Collection and Use of Personal Information
(a)
The Company has determined that personal
information is collected in the ordinary course of
business from various sources, namely: employees,
customers and shareholders.
The Company has documented the purposes for the use
of this personal information and will collect only that
information necessary for the purpose identified.
(b)
If the personal information collected by the
Company will be used for a new purpose, it will also be
documented and consent of the individual will be obtained
before the information can be used for that purpose.
Collection of this information will normally be
done in writing; however, it may be done verbally.
(c)
The Company will not collect information
indiscriminately. Both
the amount and the type of information collected will be
limited to that which is necessary to fulfill the purpose
identified.
Obtaining Consent
(a)
The Company will make a reasonable effort to ensure
that the individual is advised of the purpose for which
the information will be used.
(b)
The Company will not, as a condition of the supply
of a product or service, require an individual to consent
to the collection, use of disclosure of information beyond
that required to fulfill the explicitly specified and
legitimate purpose.
(c)
Consent will not be obtained through deception.
(d)
Consent may also be given by an authorized
representative (such as a legal guardian or a person
having power of attorney).
(e)
An individual may withdraw consent at any time,
subject to legal or contractual restrictions and
reasonable notice. The
Company will inform the individual of the implications of
such withdrawal.
Accuracy of Personal
Information
(a)
Information will be sufficiently accurate,
complete, and up-to-date to minimize the possibility that
inappropriate information may be used to make a decision
about the individual.
(b)
The Company will not routinely update personal
information, unless such a process is necessary to fulfill
the purpose for which the information was collected.
(c)
Personal information that is used on an ongoing
basis, including information that is disclosed to third
parties, will generally be accurate and up-to-date, unless
limits to the requirement for accuracy are clearly set
out.
Protection of Personal
Information
The
Company will protect personal information against loss or
thefts, as well as unauthorized access, disclosure,
copying, use, or modification by implementing the
following safeguards and security measures:
(a)
Access to personal information is restricted to
those employees who require the information to perform
their duties.
(b)
Personal information that is stored in databases
and computer systems is protected by the use of passwords,
encryption files and firewalls.
(c)
Personal information in paper form retained in
cabinets and desk drawers is locked-up.
(d)
Where
personal information is transferred to external sources
for processing, the Company has entered into contractual
relationships where third parties are involved, in order
that such personal information would be protected and
safeguarded.
Retention of Personal
Information
Where
personal information has been used to make a decision
about an individual, such information is retained long
enough to allow the individual access to the information
after the decision has been made.
Personal information will be held for a minimum of
one year to a maximum of seven years.
Destruction of Personal
Information
Once it
has been determined that the personal information is no
longer required or has reached the maximum retention
period, then all personal information will be destroyed,
erased, or made anonymous in a manor that prevents
unauthorized parties from gaining access to the
information.
Communication
Materials, Brochures, etc.
The
Company will be open about its policies and practices with
respect to the management of personal information and it
will include the following information in all of it
communication materials, brochures, etc. when
communicating to individuals concerning the Privacy
Policy:
(a)
the name or title, the address, fax and phone
numbers and email address of the person who is accountable
for the Company’s policies and practices and to whom
complaints or inquiries can be forwarded;
(b)
how to access personal information held by the
Company;
(c)
a description of the type of personal information
held by the Company, including a general account of its
use;
(d)
a copy of any brochures or other information that
explains the Company’s policies, standards, or codes;
and
(e)
what personal information is made available to
related organizations (e.g., other Global Railway
Industries companies)
Access to Personal
Information
(a)
Upon request, the Company will inform an individual
whether or not the Company holds personal information
about the individual.
The Company may indicate the source of the
information. The
Company will allow the individual access to this
information. However,
it may choose to make sensitive medical information
available through a medical practitioner.
In addition, the Company will provide details on
the use that has been made or is being made of this
information and details of the third parties to which it
has been disclosed.
