Like companies across Canada, DATA Communications Management Corp. (DCM) must abide by the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA regulates the collection, use and disclosure of personal information. This federal law, along with “substantially similar” laws in some provinces, stipulates that no collection, use or disclosure of personal information can be done without consent.
Personal information is defined as information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization.
We are responsible for a customer’s or third party’s personal information that has been transferred or received with their consent in the course of doing business with them. We are responsible for ensuring that information is secure, used correctly, and disposed of properly.
We do not collect or use personal information for its own purposes. As a third-party service provider, we use customers’ personal information for the sole purpose of producing and and distributing communication. It is the customer’s sole responsibility to ensure the personal information they’ve provided is accurate and that they have appropriate consent to use it. By supplying this information to DCM, the customer authorizes that we may use it to complete a specific task on their behalf; however, they maintain full liability regarding information accuracy and individual consent.
Our collection and use of information is governed by PIPEDA’s 10 principles of privacy:
DCM is responsible for personal information in its control. As a result, the company has designated an individual as Chief Privacy Officer (CPO). Our CPO is accountable for DCM’s compliance with the 10 principles.
2. Identifying purposes
The purpose of the information and the way it is to be used must be clearly identified before DCM receives it. There are specific protocols for its transmission and handling, including project ID and individual access codes, which must be communicated to all relevant internal and external parties.
When a customer requires DCM to collect third-party personal data on their behalf, it is the customer’s responsibility to ensure the information collected is limited to the requirements of the corresponding project.
4. Limiting collection
Collection of personal information is limited to purposes related to and identified by DCM. Information must be collected in line with appropriate contractual arrangements, and by fair and lawful means, from sources such as credit bureaus or other relevant third parties.
5. Limiting use, disclosure and retention
Personal information is not to be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual, or as required or permitted by privacy laws. Personal information will be retained only as long as necessary for the fulfillment of those purposes or as required by law.
DCM keeps information as accurate, complete, and current as possible, updating it when necessary, or upon request.
DCM maintains appropriate physical and technological safeguards in all its facilities. File transfers containing personal information from outside sources must be encrypted and password-protected. Accepting unencrypted files is prohibited. Feel free to forward any concerns to your manager or directly to the CPO.
9. Individual access
Other than prohibited by law, all information has been and continues to be accessible upon request, within a reasonable time period.
10. Challenging compliance
If you have any questions or comments, or wish to file a complaint regarding our policy, please contact our Chief Privacy Officer:
Tel : (905) 791-3151
Fax : (905) 791-3277