The Privacy Information Protection and Electronic Documents Act (PIPEDA) applies to private-sector organizations in Canada that collect, use, and disclose personal information in the course of a commercial activity.
Personal information can only be used for the purposes for which it was collected.
There are 10 fair information principles that are in place to protect personal information. Each principle has been broken down to convey the main points and outline how Kuus Inc. is protecting your private information.
What is personal information?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
Certain instances, however, are not covered by PIPEDA. These include:
- An employee’s business contact information (name, title, business address, telephone number, or email addresses) that is used to communicate with that employee for business reasons
- Collection, use, or disclosure of personal information solely for personal purposes (e.g. personal greeting card list)
PRINCIPLE 1 – ACCOUNTABILITY
Kuus Inc. is responsible for all personal information under its control. This includes personal information transferred to a third party for processing. A privacy coordinator has been named and can be contacted by email at firstname.lastname@example.org.
PRINCIPLE 2 – IDENTIFYING PURPOSE
Kuus Inc. will identify and document the reason for collection of personal information, either orally or written, prior to or at the time when information is being collected.
PRINCIPLE 3 – CONSENT
Individuals must be able to understand what they are consenting to for the consent to be meaningful. Consent is only considered valid if the customers comprehend the nature, purpose, and consequences of the collection and use of their personal information.
Individuals must be given a choice for non-integral collections of information and may withdrawal consent at any time, subject to legal or contractual restrictions.
PRINCIPLE 4 – LIMITING COLLECTION
Kuus Inc. will be honest about the reasons for collecting personal information and will only collect personal information that is deemed necessary to complete an identified purpose. Information will be collected by fair and lawful means.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE & RETENTION
Personal information will only be used for the identified purposes for which it was collected, unless consent was given by the individual or as required by the law. Personal information is only acquired for purposes that a reasonable person would consider appropriate. Any personal information that is no longer needed by Kuus Inc. will be erased.
PRINCIPLE 6 – ACCURACY
Personal information will be kept as accurate, complete, and up to date as necessary, minimizing the possibility of using incorrect information.
PRINCIPLE 7 – SAFEGUARDS
All personal information is protected appropriately based on how sensitive it is. This includes locked filing cabinets, restricted access to offices, and alarm systems. All technological security tools (passwords, firewalls, etc.) are up-to-date.
PRINCIPLE 8 – OPENNESS
Kuus Inc. will make its personal information management practices clear and easy to understand.
Specific information about our policy can be made available by contacting us via email.
PRINCIPLE 9 – INDIVIDUAL ACCESS
Upon request, Kuus Inc. will provide individuals will access to the personal information that is held about them. Individuals have a right to challenge that this information is accurate and appropriate. When asked, Kuus Inc. will:
- Explain where the information was obtained,
- Correct personal information if necessary,
- Give an individual access to their information at no cost, or explain why certain information will not be disclosed, and
- Explain how information is being used
PRINCIPLE 10 – CHALLENGING COMPLIANCE
Compliance with the above principles can be challenged by an individual. A privacy coordinator will investigate all complaints and reply in a timely manner. The outcome of the complaint will be communicated to the individual who made the complaint and corrections will be made if appropriate.