PRIVACY POLICY
Introduction
As a trusted partner, processing significant volumes of sensitive personal information on behalf of its customers, SinglePoint Group International (referred to as the Company) recognizes the critical importance of maintaining confidentiality. The Company’s primary focus is on securely processing personal information and avoiding incidents. The Company has always been committed to respecting the privacy of the personal information of its associates, clients and consumers. Under the Federal Personal Information Protection and Electronic Documents Act “P.I.P.E.D.A.” (introduced January 1, 2001), such protection has been required for all inter-provincial disclosures of information outside the province of origin.
The Company has invested a great deal of time and resources to ensure the confidential information we receive from our Clients remains confidential. We acknowledge, under P.I.P.E.D.A. if were to collect, use or disclose someone’s personal information, we require the consumer’s consent, except in a few specific and limited circumstances. We can use or disclose personal information only for the purpose for which the person gave consent when it was originally collected. Even with consent, we acknowledge there is a limit to its collection, use and disclosure of personal information to purposes that a reasonable person would consider appropriate under the circumstances.
Purpose
The Company is committed to the safekeeping of personal information in order to prevent its loss, theft, unauthorized access, disclosure, duplication, use, or modification. The Company will take all reasonable precautions to ensure that your personal information while in our possession, collected from you, is protected against loss and unauthorized access. This protection applies to information stored in both electronic and/or hard copy form.
Policy
It is the policy of the Company to ensure and respect the privacy of the personal information of its associates, clients and consumers at all time under all circumstances in full compliance with the various provincial and federal privacy legislations.
Definitions
The following definitions from P.I.P.E.D.A. are used in this Privacy Policy for convenience:
“Collection” – the act of gathering, acquiring or obtaining personal information from any source, including from third parties, by any means.
“Consent” – voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the persons seeking the consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
“Disclosure” – making personal information available to other persons.
“Personal Information” – means information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization.
“Use” – treatment and handling of personal information within the Company.
“Personal Information” – means any information relating to an identified or identifiable individual person. All information relating to individuals should be presumed to be Personal Information unless the contrary is clear. We define personal information for consumers as any information that is not publicly known. This includes;
- Name
- Address
- Date of Birth
- Age
- Race
- Colour
- Gender
- Government Issued Identification Numbers
- Passports
- Driver’s Licenses
- Canadian Immigration
- Health Cards
- Income
- Financial Account Numbers
- Payment Records
- Record of Purchases
- Marital Status
- Health Information
- Medical Information
- E-mail address
- Nationality
- Ethnicity
- Religious beliefs
- Political beliefs
PRINCIPLE 1: ACCOUNTABILITY
All the Company associates are responsible for complying with the privacy principles.
Our President & CEO has appointed a Privacy Officer. The Privacy Officer may delegate other individuals to act in his or her behalf. The individual will be known as the “Privacy Officer”.
The Company has and will update specific policies and practices to give effect to this privacy policy, including:
- evaluating and improving procedures to protect personal information;
- establishing procedures to receive and respond to complaints and inquiries;
- training associates and communicating to associate’s information about our policies and practices; and
- explaining our policies and procedures to our clients, consumers, suppliers, visitors and the public.
The Company is responsible for all personal information in its possession or custody, including information that has been transferred through any third party. When we enter into a contract with a third party that involves us transferring personal information to that third party, the individual(s) responsible will ensure that a comparable level of protection is available while the personal information is being processed by the third party. This includes:
- providing a copy of this privacy policy to such person and receiving the written acknowledgement from such person that it will be bound by the policy.
- ensuring the return of all personal information to us upon completion of the contract
- an agreement not to use such information for any other purpose; and
- the destruction of any remaining records in the possession of the third party.
PRINCIPLE 2: IDENTIFYING PURPOSES
The purposes for which personal information is collected shall be identified by the Company before or at the time the information is collected.
