The Personal Information Protection and Electronic Documents Act govern the collection, use and disclosure of personal information in the commercial sector.
Under the Privacy Act, Cilica.me is required to adhere to the above ten privacy principles set out in the National Standard of Canada, Model Code for the Protection of Personal Information. We also are a member of the ICO of the UK which adheres to the Data Protection Act 1998.
This Policy describes Cilica.me collection, use and/or disclosure of personal information. It governs the behaviour of employees and agents acting on Cilica.me behalf when dealing with personal information. It provides procedures for an individual’s access to and correction of personal information.
Personal information includes information about an identifiable individual, presented in any form, such as age, name, ID number(s), income, ethnic origin, opinions, evaluations, social status, disciplinary actions, credit records, loan records, medical records.
Personal information does not include the name, title, address and telephone number of an employee of an organisation.
2. Identifying Purposes
4. Limiting Collection
5. Limiting Use, Disclosure and Retention
9. Individual Access
10. Challenging Compliance
Cilica.me is responsible for personal information under its control and will designate an individual or individuals who are accountable for the organisation’s compliance with the following principles.
1.1 Accountability for Cilica.me’s compliance with the principles rests the person or persons designated as Privacy Officer, even though other individuals within the organisation may be responsible for the day-to-day collection and processing of personal information. Also, other individuals within the organisation may be delegated to act on behalf of senior management or the Privacy Officer.
1.2 Cilica.me has designated the following person to act as Privacy Officer to oversee the organisation’s compliance with the principles:
1.3 Cilica.me is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. Cilica.me will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
1.4 Cilica.me will implement policies and practices to give effect to the principles, including
(a) implementing procedures to protect personal information;
(b) establishing procedures to receive and respond to complaints and inquiries;
(c) training staff and communicating to staff information about Cilica.me’s policies and practices; and
(d) developing information to explain Cilica.me’s policies and procedures.
Cilica.me will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 Cilica.me collects personal information only for the following purposes (“identified purposes”):
(a) to provide service(s) and/or products to its customers;
(b) to maintain commercial relations and to communicate with its customers (which will include, but not be limited to billing, collection, advertising, promotion, account verification);
(c) to identify customer needs and/or preferences;
(d) to meet legal and regulatory requirements;
(e) to administer and manage its business operations
2.2 Cilica.me will provide notice of the identified purposes either orally, electronically or write before or at the time of collection of the personal information.
2.3 Persons collecting personal information will be able to explain to individuals the purposes for which the information is being collected, or will refer the individual to a designated person at Cilica.me who will explain the purposes.
2.4 When collected personal information is to be used for a purpose not previously identified, the new purpose will be identified before use. Unless the new purpose is required by law, Cilica.me will obtain the consent of the individual before information is used for that new purpose.
Occasionally, Cilica.me will communicate to you special bonus, and new product offers that we think may be of value to you. If you wish to opt-out of receiving targeted communications from Cilica.me in electronic, printed or verbal format (other than information included with your monthly bills), simply inform us in an e-mail to Privacy Office, firstname.lastname@example.org
The knowledge and consent of the individual is required for the collection, use or disclosure of personal information, except where inappropriate.
3.1 In certain circumstances, personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical or security reasons may make it impossible or impractical to seek consent.
When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when there is an emergency threatening the individual’s life, health or security, or where the individual is a minor, seriously ill, or mentally incapacitated. In other instances, information may be publicly available.
Moreover, Cilica.me may provide personal information to its lawyer or agent to collect a debt, comply with a subpoena, warrant or other court order, government institution requesting the information upon lawful authority, or as may be otherwise required by law.
3.2 Cilica.me will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent concerning use or disclosure may be sought after the information has been collected but before use (for example, when Cilica.me wants to use information for a purpose not previously identified).
3.3 Cilica.me will make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes will be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
3.4 Cilica.me will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified and legitimate purposes.
3.5 The form of consent sought by Cilica.me may vary, depending upon the circumstances and the type of information disclosed. In determining the form of consent to use, Cilica.me will take into account the sensitivity of the information and the reasonable expectations of the individual. An authorised representative (such as a legal guardian or a person having power of attorney) can also give consent.
Cilica.me will seek express consent when the information is likely to be considered sensitive.
Implied consent will be appropriate when the information is less sensitive. The use of services or products by a customer or the acceptance of employment by an employee is considered implied consent to collect, use and disclose personal information for all identified purposes.
3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Cilica.me will inform the individual of the implications of such withdrawal. To withdraw consent, an individual must provide notice to Cilica.me in writing.
The collection of personal information will be limited to that which is necessary for the purposes identified by Cilica.me. Information is collected by fair and lawful means.
4.1 Cilica.me collects personal information from its customers and employees for the purposes described under Principle #2.
4.2 Cilica.me may also collect personal information from such third parties as credit bureaus, employers or personal references or other third parties that represent that they have the right to disclose the information.
4.3 In connection with its Internet business, Cilica.me may use a ‘Cookie’ to collect certain information which it uses to track user patterns on its web site(s). A Cookie is a text file containing a unique identification number that identifies a user’s browser, but not a particular individual.
