The Plurilock Security Solutions Inc. Privacy Code sets out our privacy commitment to the protection of our employees, customers and client’s personal information. This Privacy Code is built on the ten principles of the Canadian Standards Association ( CSA) Model Code for the Protection of Personal Information which was published in March 1996 as a National Standard of Canada that have now been incorporated into both federal and provincial privacy laws.
“contact information” means information to enable an individual at a place of business to be contacted and includes the name, position name or title, business telephone number, business address, business email or business fax number of the individual
“employee personal information” means personal information about an individual that is collected, used or disclosed solely for the purposes reasonably required to establish, manage or terminate an employment relationship between the organization and that individual, but does not include personal information that is not about an individual’s employment.
“organization” means a person, an unincorporated association, a trade union, a trust or a not for profit organization, but does not include:
- an individual acting in a personal or domestic capacity or acting as an employee;
- a public body;
- the Provincial Court, the Supreme Court or the Court of Appeal;
- the Nisga’a Government, as defined in the Nisga’a Final Agreement or
- private trust for the benefit of one or more designated individuals who are friends or members of the family of the settlor.
“personal information” means information about an identifiable individual and includes employee personal information but does not include contact information or work product information.
“Plurilock” means Plurilock Security Solutions Inc..
“work product information” means information prepared or collected by an individual or group of individuals as part of the individual’s or group’s responsibilities or activities related to the individual’s or group’s employment or business but does not include personal information about the individual who did not prepare or collect the personal information.
Plurilock is a British Columbia company providing network security solutions. As a provider of security products and services, privacy of personal information is a critical customer criteria and priority.
This Privacy Code is intended to set out our commitment to our customers regarding the protection of personal information provided by our employees and customer as reflected in the following principles, policies and procedures. It is also intended to set out the choices available for individuals regarding our collection, use or disclosure of their personal information.
The purpose of this Privacy Code is to articulate clearly our privacy practices respecting the management of personal information collected and used by our Company and to ensure compliance with the federal and provincial privacy laws. It is the intention of this Privacy Code to recognize the needs of our Company to collect, use or disclose personal information versus the right of individuals to protect their personal information. The standard for the collection of personal information by our Company is one of what a reasonable person would consider appropriate in the circumstances.
Plurilock is further committed to a continual review and updating of our Privacy Code to ensure that we are keeping pace with changes in technology and industry practices and meets the on-going needs of our employees and customers.
The following ten principles are the basis of the Plurilock Privacy Code and shall guide Plurilock’s management of personal information and its privacy practices together with the statutory requirements of the BC Personal Information Protection Act.
1. Accountability – Plurilock is responsible for personal information under its control including personal information not in the custody of Plurilock. Plurilock shall designate one or more individuals to be responsible for ensuring that Plurilock complies with this Privacy Code and shall make the position name or title and contact information of each individual so designated.
2. Identifying Purposes for Collection of Personal Information – Plurilock shall identify the purposes for which personal information is collected or before personal information is collected.
3. Obtaining Consent for Collection, Use or Disclosure of Personal Information – Plurilock shall ensure that consent is obtained from each individual for the collection, use or disclosure of their personal information unless inappropriate. Plurilock shall recognize and act on any withdrawal of consent by an individual to collect their personal information.
4. Limiting Collection of Personal Information – Plurilock shall limit the collection of personal information to the purposes identified by Plurilock and shall only collect personal information using appropriate, fair and lawful means.
5. Limiting Use, Disclosure and Retention of Personal Information – Plurilock shall not use or disclose personal information for purposes other than for the purpose it was collected unless Plurilock has the consent of the individual or as provided by law. Plurilock shall retain personal information for only as long as necessary to meet the purposes of the collection of the personal information.
6. Accuracy of Personal Information – Plurilock shall ensure that personal information collected, used and disclosed shall be as accurate, complete and up-to date as possible for the purposes for which it has been collected, used and disclosed.
7. Security Safeguards – Plurilock shall take all appropriate steps to protect the personal information collected, used and disclosed and use security measures appropriate to sensitivity of the personal information.
8. Openness Concerning Policies and Practices – Plurilock shall ensure that information is made available to employees and customers regarding this Privacy Code and our privacy practices regarding personal information.
9. Customer and Employee Access to Personal Information – Plurilock shall inform an individual of the collection, use and disclosure of his/her personal information at the individual’s request and shall grant access to the individual to such personal information. An individual shall be entitled to challenge the accuracy and completeness of the personal information collected, used or disclosed by Plurilock and have it amended and or corrected as necessary or appropriate.
10. Challenging Compliance - This Privacy Code and our privacy practices shall include a clear process for responding to complaints that may arise with respect to our handling and managing of personal information of customers and employees. A customer or employee may make a complaint regarding Plurilock’s compliance with its privacy policies and practices to the designated individual in accordance with our complaint process.
