The CDC is a federally supported not–for–profit community organization with a volunteer Board of Directors and professional staff whose purpose is to support community economic development and small business growth through business loans or loan guarantees.
This brochure summarizes the CDC's privacy policies and procedures that have been developed to comply with Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"). PIPEDA sets out rules for the collection, use and disclosure of a client's or customer's personal information, as well as safeguarding that information in the course of commercial activity as defined in the legislation.
WHAT IS "PERSONAL INFORMATION"
Under PIPEDA, "Personal Information" means any information that is identifiable to an individual, including name, address, telephone number, Social Insurance Number, and date of birth. It also includes, but is not limited to, other information relating to identity, such as, nationality, gender, marital status, financial information and credit history.
PURPOSES FOR PERSONAL INFORMATION
CDC collects only that personal information required to assess a prospective applicant's eligibility for financial assistance, as well as to report to the Government of Canada, and the federal department that administers the Ontario Community Futures Program.
An applicant may choose not to provide some or all of the personal information requested, but if the CDC is unable to collect sufficient information to validate a financing request, the application for financing may be turned down.
The CDC endeavours to ensure that all personal information in active files is accurate, current and complete. When a client notifies the CDC that his or her personal information requires correction or updating, the necessary changes will be made. Information contained in closed files is not updated.
LIMITING USE, RETENTION & DISCLOSURE
The CDC uses and retains personal information for only those purposes to which the individual has consented.
The CDC utilizes a number of physical, organizational and technological measures to safeguard personal information from unauthorized access or inadvertent disclosure in accordance with its Information Security, Retention and Destruction Policy, including but not limited to:
Active files are stored in locked filing cabinets located in work areas restricted to the CDC employees and authorized volunteers. Closed files are stored in locked cabinets for a period of seven years, after which, the information is shredded prior to disposal.
The CDC employees, volunteers, and third party service providers sign confidentiality agreements binding them to safeguarding the confidentiality of personal information to which they have access.
Personal information contained on the CDC computers and the electronic databases are password protected. As well, the Internet server or router has firewall protection to protect against virus attacks and hacking into the database.
Electronic Transmission of Information
Notwithstanding the technological safeguards implemented by the CDC, all Internet transmissions are susceptible to possible loss, misrouting, interception and misuse. For this reason, as part of the application that individual's sign consenting to their personal information being collected used, retained, and disclosed, the CDC will assume that it has the individual's consent to communicate via the Internet unless notified to the contrary.
An individual who wishes to review or verify what personal information is held by the CDC, may do so by making a request, in writing to the CDC's Chief Privacy Officer. Upon verification of the individual's identity, the Chief Privacy Office will provide a written report within 60 days.
Any concern or issue about the CDC's personal information handling practises may be made, in writing, to the Chief Privacy Officer. Upon verification of the individual's identity, the Chief Privacy Officer will act promptly to investigate the complaint and provide a written report to the individual.
If the individual is dissatisfied with the report provided by the Chief Privacy Officer, or feels that the corrective action taken by the CDC is insufficient, the individual may direct a complaint to the Federal Privacy Commissioner in writing. The address of the Federal Privacy Commissioner is provided in this Privacy Statement for your convenience.
Chief Privacy Officer
CDC E-mail: firstname.lastname@example.org
672 Queen Street East Phone:(705)942–9000
Sault Ste. Marie, Ontario Facsimile:(705)942–0274
OTHER HELPFUL PRIVACY LINKS
For a copy of PIPEDA, or for answers to other questions regarding privacy legislation, below are some helpful privacy links.
Federal Privacy Commissioner
112 Kent Street
Ottawa, ON K1A 1H3
Siskind, Cromarty, Ivey & Dowler LLP
Privacy Law Group