(b)
An individual may be required to provide sufficient
information to permit the Company to provide details on
the existence, use, and disclosure of personal
information. The
information provided will only be used for this purpose.
(c)
In providing details of third parties to which it
has disclosed personal information about an individual,
the Company will provide a list of organizations to which
it may have disclosed information about the individual.
(d)
The Company will respond to an individual’s
request within a reasonable time and at minimal or no cost
to the individual. The
requested information shall be provided or made available
in a form that is generally understandable.
For example, if the Company uses abbreviations or
codes to record information, an explanation will be
provided.
(e)
When an individual successfully demonstrates the
inaccuracy or incompleteness of personal information, the
Company will amend the information as required.
Depending upon the nature of the information
challenged, amendment involves the corrections, deletion,
or addition of information.
Where appropriate, the amended information will be
transmitted to third parties having access to the
information question.
(f)
If a challenge is not resolved to the satisfaction
of the individual, the Company will record the substance
of the unresolved challenge.
When appropriate, the existence of the unresolved
challenge will be transmitted to third parties having
access to the information in question.
Challenging Compliance,
Complaints and Inquires
(a)
Complaints and inquires relating to the Privacy
Policy and access to personal information shall be
directed to:
The
Privacy Officer
Prime Steel Inc.
1666 Baseline Road West
Courtice, Ontario L1E 2S7
Or
by email to privacy@primerailway.com
Or
by telephone to: 1-866-411-0211
Or
by fax to: 905-432-3199
(b)
All correspondence communicated internally and
externally regarding the collection and use of personal
information, will include details on how to contact the
Privacy Officer
(c)
Complaints received by the Privacy Officer will be
documented and investigated, indicating the nature of the
complaint and will be reported to the President for
review. If a
complaint is found to be justified, the Company will take
appropriate measures, including, if necessary, amending
its policies and practices.
Websites
The
Company receives requests for information by email from
visitors to its websites, as well as through the
processing of quotes and orders.
The Company uses the information received to
process and fill the request.
The request and any responses thereto are retained
for a period necessary to fulfill the Company’s legal
requirements. The
information is not disclosed to any third parties.
The
Company’s website does not use cookies.
The
Company has adopted the following 10 principles with
respect to the protection of personal information that it
collects from individuals and uses in the course of
conducting business.
Principle 1 –
Accountability
The
Company is responsible for personal information under its
control and shall designate an individual as the
Company’s Privacy Officer as responsible for the
Company’s compliance with the Personal Information and
Electronic Documents Act.
Principle 2 –
Identifying Purpose
The
Company shall identify the purpose for which personal
information is collected as or before the time the
information is collected.
Principle 3 – Consent
The
knowledge and consent of the individual is required for
the collection, use, or disclosure of personal
information, except where inappropriate.
Consent shall be obtained, either verbally or in
writing.
Principle 4 – Limiting
Collection
The
collection of personal information shall be limited to
that which is necessary for the purposes identified by the
Company. Information
shall be collected by fair and lawful means.
Principle 5 – Limiting
Use, Disclosure and Retention
Personal
information shall not be used or disclosed for purposes
other that those for which it was collected, except with
the consent of the individuals or as required by law.
Personal information shall be retained only as long
as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy
Personal
information shall be as accurate, complete, and up-to-date
as is necessary for the purposes for which it is to be
used.
Principle 7 –
Safeguarding Customer Information
Personal
information shall be protected by security safeguards
appropriate to the sensitivity of the information.
Principle 8 – Openness
The
Company shall make readily available to individuals
specific information about its policies and practices to
the management of personal information.
Principle 9 – Customer
Access
Upon
request, an individual shall be informed of the existence,
use and disclosure of his or her personal information and
shall be given access to that information.
An individual shall be able to challenge the
accuracy and completeness of the information and have it
amended as appropriate.
Principle 10 – Handling Customer
Complaints and Suggestions