PURPOSE The Company is committed to the protection of the personal information of the individuals with whom we deal.
SCOPE This policy applies to all employees of the Company.
COLLECTION OF PERSONAL INFORMATION The Company gathers information about customers in order to provide them with applicable products and services. The Company may collect personal information for reasons which include, but are not limited to:
3.1 verify customer identity
3.2 manage any customer special needs and requests
3.3 respond to customer inquiries and concerns
3.4 forward and collect customer bills
3.5 determine customer credit ratings
3.6 deliver products and services to customers
3.7 meet statutory, regulatory and other legal requirements
When the Company gathers personal information about individuals, it endeavours to protect that information from improper use or disclosure by means of administrative, technical, contractual and physical practices designed to safeguard against accidental or intentional misuse.
DISCLOSURE The Company's general policy is to not disclose or share personal information with other organizations. Notwithstanding that general policy, there are occasions when this may be necessary. These may include, but are not limited to, the provision of information to third parties such as:
4.1 contractors providing products or services on behalf of the Company
4.2 emergency service providers (e.g. fire, ambulance, police)
4.3 law enforcement agencies and related governmental agencies or authorities seeking information to which they are permitted by law
4.4 collection agencies acting on the Company's behalf to collect overdue accounts
When personal information is shared with third parties in circumstances such as those outlined above, the Company provides only that information which is necessary for the purpose and requires that the third party agrees to use it only for that limited purpose.
DEFINITION — PERSONAL INFORMATION Personal information is data about an identifiable individual with the exception of information included on business cards. Because business cards set out information about an individual in his or her role as a business person, it is generally not treated as personal information. Business card data includes the name, working address, work contact numbers and work e-mail address, title and company or organization name. With the exception of business card data, personal information will only be used for the purposes for which it was collected with the person's consent. Some examples of data that must be treated as personal information include:
Driver's License Number
Payment and billing history
Bills and collection notices
Company reports which include customer information
PROTECTION OF PERSONAL INFORMATION No personal information will be provided to third parties without the consent of the individual except as noted in this Policy. In those cases in which contractors require personal information in connection with their provision of products and services, the Company will contractually require such third parties to protect that personal information in a manner that is consistent with our privacy policies and security practices. Personal information will only be collected to the extent necessary to fulfill the business function. The Company will only provide access to the personal information to the extent necessary to fulfill reasonable business needs. Finally, when it is determined that the personal information is no longer required, it will be deleted or destroyed in a secure manner.
CHIEF PRIVACY OFFICER The Chief Privacy Officer (CPO) has responsibility ensuring that all employees and third parties are in compliance with this Policy. The CPO may be contacted at email@example.com.
INTERNAL PROCEDURES The Company has internal procedures which are designed to protect the security of personal information of our customers. These include:
8.1 access to personal information is restricted to those individuals who have a legitimate business purpose for its use
8.2 training for employees having such access in the use, handling and protection of personal information
8.3 requirement that sensitive personal information will not be left in plain view or unattended in non-secure areas
8.4 requirement that transmission of personal information which be undertaken in a reasonably secure fashion
8.5 computers which allow access to personal information will be locked out when the computer's user is away from his or her work station
8.6 documents which include personal information will be kept in locked storage cabinets
8.7 when no longer in use, documents which include personal information will be shredded on site
8.8 electronic records which include personal information will be secured by application, network and server security
8.9 when no longer in use, electronic records which include personal information will be disposed of in a permanent and secure manner
8.10 individuals accessing or using personal information other than for the legitimate business of the Company will be disciplined up to and including discharge having regard to the circumstances of the misconduct
CONSENT Consent is required for the Company to gather personal information. That consent may be provided either expressly at the time the information is requested or, alternatively, consent may be implied in situations where the personal information is offered by the individual or in those cases in which the individual continues to use the Company's products or services following the Company's notification of a change in the manner in which the product or service is offered. It should be noted that while the provision of personal information is always the choice of an individual, a decision to withhold information may affect the manner or extent to which products and services are delivered.
ACCESS TO PERSONAL INFORMATION BY ITS OWNER Should an individual wish to access his or her own personal information, the CPO should be contacted. Requests shall be met within a reasonable time frame having regard to the nature of the request and the ability of the Company to direct resources necessary to collect the personal information in question.
RETENTION AND DISPOSAL OF PERSONAL DATA Personal information is kept for varying time periods depending on the nature of the information. Factors which affect that period of time include:
11.1 the business needs of the Company
11.2 legal and regulatory requirements
11.3 a determination as to whether the personal information is the subject of an inquiry
In cases where it is determined that the personal information is no longer required, documents will be shredded and electronic records will be erased in a permanent manner.
PRIVACY CONCERNS An individual having a concern with respect to this Policy or the manner in which his or her personal information has been dealt with should contact the CPO via email at firstname.lastname@example.org.