Finance Composée ( the “firm”)
Goals
Describe the standards for the collection, use, communication and retention of personal information.
Detail the security measures put in place to protect personal information.
Scope of application
This Policy applies to the FIRM, its directors, officers, employees and advisors who carry out their activities in Canada.
Definition
“ Personal information ”: any information about an individual that allows them to be identified, such as information about their financial situation, lifestyle or health. This definition does not include name, position, business address, telephone number or email address. Personal information must be protected regardless of the nature of its medium and whatever its form: written, graphic, audio, visual, computerized or other.
The Act: The Personal Information Protection and Electronic Documents Act (PIPEDA) (SC 2000, c. 5) or similar provincial laws.
Privacy Principles
Accountability : The FIRM is responsible for the personal information it holds or that is in its custody, including information it entrusts to third parties for processing. The FIRM requires these third parties to maintain this information according to strict standards of confidentiality and security.
Purposes of Collection of Personal Information: Personal information about clients must be collected in order to provide them with a high quality service. The nature and sensitivity of the personal information that is collected varies depending on the services provided and the legal requirements with which the FIRM must comply.
The purposes for which personal information is collected are identified before or at the time of collection. For example, information is collected when a proposal is submitted or a placement is made.
The purposes for which information is collected are usually to provide requested products or services, confirm identity, prevent fraud, etc.
Consent : The FIRM must inform the person concerned and obtain his or her consent for any collection, use or disclosure of personal information, subject to certain exceptions provided for by the Act. The FIRM must also obtain the consent of the person concerned to use this personal information for other purposes or to collect additional information.
Generally, consent is sought in writing to collect, use or disclose personal information. For less sensitive information, the FIRM may, in certain circumstances, accept verbal consent from the individual concerned. On occasion, the FIRM may, based on the actions or inactions of the individual concerned, assume that the individual has given implied consent.
Consent must be given by the data subject or by a person duly authorized to act on his or her behalf, such as a guardian or attorney.
Consent may be withdrawn at any time, subject to legal or contractual restrictions. The FIRM will inform the data subject of the consequences of such withdrawal, including the possibility that the FIRM may no longer be able to provide a service or process a request as a result of such withdrawal. If the data subject chooses to withdraw consent, this withdrawal will be recorded in their file.
In certain situations, the FIRM must or has an obligation to collect, use or disclose personal information without the knowledge or consent of the individual concerned. This occurs when, for legal, medical or security reasons, it is impossible or impractical to obtain consent. When information is collected to investigate a possible breach of contract, for the prevention or detection of fraud, or for the enforcement of the Act, obtaining consent could defeat the purpose of the information collection. In some cases, obtaining consent may be impossible or inappropriate if the individual concerned is a minor, seriously ill or incapacitated.
Limitation of Collection, Use and Disclosure :
The FIRM limits the collection of personal information to what is necessary for the purposes explained. Personal information is collected directly from the person concerned, unless the person concerned has consented to the collection of this information from third parties or the Act authorizes it.
Personal information is used only for the purposes for which it was collected. This means that the FIRM cannot use personal information for any other purpose without the consent of the person concerned, except as provided by the Act. The FIRM cannot disclose personal information to anyone without the consent of the person concerned, except as may be required by the Act. Personal information is only accessible to persons authorized to access it and for whom it is necessary in the performance of their duties.
Conservation :
Personal information is retained for as long as necessary for the purposes for which it was collected. This information is destroyed in accordance with the Act. When personal information is destroyed, the FIRM takes the necessary measures to ensure its confidentiality and to ensure that no unauthorized person can have access to it during the destruction process.
Exactness :
the FIRM makes every effort to ensure that personal information is as accurate and complete as is required for the purposes for which it is collected, used or disclosed.
Safety measures :
the FIRM has implemented and continues to develop rigorous security measures to ensure that the personal information it holds remains strictly confidential and is protected against loss or theft and against any unauthorized consultation, communication, copying, use or modification.
These security measures include organizational measures such as the use of security clearances and restricted access to what is necessary; physical measures (office access cards for employees, visitor registration and identity cards, data backup and archiving using an external system, etc.); and technological measures such as the use of passwords and encryption (frequent changing of passwords, use of firewalls and segmented access operators, etc.)
Request for access to information and rectification :
A data subject has the right to know whether the FIRM holds personal information about him or her and to consult this information. He or she also has the right to request how the FIRM collected this personal information, how it was used and to whom it could have been communicated.
This information will be provided to the person concerned within a reasonable time from the day the FIRM receives his or her written request. The FIRM may charge a reasonable fee to process the request.
In certain specific cases, the FIRM may refuse to provide the requested information. Exceptions to a right of access include the fact that it would be extremely costly to provide the requested information, the information refers to other individuals, the information cannot be disclosed for legal, security or commercial proprietary reasons, the information was obtained in the course of an investigation into a possible breach of contract or to prevent or detect fraud, or the information is protected by solicitor-client privilege or litigation privilege.
When the FIRM holds medical information concerning the person concerned, it may refuse to communicate it directly to them and request that it be transmitted to a health professional that the person concerned has designated to communicate it to them.
The data subject may verify the accuracy and completeness of his/her personal information and, if necessary, request its rectification. The FIRM will respond to any request for rectification within a reasonable time.
Any request for access to information or request for rectification must be sent to the following address:
Compound Finance
(514-949-6188 jonathan.beaulieu@agc.ia.ca)
Transparency : The FIRM provides interested persons with all information relating to its Policy and procedures regarding the protection of personal information. In addition, upon request, the FIRM may transmit a copy of its Policy.
Concerns and Complaints : An affected individual may contact the FIRM for any inquiries or to file a complaint regarding its Personal Information Protection Policy or procedures.
Breach of confidentiality
A privacy breach involves unauthorized access to, or the unauthorized collection, use or disclosure of, personal information. Some of the most common breaches occur when personal information is stolen, lost or misused. A privacy breach can also result from a procedural error or operational failure.
In the event of a breach, the FIRM will take appropriate measures to mitigate the damage that may be caused by the breach of confidentiality, including, where appropriate, reporting it to the relevant persons and regulatory authorities.
Policy Review
The Policy must be reviewed periodically. In addition, whenever significant legislative or regulatory changes affecting the FIRM are made, the Policy must be amended accordingly.
Entry into force
This policy is effective as of 03/29/2021
