North Simcoe Community Futures Development Corporation (NSCFDC) PRIVACY POLICY 1.0 PURPOSE OF PRIVACY POLICY 3

Similar documents
CBSA PRIVACY POLICY. Canadian Business Strategy Association Page 1

Principles. Bison Transport will implement policies and procedures to give effect to this policy, including:

Our Privacy Policy SUPPLEMENTAL INSURANCE. Health Accident Disability Life. combined.ca

Prairie Centre Credit Union

SYNCHRO SWIM MANITOBA PRIVACY POLICY

HSBC Privacy code. Everything you need to know about the security and privacy of your personal information at HSBC

Privacy in Canada Federal Legislation: Personal Information Protection and Electronic Documents Act

Taking care of what s important to you

Association of Service Providers for Employability and Career Training ( ASPECT ) PRIVACY CODE

PRIVACY CODE FOR THE PROTECTION OF PERSONAL INFORMATION

CANADIAN AMATEUR SYNCHRONIZED SWIMMING ASSOCIATION, INC. SASKATCHEWAN SECTION PRIVACY POLICY

Taking care of what s important to you

A copy of Ontario Water Polo Association s Privacy Policy is provided to any member on request to Ontario Water Polo Association.

PRIVACY AND INFORMATION MANAGEMENT A Guideline For Alberta Veterinarians

Citi Canada. Privacy of Personal Information Statement

SBI Canada Bank Privacy Policy

MAWA PRIVACY POLICY. Purpose of this Policy

ONTARIO LACROSSE ASSOCIATION INFORMATION PRIVACY POLICY

Privacy Guide for Alberta Physiotherapists

Policy for the Protection of Personal Information and Privacy University Secretariat

Item 5 - Policy Approval: Privacy Policy - Board of Directors GCHRCC Public Meeting - December 7, 2017 Report:GCHRCC: Attachment 1

PRIVACY POLICY OVERVIEW

PRIVACY POLICY: INSURANCE OPERATIONS

Nova Scotia Health Employees Pension Plan Policy and Guidelines. Protecting the Privacy of Personal Information

1A-1084 Kenaston Street tel: (613) Ottawa, ON K1B 3P5 fax: (613)

METRO DIRECTION FINANCIAL INC PRIVACY POLICY

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

Privacy and Credit Reporting Policy

TRAVELTOKENS SALE PRIVACY POLICY Last updated:

Jericho Tennis Club's Privacy Policy

American Federation of Musicians and Employers' Pension Welfare Fund (Canada) (the " Fund") PRIVACY POLICY. Effective January 1, 2004

PRIVACY CODE FOR OUR DENTAL OFFICE

IMB s Privacy Policy. imb.com.au ued1018. Contents. Overview. What personal information we collect

Client Privacy Policy

[Billing Code ] ACTION: Notice of revision of the Categories of Individuals Covered by the System, revision

privacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data

DAWSON PUBLIC POWER DISTRICT 300 South Washington Street P. O. Box Lexington, Nebraska Tel. No.- 308/324/2386 Fax No.

The Allied Group Privacy Shield Policy

Insurance 4 That Privacy Policy

Privacy Policy. Naval Group

NAPBS BACKGROUND SCREENING AGENCY ACCREDITATION PROGRAM ACCREDITATION STANDARD AND AUDIT CRITERIA Version 2.0. Potential Verification for Onsite Audit

Lexus Asset Protector (GAP Insurance)

Personal Data (Privacy) Ordinance. Code of Practice on Consumer Credit Data

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Comparison of the current and future General Conditions of Credit Suisse AG

ANNEXURE. Privacy Notice

RICHMOND MINOR HOCKEY ASSOCIATION

Title CIHI Submission: 2014 Prescribed Entity Review

ANZ PRIVACY POLICY PROTECTING YOUR PRIVACY _ANZ PRIVACY POLICY_77562.indd 1 29/04/2016 9:37 am

Data Privacy Notice. Who are we and why do we register and use personal data?

Georgia Power Valdosta Federal credit union Privacy Policy

1. This is the Canada Country Addendum to the UOB Business Internet Banking Service Agreement.

Data Protection Privacy Notice for people not directly involved in the accident

The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure

Annual Interest Rates. Standard Rates: Purchases: 11.99% Cash advances (including balance transfers and access cheques):11.

Personal Data (Privacy) Ordinance. Code of Practice on Consumer Credit Data

PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms.

