Personal Information Protection Policy
We are committed to safeguarding the personal information entrusted to us by our clients. We manage your personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws. This policy outlines the principles and practices we follow in protecting your personal information.
This policy applies to Grype Solutions and any person providing services on our behalf.
A copy of this policy is provided to any client upon request.
What is personal information?
Personal information means information about an identifiable individual. This includes an individual’s name, home address and phone number, age, gender, marital or family status, any identifying number, financial information, educational history, etc.
What personal information do we collect?
We collect only the personal information that we need for the purposes of providing services to our clients, including personal information needed to:
- Deliver requested products and services
- Provide warranties for products and services
- Develop and manage digital solutions, such as email campaigns,
- Follow up with clients to determine satisfaction with products and
- Provide strategic insight into digital-marketing options
- Notify clients of upcoming events of interest
- Use web-based tools
- Meet regulatory requirements
We normally collect client information directly from our clients. We may collect your information from other persons with your consent or as authorized by law. We inform our clients, before or at the time of collecting personal information, of the purposes for which we are collecting the information. However, we don’t provide this notification when a client volunteers information for an obvious purpose (for example, providing credit card information in payment for monthly invoices).
Use of Service Providers outside Canada
We ask for consent to collect, use, or disclose client personal information, except in specific circumstances where collection, use, or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use, or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person or over a recorded telephone call), in writing (by signing a consent form, checking a box on a form, electronically (by clicking a button), or by email).
A client may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfil our legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.
We may collect, use, or disclose client personal information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health, or safety, or when the personal information is from a public source, such as a telephone directory.
How do we use and disclose personal information?
We use and disclose client personal information only for the purposes for which the information was collected, except as authorized by law. For example, we may use client contact information to deliver goods. The law also allows us to use that contact information for the purpose of collecting a debt owed to our organization, should that be necessary. If we wish to use or disclose your personal information for any new- business purpose, we will ask for your consent.
How do we safeguard personal information?
We make every reasonable effort to ensure that client information is accurate and complete. We rely on our clients to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible.
In some cases, we may ask for a written request for correction.
We protect client personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information.
We store our information on self-managed servers geographically located in Canada. All personal information is stored behind password walls. We use passwords that are long (at least eight characters in length), have at least one upper-case character, one lower-case character, one number, and one symbol, and are not intuitively easy to guess. Particularly sensitive data is stored in a manner requiring two-factor authentication. Sensitive information is accessible on a need-to-know basis only.
We will notify the Office of the Privacy Commissioner of Canada, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals.
We render client personal information non-identifying or destroy records containing personal information once the information is no longer needed.
We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
Access to Records Containing Personal Information
Clients of Grype Solutions have a right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations could be required under PIPEDA to refuse to provide access to information that would reveal personal information about another individual. Organizations are authorized under the Act to refuse access to personal information if disclosure would reveal confidential business information. Access may also be refused if the information is prohibitively costly to provide, information that cannot be disclosed for legal, or security reasons, or information that is subject to solicitor-client or litigation privilege.
If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.
You may make a request for access to your personal information by writing to Farhad Khan, CEO of Grype Solutions, who is the individual designated to ensure compliance with PIPEDA. You must provide sufficient information in your request to allow us to identify the information you are seeking.
You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization.
You may also request a correction of an error or omission in your personal information.
We will respond to your request within 45 calendar days, unless an extension is granted. We may charge you a reasonable fee to provide information, but not to make a correction. We will advise you of any fees that may apply before beginning to process your request.
Questions and Complaints
If you have a question or concern about any collection, use, or disclosure of personal information by Grype Solutions or about a request for access to your own personal information, please contact Farhad Khan:
CEO, Grype Solutions
2821 Riverside Drive
If you are not satisfied with the response you receive, you may contact the Office of the Privacy Commissioner of Canada:
Office of the Privacy Commissioner of Canada
30, Victoria Street
For more information, please visit https://www.priv.gc.ca/en/