of personal information held by us and a general description of its use and disclosure.
9. PROVIDING ACCESS
You have a right to access your personal information held by us. Your personal information which is or will be contained in application forms, files, statements, transaction slips and account agreements will be provided to you upon written request and authentication of your identity. Upon written request and authentication of identity, we will provide you with your other personal information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom such information has been disclosed.
REACH may charge a reasonable fee for providing personal information in response to a PIPA access request and will provide an estimate of any fee upon receiving a written access to personal information request. We may require a deposit for all or part of the fee. Our Privacy Officer will make personal information available within 30 days of request or provide written notice where additional time is required to fulfill the request.
In some situations, we may be unable to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information that, if disclosed, could harm the competitive position of REACH. REACH may also be prevented by law from providing access to certain personal information.
Where an access request is refused in whole or in part, we will notify you in writing, giving the reason for whole or partial refusal and outlining further steps which are available to you.
Robert Zylstra, Privacy Officer
REACH ORTON-GILLINGHAM LEARNING CENTRE INC.
1051 Churchill Crescent, North Vancouver, British Columbia, V7P 1P9