ROSENBERG & PARKER OF CANADA, INC.
PRIVACY POLICY
Current as of June 6, 2012
At Rosenberg & Parker of Canada, Inc. (“RPC”, “we”, “our” or “us”), we are committed to protecting the privacy and the confidentiality of personal information of our customers (“Customers”) and employees and potential employees (collectively, “Employees”). In order to comply with applicable privacy legislation and to instil confidence in our Customers and Employees that the personal information they entrust to us is safe, we have developed this Privacy Policy. We want our Customers and Employees to know why we ask for their personal information, how we use it, what safeguards we employ and how to contact us with privacy-related questions.
In this Privacy Policy, “Personal Information” means information that specifically identifies a Customer or Employee as an individual and is provided to or collected by RPC. The type of personal information RPC collects, uses and discloses may include a Customer’s or Employee’s name, age, gender, residential mailing address, residential phone numbers or email addresses, financial, credit and banking information, social insurance number (and other identification numbers), employment experience (past and present) and records, health information and tax records. Personal Information does not, however, include a Customer’s or Employee’s business title, business address or business telephone number in such individual’s capacity as an employee of an organization or enterprise.
In this Privacy Policy, “Personal Health Information” includes information concerning an Employee’s physical or mental health collected or generated in the course of RPC providing an Employee with health services or benefits. In the case of Employees, Personal Information will also include Personal Health Information and all applicable information contained in the Employee’s personnel file.
I. Identifying the purposes and Use of Personal Information
Before collecting any Personal Information, RPC will identify why the Personal Information is required and how it will be used. This Personal Information is documented and stored at RPC’s offices at 4100 Yonge Street, Suite 513, Toronto, Ontario and/or on the secure computer servers of Rosenberg & Parker, Inc., a U.S. corporation affiliated with RPC and/or on the secure computer servers of a third party provider of data storage services. RPC will obtain the Customer’s or Employee’s consent before using or disclosing Personal Information for purposes other than the original reasons given.
RPC collects and uses an Employee’s Personal Information for the following purposes:
- Accurately identify the Customer;
- Help us identify your bonding needs and enable us to provide and support the bonding program required by the Customer;
- Save the Customer time when applying for new bonding products and services;
- Communicating with a Customer generally;
- Communicating Personal Information to an agent, intermediary or other third party during the course of a contract or mandate for the performance of any of the purposes listed in this Privacy Policy
- Complying with all applicable laws; and;
- Such other specific purposes which are communicated to a Customer by RPC and its representatives before collection of the Personal Information
- RPC collects and uses an Employee’s Personal Information for the following purposes:
- To support decisions that are made regarding an Employee’s hiring, duties, transfer, training, discipline, promotion and retention;
- Recording and determining an Employee’s eligibility for participation in various RPC employee benefit plans;
- Compliance with all municipal, provincial, federal and other applicable laws regarding an Employee;
- Recording and maintaining an Employee’s attendance record, service award and bonuses record, performance evaluations, performance improvement plans, remuneration details, or maintaining any other necessary information for establishing, managing or terminating the employment relationship (including its related benefits), as well as the determination of the applicable income and benefits; and;
- Such other specific purposes which are communicated to the Employee by RPC and its representatives before collection.
We may use, share and disclose a Customer’s or Employee’s Personal Information to our affiliates, associates, agents, suppliers and such other third parties as RPC, acting reasonably, may deem necessary for the fulfillment of the purposes noted above or where otherwise permitted by law.
Specifically, RPC shares and discloses Personal Information about Customers and Employees with Rosenberg & Parker, Inc., a U.S. corporation affiliated with RPC and stores Personal Information about Customers and Employees on Rosenberg & Parker, Inc.’s secure computer servers and/or on the secure computer servers of a third party provider of data storage services. RPC and Rosenberg & Parker, Inc. have entered into an agreement pursuant to which Rosenberg & Parker, Inc. has agreed to protect the privacy and the confidentiality of any Personal Information received from RPC in accordance with all applicable laws and in the same manner that it treats all of its own confidential and personal information of its customers and employees.
Much of the Personal Information collected by RPC from its Customers will be shared with, and disclosed to, third party insurance and surety companies. Once Personal Information is disclosed to a third party insurance or surety company, RPC will not be responsible for the use and disclosure by such third party of the Personal Information, and such Personal Information shall be governed by such third party’s privacy policy. By sending us Personal Information, Customers have consented to the disclosure of their Personal Information to a third party in the circumstances, or for the purposes, set out in this Privacy Policy.
In the unlikely event that RPC or substantially all of its assets are acquired by a third party, a Customer’s and Employee’s Personal Information may be one of the assets transferred to such third party and RPC may reasonably disclose such Personal Information to a prospective third party purchaser.
II. Consent
Except in certain extraordinary circumstances, RPC does not collect, use or disclose a Customer’s or Employee’s Personal Information without their knowledge and consent. Such extraordinary circumstances may include, without limitation, when legal, medical or security reasons make it impossible or impractical to obtain consent.
