This Privacy Policy governs our dealing with 'personal information'. We will not be collecting personal information about an identifiable individual including information such as age, gender, religion, ethnic background, family status, political affiliations, health, home address and home phone number. We will collect, store and disclose this information in accordance with the Personal Information and Privacy Act. (PIPA). We will require business information such as the name, title, business address, of an employee of an organization as this information needs to be printed on the training certificate.
We are responsible for all personal information in our possession or control. This would extend to information to which third parties that provides goods or services to our company (such as our accountants, process servers, security and maintenance persons, information technology advisors, delivery persons, temporary personnel, website managers,) may have access. We restrict such access to such third parties as much as is reasonably possible and request their assurances that they follow appropriate privacy principles.
The primary purposes for which we collect, use and disclose personal information is to serve our clients or potential clients, and other purposes which would be considered related or otherwise reasonable in the circumstances.
For example, we primarily collect, use and disclose personal information for the following reasons:
We also collect, use and disclose personal information for secondary purposes such as:
If we were to sell our business or to merge with another entity that other party would want to perform a due diligence investigation of our firm, including its records to ensure the accuracy of the information we have provided and the viability of the business. This would likely include our accounting and service files. Before we would permit this disclosure, we would obtain an agreement from such third party to keep all personal information confidential.
If we plan to use or disclose personal information we have collected for a purpose not previously identified, we will make a reasonable effort to specify the identified purposes, orally or in writing, to the individual from whom the personal information has been collected before use or disclosure.
Generally all personal information is held in strict confidence and we will obtain consent, either express or implied, to use or disclose personal information about an individual unless otherwise permitted or required by law.
We will take appropriate steps to ensure adequate safeguards are in place to protect the personal information which we obtain.
Our safeguards include ensuring the paper information is stored in a supervised or secure location, including locked filing cabinets and restricted access to our offices and that electronic information is also secure with restricted third party access and through the use of passwords. Our staff is trained to ensure that they are aware of the sensitivity of such information and that they will collect, use and disclose personal information only as necessary to perform their duties and in accordance with this policy. Our third party contractors or agents who have access to personal information will be required to confirm that they follow appropriate privacy practices.
While we do not intend to keep personal information for longer than is reasonable, we do keep personal information for some time so that we are able to answer questions about our services and to account to regulatory authorities. We also keep this information so that we are able to inform our clients when their training certificates are due to expire. Our accounting and financial files are normally kept for a minimum of seven (7) years. Our client contact information and directories are kept longer unless you advise us that you wish to have the same removed.
We destroy paper files with personal information by shredding or discarding same in garbage receptacles; we destroy electronic information by deleting it. We may also send or return the personal information to our client.
With some exceptions, we will give you access to the personal information we retain about you upon request. We will need to confirm your identity before providing such access. Other exceptions may include information that contains references to other individuals or contains confidential commercial information, where such information cannot be severed from the record.
If you believe there is a mistake in the personal information we have, you have the right to ask that it be corrected. You may be required to provide documentation confirming the error. Where we agree that there is a mistake, we will correct the information and notify anyone to whom we have sent this information. If we do not agree that a mistake has been made, we will include in our file a brief statement from you on the point and will forward that statement to anyone else to whom we had provided the information.
We will from time to time review and revise our privacy practices and this Privacy Policy. In the event of an amendment, a notice will be posted on our website: www.gemc.ca or in our offices or other appropriate firm communications. Any changes will apply from the date of posting on the website.
Any questions or complaints about our Privacy Policy can be directed to our Privacy Officer:
Noreen Byers
GEMC Inc.
282 Maurice Drive,
Oakville, Ontario
L6K 2X3
905.466.6722 (phone)
905.901.3527
nbyers@gemc.ca (email)