 |
 |
|
 |
|||
 |
 |
 |
 |
 |
 |
|
||||||||||
  |
Corporate Risk Solutions Canada is in the business of conducting investigations, and in the process, we gather information, including personal information. Our company is duly licensed and regulated by the applicable provincial authorities in which we operate. During our investigations, we only collect personal information on individuals where there is a potential contravention of the law, or breaches of agreements or other circumstances, that permit us to legally collect this information under the laws of Canada. While information is the cornerstone of our business, we uphold and agree with the Personal Information and Electronic Documents Act (PIPEDA) and other such similar documents, legislation and laws. As such, we have developed a Privacy Policy, which is based on the 10 principles for the protection of personal information as set out in PIPEDA, and complies to the CSA Model Code of Personal Information Privacy. In order to be in full compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Corporate Risk Solutions Canada has developed and implemented the following Privacy Policy:
Corporate Risk Solutions Canada will be responsible for all personal information under our control. We have designated three individuals, headed up by our Chief Privacy Officer, to ensure our company’s compliance with PIPEDA and our own Privacy Policy. Should we use third parties to process personal information, we will use reasonable means to ensure that all such transferring of personal information is afforded a comparable level of protection to that which we maintain.
Corporate Risk Solutions Canada will identify the purpose for which we collect personal information on affected individuals at or before the time of collection. All assignments received from our clients will be reviewed to ensure that their requests for information are compliant with PIPEDA. Personal information collected in the investigation of the breach of an agreement may pertain to individuals who are party to an agreement, individuals who have knowledge of the terms and conditions of an agreement, individuals who have knowledge of the breach of an agreement, or individuals who may advance an investigation by providing information relating to a breach of an agreement. Personal information collected as part of an investigation of a contravention of the law may include information pertaining to individuals involved in criminal activity, individuals suspected of involvement in criminal activity, individuals with knowledge of criminal activity, and individuals who may advance an investigation by providing information relating to the identity of those involved or suspected of criminal activity.
Corporate Risk Solutions Canada will obtain the appropriate consent from individuals for collection, use or disclosure of personal information, except where the law provides an exception. In most instances, obtaining the knowledge and consent of individuals would defeat the purpose of an investigation, spacifically with respect to a breach of an agreement or contravention of a law. Express consent is specific authorization given by the individual to Corporate Risk Solutions Canada either in writing or verbally. Implied consent is when Corporate Risk Solutions Canada has not received specific consent, but the circumstances allow us to collect, use, or disclose personal information. When possible, we may obtain express consent for the collection, use, disclosure of personal information, or when we determine that consent has been applied by the circumstances. Personal information will only be collected, used and disclosed by Cororate Risk Solutions Canada without consent in accordance with Section 7 of the Personal Information Protection and Electronics Documents Act, S.C. 2000, c.5 (PIPEDA).
Any personal information collected will be limited to that which is necessary for purposes as stated in ‘Identify Purposes’. We will only collect personal information for specific, legitimate purposes, and will only collect information by fair and lawful means and not by misleading or deceiving individuals about the purpose for which the information is being collected. Our policies and procedures relating to the limitations on collection of personal information will be regularly communicated to our investigators and support staff who deal with collection, use and disclosure of personal information.
Personal information will only be used or disclosed for the purposes for which it is collected, except with the consent of the individual or as permitted by law. We will only retain personal information as long as necessary for the fulfillment of those purposes or as is required by law. Personal information that is no longer required to fulfill identified purposes will be destroyed, erased, or made anonymous. Please note that there may be situations where we use, disclose or retain personal information for legitimate purposes not identified to the individual to which the information pertains including those situations referred to in “Consent’.
Any personal information we collect will be as accurate, complete and up-to-date as necessary for its intended purposes. We will further attempt to ensure that any personal information is only in relation to the purpose for which it was collected. If a significant error or omission is identified, we will correct or amend the information as necessary. Where possible, we will send such corrected or amended information to third parties who have had access to the information in question.
Corporate Risk Solutions Canada will safeguard all personal information under our control in a manner that is appropriate to the sensitivity of the information. We will take all the physical security measures necessary including properly locking and alarming our facilities and/or locking all personal information in secure filling cabinets, and securing all electronic storage devices. All Corporate Risk Solutions Canada staff, including investigators and administration personnel are properly trained in the policies that pertain to these safeguards. No unauthorized access to our offices, including secure areas within our offices, is permitted under any circumstance whatsoever, unless the individual is identified and escorted by appropriate Corporate Risk staff. No sensitive personal information pertaining to subjects of investigations will be electronically transferred to our clients unless the electronic files have been encrypted with an industry standard encryption program before being transferred. Distribution of personal information will be on a need-to-know basis. We will take the necessary precautions in the disposal or destruction of personal information, both hard copy and electronic, to prevent unauthorized parties from gaining access to such information.
We will make available to all individuals requesting specific information about our policies and procedures relating to the management of personal information that is under our control. In addition, we will make available to the public easily understandable information about our company, its privacy policies, the Privacy Policy, both in hard copy or by requesting a copy by calling toll free 1.877.313.7283 or by accessing our website at www.risksolutionscanada.com.
An individual, upon request, will be informed of the existence, use and disclosure of their personal information which is in our possession, and may be given access to, and be permitted to challenge the accuracy and the completeness of that information. There are lawful exceptions that will prevent the individual from gaining access, which include, but are not limited to the following:
According to PIPEDA, “An individual shall be able to address a challenge concerning compliance with the principles to the designated individual or individuals accountable for the organization's compliance.” Should any individual wish to challenge our compliance of the Personal Information Protection and Electronic Documents Act (PIPEDA), they may contact: Chief Privacy Officer Corporate Risk Solutions Canada 1750 The Queensway, Suite 1209 Toronto, ON M9C 5H5 We will investigate all requests and complaints and take appropriate measures to correct information and provide a response within a reasonable time period. Corporate Risk Solutions Canada is a division of Whitehall Bureau of Canada Limited. Whitehall Bureau of Canada Limited is an Ontario based Corporation with Intra-Provincial Registration in British Columbia, Alberta, Saskatchewan, Manitoba, New Brunswick, and Nova Scotia. Corporate Risk Solutions Canada reserves the right to change the Privacy Policy from time to time at its sole discretion, in order to stay in full compliance with all applicable laws, including but not limited to, the Personal Information and Electronic Documents Act (PIPEDA). |   |
||||||||||
 |
||||||||||||
|
||||||||||||
|
||||||||||||
INTRODUCTION
 |
 |