Members of the Company shall collect personal information only for the purposes of:
- providing debt collection services to clients, including locating individuals;
- identifying individuals and organizations interested in receiving information about our services, and other marketing purposes;
- hiring and employment purposes;
- training our associates;
- maintaining the security of client information, our premises, information and assets, and our individual associates;
- operating our website;
The specific purposes for which a member of the Company is collecting personal information shall be identified by the member at or before the time the information is collected. Only information that is necessary for the purposes that have been identified may be collected. The purposes for the collection shall be communicated to the subject individual.
PRINCIPLE 3: CONSENT
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except as provided by law.
Consent is generally required for the collection of personal information and the subsequent use or disclosure of such information. The exceptions to such requirement are specified in the federal Personal Information Protection and Electronic Documents Act (P.I.P.E.D.A.) and the applicable provincial statutes. The Company shall, as a general practice, provide each associate involved in the collection of personal information with a summary of such exceptions for use as a reference.
P.I.P.E.D.A. and the applicable provincial statutes contain provisions allowing clients to disclose personal information for the purpose of collecting a debt owed by the individual to the client. Notwithstanding this exception, when we are collecting a debt on behalf of a client, the Company may rely on and shall obtain and adhere to, any form of consent previously obtained by the client, subject to the exceptions provided for in the applicable legislation.
The Company will not, as a condition for the supply of services, require an individual to consent to the collection, use or disclosure of personal information beyond what is necessary for such purposes.
The adequacy of the form of consent depends upon the circumstances and the type of information that is being collected. Generally speaking, the more sensitive the information (such as health records or employment evaluations), the more explicit or manifest is the form of consent that we will require. In obtaining consent, we will take the reasonable expectations of the individual into account. We will not obtain consent through deception.
An individual may withdraw their consent at any time, subject to legal or contractual restrictions and reasonable notice. We will inform the individual of the implications or consequences of withdrawal.
PRINCIPLE 4: LIMITING COLLECTION
The collection of personal information shall be limited to that which is necessary for the purposes identified by the Company. The information shall be collected by fair and lawful means.
We will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which we need to fulfill the purposes identified.
PRINCIPLE 5: LIMITING USE, DISCLOSURE AND RETENTION
Personal information shall not be used or disclosed for purposes other than those for which the information was collected, except with the consent of the individual or as permitted by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
The Company will not use or disclose personal information for purposes other than those for which it was originally collected except, with the individual’s consent or as required by law. Personal information cannot be used or passed on in a manner inconsistent with the identified purpose for which it was collected originally.
The Company may share personal information to Credit Reporting Agencies for the purposes of collecting a debt. We may also share personal information with regulatory agencies and auditors or as required by law.
We do not sell personal information about you to unrelated companies for their independent use.
Certain the Company employees may be granted access to a Customer’s personal information collected by the Company as it relates to their duties; they require access for the purposes outlined. All Company employees are governed by a non-disclosure agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated purpose.
In keeping with the Credit Reporting Act, database and hard copy personal information are retained for a period of six years. Database files are purged, and hard copy documentation is shredded at the expiration of the six year limitation, with the exception of Judgment accounts where information is retained for up to ten years.
Credit Bureau information is requested only under certain circumstances and conditions, depending on the age of the obligation, balance and availability of contact. These inquiries are considered “soft” inquiries and bear no impact to the Consumer.
Personal information in client files is retained for a period of one year after the relationship between the client and the Company concludes. Personal information is shredded at the end of the period. The Company retains personal information only for as long as it is required for the Company’s business purposes or as required by federal and provincial laws.
PRINCIPLE 6: ACCURACY
Personal information shall be accurate, complete and as up-to-date as necessary for the purposes for which it is to be used.
This is particularly important where the information is being used to make some evaluation or judgment about the individual. The extent to which the personal information shall be accurate, complete and up -to-date will depend upon the use of the information, taking into account the interests of the individual.
Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date.
PRINCIPLE 7: SAFEGUARDS
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
The Company takes significant security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. The nature of the safeguards varies according to the sensitivity of the information.
