Scope and Application
Personal information which may fall under the policy may include but is not limited to social insurance number, drivers license number, credit card information, payment and banking information, details of calls, internet user names and activity reports, passwords and PIN numbers. This Personal information may be collected when a person subscribes to or uses our voice (local, long distance), data, Internet services or products. It will also be collected when a person makes any inquiries by telephone, signs an agreement, registers or provides information by email or through the internet, inquiries about his/her services, registers online, makes additional orders for services or when he/she makes a complaint.
Guidelines For Internet/Website Users
AIC also reminds users that voluntarily disclosed information online in discussion areas or other public areas of our Websites can be collected and used by third parties and may result in unsolicited messages from third parties. Unfortunately, such activities are beyond the control of AIC.
Any submissions made to discussion areas or other public areas on our Websites are done so with the users’ understanding that they are accessible to third parties. If comments are not intended for third parties, you are advised not to make any submissions.
In any event, users can request AIC to cease from sending electronic mail or advertising from AIC or its authorized agents at any time by simply contacting us below.
AIC’s policy generally and in connection with Internet use is subject to the requirements or provisions of any applicable legislation, regulations or agreements, or order of any court, or other lawful authority. Your use of our Websites is also subject to these requirements as well as AIC’s Terms and Conditions of Services which is available for viewing at www.aicom.com.
The Privacy Principles AIC Follows
To better understand our policy; AIC has set out some definitions to use when reading and interpreting the principles below:
collection - the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent - voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of the Company. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
customer - an individual who uses, or applies to use, the Company’s products and services or otherwise provides personal information to the Company in the course of the Company’s commercial activities.
disclosure - making personal information available to a third party.
Company - AIC Global Communications Inc. and its affiliates.
personal information - information about an identifiable individual but not aggregated information that cannot be associated with a specific individual.
For a customer, such information includes social insurance and driver license number, credit card and banking information, usage and billing records, user names, passwords and PIN numbers.
For an employee, such information includes information found in personal employment files, performance appraisals, and medical information.
third party - an individual other than the customer, or the customer’s agent, or organization outside the Company.
use - the treatment, handling, and management of personal information by and within the Company.
Principle 1 – Accountability
AIC is responsible for personal information under its control. Responsibility for ensuring compliance with the provisions of AIC policy rests with the Privacy Officer within the Company.
1.1Other individual within the Company may be delegated to act on behalf of the Privacy Officer or to take responsibility for the day-to-day collection and processing of personal information.
1.2The Company is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing or other purposes related to the Company’s business and operations. The Company shall use contractual or other means to provide a comparable level of protection while the information is in the possession of the third party. (See principle 7)
1.3The Company shall implement policies and procedures to give effect to the Company’s Privacy Code, including:
a) implementing procedures to protect personal information;
b) establishing procedures to receive and respond to inquiries or complaints;
c) training and communicating to employees about the Company’s policies and practices; and
d) developing public information to explain the Company’s policies and practices.
Principle 2 – Identifying Purposes for Collection of Personal Information
The Company shall identify the purposes for which personal information is collected at or before the time the information is collected.
2.1The Company collects personal information only for the following purposes:
a)to establish and maintain responsible commercial relations with customers and to provide ongoing service and offers;
b)to understand customer needs and preferences;
c)to develop, enhance, market or provide products and services;
d)to manage and develop the Company’s business and operations, including personnel and employment matters; and
e)to meet legal and regulatory requirements.
Further references to identified purposes mean the purposes identified in this Principle 2.1.
2.2The Company shall specify orally, electronically or in writing the identified purposes to the customer or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person with the Company who shall explain the identified purposes.
2.3Unless required by law, the Company shall not use or disclose for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer or employee.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a customer or employee are required for the collection, use or disclosure of personal information, except where inappropriate.
3.1In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, the Company may collect, use or disclose personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way.
The Company may also collect, use and disclose personal information without knowledge or consent if:
a)seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law;
b)there is an emergency where the life, health or security of an individual is threatened; or
c)disclosure is to a lawyer representing the Company, to collect a debt, to comply with a subpoena, warrant or other court order, or otherwise required by law.
3.2In obtaining consent, the Company shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. The customer or employee shall state purposes in a manner that can be reasonably understood
3.3Generally, the Company shall seek consent to use and disclose personal information at the same time it collects the information. However, the Company may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
3.4The Company will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.
3.5In determining the appropriate form of consent, the Company shall take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees.
3.6In general, the use of the Company products and services by a customer or visitor to a Website, or the acceptance of employment or benefits by an employee, constitutes implied consent for the Company to collect, use and disclose personal information for all identified purposes.
