Corporate Risk Solutions Canada is in the business of conducting investigations, and
in the process, we gather information, including personal information.
company is duly licensed and regulated by the applicable provincial
authorities in which we operate.
During our investigations, we only
collect personal information on individuals where there is a potential
contravention of the law, or breaches of agreements or other circumstances,
that permit us to legally collect this information under the laws
While information is the cornerstone
of our business, we uphold and agree with the Personal Information
and Electronic Documents Act (PIPEDA) and other such similar documents,
which is based on the 10 principles for the protection of personal
information as set out in PIPEDA, and complies to the CSA Model Code
of Personal Information Privacy.
In order to be in full compliance
with the Personal Information Protection and Electronic Documents
Act (PIPEDA), Corporate Risk Solutions Canada has developed and
Corporate Risk Solutions Canada will be responsible for all personal information under
our control. We have designated three individuals, headed up by our
Chief Privacy Officer, to ensure our company’s
Should we use third
parties to process personal information, we will use reasonable means
to ensure that all such transferring of personal information is afforded
a comparable level of protection to that which we maintain.
Corporate Risk Solutions Canada
will identify the purpose for which we collect personal information
on affected individuals at or before the time of collection. All
assignments received from our clients will be reviewed to ensure
that their requests for information are compliant with PIPEDA.
information collected in the investigation of the breach of an agreement
may pertain to individuals who are party to an agreement, individuals
who have knowledge of the terms and conditions of an agreement, individuals
who have knowledge of the breach of an agreement, or individuals
who may advance an investigation by providing information relating
to a breach of an agreement.
Personal information collected as
part of an investigation of a contravention of the law may include
information pertaining to individuals involved in criminal activity,
individuals suspected of involvement in criminal activity, individuals
with knowledge of criminal activity, and individuals who may advance
an investigation by providing information relating to the identity
of those involved or suspected of criminal activity.
Corporate Risk Solutions Canada will obtain the appropriate consent from individuals for
collection, use or disclosure of personal information, except where
the law provides an exception.
In most instances, obtaining the
knowledge and consent of individuals would defeat the purpose of
an investigation, spacifically with respect to a breach of an agreement
or contravention of a law.
Express consent is specific authorization
given by the individual to Corporate Risk Solutions Canada either
in writing or verbally. Implied consent is when Corporate Risk Solutions Canada has not received specific consent, but the circumstances
allow us to collect, use, or disclose personal information.
we may obtain express consent for the collection, use, disclosure
of personal information, or when we determine that consent has been
applied by the circumstances.
Personal information will only be
collected, used and disclosed by Cororate Risk Solutions Canada without
consent in accordance with Section 7 of the Personal Information
Protection and Electronics Documents Act, S.C. 2000, c.5 (PIPEDA).
Any personal information collected
will be limited to that which is necessary for purposes as stated
in ‘Identify Purposes’.
We will only collect personal information for specific, legitimate
purposes, and will only collect information by fair and lawful means
and not by misleading or deceiving individuals about the purpose
for which the information is being collected.
Our policies and procedures
relating to the limitations on collection of personal information
will be regularly communicated to our investigators and support staff
who deal with collection, use and disclosure of personal information.
USE, DISCLOSURE, & RETENTION
Personal information will only be
used or disclosed for the purposes for which it is collected, except
with the consent of the individual or as permitted by law. We will
only retain personal information as long as necessary for the fulfillment
of those purposes or as is required by law. Personal information
that is no longer required to fulfill identified purposes will be
destroyed, erased, or made anonymous.
Please note that there may be
situations where we use, disclose or retain personal information
for legitimate purposes not identified to the individual to which
the information pertains including those situations referred to in “Consent’.
Any personal information
we collect will be as accurate, complete and up-to-date as necessary
for its intended purposes. We will further attempt to ensure that
any personal information is only in relation to the purpose for which
it was collected.
If a significant error or omission
is identified, we will correct or amend the information as necessary.
Where possible, we will send such corrected or amended information
to third parties who have had access to the information in question.
Corporate Risk Solutions Canada will safeguard all personal information under our control
in a manner that is appropriate to the sensitivity of the information.
We will take all the physical security measures necessary including
properly locking and alarming our facilities and/or locking all personal
information in secure filling cabinets, and securing all electronic
All Corporate Risk Solutions Canada staff,
including investigators and administration personnel are properly
trained in the policies that pertain to these safeguards. No unauthorized
access to our offices, including secure areas within our offices,
is permitted under any circumstance whatsoever, unless the individual
is identified and escorted by appropriate Corporate Risk staff.
personal information pertaining to subjects of investigations will
be electronically transferred to our clients unless the electronic
files have been encrypted with an industry standard encryption program
before being transferred. Distribution of personal information will
be on a need-to-know basis.
We will take the necessary precautions
in the disposal or destruction of personal information, both hard
copy and electronic, to prevent unauthorized parties from gaining
access to such information.
We will make available to
all individuals requesting specific information about our policies
and procedures relating to the management of personal information
that is under our control.
In addition, we will make available
to the public easily understandable information about our company,
a copy by calling toll free 1.877.313.7283 or by accessing our website
upon request, will be informed of the existence, use and disclosure
of their personal information which is in our possession, and may
be given access to, and be permitted to challenge the accuracy and
the completeness of that information.
There are lawful exceptions
that will prevent the individual from gaining access, which include,
but are not limited to the following:
- The information was collected
without consent for the purposes related to an investigation of
a breach or an agreement or contravention of a law or other lawful
- The information is protected by the Solicitor/Client
- Someone’s life or security might be compromised.
restricted from providing this disclosure under Section 25 (1)
of the Private Investigations and Security Guards Act; Revised
Statutes of Ontario 1990 Chapter P.25.
- The information was generated
during the course of a formal dispute resolution process.
information about another person might be revealed.
confidential information might be revealed.
to PIPEDA, “An individual shall be able to address
a challenge concerning compliance with the principles to the designated
individual or individuals accountable for the organization's compliance.”
any individual wish to challenge our compliance of the Personal Information
Protection and Electronic Documents Act (PIPEDA), they may contact:
Corporate Risk Solutions Canada
1750 The Queensway, Suite 1209
Toronto, ON M9C 5H5
We will investigate all
requests and complaints and take appropriate measures to correct
information and provide a response within a reasonable time period.
Corporate Risk Solutions Canada is a division of Whitehall Bureau of Canada Limited. Whitehall Bureau of Canada Limited is an Ontario based Corporation
with Intra-Provincial Registration in British Columbia, Alberta,
Saskatchewan, Manitoba, New Brunswick, and Nova Scotia.
from time to time at its sole discretion, in order to stay in full
compliance with all applicable laws, including but not limited to,
the Personal Information and Electronic Documents Act (PIPEDA).