1. LOAN APPLICANT. Loan Applicant General Information. Legal Name Organizational Form, Where and When Organized (ex., Corporation, Delaware, 1984)

intermediary terms of business

2014 The Time is Now Offer

The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice

Canada: Consent to Disclosure of Personal Information

intermediary terms of business

RURALCO HOLDINGS LIMITED ACN CREDIT REPORTING POLICY

May 2, 2018 Page 1 of 8

Credit Reporting Policy

Youi s Privacy Policy

Nottawasaga Community Futures Development Corporation

ROYAL ALEXANDRA HOSPITAL FOUNDATION PRIVACY POLICY

Privacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.

THE CITY OF EDMONTON PROJECT AGREEMENT VALLEY LINE LRT STAGE 1. Schedule 18. Freedom of Information and Protection of Privacy

Principal Terms & Conditions. Malaysia

CTIAQ - Credit Reporting Policy

Linemac Toyota s APP Privacy Policy

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY

Pre-Authorized Debits (PAD) Agreement

OUR POLICY ON THE MANAGEMENT OF YOUR CREDIT INFORMATION

Vanguard Group (Ireland) Limited Vanguard Funds plc Vanguard Investment Series plc Privacy policy. May 2018

BINDING CORPORATE RULES

We may collect personal information about you such as: Your name, current address, previous address details;

Man and Machine - Data Protection Policy

Principal Terms & Conditions. Thailand

ING Privacy Policy. Issued June 2017

Policies, Procedures and Guidelines

Washington Association of Sewer and Water Districts (WASWD) IDENTITY THEFT PREVENTION PROGRAM

Main Street Bank EXTERNAL FUNDS TRANSFER AGREEMENT

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Templeton Municipal Light and Water Plant

NRMA INSURANCE PRIVACY POLICY

Gallagher Benefit Services Pty Ltd - Privacy Policy

Model Code for the Protection of Personal Information, CAN/CSA-Q830-96

Infonex 2005: Privacy and Investigations. David T.S. Fraser McInnes Cooper (902)

OMERS Administration Corporation Privacy Statement

PROTECTION OF PERSONAL INFORMATION POLICY (PoPI)

Arcare Aged Care APP Privacy Policy

GENERAL DATA PROTECTION REGULATIONS PRIVACY NOTICE

AppLovin Data Processing Agreement

EMPLOYEE PRIVACY STATEMENT

1. What Data do we collect and where do we get it from?

Transcription:

PRIVACY POLICY

North Simcoe Community Futures Development Corporation (NSCFDC) TABLE OF CONTENTS PRIVACY POLICY 1.0 PURPOSE OF PRIVACY POLICY 3 1.1 The Ten Principles of PIPEDA Summarized 3 1.2 Personal Information Defined 4 2.0 PURPOSES OF COLLECTING PERSONAL INFORMATION 5 3.0 CONSENT 5 4.0 LIMITING COLLECTION 5 5.0 LIMITING USE, DISCLOSURE AND RETENTION 6 5.1 Use of Personal Information 6 5.2 Disclosure of Personal Information 6 5.3 Retention of Personal Information 7 6.0 ACCURACY 7 7.0 SAFEGUARDS 7 8.0 OPENNESS 8 9.0 INDIVIDUAL ACCESS 8 10.0 COMPLAINTS / RECOURSE 8 2

PRIVACY POLICY 1.0 Purpose of North Simcoe Community Futures Development Corporation (NSCFDC) Privacy Policy NSCFDC is a federally supported not-for-profit community organization with a volunteer board of directors and professional staff whose purpose is to develop and diversify local economies. NSCFDC supports community economic development and small business growth by developing and implementing strategic community plans, delivering a range of counselling and information services to small business and operating locally controlled investment funds to provide repayable financing to new and existing businesses. This privacy policy has been developed to comply with Canada s Personal Information Protection and Electronic Documents Act ("PIPEDA"). PIPEDA sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act. 1.1 The Ten Principles of PIPEDA Summarized The ten Principles of PIPEDA that form the basis of this Privacy Policy are as follows: 1. Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer; 2. Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes; 3. Consent: organizations must obtain an Individual s express or implied consent when they collect, use, or disclose the individual s personal information; 4. Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes; 5. Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure; 6. Accuracy: organizations are required to keep personal information in active files accurate and up-to-date; 7. Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure. 8. Openness: organizations must inform their clients and train their employees about their privacy policies and procedures; 9. Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and 3

10. Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual. This Privacy Policy applies to NSCFDC 's Board of Directors, members, employees and contracted employees. As well, NSCFDC ensures that all third party service providers sign confidentiality agreements prior to any transfer of an individuals personal information in the course of providing the business loans, business development advice, and other related information and/or services. 1.2 Definitions "Personal information" means any information about an identifiable individual. It includes, without limitation, information relating to identity, nationality, age, gender, address, telephone number, e- mail address, Social Insurance Number, date of birth, marital status, education, employment health history, assets, liabilities, payment records, credit records, loan records, income and information relating to financial transactions as well as certain personal opinions or views of an Individual. "Business information" means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (HST, RST, source deductions), financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by NSCFDC staff, members and Board members, as is required for individual personal information under PIPEDA. "Client" means the business that is applying for or has been approved for a loan, (including sole proprietorships and individuals carrying on business in a partnership); "Individual" means the client s owner(s) or shareholders, co-signors, and/or any guarantor associated with a client. "Member" means a person who volunteers on a NSCFDC committee, but who is not a current or active board member, or chair of the committee. "Application" means the application form or related forms completed by the individual(s) to request financing for the client through the Investment Fund of NSCFDC. "Data base" means the list of names, addresses and telephone numbers of clients and individuals held by NSCFDC in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives. "File" means the information collected in the course of processing an application, as well as information collected/updated to maintain /service the account. "Express consent" means the individual signs the application, or other forms containing personal information, authorizing NSCFDC to collect, use, and disclose the individual's personal information for the purposes set out in the application and/or forms. "Implied Consent" means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual. "Third Party" means a person or company that provides services to NSCFDC in support of the programs, benefits, and other services offered by NSCFDC, such as other lenders, credit bureaus, 4

persons with whom the individual or client does business, but does not include any Government office or department to whom NSCFDC reports in the delivery of such programs, benefits or services. 2.0 Purposes of Collecting Personal Information Personal information is collected in order to assess the eligibility of the individual completing an application for financial assistance, as well as to report to Industry Canada/FedDev Ontario. The individual is the main source of information but NSCFDC will also ask to obtain information directly from a third source where the individual does not have the required information. Only that information which is required to make a determination of an individual's eligibility will be collected. Although the individual's Social Insurance Number may be requested in the application for confirming identification of the individual to the credit reporting agency, provision of this personal information is optional. The individual may provide alternative forms of identification, such as date of birth and driver's license number. 3.0 Consent An individual s express, written consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the individual at the time of seeking his or her consent. Once consent is obtained from the individual to use his or her information for those purposes, NSCFDC has the individual's implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified. By signing the application and/or other forms, implied consent is granted by the individual to obtain and/or to verify information from third parties such as banks, credit bureaus, other lenders, and insurance companies in the process of assessing the eligibility of an individual or client. Implied consent is also granted by the individual to permit NSCFDC to report or otherwise disclose information to Industry Canada/FedDev Ontario, the federal department that administers the Ontario Community Futures Program. An individual can choose not to provide some or all of the personal information at any time, but if NSCFDC is unable to collect sufficient information to validate the request for financing, the individual's application for such financing may be turned down. A client or an individual can withdraw consent to NSCFDC s use of personal information at any time prior to the application being approved, by making such request in writing. Once a loan has been approved, an individual cannot withdraw consent authorizing NSCFDC to use and disclose the personal information for the purposes set out in this Privacy Policy. Express consent will be obtained from the individual prior to disclosing the individual's personal information to other lenders, credit insurers and credit bureaus. This Privacy Policy does not cover statistical data from which the identity of individuals cannot be determined. NSCFDC retains the right to use and disclose statistical data as it determines appropriate. 4.0 Limiting Collection Personal information collected will be limited to the purposes set out in this Privacy Policy, NSCFDC applications, and/or other forms. 5

5.0 Limiting Use, Disclosure and Retention 5.1 Use of Personal Information Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA: NSCFDC will use personal information without the individual's consent, where: the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation; an emergency exists that threatens an individual s life, health or security; the information is for statistical study or research; the information is publicly available; the use is clearly in the individual s interest, and consent is not available in a timely way; knowledge and consent would compromise the availability or accuracy of the information, and collection is required to investigate a breach of an agreement. 5.2 Disclosure and Transfer of Personal Information Personal information will be disclosed to only those NSCFDC employees, members of NSCFDC committees, and the Board of Directors that need to know the information for the purposes of their work or making an assessment as to the individual's eligibility to the loan program. Personal information will be disclosed to third parties with the individual's knowledge and consent. PIPEDA permits NSCFDC to disclose personal information to third parties, without an individual's knowledge and consent, to: a lawyer representing NSCFDC; collect a debt owed to NSCFDC by the individual or client; comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction; a law enforcement agency in the process of a civil or criminal investigation; a government agency or department requesting the information; or, as required by law. PIPEDA permits NSCFDC to transfer personal information to a third party, without the individual's knowledge or consent, if the transfer is simply for processing purposes and the third party only uses the information for the purposes for which it was transferred. NSCFDC will ensure, by contractual or 6