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfilment of those purposes.
5.1 Cilica.me may collect, use or disclose personal information without the individual’s knowledge or consent in certain circumstances as described in Principle #3.1.
5.2 Cilica.me may disclose a customer’s personal information to:
(a) another telecommunication company for the provision of telecommunications services to that customer;
(b) a company involved in providing communications directory services;
(c) a person participating in the development, promotion, marketing or enhancement of Cilica.me services;
(d) a credit collections agency;
(e) emergency services in an emergency situation;
(f) a person, who, in the reasonable estimation of Cilica.me, is an agent of the customer;
(g) any other third party, upon receiving the consent of the client or as required by law.
5.3 Cilica.me may disclose an employee’s personal information in the following circumstances:
(a) in the administration of that employee’s benefits;
(b) in providing references to prospective employers, upon receiving the consent of the employee;
(c) as may be required by law.
5.4 Certain Cilica.me employees may be given access to customer and/or employee information in so far as their duties require access for business purposes. Cilica.me employees are governed by a non-disclosure agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated business purposes.
5.5 Cilica.me will retain personal information for only as long as required to fulfil the identified purposes or as required by law.
5.6 Personal information that is no longer required to fulfil the identified purposes will be destroyed, erased or made anonymous according to the guidelines and procedures established by Cilica.me.
Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 The extent to which personal information will be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete, and up-to-date to minimise the possibility that inappropriate information may be used to make a decision about the individual.
6.2 Cilica.me will not routinely update personal information unless such a process is necessary to fulfil the purposes for which the information was collected.
6.3 Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should be accurate and up-to-date unless limits to the requirement for accuracy are set out.
Personal information is protected by security safeguards appropriate to the sensitivity of the information.
7.1 Cilica.me will protect personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution and format of the information, and the method of storage.
7.2 Cilica.me protects all personal information regardless of the format in which it is held. The methods of protection include:
(a) physical measures, such as locked filing cabinets and restricted access to offices;
(b) organisational measures, such as security clearances and limiting access on a “need to know” basis;
(c) technological measures, such as the use of passwords and encryption.
7.3 Cilica.me makes their employees aware of the importance of maintaining the confidentiality of personal information. Cilica.me employees are governed by a non-disclosure agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated business purposes.
7.4 Cilica.me will use care in the disposal or destruction of personal information to prevent unauthorised parties from gaining access to the information.
Cilica.me will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
8.1 Cilica.me will make its policies and practices concerning the management of personal information easily comprehensible and accessible, by providing upon request:
8.1 Cilica.me will make its policies and practices concerning the management of personal information easily comprehensible and accessible, by providing upon request:
(a) the name, title, and address of the Privacy Officer accountable for Cilica.me’s policies and practices and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by Cilica.me and
(c) a description of the type of information held by Cilica.me and/or its subsidiaries, including a general account of its use.
Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and is given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon request, Cilica.me will inform an individual whether or not the organisation holds personal information about the individual, and will provide that individual with a reasonable opportunity to review the personal information in his or her file.
9.2 Cilica.me will allow the individual access to his or her personal information once the individual has provided Cilica.me with a written request application. Cilica.me will make the application available to customers through Customer Service Representatives and to employees through the Human Resources Department. The application will include sufficient information to permit Cilica.me to provide an account of the existence, use, and disclosure to any third parties of this personal information. Cilica.me will use the application only for this purpose.
9.3 Cilica.me will respond to an application for individual access to personal information within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is understandable.
9.4 Cilica.me will be as specific as possible in providing an account of third parties to which it has disclosed personal information about an individual. When it is not possible to provide a list of the organisations to which it has disclosed information about an individual, Cilica.me will provide a list of organisations to which it may have disclosed information about the individual.
9.5 In certain instances, Cilica.me will not be able to provide the individual access to his or her personal information. For example, Cilica.me will not provide access to information where the information requested is prohibitively costly to provide; where the information contains references to other individuals; where the information cannot be disclosed for legal, security or commercial proprietary reasons; where the information is subject to solicitor-client or litigation privilege; or where the information can best be available from another source (for example, through a medical practitioner). In each case, Cilica.me will provide reasons for denying any access to personal information.
9.6 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, Cilica.me will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
9.7 When a challenge is not resolved to the satisfaction of the individual, Cilica.me will record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.
We would like to have your consent to continue to collect, use and disclose your personal information for the purposes identified above. However, you do have choices and can refuse or withdraw your consent as follows:
• You may have your name removed from our telephone, mail or e-mail marketing lists. We use these lists to inform you of relevant products, services and special offers that may be of benefit to you.
• You may refuse to provide personal information to us. You may also withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. However, in either case, this may limit our ability to serve you.
An individual will be able to address a challenge concerning compliance with the above principles to Cilica.me’s Privacy Officer.
10.1 Cilica.me will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. Cilica.me will make every effort to ensure that its procedures are easily accessible and simple to use.
10.2 Cilica.me will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures.
10.4 Cilica.me will investigate all complaints. If a complaint is found to be justified, Cilica.me will take appropriate measures, including, if necessary, amending its policies and practices.