Accountability for Leonovus’ compliance with the policy rests with the Leonovus Privacy Officer. The Privacy Officer is responsible for monitoring company-wide adherence to privacy policies; ensuring Leonovus is in compliance with applicable legislation and acting as a liaison with the Federal and Provincial Privacy Commissioner’s offices as needed. The Privacy Officer acts as a resource for employees within Leonovus who are responsible for the day-to-day collection and use of personal information. The Privacy Officer manages complaints and responds on behalf of Leonovus to any internal or external requests for personal information and any inquiries about Leonovus’ information management.
As an organization, Leonovus:
- Implements policies and procedures to protect personal information, including information relating to customers, staff, employees, and agents.
- Has established policies and procedures to receive and respond to complaints and inquiries.
- Trains and communicates to staff and agents information about Leonovus’ privacy policies and practices.
2. Identifying Purposes: Why We Collect Information
Leonovus collects, uses, discloses and retains personal information in order to provide superior service. Leonovus makes all reasonable efforts to fully inform customers about the planned use and disclosure of their personal information and will obtain explicit consent when necessary.
The collection of personal information is limited to that which is necessary for the purposes identified by Leonovus. Information is collected by fair and lawful means.
- Leonovus collects and uses your information to respond to you, regarding the reason you contacted us, including inquiries for more information about Leonovus, client, investor and media relations, technical support, sales inquiry, partnership inquiry, software download, request for collateral download or video link.
We explain your options and obtain your implicit or explicit consent at the time of or prior to collecting, using or disclosing your personal information. We may collect personal information about you from third parties. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship or process an order. We also collect your personal information where we have obtained your consent to do so or as otherwise permitted or required by law. Where is it reasonable to do so, or permitted by law, we may rely on implied consent.
Except as required to process a transaction or as required or permitted by applicable law, providing us with your personal information is voluntary. You may withdraw or modify your consent at any time, subject to legal and contractual restrictions, provided that reasonable notice is given to us.
Personal Information is any information that is identifiable to you. This information may include, but is not limited to, your name, mailing address, phone numbers, email address, identification numbers, credit card numbers, banking information, and creditor information. Personal information, however, generally does not include information that Leonovus collects, uses or discloses solely for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession such as the individual’s name, position name or title, work address, work telephone number, work fax number or work electronic address.
4. Limiting Collection
We collect information by fair and lawful means and collect only that information which may be necessary for purposes related to responding to your inquiries and sending you e-mails. Leonovus will collect name, e-mail address, telephone number, company name and any comments a user wishes to include for online requests for more information about Leonovus, technical support, sales inquiry, partnership inquiry, software download, request for collateral download or video link.
We identify to whom, and for what purposes, we disclose your personal information, at the time of or prior to collecting such information from you and obtain your consent to such disclosure.
5. Limiting Use, Disclosure, and Retention
Leonovus will store personal information using hard copy and/or electronic means in such a way as to prevent unauthorized collection, access, use, disclosure or disposal of the personal information. Personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information is retained only as long as necessary for the fulfillment of those purposes and/or as required by an applicable regulatory body.
- If using personal information for a new purpose, Leonovus documents this purpose.
- Leonovus has guidelines and implements procedures with respect to the retention of personal information.
- Personal information that is no longer required to fulfill the identified purposes is destroyed, erased, or made anonymous. Leonovus has guidelines and implements procedures to govern the destruction of personal and personal information in accordance with applicable legislative requirements.
6. Accuracy of Personal Information
Leonovus will make every reasonable effort to ensure that personal information collected and used is accurate. Individuals providing personal information will have the opportunity to review and correct their personal information.
If Leonovus discloses personal information about an individual, Leonovus will take reasonable steps to ensure that the information is accurate, complete and up-to-date for the purposes that are known to Leonovus at the time of the disclosure. Otherwise, Leonovus will clearly set out any limitations or qualifications relating to the accuracy of the disclosure.
Security safeguards appropriate to the sensitivity of the information protect personal information.
Security safeguards protect personal information against loss, theft, unauthorized access, disclosure, copying, use or modification or destruction. Leonovus protects personal information regardless of the format in which it is held. The nature of the safeguards varies depending on the sensitivity of the information that has been collected, the amount of information collected, the extent of the distribution of information, the format of the information and the method of storage. A higher level of protection safeguards more sensitive information. Extreme care is taken when disposing or destroying personal information in order to prevent unauthorized parties from gaining access to the information.
The methods of protection include:
- Appropriate confidentiality labelling on all hard copy printouts
- Secure cloud storage in a local private cloud which includes encryption at rest and encryption in flight
- Need-to-know access controls on documents.
- Restricted access premises.
- Sensitive information, such as credit card data, is encrypted and transmitted to us in a secure way.
- While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
- Physical measures, for example, locked filing cabinets and restricted access to offices.
- Destruction of sensitive information: all personal information on paper that is not required to be kept for business/legal purposes is shredded using accredited document destruction services companies.
Leonovus makes its staff and agents aware of the importance of maintaining the confidentiality of personal information.
8. Openness about Personal Information Policies and Practices
Leonovus makes readily available to individuals specific information about its policies and practices relating to the management of personal information. Individuals are able to acquire information about Leonovus policies and practices without unreasonable effort. This information is made available in a form that is generally understandable.
The information made available includes:
- The contact information to reach the Privacy Officer who is accountable for the Leonovus privacy policies and practices, and to whom complaints or inquiries can be forwarded;
- The means of gaining access to personal information held by Leonovus;
- A description of the type of personal information held by Leonovus, including a general account of its use;
- A copy of any brochures or other information that explains Leonovus’ policies, standards, or codes.
9. Access to Personal Information
Leonovus promotes individuals’ right of access to his/her personal information and will provide this information in an understandable format. Leonovus will provide access to information upon request within 30 days as required under federal law, although the Privacy Officer may request an extension of another 30 days.
Upon request, an individual is informed of the existence, use, and disclosure of his or her personal information and is given access to that information. Leonovus may ask the individual to supply enough information in order to confirm the existence, use and disclosure of the personal information. Leonovus will inform the individual how the information is or has been used and will provide a list of any organization to which it has been disclosed (if any). An individual is able to challenge the accuracy and completeness of the information and have it corrected or amended as appropriate.
When a challenge is not resolved to the satisfaction of the individual, Leonovus records the nature of the unresolved challenge. When appropriate, the existence of the unresolved challenge is transmitted to third parties having access to the information in questions (if any).
Note: In certain situations, Leonovus may not be able to provide access to all the personal information they hold about an individual. Exceptions to the access requirement are limited and specific. The reasons for denying access are provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and you may then challenge our decision.
10. Challenging Compliance
Leonovus has established procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. In case of a complaint, the complainants will be informed about how to proceed. The Privacy Officer tracks and investigates all complaints made about Leonovus’ personal information management and will take appropriate action to correct any inaccurate personal information or modify policies and procedures if needed.
In most cases, an issue is resolved simply by telling us about it and discussing it. If this doesn’t resolve it, you may contact our Privacy Officer at: firstname.lastname@example.org
If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you have the right to complain to the Information and Privacy Commissioner in your province.