3.7A customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and employees may contact the Company for more information regarding the implications of doing so.
Principle 4 – Limiting Collection of Personal Information
The Company shall limit the collection of personal information to that which is necessary for the identified purposes. The Company shall collect personal information by fair and lawful means.
4.1The Company collects personal information primarily from its customers and visitors to its Websites or employees.
4.2The Company may also collect personal information from other sources including but not limited to credit bureaus or other third parties who represent that they have the right to disclose the information.
Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
The Company shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. The Company shall retain personal information only as long as necessary for the fulfillment of those purposes, or as required by law.
5.1The Company may disclose a customer’s personal information to:
a)another communications company for the efficient and cost-effective provision of telecommunications services;
b)a company involved in supplying the customer with communications or communications directory related services;
c)a company or individual retained by the Company to perform functions on the Company’s behalf, such as research and data processing;
d)another company or person for the development, enhancement, marketing or provision of any of the Company’s products or services;
e)credit grantors and report agencies;
f)an agent used by the Company to evaluate a customer’s credit worthiness or to collect the customer’s account
g)a public authority or agent of a public authority, if in the reasonable judgment of the Company, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information;
h)a person who, in the reasonable judgment of the Company, is seeking the information as an agent of the customer; and
i)law and emergency require a third part or parties, where the customer consents to such disclosure or disclosure
5.2The Company may disclose personal information about its employees:
a)for normal personnel and benefits administration;
b)in the context of providing references regarding current or former employees in response to requests from prospective employers; or
c)where law requires disclosure.
5.3Only those Company employees who require access for business need to know, or whose duties reasonably so require, are granted access to personal information about customers and employees.
5.4The Company shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or employee, the Company shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or employee, either the actual information or the rationale for making the decision.
5.5Personal information that is no longer necessary or relevant for the identified purposes or required to be retained by law shall be destroyed, erased or made anonymous. In any event, the Company shall maintain reasonable and systematic controls, schedules and practices for such information, its retention and destruction.
Principle 6 – Accuracy of Personal Information
Personal information the Company maintains shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1Personal information used by the Company shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.
6.2The Company shall update personal information about customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7 – Security Safeguards
The Company shall protect personal information through security safeguards appropriate to the sensitivity of the information.
7.1The Company shall use appropriate security measures to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction regardless of the format in which it is held. The Company shall use care in disposing of or destroying personal information to prevent unauthorized parties from gaining access to the information.
7.2The Company shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
7.3All of the Company’s employees with access to personal information shall be required as a condition of employment to contractually respect the confidentiality of personal information.
Principle 8 – Openness Concerning Policies and Practices
The Company shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.
8.1The Company shall make information about its policies and practices easy to understand, including:
a)the title and address of the person or persons accountable for the Company’s compliance with the Privacy Code and to whom inquiries or complaints can be forwarded;
b)the means of gaining access to personal information held by the Company; and
c)a description of the type of personal information held by the Company, including a general account of its use.
8.2The Company shall make available information to help customers and employees exercise choices regarding the use of their personal information and the privacy-enhancing services available from the Company.
Principle 9 – Customer and Employee Access To Personal information
The Company shall inform a customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information, except in certain circumstances. A customer or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
NOTE: In certain situations, the Company may not be able to provide access to all of the personal information it holds about a customer or employee. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that is subject to solicitor-client or litigation privilege, or, in certain circumstances, information of a medical nature. The Company shall provide the reasons for denying access upon request.
9.1Upon request, the Company shall afford customers and employees a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time and at a minimal or no cost to the individual.
9.2Upon request, the Company shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, the Company shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.3In order to safeguard personal information, a customer or employee may be required to provide sufficient identification information to permit the Company to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
9.4The Company shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, the Company shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.5A customer can obtain information or seek access to his or her individual files by contacting a customer service representative.
9.6An employee can obtain information or seek access to his or her individual files by contacting his or her manager or Human Resources.
Principle 10 – Challenging Compliance
A customer or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for the Company’s compliance with the policy.
10.1The Company shall maintain procedures for addressing and responding to all inquiries or complaints from its customers and employees about the Company’s handling of personal information.
10.2The Company shall inform its customers and employees about the existence of these procedures as well as the availability of complaint procedures.
10.3The person or persons accountable for compliance with the Company’s policy may seek external advice where appropriate before providing a final response to individual complaints.
10.4The Company shall investigate all complaints concerning compliance with the policy. If a complaint is found to be justified, the Company shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.
For inquiries or more information, please contact us directly through our Privacy Office as follows by:
Mail: Suite 951 – 409 Granville Street,
Vancouver, BC V6C 1T2
Attention: Privacy Office