Our methods of protection include physical measures, organizational measures and technological measures. All personal information is handled on a “need-to-know” basis and each associate of the Company is responsible for the protection of the personal information used in his or her job function.
The Company regularly makes all of its associates aware of the importance of maintaining the security of personal information.
Care is used in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
PRINCIPLE 8: OPENNESS
The Company shall make readily available to individuals’ specific information about its policies and practices relating to the management of personal information.
The Company shall be open about its policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about the Company policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.
The information made available must include:
- how the individual may contact the Company’s Privacy Officer with respect to complaints or inquiries;
- advice that the individual can gain access to the personal information held by the Company by writing to the Company’s Privacy Officer, confirming and verifying their identity, and requesting the specified information;
- a description of the type of personal information held by the Company, including a general account of its use;
- a copy of any brochures or other information that explain the Company policies, standards or codes; and
- what personal information is generally made available to related organizations.
PRINCIPLE 9: INDIVIDUAL ACCESS
Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Before granting an individual access to their personal information, the Company associate must consult the Privacy Officer or that person’s delegate. There are restrictions on the grant of access in P.I.P.E.D.A. and the provincial statutes. For example, where revealing the personal information about the requesting individual will reveal information about a third party that cannot be severed from the information about the individual; the personal information cannot be disclosed. Because there are some differences between the statutes, it is important for each request to be carefully reviewed in the context of the applicable legislation.
Access may be refused in a variety of situations, including, where revealing the personal information would also reveal confidential commercial information; where revealing the information could reasonably be expected to threaten the life or security of another individual; if the information was collected during an investigation of a breach of an agreement or a contravention of the laws of Canada or a province on the expectation that the knowledge or consent of the individual would compromise the availability or accuracy of the information; or where the information was generated in the course of a formal dispute resolution process.
Upon receiving a request, we shall inform the individual whether or not we hold personal information about the individual. When disclosure of the personal information is made to the individual, we will provide an account of the use that has been made or is being made of the information and an account of the third parties to whom the information has been disclosed.
Where the request for access relates to personal information collected, used or disclosed in the course of serving a client, the client shall immediately be provided with a copy of the request.
We shall respond to an individual’s request within 30 days and at minimal or no cost to the individual. We may require a reasonable payment for the information provided only if we inform the individual in advance of the approximate cost and the individual has advised us that the request is not being withdrawn.
When an individual successfully demonstrates that personal information we have is inaccurate or incomplete, we will amend the information as required. Depending upon the nature of the information challenged, amendment could involve the correction, deletion or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by the Company associates. When appropriate, the existence of the unresolved challenge should be transmitted to third parties having access to the information in question.
PRINCIPLE 10: CHALLENGING COMPLIANCE
An individual shall be able to address a challenge concerning compliance with the above privacy principles to the Company’s Privacy Officer.
The individual accountable for the Company’s compliance is the Privacy Officer as appointed by the President & CEO from time to time. The Privacy Officer will establish procedures to receive and respond to complaints or inquiries about the Company’s policies and practices relating to the handling of personal information.
The Company associates shall inform individuals who make inquiries or lodge complaints of the existence of the relevant complaint mechanisms of the Company. The Company shall investigate all complaints. If a complaint is found to be justified through either the internal or external compliant review process, the Company will take appropriate measures, including amending its policies and practices if necessary.
Procedure/Agreement:
All Company associates are required to complete and sign a Confidentiality/Non-Disclosure Agreement upon hire and annually thereafter. The Confidentiality/Non-Disclosure Agreement is available on the Intranet and through our Recruitment and Training Manager.
Suspected violations of the Privacy Policy are to be reported to the Privacy Officer or the nearest available leader. Violation of this policy is grounds for corrective action up to and including termination of employment.
For Privacy inquiries, please contact:
Stephen Miller, Privacy Officer
255 Consumers Road
4th Floor
Toronto, ON M2J 1R4
Stephen.miller@singlepointgi.com
800.256.8964 ext. 3256