Canada's Personal Information Protection & Electronic Documents Act (PIPEDA)
The 'Act' sets out ground rules for the management of 'Personal Information' in the private sector. It balances an individual's right to privacy of Personal Information with the needs of organizations to collect, use, or disclose Personal Information for legitimate business purposes. The Act defines Personal Information as "... information about an identifiable individual." but "... does not include, the name, title, business address, or telephone number of an employee of an organization." The Act establishes the Privacy Commissioner of Canada as the ombudsman for complaints under the new law.
For more information about the Act, visit: https://www.priv.gc.ca/en/privacy-topics/
Statement of Compliance
The development and implementation of Systegral's privacy framework takes into account the principles of the Act.
Systegral is committed to control the collection, use, and disclosure of personal Information in accordance with the Act. We have adopted the Canadian Standards Association (CSA) Code model for the protection of Personal Information, which is included in the Act as Schedule 1.
Systegral is responsible for Personal Information under its control and shall designate a Privacy Officer who will be responsible for its compliance with the Act.
2. Identifying Purposes
Before or at the time the personal Information is collected, Systegral shall identify the purposes for which the information is collected.
The knowledge and consent of the individual are required for the collection, use, or disclosure of Personal Information, except where exempted under the Act.
4. Limiting Collection
The collection of Personal Information shall be limited to that which is necessary for the purposes identified. All information shall be collected by open, fair, and lawful means.
5. Limiting Use, Disclosure, & Retention
Any Personal Information shall only be used for the purposes identified. It shall not be used or disclosed otherwise, except with the consent of the individual, or where exempted under the Act. The retention of the information shall only be for the period required to satisfy the purposes identified.
Any Personal Information shall be as accurate and complete as required for the purposes identified.
Any Personal Information shall be safeguarded through security measures appropriate to the information sensitivity, extent of distribution, format, and type of storage.
Systegral shall make readily available its policies and practices regarding its handling of Personal Information.
9. Individual Access
Upon request, an individual shall be informed about the existence, use, and disclosure of their Personal Information, except where exempted under the Act. They shall be given access to that information, challenge the accuracy thereof, and have the information amended as appropriate, except where exempted under the Act.
10. Challenging Compliance
An individual shall be able to complain to Systegral's Privacy Officer regarding its compliance with the principles of the Act.
Privacy Contact Info
If you have a question regarding Systegral's privacy framework, would like to launch an access request, or would like to challenge its compliance with the principles of the Act as outlined above, please contact the Privacy Officer via e–mail or regular post.
1627 Valley Ridge Cres
Pickering, ON L1V 6S5
Attn: Privacy Officer
If you are not satisfied with the response from the Privacy Officer, you may have recourse to the...