Application of the Privacy Code
1.1 Plurilock meets the definition of organization for the purposes of the BC Personal Information Protection Act. Our Privacy Code is therefore subject to the requirements and regulations of the BC Personal Information Protection Act and our Code applies to personal information of our customers and employees collected, used and disclosed by Plurilock and to our practices in managing such personal information whether collected, used or disclosed orally, electronically or in writing.
1.2 This Privacy Code does not protect contact information or work product information as defined above.
1.3 There is certain personal information in which this Privacy Code does not apply to:
- personal information collected, used or disclosed for personal or domestic purposes,
- journalistic, artistic or literary purposes,
- for federal act purposes,
- for provincial Freedom of Information and Protection of Privacy Act purposes,
- personal information in a note, communication or draft decision of decision maker in an administrative proceedings or personal information that relates to the exercise of functions of member or officer of Legislature or Legislative Assembly,
- personal information from a document related to a prosecution if all proceedings related to the prosecution have not been completed,
- collection of personal information collected before BC Personal Information Protection Act.
2.1 In order to meet its responsibilities for personal information under its possession or control, Plurilock appoints the President and or his/her designate to be accountable for Plurilock’s compliance with this Privacy Code and its statutory requirements under the Personal Information Protection Act. The President and or his/her designate may appoint one or more persons to act on their behalf with respect to the responsibility for day-to-day management, collection and processing of personal information.
2.2 The contact information of persons designated to be accountable for Plurilock’s compliance shall be made known upon request.
2.3 Plurilock does not currently provide personal information to third parties. In the event, that Plurilock does provide personal information to third parties, Plurilock shall ensure that such third parties have policies and practices in place that provide similar or comparable protection for personal information as Plurilock.
2.4 Plurilock shall put in place procedures and practices to give effect to this Privacy Code and shall include:
- Procedures and practices to protect personal information and to oversee compliance with this Privacy Code;
- Procedures and practices to receive and respond to requests for personal information, inquiries and complaints
- Methods and means for training and communicating our privacy procedures and practices to employees; and
- Methods and means for communicating our privacy procedures and practices to our customers and the public.
Purposes of Collection
5.1 Plurilock will honour a request of an individual to withdraw its consent to the collection, use or disclosure of personal information where it receives reasonable notice and stop collecting, using or disclosing that personal information unless it meets one of the exceptions noted above or would frustrate the performance of a legal obligation or consent was given to a credit reporting agency.
Limiting Collection of Personal Information
6.1 When collecting personal information of a customer or employee, Plurilock shall disclose to the individual verbally or in writing, the purposes for the collection of the personal information and shall limit the collection to the identified and specified purposes.
6.2 Plurilock shall only collect personal information by reasonable, fair and lawful means.
6.3 Plurilock, generally, collects personal information from its customers and employees although in certain circumstances, Plurilock may collect personal information from third parties, such as credit bureaus, employers or personal references but only from those third parties that represent that they have a right to disclose such personal information.
Limiting Use, Disclosure and Retention of Personal Information
7.1 Other than where Plurilock has consent of the individual or by operation of law, Plurilock shall not use or disclose personal information for purposes other than those identified and specified.
7.2 Plurilock shall only retain personal information of an ndividual for the period necessary to fulfill the purposes identified and specified, by operation of law or where making a decision regarding a customer or employee as long as is reasonable to give customer or employee the opportunity to access the personal information concerning the making of the decision.
7.3 Plurilock shall limit the access of its employees to personal information to those who are participating in the collection, use or disclosure of personal information as part of their duties or to those who have a need to know within the Company.
7.4 Plurilock shall maintain the means via reasonable controls, systems and practices whereby personal information that no longer is necessary to retain is destroyed, erased or rendered anonymous.
Accuracy and Security of Personal Information
8.1 Plurilock shall make all reasonable effort to ensure that personal information collected is accurate and complete for the purposes in which it is collected particularly where the personal information is likely going to affect the individual to whom the personal information relates or is likely to be disclosed to another organization.
8.2 All personal information used by Plurilock shall be as accurate and complete as possible and where such personal information is being used to make a decision that directly affects an individual shall be retained by Plurilock for one year in order to provide a reasonable opportunity for access by the individual.
8.3 Plurilock shall take reasonable security arrangements to prevent the unauthorized access, collection, use, disclosure, copying, modification or disposal of personal information in its custody and control in whatever form it is held. Such security arrangements shall include protection from loss or theft and physical measures, such as locking filing cabinets, restricting access to offices and alarm systems, technological tools, such as passwords, encryption, firewalls and anonymizing software, and organizational tools, such as security clearances, limiting access on a need to know basis, staff training and confidentiality agreements.
8.4 Plurilock shall destroy its documents containing personal information or remove the means by which personal information can be associated with the individual as soon as the purpose for which the personal information was collected is no longer being served by its retention or retention is no longer necessary for legal or business purposes.
8.5 Plurilock shall not use deceptive or coercive means to collect personal information and shall not dispose of personal information with an intent to evade a request for access to personal information.
8.6 Plurilock shall protect personal information by ensuring that confidentiality provisions bind both third parties in which personal information is disclosed and employees who have access to personal information.
8.7 Plurilock shall regularly review and update security measures for personal information where applicable.
Access to and Correction of Personal Information
9.1 Where Plurilock has collected, used or disclosed personal information of an individual, an individual shall have the right to access and correct their personal information in accordance with the following access and correction procedure:
- the individual may, in writing, make a request to the President of Plurilock or his/her designate concerning his or her personal information under the control of Plurilock;
- Plurilock shall provide information concerning the ways in which personal information of the individual has been and is being used by Plurilock or has been disclosed by Plurilock;
- the names of individuals and organizations to whom the personal information has been requested;
- With the exception of the following personal information, Plurilock will provide access to an individual’s personal information
(i) personal information is protected by solicitor-client privilege; (ii) disclosure would reveal confidential commercial information that if disclosed could in the reasonable opinion of a reasonable person harm the competitive position of Plurilock; (iii) personal information was collected where consent is not required for the purposes of an investigation or where proceedings have not been completed; (iv) where personal information was collected by a credit organization 12 months prior to the request from the individual; (v) where the disclosure would threaten the safety, physical or mental health of an individual, cause immediate or grave harm to the safety or physical or mental health of an individual, or would reveal personal information about another individual;
- having reviewed the personal information requested, the individual may request Plurilock to correct an error or omission in that personal information that is: (i) about the individual and (ii) is under the control of Plurilock;
- Plurilock shall respond to an individual’s request no later than 30 days from the date of an individual’s request unless the individual has not given sufficient detail to enable Plurilock to identify the personal information being requested or more time is needed given the large volume of personal information being requested which would unreasonably interfere with Plurilock’s operation or there is a need for more time to consult with another organization or public body to determine whether to give access to the requested document. In those circumstances, Plurilock may extend the time an additional 30 days or seek a longer period of time to respond from the privacy commissioner and will advise the individual of the extension in time, the time period of the extension and the rights of the individual to complain about the extension;
- In responding to an individual’s request, Plurilock shall advise the individual when access to personal information in whole or in part is being refused, the reasons for the refusal and the contact information of the officer or employee of Plurilock who can answer the individual’s questions concerning the refusal;
- Plurilock shall make a reasonable effort to assist each applicant to respond accurately and completely as is reasonably possible to their request;
- Plurilock shall make the correction as soon as reasonably possible or send the corrected personal information to each organization which the personal information was disclosed during the year prior to the date the correction was made, where Plurilock is satisfied that there are reasonable grounds for the request;
- Where Plurilock does not make a correction it shall annotate the personal information under its control that a request was made but the request was not implement
10.1 Plurilock shall maintain a process for addressing and responding to complaints or inquiries regarding its compliance with this Privacy Code including where appropriate a process for seeking external advice prior to responding to individual complaints or inquiries.
10.2 A customer or employee may make a complaint or inquiry regarding Plurilock’ compliance with this Privacy Code as follows:
- An individual shall file a written complaint or inquiry to the President of the Company and or his/her designate outlining the failure of Plurilock to comply with this Privacy Code and the specified section and or principle.
- Plurilock shall investigate all written complaints or inquiries regarding its compliance with this Privacy Code.
- Where an investigation determines that a complaint is justified or action is required regarding an inquiry, Plurilock shall take all appropriate steps to resolve the complaint or take appropriate action to address the inquiry including where applicable amending the practices and procedures of this Privacy Code.
- Wherever possible, Plurilock shall respond to a written complaint within 30 days provided the written complaint or inquiry provides sufficient information to respond to. This response shall include details regarding the outcome of the investigation and individual’s complaint or inquiry.
- In the event that Plurilock seeks external advice, the period to respond may be extended for a reasonable period necessary to obtain such external advice.
10.3 In the event that an individual is not satisfied with handling of its complaint by Plurilock, the individual may seek the assistance of the BC Privacy Commissioner. The contact information for the Privacy Commissioner may be found at: www.qp.gov.bc.ca/FOI_POP/index_toc.htm.
Transparency of Privacy Policies, Practices and Procedures
11.1 Plurilock shall make its privacy policies, practices and procedures available on its website and readily available to individuals in person, in writing, by telephone, in company publications.
11.2 Plurilock shall also make its policies, practices and procedures understandable for its customers, employees and the public by identifying who within Plurilock is responsible for compliance with this Privacy Code, how personal information can be accessed by individuals, what personal information is held by Plurilock and how it is used.
The contact information for the President of Plurilock is as follows:
Current contact information can also be found on Plurilock’s website at http://www.plurilock.com.
For further information on Plurilock’ Privacy Code, practices and procedures, contact 250-472-4328. To review the BC Personal Information Protection Act, access to the Act can be found at www.qp.gov.bc.ca/FOI_POP/index_toc.htm.
1- Federal Personal Information Protection and Electronic Documents; British ColumbiaPersonal Information Protection Act