The policies presented in this privacy statement apply to the personal information of individuals. Information about an identifiable corporation or other organization is not personal information under applicable privacy legislation and, therefore, is not protected by this policy. Furthermore, the name, title, business address and business telephone number of an employee of an organization are not considered personal information.
edna green, as an organization, is ultimately responsible for the collection, use and disclosure of personal information under its control and remains liable for compliance with applicable privacy legislation. At edna green, the development of policies and procedures, implementation and compliance with those polices and procedures and the handling of inquires or complaints related to those policies and procedures, is delegated to the Privacy Officer.
Information is collected for the following purposes:
In carrying out the above purposes, personal information may be disclosed to third parties who do this work on behalf of edna green. In instances where personal information is disclosed to third parties, ednagreen will ensure that the third party has appropriate policies in place that will provide a similar level of protection.
Personal information will be collected with an individual´s knowledge and consent of its use and disclosure. In situations involving less sensitive personal information, consent may be implied. In situations involving sensitive personal information (financial information, for example) express consent will generally be sought.
Consent to collect, use and disclose information will generally be obtained at the time it is collected, such as on application forms.
Consent to collect personal information is not required if it is publicly available, if it is collected in the context of investigating a breach of an agreement or the contravention of laws or if it is in the interests of the individual and consent cannot be obtained in a timely manner.
Consent to use personal information is not required if it is publicly available, if it is collected in the context of investigating a breach of an agreement or the contravention of laws, if it is used in an emergency that threatens the individual´s life, health or security or if it is in the interests of the individual and consent cannot be obtained in a timely manner.
Consent to disclose personal information is not required if it is publicly available, if it is collected in the context of investigating a breach of an agreement or the contravention of laws, if it is used in an emergency that threatens the individual´s life, health or security, if it is required by law or requested by a government institution or organization, if it is in the interests of the individual and consent cannot be obtained in a timely manner or if it is disclosed to collect a debt the individual owes to the organization.
An individual shall have the option of withdrawing consent to collect, use or disclose personal information. The individual will be advised at the time of the implications of such withdrawal, such as an inability to provide services.
edna green will not acquire personal information (for example, mailing lists) without first obtaining reasonable assurances that consent has been provided by the third party to disclose the personal information to Kode Garment Inc.
The information collected will be limited to that reasonably required to fulfill the purposes outlined above.
Information will be used for the purposes specified above.
Except as noted in this paragraph, information will not be disclosed to third parties unless consent has been obtained to do so. Disclosure of information to facilitate the delivery and payment for goods and services shall be implied when this information is provided at the time of setting up an account or placing an order. Disclosure of information to a third party contracted to perform a service on behalf of edna green (for example, a screen printer, embroidery house or consulting firm) shall be subject to requirements to maintain the confidentiality of such information and to only use it for the purposes of fulfilling such contracted service.
Information will be retained throughout the period that a person has an active account with edna green. An account shall be deemed active if there has been a transaction within the previous 24 months. Information may be destroyed any time after an account is designated as inactive, and will be destroyed for all accounts that have not had a transaction in the past five years. Legislative requirements will take precedence and may require a longer retention period.
Information shall be sufficiently accurate, complete and up to date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
The need for accurate, complete and up-to-date information depends of the purposes for which it is collected, used and disclosed. Personal information that is used on an on-going basis or is disclosed to third parties should generally be accurate, complete and up-to-date.
On request, edna green will inform an individual of the personal information collected and how it is used and disclosed. edna green will provide access to the information for the purposes of ensuring its accuracy and completeness.
Reasonable safeguards will be used to protect personal information against loss, theft or unauthorized access, disclosure, copying, use or modification.
Access to information stored by electronic means will be protected by password. Log on profiles are created that only provide access to the information required to perform one’s duties.
All information is collected and stored on central hard drives and back-up devices. Reasonable steps are taken to prevent unauthorized access by external sources. Access to the hard drives and backup drives are limited to Company executives. Data is backed-up daily to prevent loss.
Access to hard copy, sensitive personal information is limited to those who require the information to perform their duties. When unattended, filing cabinets containing sensitive personal information are locked.
The safeguards employed depend on the sensitivity of the personal information. More sensitive information is afforded higher levels of protection.