The information we collect is maintained in a secure database and access is limited to specific employees at OnPath. We collect personal information from our website visitors in the regular course of doing business. Below are details about what we collect and how we are protecting the information you provide to us.
WHAT INFORMATION DO YOU COLLECT?
When you first visit our website we install a cookie. This cookie provides us with knowledge about your computer IP address, location and pages you visited on our website. When you complete a form we also collect:
- First Name
- Last Name
If you do not wish to have a cookie installed on your computer you can clear your cache and history or enable your browser to block cookies.
HOW DO WE USE THIS INFORMATION?
Information provided to us is used only for the purposes of direct communication with you. We will not disclose your information to another company without your consent. The main reasons we collect information are:
- Customer relationship management
- Customer service
In some cases, we may pass on your name and email address (eg. to a email software program to complete a delivery) where consent is implied because we have an ongoing business relationship with you.
CANADA’S ANTI-SPAM LEGISLATION (CASL)
We do everything we can to stay in compliance with CASL to ensure that our email lists are up-to-date, accurate and secure. You can unsubscribe and withdrawal your consent from our email communications at any time.
Personal information includes all identifiable individuals, presented in any form, such as: age, name, ID number(s), income, ethnic origin, opinions, evaluations, social status, disciplinary actions, credit records, loan records, and medical records.
All OnPath employees must read, understand and comply.
While exercising its right to collect, use and disclose personal information or data for legitimate business purposes, OnPath is committed to protecting the personal/operational information and data concerning, in all Canada provinces and countries where business is conducted.
OnPath clients and their operations
in order to maintain strict rules of conduct to minimize the risk of:
Loss of Privacy
Loss of Trust
OnPath’s principles for information handling practices are based on the Personal Information Protection and Electronic Documents Act (PIPEDA), outlined in the following:
OnPath is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles:
OnPath shall identify the purposes for which personal information is collected at or before the time the information is collected.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
The collection of personal information shall be limited to that which is necessary for the purposes identified by OnPath. The information shall be collected by fair and lawful means.
LIMITING USE, DISCLOSURE, AND RETENTION
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
OnPath shall make readily available to individuals’ specific information about its policies and practices relating to the management of personal information.
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual(s) accountable for the organization’s compliance.
1.1 The IT director and the managers responsible for each division of OnPath oversee the application of this policy and take corrective action on violations and on non-compliance. The IT director is responsible for the development and implementation of specific privacy policies and procedures.
1.2 OnPath employees who have concerns regarding the privacy of their own information, or that of a subcontractor/client should report their concerns as well as any weakness in the measures protecting such information.
Divisions who manage client personal or operational information and data, as a result of providing services to these clients, must be protected. Any violation of client personal/operational information or data, in the context of providing services to these clients, should be reported directly to the IT director or division manager.
Attention: Privacy Officer
OnPath Business Solutions
1165 Kenaston Street, Ottawa, ON, K1B 3N9
1.3 Contracts or other means must be used to ensure that when third parties process personal information on the behalf of OnPath, they maintain a comparable level of privacy protection.
1.4 OnPath will implement policies and practices to give effect to the privacy principles, including:
Implementing procedures to protect personal information
Establishing procedures to receive and respond to complaints and inquiries
Training staff and communicating information about OnPath policies and practices
Developing information to explain OnPath policies and procedures
2. IDENTIFYING PURPOSE OF COLLECTION
2.1 OnPath must identify the purposes for which personal information is collected at or before the time of collection. This will allow OnPath to determine the information it needs to collect in order to fulfill these purposes. OnPath shall also examine opportunities for using non-identifiable information (i.e., coded or anonymous data) other than personal information to meet these purposes.
2.2 OnPath shall document the purpose for which personal information is collected in order to comply with the Openness principle and the Individual Access principle.
2.3 When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.
2.4 Persons collecting personal information should be able to explain to individuals the purposes for which the information is being collected.