other means, that the third party protects the information and uses it only for the purposes for which it was transferred. 5.3 Retention of Personal Information Personal information will be retained in client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations. A file will be deemed inactive if the Investment Committee rejects an application, when a loan is repaid in full and securities are discharged, or when a guarantee is terminated. Information contained in an inactive file will be retained for a period of seven (7) years, except in the case where an application is rejected. Where an application has been rejected, the file and all personal information contained in the file will be retained for a period of two (2) years. 6.0 Accuracy NSCFDC endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify NSCFDC of any change in personal or business information. Information contained in inactive files is not updated. 7.0 Safeguards NSCFDC will use physical, organizational, and technological measures to safeguard personal information to only those NSCFDC employees, volunteers, or third parties who need to know this information for the purposes set out in this Privacy Policy. Organizational Safeguards: Access to personal information will be limited to the Loans Officer, the Administration Officer, and/or the General Manager who have to make a determination as to the individual's eligibility for a business loan. Personal information provided to members of NSCFDC committee(s) will be limited to only that information required to carry out the mandate of that committee. Members of the NSCFDC committee(s) and/or Board of Directors are not permitted to copy or retain any personal information on individuals or clients and must return for destruction all such information given to them to review once the purpose for being provided with this information has been fulfilled. Employees and members of NSCFDC committee(s) and/or Board of Directors are required to sign a confidentiality agreement binding them to maintaining the confidentiality of all personal information to which they have access. Physical Safeguards: Active files are stored in locked filing cabinets when not in use. Access to work areas where active files may be in use is restricted to NSCFDC employees only and authorized third parties. All inactive files or personal information no longer required are shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons. Technological Safeguards: Personal information contained in NSCFDC computers and electronic data bases are password protected in accordance with NSCFDC s Information Security Policy. Access to any of the NSCFDC s computers also is password protected. NSCFDC s Internet router or server has firewall protection sufficient to protect personal and confidential business information 7

against virus attacks and "sniffer" software arising from Internet activity. Personal information is not transferred to volunteer committee members, the Board of Directors, or third parties by e-mail or other electronic form. 8.0 Openness NSCFDC will endeavour to make its privacy policies and procedures known to the individual via this Privacy Policy as well as the NSCFDC Privacy Statement. This document will also be available on NSCFDC s website: www.nscfdc.on.ca. 9.0 Individual Access An Individual who wishes to review or verify what personal information is held by NSCFDC, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing, to the NSCFDC s Chief Privacy Officer. Upon verification of the individual's identity, the Chief Privacy Officer will respond within 60 days. If the individual finds that the information held by NSCFDC is inaccurate or incomplete, upon the individual providing documentary evidence to verify the correct information, NSCFDC will make the required changes to the individual's active file(s) promptly. 10.0 Complaints/Recourse If an individual has a concern about NSCFDC s personal information handling practises, a complaint, in writing, may be directed to NSCFDC s Chief Privacy Officer. Upon verification of the individual's identity, NSCFDC s Chief Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation's findings to the individual. Where NSCFDC s Chief Privacy Officer makes a determination that the individual's complaint is well founded, the Chief Privacy Officer will take the necessary steps to correct the offending information handling practise and/or revise NSCFDC s privacy policies and procedures. Where NSCFDC s Chief Privacy Officer determines that the individual's complaint is not well founded, the individual will be notified in writing. If the individual is dissatisfied with the finding and corresponding action taken by NSCFDC s Chief Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below: The Privacy Commissioner of Canada 112 Kent Street Place de Ville Tower B, 3rd Floor Ottawa, Ontario K1A 1H3 Toll Free 1-800-282-1376 Email notification@priv.gc.ca Website: www.priv.gc.ca 8

Questions/Access Request/Complaint Any questions regarding this or any other privacy policy of NSCFDC may be directed to the Chief Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing and sent to the Chief Privacy Officer at the address below: Chief Privacy Officer North Simcoe Community Futures Development Corporation P.O. Box 8, 105 Fourth Street Midland, ON L4R 4K6 or Email address: cpo@nscfdc.on.ca Amendment to NSCFDC s Privacy Policies NSCFDC s Privacy Policy is in effect June 18, 2004 and is retroactive to January 1, 2004. This policy is subject to amendment in response to developments in the privacy legislation. The Chief Privacy Officer will review and revise the Privacy Policy from time to time as required by changes in privacy law. Notification of any changes in the Privacy Policy will be posted on NSCFDC s website, as well as in NSCFDC s Privacy Statement. Any changes in the Privacy Policy will apply to Personal information collected from the date of the posting of the revised Privacy Policy on NSCFDC s website: www.nscfdc.on.ca. Amendments: The policy was amended to add FedDev Ontario to the document i.e. Industry Canada/FedDev Ontario The address for the Privacy Commissioner of Canada was updated 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback