Privacy Policy of Organization

Progress:
0%
?
X

Enter whether or not the organization is looking for a privacy policy on the use of websites.

Need
help?
Customize the template
Preview your document

PRIVACY POLICY

of

________



1) INTRODUCTION

a. This privacy policy is revised as of: ________.

b. The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA) governs how organizations collect, use, and disclose personal information of individuals in the course of business.

c. This privacy policy is intended to provide information on the way in which ________ uses, collects, and discloses the personal information of its clients and customers.

d. Only the information that ________ requires in order to carry out its services to clients and customers will be documented and stored in a secure manner. Our business to our clients and customers includes the following and is the reason for which we require personal information:

________

e. ________ always ensures to protect the personal information of its clients while in the course of business.

f. The Office of the Privacy Commissioner (Commissioner) oversees PIPEDA and addresses complaints by individuals.


2) COLLECTION AND CONSENT

a. Collection of personal information is classified as an individual's name, age, income, heritage, credit records, medical records, Social Insurance Number, marital status, education level, and more.

b. Consent can be either express or implied.

c. ________ obtains express consent from its clients and customers. This consent is obtained by:

________

d. ________ makes attempts to collect information directly from our clients and customers, but may need to collect information indirectly from other sources when necessary, all of which is completed in a legal manner consistent with PIPEDA.

e. Legal exceptions to having to obtain consent include as follows:

    • if asking for express consent has the effect of compromising the accuracy of the information;
    • collection of information is in the best interests of our client or customer;
    • information is in a witness statement and the collection is needed to settle an insurance claim;
    • to comply with the law, including warrants, subpoenas, and investigations.

f. Clients and customers may withdraw their consent. This withdrawal may be subject to certain restrictions depending on the circumstances. If that's the case, reasonable notice may be required.


3) PURPOSE OF COLLECTION

a. ________ needs to collect personal information from its clients or customers in order to properly and accurately represent its clients and customers, and such, in accordance with PIPEDA. Information also needs to be collected for the following purposes:

________

b. The information that we collect may also include information of other entities with whom our clients or customers conduct business. This may be needed in order to facilitate our services to our clients and customers.

c. Any changes in the use of the information that we collected shall be done with the express consent of our clients and customers. This means that if we collected client information for a certain purpose and later needed to conduct a separate, unrelated matter for the same client, we will obtain the client's consent prior to using the information for the separate, unrelated matter.


4) USE AND DISCLOSURE OF INFORMATION

a. Personal information provided to ________ by its clients and customers may need to be disclosed to third parties in order for us to properly represent and act in our clients' and customers' best interests. Only the information required by a third party is disclosed in order to complete the tasks for which the information was needed. This may include, for example, having to disclose personal information to a government authority in order to register our client or customer with a regulatory government body.

b. ________ specifically discloses information as follows:

________

c. When information is provided to us, whether upon our request or not, the delivery of such information is deemed to be done with consent, and ________ may collect, use, and disclose that information.

d. Notwithstanding the foregoing, our clients' and customers' personal information shall be treated with the strictest confidence, and thus, any personal information shall not be disclosed without consent, unless otherwise required by law.


5) SECURITY AND RETENTION OF INFORMATION

a. When it is reasonable and legal to do so, ________ shall discard all of our clients' and customers' personal information, whether digitally stored or otherwise, and shall comply with applicable law in doing so.

b. During the destruction process, all information that ________ holds shall be kept confidential.


6) SAFEGUARDING INFORMATION

a. Employees of ________ shall only have access to relevant records if they are delegated tasks for which access to those records is necessary. Access to records is on a need-to-know basis.

b. Physical records shall be protected by way of:

________.

c. All important communications from ________ to third-parties or other entities containing sensitive client or customer information shall be encrypted through the use of secure-software communications and password-protected PDFs, where applicable.

d. Workplace policies are in place which prohibit ________ from clicking on any form of spam mail, suspicious messages, or access to malicious websites.

e. Personal devices and hardware of employees and staff at ________ is prohibited unless specific authorization is requested and subsequently granted.

f. Where applicable, ________ will utilize public and private clouds to store and secure client and customer data across all of their devices. Public cloud use is through one or more of Google, Microsoft, Dropbox, and more. Private cloud use is done with the storage of files and records on secure servers using a private cloud network with, typically, more than one harddrive working in tandem through usage of a NAS (Network Attached Storage) and specific configurations.


7) REQUEST FOR ACCESS TO INFORMATION

a. Individuals have the right to submit a written request to have their information removed from the records of ________, and to access and verify their information. Where permitted by law, we will respond to any request in the timeframe provided for under PIPEDA.

b. Access may not be granted in certain circumstances, including the following:

I. Information protected by solicitor-client privilege;
II. Information that could be reasonably expected to reveal confidential commercial information;
III. Information disclosed to law enforcement;
IV. Information produced in a formal dispute; and
V. All other exceptions under PIPEDA.

c. Information that clients or customers have with ________ may be corrected and amended upon written request. Notice must be provided with the updated information so that our records can be duly updated to reflect the changes. Once the changes are made, we shall also provide notice to relevant third parties and keep them informed.

d. Personal information maintained is kept accurate, up-to-date, and complete. Individuals may challenge any information that is incorrect or incomplete by giving notice to ________. However, only information that is necessary for purposes related to the collection of the information in the first place shall be changed by ________.

e. The Office of the Privacy Commissioner can be contacted for any complaints.


8) 8885885

552585 225 5582 522 852828228 25 82282528 522555822 2588 2588582 228882, 25 252 252225 82 85885 82225252822 88 822525 25 2222 822285222858, 52 222 52882522 22 8222582 ________ 58822 252 82828 8222582 82225252822. 22 85588 5282225 22 828585828 58 8222 58 25582885882. 225 828585828 8825 82288288 282288228 28258888525 52525 252588, 82 85588 555252 22 25282 85822585.

________

________

________

________

Preview your document

PRIVACY POLICY

of

________



1) INTRODUCTION

a. This privacy policy is revised as of: ________.

b. The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA) governs how organizations collect, use, and disclose personal information of individuals in the course of business.

c. This privacy policy is intended to provide information on the way in which ________ uses, collects, and discloses the personal information of its clients and customers.

d. Only the information that ________ requires in order to carry out its services to clients and customers will be documented and stored in a secure manner. Our business to our clients and customers includes the following and is the reason for which we require personal information:

________

e. ________ always ensures to protect the personal information of its clients while in the course of business.

f. The Office of the Privacy Commissioner (Commissioner) oversees PIPEDA and addresses complaints by individuals.


2) COLLECTION AND CONSENT

a. Collection of personal information is classified as an individual's name, age, income, heritage, credit records, medical records, Social Insurance Number, marital status, education level, and more.

b. Consent can be either express or implied.

c. ________ obtains express consent from its clients and customers. This consent is obtained by:

________

d. ________ makes attempts to collect information directly from our clients and customers, but may need to collect information indirectly from other sources when necessary, all of which is completed in a legal manner consistent with PIPEDA.

e. Legal exceptions to having to obtain consent include as follows:

    • if asking for express consent has the effect of compromising the accuracy of the information;
    • collection of information is in the best interests of our client or customer;
    • information is in a witness statement and the collection is needed to settle an insurance claim;
    • to comply with the law, including warrants, subpoenas, and investigations.

f. Clients and customers may withdraw their consent. This withdrawal may be subject to certain restrictions depending on the circumstances. If that's the case, reasonable notice may be required.


