Privacy Policy

Personal Information Protection and Electronic Documents Act (PIPEDA)
Author: Direct Focus (August 16, 2019)
Document version 2.0

Purpose of the Policy

We have developed this Privacy Policy to comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA sets out rules that govern how we may collect, use and disclose personal information in the course of our activity. In this document we refer to Direct Focus Marketing Communications Inc. as “we” or “Direct Focus,” and to any other relevant parties as “you,” or “Individual.”

The Ten Principles of PIPEDA

Here is a summary of the ten principles of PIPEDA that form the basis of this Policy.

  1. Accountability: Organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities. This includes but isn’t limited to the appointment of a Chief Privacy Officer.
  2. Identifying Purposes: Organizations must explain how and why information will be used at the time it is collected. Collected information may be used for only those purposes.
  3. Consent: Organizations must obtain the Individual’s express or implied consent when they collect, use or disclose that Individual’s personal information.
  4. Limiting Collection: The personal information collected must be limited to only the amount and type that is reasonably necessary for the purposes identified.
  5. Limiting Use, Disclosure and Retention: Personal information may be used only for the purposes identified and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure.
  6. Accuracy: Organizations are required to keep personal information in active files that are accurate and up to date.
  7. Safeguards: Organizations must use physical, organizational and technological safeguards to protect personal information from unauthorized access or disclosure.
  8. Openness: Organizations must inform users about their privacy policies and procedures.
  9. Individual Access: An Individual has a right to access personal information held by an organization and to challenge its accuracy if necessary.
  10. Challenging Compliance: The Principle of Challenging Compliance states that Individuals are able to challenge an organization’s compliance on any of the Privacy Principles of PIPEDA. This means organizations must have simple, easy-to-use procedures in place to receive and respond to complaints and inquiries.

Application

This Privacy Policy applies to the Direct Focus Board of Directors and to any/all partners, clients, or site users. We ensure that all of our third-party service providers will sign confidentiality agreements before any transfer of personal information in the course of service interactions with Direct Focus.

Definitions

PIPEDA The following is a list of basic terms used in this Policy and the PIPEDA definitions of them.

Personal information:

Any information about an identifiable Individual, including without limitation information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, marital status, education, employment health history, assets, liabilities, payment records, credit records, loan records, income and information relating to financial transactions as well as certain personal opinions or views.

Business information:

The business name, business address, business telephone number, name(s) of owner(s),officer(s) and director(s), job titles, business registration numbers (GST, RST, source deductions) and financial status. Although business information is not subject to PIPEDA, confidentiality of business information is treated with the same security measures by Direct Focus staff, users, management and the Board of Directors as for the personal information of Individuals under PIPEDA.

Client:

The business that is considering or already receiving services from Direct Focus, including sole proprietorships and individuals carrying on business in a partnership.

Individual:

The client’s owner(s) or shareholders, co-signors, and/or any guarantor associated with a client and/or site user.

Database:

The list of names, addresses and telephone numbers of site users, clients, and individuals held by Direct Focus in computer files, paper files, computer hard drives, tablets, devices, etc.

File:

Any information collected/updated to service/maintain site users or clients.

Implied Consent:

An assumption by the organization that the Individual consents to the information being used, retained and disclosed for the original purposes stated, unless notified by the Individual.

Third Party:

A person or company who provides services to Direct Focus, to support services already offered by Direct Focus, with whom an Individual does business.

Why Collect Personal Information?

Personal information is collected in order to assess the needs and requirements of clients and site users in order to properly service them. The clients and site users are the main source of information, but Direct Focus will also ask to obtain information directly from a third source where the individual does not have the required information.

Consent

Your express, written consent will be obtained before or at the time we collect your personal information. We will tell you the reasons for collecting, using or disclosing personal information when we seek your consent. Once you give consent for Direct Focus to use your information for those purposes, we will use implied consent to collect or receive any necessary supplementary information. Whether you are a Client or an Individual, you may make a written request to withdraw consent to Direct Focus’s use of personal information at any time before your application (for services or employment) is approved. This Privacy Policy does not cover statistical data in which the identity of individuals cannot be determined. Direct Focus retains the right to use and disclose statistical data as it deems appropriate.

Limiting Collection

The collection of personal information will be limited to the purposes set out in this Privacy Policy, to Direct Focus credit applications, and/or to other forms.

Limiting Use, Disclosure and Retention

Use of Personal Information

Personal information will only be used for the purposes to which you have given consent, with the following exceptions as permitted under PIPEDA:

Direct Focus may use personal information without your consent, when

  • We have reasonable grounds to believe the information could be useful when investigating the contravention of a federal, provincial or foreign law and the information is used for that investigation
  • An emergency exists that threatens an individual’s life, health or security
  • The information is for statistical study or research
  • The information is publicly available
  • The use is clearly in the individual’s interest, and consent is not available in a timely manner
  • Knowledge and consent would compromise the availability or accuracy of the information, and collection is required to investigate a breach of an agreement.

Disclosure and Transfer of Personal Information

Personal information will be disclosed only to Direct Focus for work-related purposes. Personal information will be disclosed to third parties only with the Individual’s knowledge and consent.

PIPEDA permits Direct Focus to disclose personal information to third parties without an individual’s knowledge and consent for specific reasons:

  • If requested by a lawyer representing Direct Focus
  • To collect a debt owed to Direct Focus by the Individual or Client
  • To comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction
  • If requested by a law enforcement agency during a civil or criminal investigation
  • If requested by a government agency or department
  • When required by law

PIPEDA permits Direct Focus to transfer personal information to a third party, without the Individual’s knowledge or consent, if the transfer is simply for processing purposes and the third party uses the information only for the purposes for which it was transferred. Direct Focus ensures, by contractual or other means, that the third party will protect the information and use it only for the purposes for which it was transferred.

Retention of Personal Information

Personal information will be retained as long as the individual is active and for such periods of time as may be prescribed by applicable laws and regulations. Information contained in an inactive file will be retained for a period of ten (10) years.

Definitions – Direct Focus

The following is a list of specific Privacy Policy terms and how Direct Focus defines them.

Accuracy:

We endeavor to ensure that any personal information provided by the Individual is accurate, current and as complete as necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. If there is a change to an individual’s personal or business Information, please notify Direct Focus immediately. We will not update information contained in inactive files.

Safeguards:

We will use physical, organizational, and technological measures to safeguard personal information, which will be available only to Direct Focus employees or third parties who need to know personal information for the purposes set out in this Privacy Policy. Employees must sign a confidentiality agreement binding them to maintain the confidentiality of all personal, client, and third party information to which they have access. All inactive files or personal information no longer required will be shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons. Personal information contained in Direct Focus computers and electronic databases are password protected. Access to any of our computers is also password protected. Direct
Focus’s internal firewall has protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from Internet activity.

Openness:

We will endeavor to make our privacy policies and procedures known to each Individual through this Privacy Policy. This document is also available on a password-protected Direct Focus server.

Individual Access:

If you wish to learn to whom your information has been disclosed (as permitted by PIPEDA), you may make a request for access in writing to our Chief Privacy Officer. Once we’ve verified your identity, the Chief Privacy Officer will respond within 60 days. If you find that the information held by Direct Focus is inaccurate or incomplete and can provide documentary evidence to verify correct information, we will make the required changes to your active file(s) promptly.

Complaints & Recourse:

If you have a concern about any of our personal information handling practices, you may make a complaint in writing to the attention of our Chief Privacy Officer. Once we’ve verified your identity, the Chief Privacy Officer will act promptly to investigate your complaint and provide a written report of the investigation’s findings to you. If our Chief Privacy Officer determines that your complaint is well founded, he or she will take the necessary steps to correct the offending information handling practice and/or revise our privacy policies and procedures. If our Chief Privacy Officer determines that your complaint is not well founded, you will be notified in writing. If you are dissatisfied with the decision and action taken by the Chief Privacy Officer, you may send a complaint to the Federal Privacy Commissioner at this address:

The Privacy Commissioner of Canada
112 Kent Street, Ottawa,
Ontario K1A 1H3
Tel 1-800-282-1376
E-mail address: www.privcom.gc.ca

Questions, Access Request & Complaint:

Any questions regarding this or any other privacy policy of Direct Focus may be directed to our Chief Privacy Officer. To requests access to information or to make a complaint, send a letter to the Chief Privacy Officer at the address below:

Chief Privacy Officer
Direct Focus Marketing Communications
315 Pacific Avenue
Winnipeg, MB
R3A 0M2
E-mail address: [email protected]

Amendments:

This Privacy Policy for Direct Focus is in effect as of January 1, 2004. The policy is subject to amendment in response to developments in the privacy legislation. The Chief Privacy Officer will review and revise the Privacy Policy from time to time as required by changes in privacy law.