The Customer’s and Employee’s consent will be obtained at the time of collection of the Personal Information, or when a new use for the Personal Information is identified. A Customer or Employee may withdraw their consent at any time, subject to any legal or contractual restrictions and on the provision of reasonable notice to RPC. If a Customer or Employee chooses to withdraw his or her consent, he or she is required to do so in writing to the Chief Compliance Officer (please see section VII of this Privacy Policy). Any implications to withdrawing consent will be explained to the Customer or Employee at the time written notice of such withdrawal is received by RPC. Such implications may include, but are not limited to, a breakdown, interruption or cessation of RPC’s relationship with the Customer or Employee.
By becoming an employee of RPC, Employees have consented to the disclosure of their Personal Information to a third party in the circumstances, or for the purposes, set out in this Privacy Policy.
III. Limiting collection
RPC limits the collection of a Customer’s or Employee’s Personal Information to that which is necessary for the purposes identified in this Privacy Policy, or for any additional purpose identified to the Customer or Employee before collection of the Personal Information.
IV. Limiting use, disclosure and retention
Personal Information is not used or disclosed for purposes other than those for which it was originally collected, except with the consent of the Customer or Employee, or as permitted by law. Personal Information is only retained as long as may be necessary for the fulfillment of these purposes, or to meet government requirements, whichever is longer, following which it is destroyed, erased, or rendered anonymous.
V. Accuracy
RPC strives to ensure that Customer’s or Employee’s Personal Information is as accurate, complete and up to date as necessary for the purposes for which it is used. Information is updated only when necessary to fulfill specified purposes. Employees are required to notify RPC of a change of Personal Information as soon as possible for payroll and tax purposes.
VI. Safeguards
RPC has security safeguards in place designed to protect against loss, theft, unauthorized access, disclosure, copying, use or modification of Personal Information under the care of RPC. The nature of the safeguards depends on the sensitivity, format, location and storage of the Personal Information. These security measures may from time to time include, but are not limited to, locked cabinets, computer passwords, software firewalls to stop hackers, encryption software, restricting access to Personal Information to only those employees or representatives who have a need to know and, if deemed necessary by RPC in its sole discretion, confidentiality covenants from third parties to whom Personal Information has been disclosed.
E-mail is not a 100% secure medium, and Customer and Employees should be aware of this when contacting us to send Personal Information.
VII. Accountability and Openness
RPC is responsible for the Personal Information under its control and has appointed a Chief Compliance Officer to ensure that we comply with all applicable privacy legislation and the terms of this Privacy Policy. All employees involved in maintaining or collecting Personal Information are trained via this Privacy Policy. Where Personal Information is provided to third party service providers, such as a third party insurance or surety company, with whom RPC has a contractual agreement relating to the disclosure of Personal Information, such agreement will provide that the third party have levels of protection comparable to the internal protection of Personal Information maintained at RPC.
The Chief Compliance Officer addresses and investigates questions or concerns regarding Customer’s or Employee’s Personal Information. The Chief Compliance Officer may be reached by e-mail at privacyofficer@suretybond.com, by mail at Rosenberg & Parker of Canada, Inc. 4100 Yonge Street, Suite 513, Toronto, Ontario M2P 2B5, Attention: Chief Compliance Officer, or by telephone at (416) 218-1280. Copies of this Privacy Policy and any future updates or amendments hereto are available at http://www.suretybond.ca and upon request from RPC.
VIII. Individual access
Upon written request of a Customer or Employee, RPC will provide such Customer or Employee with access to his or her Personal Information. RPC will correct or amend any inaccuracies in the Customer’s or Employee’s Personal Information, and such amended information will be forwarded to any third parties who require access to the information. RPC has the right to refuse a request for access to Personal Information:
- If the information is protected by legal privilege;
- If granting access would reveal confidential commercial or financial information;
- If doing so would reasonably be expected to threaten the life or security of another individual;
- If the information was collected for purposes related to the detection and prevention of fraud;
- If the information was generated in the course of a formal dispute resolution process;
- If the information would likely reveal Personal Information about another Customer or Employee, as the case may be;
- If the request is vexatious or frivolous; or
- To protect RPC’s rights and property.
If the request of a Customer or Employee for such individual’s Personal Information is denied, the individual will be informed in writing of the reasons for the denial, as well as any recourse available to such individual
Access to Customer’s or Employee’s Personal Information will be at no cost to such Customer or Employee. Minimal charges may apply, however, for the transcription, reproduction or transmission of documents containing Personal Information
IX. Challenging compliance
If a complaint (“Complaint”) regarding RPC’s handling of Personal Information is received, an individual (the “Investigator”) with the skills necessary to conduct an investigation fairly and impartially will be assigned by RPC. The Investigator will have access to all relevant records and will be permitted to speak with Employees who handled the Personal Information access request. The complainant will receive notification of the outcome of the investigation clearly and promptly. Any inaccurate Personal Information or policy/procedure changes will be modified, if necessary, based on the outcome of the Complaint.
X. Currency of this Privacy Policy
RPC reserves the right to change this Privacy Policy at any time and from time to time. Any changes or additions to section I of this Privacy Policy regarding those situations where RPC will collect, use or disclose Personal Information will not apply to a Customer or Employee without the prior consent of such Customer or Employee. All Customers and Employees are encouraged to contact RPC to determine if any updates have been made to this Privacy Policy.