The Company’s Controller is hereby designated as the Company’s Privacy Officer to maintain compliance with the 10 Principles included under the Personal information Protection and Electronic Documents Act (PIPEDA), a copy of which is attached as Schedule A. The Privacy Officer will review and monitor all complaints, as and when required.
The Privacy Officer may delegate responsibilities to other individuals within the Company to act on his/her behalf.
(a) The Company has determined that personal information is collected in the ordinary course of business from various sources, namely: employees, customers and shareholders. The Company has documented the purposes for the use of this personal information and will collect only that information necessary for the purpose identified.
(b) If the personal information collected by the Company will be used for a new purpose, it will also be documented and consent of the individual will be obtained before the information can be used for that purpose. Collection of this information will normally be done in writing; however, it may be done verbally.
(c) The Company will not collect information indiscriminately. Both the amount and the type of information collected will be limited to that which is necessary to fulfill the purpose identified.
(a) The Company will make a reasonable effort to ensure that the individual is advised of the purpose for which the information will be used.
(b) The Company will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use of disclosure of information beyond that required to fulfill the explicitly specified and legitimate purpose.
(c) Consent will not be obtained through deception.
(d) Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
(e) An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The Company will inform the individual of the implications of such withdrawal.
(a) Information will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.
(b) The Company will not routinely update personal information, unless such a process is necessary to fulfill the purpose for which the information was collected.
(c) Personal information that is used on an ongoing basis, including information that is disclosed to third parties, will generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.
Company will protect personal information against loss or
thefts, as well as unauthorized access, disclosure,
copying, use, or modification by implementing the
following safeguards and security measures:
(a) Access to personal information is restricted to those employees who require the information to perform their duties.
(b) Personal information that is stored in databases and computer systems is protected by the use of passwords, encryption files and firewalls.
(c) Personal information in paper form retained in cabinets and desk drawers is locked-up.
(d) Where personal information is transferred to external sources for processing, the Company has entered into contractual relationships where third parties are involved, in order that such personal information would be protected and safeguarded.
personal information has been used to make a decision
about an individual, such information is retained long
enough to allow the individual access to the information
after the decision has been made.
Personal information will be held for a minimum of
one year to a maximum of seven years.
Once it has been determined that the personal information is no longer required or has reached the maximum retention period, then all personal information will be destroyed, erased, or made anonymous in a manor that prevents unauthorized parties from gaining access to the information.
Materials, Brochures, etc.
Company will be open about its policies and practices with
respect to the management of personal information and it
will include the following information in all of it
communication materials, brochures, etc. when
communicating to individuals concerning the Privacy
(a) the name or title, the address, fax and phone numbers and email address of the person who is accountable for the Company’s policies and practices and to whom complaints or inquiries can be forwarded;
(b) how to access personal information held by the Company;
(c) a description of the type of personal information held by the Company, including a general account of its use;
(d) a copy of any brochures or other information that explains the Company’s policies, standards, or codes; and
(e) what personal information is made available to related organizations (e.g., other Global Railway Industries companies)
(a) Upon request, the Company will inform an individual whether or not the Company holds personal information about the individual. The Company may indicate the source of the information. The Company will allow the individual access to this information. However, it may choose to make sensitive medical information available through a medical practitioner. In addition, the Company will provide details on the use that has been made or is being made of this information and details of the third parties to which it has been disclosed.
(b) An individual may be required to provide sufficient information to permit the Company to provide details on the existence, use, and disclosure of personal information. The information provided will only be used for this purpose.
(c) In providing details of third parties to which it has disclosed personal information about an individual, the Company will provide a list of organizations to which it may have disclosed information about the individual.
The Company will respond to an individual’s
request within a reasonable time and at minimal or no cost
to the individual. The
requested information shall be provided or made available
in a form that is generally understandable.
For example, if the Company uses abbreviations or
codes to record information, an explanation will be
(e) When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the Company will amend the information as required. Depending upon the nature of the information challenged, amendment involves the corrections, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information question.
(f) If a challenge is not resolved to the satisfaction of the individual, the Company will record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.
Complaints and inquires relating to the Privacy
Policy and access to personal information shall be
Prime Steel Inc.
