The privacy of individuals connected with our business, including our customers, contractors, and employees, has always been of great importance to Candid. Keeping personal information in strict confidence is a cornerstone of our business.
This policy describes the principles on which Candid will protect the privacy of personal information. The policy is based on the Canadian Standards Association Model Code for the Protection of Personal Information. This policy is part of Candid’s commitment to ensure that all personal information of individuals in its possession is protected and used in accordance with the law.
Personal information is any information about an identifiable person, other than the name, title, business address and business telephone number of a person. It does include such things as a person’s home address, date of birth, and social insurance number. With respect to customers, such information is collected primarily in connection with services and products provided by Candid. Employees may be asked to provide such information to Candid in connection with matters relating to their employment. In all cases, Candid is committed to protecting the privacy of individuals and the integrity of their personal information.
1. Identifying the Purposes for which Personal Information is Collected
Candid will identify the purposes for which personal information is collected at, or before, the time the information is collected unless such purposes are obvious.
1.1 Candid will ensure that the purposes for which personal information is collected and the way in which the information may be used are clear to the individual. In some cases, the purpose will be clear from the context of the interaction, and in other circumstances, a written or verbal explanation may be required.
When a customer orders a product in-store, some basic personal information may be collected, such as name and address, which is necessary to effectively serve the customer.
Employees are required to give certain personal information that is essential to the employer-employee relationship, such as SIN and banking information for payroll deposits.
Candid will not collect, use or disclose the personal information of a person without the individual’s knowledge and consent, except in certain limited circumstances permitted by law, such as where the immediate health of a person is at risk, or in connection with the breach of an agreement or a law.
2.1 Candid is committed to obtaining meaningful consent to the collection, use and disclosure of personal information. To achieve this aim, the purposes for which the information will be used, if not obvious, will be explained in such a manner that the individual can reasonably understand how the information will be used or disclosed.
2.2 Candid will not, as a condition of the supply of a product or service, unreasonably require an individual to consent to the collection, use, or disclosure of information beyond what is required in the circumstances.
2.3 The way in which Candid seeks consent may vary, depending on the circumstances and the type of information collected. In determining the type of consent that may be required, Candid will consider the nature of the information, the use to which the information will be put, applicable laws and the type of interaction in which the information is provided.
2.4 Consent may be express or implied, given orally, electronically or in writing and provided by an action or inaction. Consent may be given by a legally appointed representative or a legal guardian.
2.5 An individual, subject to legal or contractual limitations, may withdraw his or her consent at any time on sufficient notice to Candid. Withdrawal of consent may result in Candid becoming unable to provide or continue to provide the person with certain services, products or benefits, and the individual will be given notice of the implications of the withdrawal of his or her consent.
3. Limits on the Collection of Personal Information by Candid
The collection of personal information by Candid will be limited to that which is necessary for the purposes identified by Candid. At all times, Candid will collect personal information by fair and lawful means.
It is possible that Candid may, with the consent of an individual, collect and use information about that individual from a third party. For instance, employment references may be checked if an individual is applying for a job.
4. Limits on the Use, Disclosure and Retention of Personal Information by Candid
Personal information will not be used or disclosed by Candid for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information will be retained only as long as reasonably necessary for the fulfilment of those purposes or as required by law. When personal information is discarded, it will be done in an appropriate manner (e.g. shredding).
5. Accuracy of Personal Information held by Candid
Candid will make reasonable efforts to ensure that personal information of individuals is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
5.1 Personal information will not be updated without the consent of the individual and it will only be updated if it is necessary for the continued use of the personal information.
5.2 Candid will make reasonable efforts to obtain information from individuals in order to update information on hand if required to fulfil the purposes for which the information was collected. Once informed by a person that personal information held by Candid about them is inaccurate, Candid will update the information as soon as possible.
6. Safeguarding Personal Information
Candid will protect personal information by the use of security safeguards appropriate to the sensitivity of the information.
6.1 Candid will employ security safeguards that will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which the information is held.
6.2 The nature of the safeguards used by Candid will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage of the information. A higher level of protection will safeguard more sensitive information.
6.3 The methods of protection used by Candid will include:
(a) physical measures, for example, locked filing cabinets and restricted access to offices;
(b) organizational measures, for example, limiting access on a “need-to-know” basis; and
(c) technological measures, for example, the use of passwords and encryption
6.4 Candid will ensure that its employees who are in contact with personal information are trained in the appropriate protection of personal information and that they are aware of the importance of maintaining the confidentiality of personal information. Employees are required to sign-off on a Confidential Information and Intellectual Property Policy upon hire.