3.1 OnPath must obtain consent for the collection, use and disclosure of personal information, at or before the time of collection, except where not appropriate (e.g., exchange of information with credit agency for a loan).
3.2 OnPath should seek expressed consent when the information is considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. Individuals can give consent in several forms. For example:
An application form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is granting consent to the collection and the specified purpose;
A check-off box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of this information to third parties;
Consent may be given orally when information is collected over the telephone; or
Consent may be given at the time the individual(s) uses a product or service.
3.3 OnPath shall make reasonable efforts to advise the individual of the purpose for which the information will be used.
3.4 OnPath must inform individuals that they may withdraw consent at any time and clearly explain the implications of their withdrawal to the person(s).
4. LIMITING COLLECTION
4.1 OnPath shall collect only the type and amount of personal information necessary for the identified purpose. This has to be done in a fair and lawful fashion with no deception or misleading of the individual(s).
4.2 OnPath shall specify the type of information collected as part of its information-handling policies and practices.
5. LIMITING USE, DISCLOSURE, AND RETENTION
5.1 OnPath must use and disclose personal information in its control only for the purpose for which it was collected unless consent is obtained, or the use or disclosure are required by law.
5.2 Certain OnPath employees may be given access to customer and/or employee information in so far as their duties require access for business purposes. OnPath employees are governed by a confidentiality agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated business purposes.
5.3 OnPath shall document the use of personal information for any new purpose not initially communicated to customers when receiving their consent.
5.4 OnPath must retain information only as long as necessary and dispose of all sensitive information in a secure manner according to the OnPath Data Security Policy and Procedures.
5.5 Personal information used to make a decision about an individual should be retained long enough to allow the individual to access that data and challenge its accuracy.
6.1 The extent to which personal information will be accurate, complete, and up-to-date depends upon the use of the information, taking into account the interests of the individual. The information shall be sufficiently accurate, complete, and up-to-date to minimize the risk that inappropriate information is used to make a decision concerning the individual.
6.2 OnPath shall not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected.
6.3 Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly stated.
7.1 OnPath will implement security safeguards to protect personal information under its control against loss or theft, and unauthorized access, disclosure, copying, use, or modification.
7.2 The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.
7.3 OnPath protects all personal information regardless of the format in which it is held. The methods of protection include:
Physical measures, such as locked filing cabinets and restricted access to offices;
Organizational measures, such as security clearances and limiting access on a “need-to-know” basis;
Technological measures, such as the use of passwords and encryption.
7.4 OnPath ensures its employees are aware of the importance of maintaining the confidentiality of personal information. OnPath employees are governed by a confidential agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated business purposes.
7.5 OnPath will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
8.1 OnPath will implement its policies and practices with respect to the management of personal information by ensuring it is easily comprehended and accessible by providing upon request:
The name, title, and address of the Privacy Officer accountable for OnPath’s policies and practices as well as to whom complaints or inquiries can be forwarded;
The means of gaining access to personal information held by OnPath
A description of the type of information held by OnPath and/or its subsidiaries, including a general account of its use.
9. INDIVIDUAL ACCESS
9.1 Upon request, OnPath will inform individuals whether or not the organization holds personal information on them and provide access to that data in a reasonable time, and at minimal or no cost. The requested information will be made available in a form that is easily understood.
9.2 OnPath will allow an individual access to his or her personal information once the individual has provided OnPath with a written request. The request will include sufficient information to permit OnPath to provide an account of the existence, use, and disclosure to any third parties of this personal information.
9.3 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, OnPath will amend the information as required. Depending upon the nature of the information challenged, an amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
9.4 When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge will be recorded. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.
10. CHALLENGING COMPLIANCE
10.1 OnPath will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information.
10.2 OnPath will make every effort to explain its inquiry and complaint procedures to individuals.
10.3 OnPath will investigate all complaints. If a complaint is found to be justified, OnPath will take appropriate measures, including, if necessary, amending its policies and practices.