3) PURPOSE OF COLLECTION

a. ________ needs to collect personal information from its clients or customers in order to properly and accurately represent its clients and customers, and such, in accordance with PIPEDA. Information also needs to be collected for the following purposes:

________

b. The information that we collect may also include information of other entities with whom our clients or customers conduct business. This may be needed in order to facilitate our services to our clients and customers.

c. Any changes in the use of the information that we collected shall be done with the express consent of our clients and customers. This means that if we collected client information for a certain purpose and later needed to conduct a separate, unrelated matter for the same client, we will obtain the client's consent prior to using the information for the separate, unrelated matter.


4) USE AND DISCLOSURE OF INFORMATION

a. Personal information provided to ________ by its clients and customers may need to be disclosed to third parties in order for us to properly represent and act in our clients' and customers' best interests. Only the information required by a third party is disclosed in order to complete the tasks for which the information was needed. This may include, for example, having to disclose personal information to a government authority in order to register our client or customer with a regulatory government body.

b. ________ specifically discloses information as follows:

________

c. When information is provided to us, whether upon our request or not, the delivery of such information is deemed to be done with consent, and ________ may collect, use, and disclose that information.

d. Notwithstanding the foregoing, our clients' and customers' personal information shall be treated with the strictest confidence, and thus, any personal information shall not be disclosed without consent, unless otherwise required by law.


5) SECURITY AND RETENTION OF INFORMATION

a. When it is reasonable and legal to do so, ________ shall discard all of our clients' and customers' personal information, whether digitally stored or otherwise, and shall comply with applicable law in doing so.

b. During the destruction process, all information that ________ holds shall be kept confidential.


6) SAFEGUARDING INFORMATION

a. Employees of ________ shall only have access to relevant records if they are delegated tasks for which access to those records is necessary. Access to records is on a need-to-know basis.

b. Physical records shall be protected by way of:

________.

c. All important communications from ________ to third-parties or other entities containing sensitive client or customer information shall be encrypted through the use of secure-software communications and password-protected PDFs, where applicable.

d. Workplace policies are in place which prohibit ________ from clicking on any form of spam mail, suspicious messages, or access to malicious websites.

e. Personal devices and hardware of employees and staff at ________ is prohibited unless specific authorization is requested and subsequently granted.

f. Where applicable, ________ will utilize public and private clouds to store and secure client and customer data across all of their devices. Public cloud use is through one or more of Google, Microsoft, Dropbox, and more. Private cloud use is done with the storage of files and records on secure servers using a private cloud network with, typically, more than one harddrive working in tandem through usage of a NAS (Network Attached Storage) and specific configurations.


7) REQUEST FOR ACCESS TO INFORMATION

a. Individuals have the right to submit a written request to have their information removed from the records of ________, and to access and verify their information. Where permitted by law, we will respond to any request in the timeframe provided for under PIPEDA.

b. Access may not be granted in certain circumstances, including the following:

I. Information protected by solicitor-client privilege;
II. Information that could be reasonably expected to reveal confidential commercial information;
III. Information disclosed to law enforcement;
IV. Information produced in a formal dispute; and
V. All other exceptions under PIPEDA.

c. Information that clients or customers have with ________ may be corrected and amended upon written request. Notice must be provided with the updated information so that our records can be duly updated to reflect the changes. Once the changes are made, we shall also provide notice to relevant third parties and keep them informed.

d. Personal information maintained is kept accurate, up-to-date, and complete. Individuals may challenge any information that is incorrect or incomplete by giving notice to ________. However, only information that is necessary for purposes related to the collection of the information in the first place shall be changed by ________.

e. The Office of the Privacy Commissioner can be contacted for any complaints.


8) 8885885

552585 225 5582 522 852828228 25 82282528 522555822 2588 2588582 228882, 25 252 252225 82 85885 82225252822 88 822525 25 2222 822285222858, 52 222 52882522 22 8222582 ________ 58822 252 82828 8222582 82225252822. 22 85588 5282225 22 828585828 58 8222 58 25582885882. 225 828585828 8825 82288288 282288228 28258888525 52525 252588, 82 85588 555252 22 25282 85822585.

________

________

________

________