Back arrow Back to Home

Introduction

In 2000, the federal government of Canada enacted The Protection of Personal Information and Electronic Documents Act (“PIPEDA”). Effective January 1, 2004, all organizations that collect, use or disclose personal information in the course of their commercial activities will be subject to PIPEDA or substantially similar provincial legislation (collectively, “privacy legislation”). See https://www.priv.gc.ca/information/pub/guide_org_e.pdf and
http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html (as amended July 1, 2014 and current to April27, 2015).

Briefly stated, privacy legislation requires that the consent of an individual be obtained for the collection and use of his or her personal information, that steps be taken to protect personal information and that one or more individuals be appointed to monitor compliance with the provisions of applicable privacy legislation.

Jolera Inc. (“Jolera”) and its subsidiaries, (collectively, the “Jolera Companies”), are committed to controlling the collection, use and disclosure of personal information provided by the customers and employees of each Jolera Company and have adopted this Privacy Policy to ensure the accuracy, confidentiality and integrity of such personal information.

Application

This Privacy Policy applies to personal information that a Jolera Company collects, uses or discloses in respect of any of its customers or employees in the course of its commercial activities.

It does not, however, apply in respect of the collection, use or disclosure of the following information by a Jolera Company:

information that is publicly available, such as a customer’s name, address, telephone number and electronic address, when listed in a directory or made available through directory assistance;

The application of this Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, tariffs or agreements (such as collective agreements), or the order of any court or other lawful authority. Various legal criteria independent of this Privacy Policy will determine whether federal or provincial privacy legislation applies to the personal information that a Jolera Company collects, uses or discloses in respect of its customers or employees. This Privacy Policy does not replace those criteria and nothing in this Privacy Policy should be construed as indicating which privacy legislation, if any, applies to the collection, use and disclosure of personal information.

Definitions

The following defined terms are used throughout this Privacy Policy:

Jolera – means Jolera Inc.

Jolera Companies - means, collectively, Jolera Group of Companies, and all of its subsidiaries with respect to their operations in Canada, and a Jolera Company means any one of them.

Collection – means the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.

Consent – means voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require an inference on the part of the Jolera Companies. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.

Customer – means an individual or organization who:

  1. Subscribes for, uses, or applies to use, the products or services of a Jolera Company;
  2. Corresponds with a Jolera Company.

Disclosure – means making personal information available to other Jolera Companies or third parties outside of Jolera.

Employee – means an employee, former employee or pensioner of a Jolera Company and, for the purposes of this Privacy Policy, includes the directors, shareholders and security holders of Jolera.

Personal information – means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, colour, age, gender, marital status, religion, education, medical information, criminal information, performance reviews, trade union membership, employment and financial history, income, address and telephone number, e-mail address, numerical identifiers such as Social Insurance Number, and views and personal opinions. Personal information also includes information about a customer’s product and service subscriptions and usage, credit information, billing records, service and any recorded complaints and, in the case of an employee, includes information found in personal employment files, performance appraisals and medical and benefits information. Publicly available information, such as a public directory listing of names, addresses, telephone numbers and electronic addresses, however, is not considered personal information.

Privacy legislation – means The Personal Information Protection and Electronic Documents Act (Canada) and/or substantially similar provincial legislation.

Third party – means an individual other than the customer/employee or his or her agent or an organization other than a Jolera Company.

Use – means the treatment, handling and management of personal information by the Jolera Companies.

The Ten Privacy Principles

This Privacy Policy has been developed in accordance with the standards set out in PIPEDA and is modeled after the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the “CSA Code”). Accordingly, the ten principles of fair information practices, as identified by the Canadian Standards Association, have been adopted by the Jolera Companies and represent a formal statement of the minimum requirements to be adhered to by each of the Jolera Companies for the protection of personal information collected from the customers and employees of the Jolera Companies.

Principle 1 - Accountability

Each Jolera Company is responsible for the personal information under its control and shall designate one or more individuals who shall be accountable for the company’s compliance with the procedures and principles set out in this Privacy Policy.

  1. 1.1 Accountability for compliance by each Jolera Company with the policies and procedures set out in this Privacy Policy rests with the Privacy Compliance Officer for that company, even though other individuals within the company may be responsible for the day-to-day collection and processing of personal information. The Privacy Compliance Officer may, from time to time, designate one or more individuals within the company to act on his or her behalf.
  2. 1.2 The name and contact information of the Privacy Compliance Officer for each Jolera Company shall be made available on the Jolera website at www.jolera.com, or the Jolera Intranet site and shall be made available upon request.

    Jolera Inc.
    777 Richmond St. West, Unit 2
    Toronto, Ontario, Canada
    M6J 0C2

    Attention: Jolera Privacy Compliance Officer
    416.410.1011

  3. 1.3 Each Jolera Company shall be responsible for the personal information in its possession or custody, including information that has been transferred to a third party for processing. Each Jolera Company shall use contractual or other appropriate means to ensure a comparable level of protection while the information is being processed by a third party.
  4. 1.4 The Jolera Companies have implemented policies and practices to give effect to the principles and procedures set out in this Privacy Policy, including:
    1. Implementing procedures to protect personal information such as the adoption of physical, organization and technological security measures;
    2. Establishing procedures to receive and respond to complaints and inquiries through the establishment of a confidential e-mail address and private phone line;
    3. Training and communicating to staff information about the Jolera policies and practices; and
    4. Developing public information to explain the Jolera policies and procedures.

Principle 2 - Identifying Purpose

Each Jolera Company will identify the purpose for which personal information is collected at or before the time the information is collected. The purposes for which information is collected, used or disclosed by a Jolera Company must be those that a reasonable person would consider are appropriate in the circumstances.

  1. 2.1 Each Jolera Company will document the purposes for which personal information is collected in order to comply with the Openness principle (See Principle 8) and the Individual Access principle (See Principle 9).
  2. 2.2 Identifying the purposes for which personal information is collected at or before the time of collection allows each Jolera Company to determine the information it needs to collect to fulfill these purposes. The Limiting Collection principle (Principle 4) requires each Jolera Company to collect only that information necessary for the purposes that have been identified.
  3. 2.3 The identified purposes for which personal information is collected shall be specified at or before the time of collection to the customer or employee from whom the personal information is collected. Depending upon the way in which the information is collected, this shall be done orally or in writing.
  4. 2.4 When a Jolera Company proposes to use personal information that has been collected for a purpose not previously identified, it will identify the new purpose before using such personal information. Unless the new purpose is required by law, or consent is otherwise not required pursuant to privacy legislation, the consent of the individual shall be obtained before the personal information is used for the new purpose.
  5. 2.5 Individuals responsible for collecting personal information on behalf of a Jolera Company will explain to customers and/or employees the purposes for which the information is being collected, including any purposes that may not be immediately obvious to the individual.
  6. 2.6 The purposes for which the personal information of employees is collected may include, but is not limited to:

    Administering payroll and employee benefit programs;
    Conducting performance evaluations and discipline;
    Effecting employee training;
    Conducting internal reviews, investigations and complaint resolution processes;
    Facilitating transactional due diligence reviews;
    Complying with legal and regulatory obligations.

  7. 2.7 The purposes for which the personal information of customers is collected may include, but is not limited to:

    Processing commercial transactions;
    Communicating with customers;
    Establishing and maintaining commercial relations;
    Developing, marketing or providing products and services;
    Recommending particular products and services;
    Conducting market research and surveys;
    Managing and developing business opportunities;
    Conducting investigations and complaint resolution processes;
    Facilitating transactional due diligence reviews;
    Complying with legal and regulatory obligations.

  8. 2.8 Anonymous or “non-personal” information gathered by a Jolera Company through its web site may be used for technical, research and analytical purposes.

Information collected through surveys, existing files and public archives may be used by a Jolera Company to analyze its markets and to develop or enhance service offerings.

Principle 3 - Consent

The knowledge and consent of the individual or customer are required for the collection, use or disclosure of personal information.

  1. 3.1 Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Generally, each Jolera Company will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to the use or disclosure of personal information may be sought after the information has been collected but before the personal information is used (for example, when a Jolera Company wants to use information for a purpose not previously identified). In obtaining consent, the Jolera Companies shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.
  2. 3.2 In certain circumstances personal information may be collected, used or disclosed without the knowledge and consent of the individual. For example, a Jolera Company may collect or use personal information without the knowledge or consent of its employees and/or customers if the collection or use of personal information is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated or if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law. Personal information may also be used or disclosed without the knowledge or consent of the individual in the case of an emergency where the life, health or security of an individual is threatened. A Jolera Company may disclose personal information without knowledge or consent to a lawyer representing the company, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required by law.
  3. 3.3 The Jolera Companies will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.
  4. 3.4 In obtaining consent, the Jolera Companies will take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees. Consent will not be obtained through deception. For example:
    An individual filing an application for employment with a Jolera Company would reasonably expect that his or her age and marital status would be used for the purposes of administering benefit plans.
    An employee filing an application for Jolera’s dental coverage plan would reasonably expect that the relevant information (employee identification number, name, date of birth) would be collected, used and communicated to third parties in accordance with the dental coverage and for such period of time as the coverage was in effect.
  5. 3.5 The way in which a Jolera Company seeks consent may vary, depending on the circumstances and the type of information collected. A Jolera Company will generally seek express consent when the information is likely to be considered sensitive. It will rely on implied consent only where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating. Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
  6. 3.6 Consent may be obtained in any one of the following ways:
    1. An application form may be used to seek consent, collect information and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses.
    2. A check-off box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of their information to third parties;
    3. Consent may be given orally when information is collected over the telephone; or
    4. Consent may be given at the time that individuals use a product or service.
  7. 3.7 Generally, the use of products and services by a customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for the Jolera Companies to collect, use and disclose personal information for all identified purposes.
  8. 3.8 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The Jolera Companies will inform individuals of the implications of withdrawing consent. Customers and employees may contact the relevant Jolera Company for more information regarding the implications of withdrawing consent.

Principle 4 - Limiting Collection

The Jolera Companies shall limit the collection of personal information to that which is necessary for the purposes identified by the company. Personal information shall be collected by fair and lawful means.

  1. 4.1 The Jolera Companies will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified. Each Jolera Company shall specify the type of information collected as part of its information-handling policies and practices, in accordance with the Openness principle (Principle 8).
  2. 4.2 The requirement that personal information be collected by fair and lawful means is intended to prevent a Jolera Company from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. Consent to the collection of personal information must not be obtained through deception.

Principle 5 - Limiting Use, Disclosure and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it was collected.

  1. 5.1 Where a Jolera Company intends to use personal information for a purpose not previously identified, the Jolera Company shall document the new purpose and shall obtain the consent of the individual prior to using the information for a new purpose.
  2. 5.2 A Jolera Company may disclose the personal information of its employees:
    1. To human resources, payroll, benefits, information management, medical and security personnel;
    2. To third party service providers for the purposes of administering payroll and benefits programs;
    3. To union representatives and labour arbitrators;
    4. To other Jolera Companies;
    5. To internal or external legal counsel and auditors;
    6. To the Privacy Compliance Officers of each Jolera Company;
    7. To the management personnel of each Jolera Company;
    8. In the context of providing references regarding current or former employees in response to requests from prospective employers and/or financial institutions;
    9. To prospective parties in the context of a transactional due diligence review; and
    10. Where disclosure is required by law.
  3. 5.3 A Jolera Company may disclose the personal information of its customers:
    1. To third party service providers, including newspaper distributors and carriers;
    2. To other Jolera Companies;
    3. To internal or external legal counsel and auditors;
    4. To the Privacy Compliance Officers of each Jolera Company;
    5. To the management personnel of each Jolera Company;
    6. To third parties for the development, enhancement or marketing of Jolera products or services;
    7. To an agent retained by the Jolera Companies in connection with the collection of the customer’s account;
    8. To credit grantors and reporting agencies;
    9. To a third party or parties, where the customer consents to such disclosure;
    10. To prospective parties in the context of a transactional due diligence review; and
    11. Where disclosure is required by law.
  4. 5.4 Except as required or permitted by law, when disclosure is made to a party other than a Jolera Company or a third party provider of personal information processing services, the consent of the individual shall be obtained and reasonable steps shall be taken to ensure that any such third party has personal information privacy procedures and policies in place that are at least comparable to those implemented by the Jolera Companies.
  5. 5.5 Unless authorized by the customer, the Jolera Companies will not sell, lease or trade the personal information of their employees or customers to other parties.
  6. 5.6 Personal information shall be kept only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or an employee, the relevant Jolera Company shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or employee, either the actual information or the rationale for making the decision.
  7. 5.7 The Jolera Companies have adopted guidelines and procedures with respect to the retention of personal information. Personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained, shall be destroyed, erased or made anonymous in accordance with the Jolera Document Retention and Destruction Policy.

Principle 6 - Accuracy

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

  1. 6.1 Personal information used by the Jolera Companies shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual customer or employee. The extent to which personal information will be accurate, complete and up-to-date will depend upon the use of the information, taking into account the interests of the individual.
  2. 6.2 The Jolera Companies will not, however, routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected. Personal information about customers and employees shall be updated only as and when necessary to fulfill the identified purposes or upon notification by the individual.
  3. 6.3 Each Jolera Company shall ensure that personal information that is used on an ongoing basis, including information that is disclosed to third parties, is generally accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

Principle 7 - Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

  1. 7.1 Each Jolera Company will implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
  2. 7.2 The nature of the safeguards will vary depending on (i) the sensitivity of the information that has been collected, (ii) the amount, distribution and format of the information, and (iii) the method of storage.
  3. 7.3 Physical measures such as locked filing cabinets and restricted access to offices, organizational measures such as security clearances and limiting access on a “need-to-know” basis, and technological measures such as the use of passwords and encryption have been adopted by each Jolera Company. in accordance with the Jolera Document Retention and Destruction Policy.
  4. 7.4 Each employee of a Jolera Company shall be made aware of the importance of maintaining the confidentiality of personal information.
  5. 7.5 Personal information disclosed to third parties shall be protected by contractual agreement stipulating the confidentiality of the information and the purposes for which it is to be used.
  6. 7.6 The disposal or destruction of personal information shall be carried out in accordance with the Jolera Document Retention and Destruction Policy to prevent unauthorized access to personal information.

Principle 8 - Openness

The Jolera Companies shall make readily available to its customers and employees specific information about its policies and practices relating to the management of personal information.

  1. 8.1 Each Jolera Company will be open about its policies and practices with respect to the management of personal information. Customers and employees shall be able to acquire information about the Jolera Companies’ policies and practices with respect to the management of personal information without unreasonable effort.
  2. 8.2 Such information shall be made available through each of the Jolera websites and through the Jolera Intranet sites and shall include:
    1. The name or title, and the address, of each Privacy Compliance Officer;
    2. The means of gaining access to personal information held by each Jolera Company;
    3. A description of the type of personal information held by each Jolera Company including a general account of its use;
    4. Copies of any brochures or other information that explain the Jolera;
    5. Companies’ policies, standards or codes; and
    6. A description of what personal information is made available to related organizations (e.g. subsidiaries).

Principle 9 - Individual Access

Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information except where a Jolera Company is permitted or required by law not to disclose personal information to the individual customer or employee. An individual customer or employee shall be able to challenge the accuracy and completeness of the information disclosed to him or her and have it amended as appropriate.

  1. 9.1 Upon request, a Jolera Company shall inform an individual customer or employee whether it holds personal information about that individual (except where permitted or required by law not to disclose personal information) and shall afford the individual a reasonable opportunity to review the personal information in his or her file at minimal or no cost to the individual. The Jolera Company shall provide an account of the use that has been made or is being made of the personal information and an account of the third parties to which the personal information has been disclosed. Where reasonably possible, the Jolera Company shall indicate the source of the personal information.
  2. 9.2 In order to safeguard personal information, a customer or employee may be required to provide sufficient identification information to permit the Jolera Company to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
  3. 9.3 In certain situations, the Jolera Companies may not be able to provide access to all of the personal information that they hold about a customer or employee. For example, the Jolera Companies are not required to provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Similarly, the Jolera Companies may not be required to provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, the Jolera Companies shall provide the reasons for denying access upon request.
  4. 9.4 In providing an account of third parties to which it has disclosed personal information about a customer or an employee, the Jolera Company shall attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed personal information, the Jolera Company shall provide a list of organizations to which it may have disclosed personal information about the customer or employee.
  5. 9.5 The Jolera Companies will respond to an individual’s request within a reasonable time and in any event within thirty (30) days of the request. The time for responding to a request may be extended for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of the Jolera Company, or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. The Jolera Companies may also extend the time for responding for such period of time as is necessary to be able to convert the personal information into an alternative format. The Jolera Companies will provide notice to the individual of any extension taken within thirty (30) days of the individual’s request and will advise the individual of the right to make a complaint to the Privacy Commissioner about the extension. They will provide the requested information or make it available in a form that is generally understandable. For example, if abbreviations or codes are used to record information, the Jolera Company will provide a corresponding explanation.
  6. 9.6 Upon request by an individual with sensory disabilities, the Jolera Company will give access to personal information about the individual in an alternative format if a version of the information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of the Jolera Company under Principle 10 or file a formal complaint pursuant to applicable privacy legislation.
  7. 9.7 The Jolera Companies shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to the accuracy or completeness shall be noted in the individual’s file. Where appropriate, the Jolera Companies shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
  8. 9.8 A customer can obtain information or seek access to his or her individual file by contacting Jolera Reader Sales and Service. An employee can obtain information or seek access to his or her individual file by contacting his or her immediate supervisor within the applicable Jolera Company.

Principle 10 - Challenging Compliance

An individual customer or employee shall be able to address a challenge concerning compliance with the principles in this Privacy Policy to his or her designated Privacy Compliance Officer.

  1. 10.1 The Jolera Companies shall maintain procedures for addressing and responding to all inquiries or complaints from its customers and employees about the companies’ handling of personal information.
  2. 10.2 The Jolera Companies will inform their customers and employees about the existence of these procedures as well as the availability of complaint procedures.
  3. 10.3 The Jolera Companies shall investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be justified, the relevant Jolera Company shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.
  4. 10.4 If an individual is not satisfied with the response from the Privacy Compliance Officer, he or she may have recourse to additional remedies under applicable privacy legislation. For further information, contact the applicable governmental agency.