1666 Baseline Road West
Courtice, Ontario L1E 2S7
Or by email to firstname.lastname@example.org
Or by telephone to: 1-866-411-0211
by fax to: 905-432-3199
(b) All correspondence communicated internally and externally regarding the collection and use of personal information, will include details on how to contact the Privacy Officer
(c) Complaints received by the Privacy Officer will be documented and investigated, indicating the nature of the complaint and will be reported to the President for review. If a complaint is found to be justified, the Company will take appropriate measures, including, if necessary, amending its policies and practices.
Company receives requests for information by email from
visitors to its websites, as well as through the
processing of quotes and orders.
The Company uses the information received to
process and fill the request.
The request and any responses thereto are retained
for a period necessary to fulfill the Company’s legal
information is not disclosed to any third parties.
The Company has adopted the following 10 principles with respect to the protection of personal information that it collects from individuals and uses in the course of conducting business.
The Company is responsible for personal information under its control and shall designate an individual as the Company’s Privacy Officer as responsible for the Company’s compliance with the Personal Information and Electronic Documents Act.
The Company shall identify the purpose for which personal information is collected as or before the time the information is collected.
The knowledge and consent of the individual is required for the collection, use, or disclosure of personal information, except where inappropriate. Consent shall be obtained, either verbally or in writing.
The collection of personal information shall be limited to that which is necessary for the purposes identified by the Company. Information shall be collected by fair and lawful means.
Personal information shall not be used or disclosed for purposes other that those for which it was collected, except with the consent of the individuals or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
information shall be as accurate, complete, and up-to-date
as is necessary for the purposes for which it is to be
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
The Company shall make readily available to individuals specific information about its policies and practices to the management of personal information.
Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the Company’s compliance.
We are committed to respecting your privacy and safeguarding your personal information. We are committed to meeting or exceeding the privacy standards established by federal and provincial legislation. Our information handling policies comply with the federal Personal Information Protection and Electronic Documents Act. (PIPEDA).
What defines personal information?
Personal information is information that identifies you as an individual and relates specifically to you. This information includes your age, gender, Social Insurance Number, income, marital status, race, ethnic origin, nationality, religious or political beliefs, medical information, education, employment or criminal records, employee files, loan or credit records, internet browsing logs, etc.
is not covered?
Personal information does not include information that is required to contact you at a place of business, such as your name, position or title, business address, business phone number, business fax or business email address.
How do we use your personal information?
To establish credit accounts for individuals operating under their own name and/or with other unincorporated trade systems;
To process C.O.D. orders where a personal cheque or credit card number has been provided;
To identify chattels pledged and/or the officers of a corporation who may be providing personal security;
To track business owners that have defaulted in their payment obligations.
To whom do we disclose your personal information?
For the purpose described above, we may need to share your personal information with third parties. These other parties commonly include:
Credit personal within the Company
Financial institutions when conducting reference checks
Legal counsel retained by the Company
When required by court order
can we disclose your personal information?
We can only disclose your personal information if we have your explicit consent or:
When there is a contract and the information is required
When we are required or permitted to do so by law
When transfers of business are involved
we protect your personal information?
Appropriate security measures have been developed and implemented to protect all personal and confidential information. Physical measures include locked file cabinets and restricted access to file rooms and offices. Technological measures include the use of passwords, encryption and firewalls to ensure that electronic data is secure.
commitment to you:
We will not collect, use or disclose your personal information for any purposes other than those that we identify to you.
We will keep your personal information only as long as we need to fulfill the stated purpose or as long as is required by law.
We will maintain your personal information in as accurate, complete and up-to-date form as possible.
We will safeguard your personal information to the best of our ability.
We will respond to any request that you make to access or correct the personal information that we collect about you.
We will obtain the appropriate consent from you for the collection, use and disclosure of your personal information.
You have the right to access your own personal information.
You have the right to request that errors be corrected in your personal information.
You have the right to obtain information about the way in which personal information is used by Prime Steel Inc.
You have the right to obtain the names of individuals and organizations to which your personal information has been disclosed.
You have the right to refuse to allow us to obtain, use or share certain personal information or you can withdraw a previously given consent at any time.
We will respond to you promptly and do our best to resolve your concerns.
Prime Steel’s Privacy Officer
1666 Baseline Road West
Courtice ON L1E 2S7