Privacy notice

Last update: 2022-12-05

Introduction

Privacy Matters Consulting Inc.’s information management practices are based on British Columbia’s Personal Information Protection Act (PIPA), Canada’s Anti-Spam Legislation (CASL), and the ten internationally recognized privacy principles (also known as the Fair Information Practices).

This privacy notice (“Notice”) applies to all websites we own and operate, currently and in the future. When we say “we”, “us”, and “our”, we mean Privacy Matters Consulting Inc. When we say “you”, “user” or “individual(s)”, we mean the person who is accessing our website.

When we say “personal information”, we mean identifiable information about you, like your name, email address, home address, telephone number, banking or payment information, support queries and so on. If you cannot be identified (say, when personal information data has been aggregated or anonymized), then this Notice doesn’t apply to you.

Our principles of data protection

1. Accountability

BC’s PIPA sets out rules for how organizations collect, use and disclose personal information.

Privacy Matters is committed to being accountable for protecting the personal information we collect under appropriate and reasonable business purposes. We have policies and procedures in place to respond to inquiries and complaints related to your personal information. Questions and complaints can be directed to privacy@privacy-matters.ca.

If we are unable to resolve your concerns, you may contact the Office of the Information and Privacy Commissioner for British Columbia (OIPC) here:

PO Box 9038 Stn. Prov. Govt.
Victoria, BC V8W 9A4

www.oipc.bc.ca

2. Collection

PIPA authorizes organizations to collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances and if your organization has received consent or is authorized to collect without consent.

Privacy Matters will only collect, use, or disclose personal information that is necessary to fulfill the purpose of the collection, such as:

To provide products and services,
To establish relationships,
To meet our legal obligations,
To notify clients of changes to their legal obligations,
To respond to inquiries and/or complaints,
To better understand the needs and preferences of clients.

We only collect the minimum amount of personal information required to achieve the purpose for the collection. The types of personal information we collect include:

Name

Email addresses, phone numbers and other contact information
Internet Protocol (IP) addresses
Information about browsing activity
Additional personal information provided for the purpose of seeking help on FOI or privacy complaints.

How we collect your data

Information we collect directly from you

Through the various interactions with you, we may be required to collect your personal information. When you contact us, we collect your name, email address, and phone number.

Information we collect automatically

We collect some information about you automatically when you visit our website, like your IP address. We also collect information when you navigate through our website, including what pages you looked at and what links you clicked on. This information is useful for us to get a better understanding of how our website and services are being used so that we can continue to provide the best experience possible.

Some of this information is collected using cookies and similar tracking technologies. These can be implemented by us and also by third-party organizations that are service providers or business partners.

Information we get from third parties

Whenever possible, we will collect information directly from you. Sometimes we might collect personal information about you from other sources, such as publicly available materials or trusted third parties. This information is used to supplement the personal information we already have, in order to better inform, personalize and improve our services, and to validate the personal information you provide.

Where we collect personal information, we will only process it:

To perform a contract with you, or
Where we have legitimate interests to process the personal information and they are not overridden by your rights, or
In accordance with a legal obligation, or
Where we have your consent

3. Consent

PIPA requires businesses to get consent for the collection, use, or disclosure of personal information about an individual (except for limited circumstances).

Privacy Matters will communicate our business purpose for the collection of personal information at or before the point of collection. We will ensure your consent, whether express or implied, is obtained prior to the collection of personal information. Express consent is when you provide your personal information voluntarily after we inform you of the purpose of the collection of your information. It can be given in writing or verbally. When we rely on express consent, it will be usually done so through an affirmative action, such as marking a checkbox.

We ask for your express consent when you fill out the “contact us” form.

There are limited situations where we do not need to your consent to collect your personal information:

When a reasonable person would consider that it is clearly in the interests of the individual and consent cannot be obtained in a timely way,
When the collection, use, or disclosure is permitted or required by law,
In an emergency that threaten your life, health, or personal security,
When your personal information is available from a public source,
For the purposes of collecting a debt, or to protect ourselves from fraud,
To investigate an anticipated breach of an agreement or a contravention of the law

You may withdraw your consent at any time by giving Privacy Matters reasonable notice (subject to certain exceptions). If you do withdraw your consent, it is important to note that it may restrict our ability to provide service, and if this is the case, we will inform you beforehand. If you no longer wish to receive communications from us, you may withdraw your consent at any time by sending us an email to privacy@privacy-matters.ca.

4. Use and Disclosure

PIPA limits the use and disclosure of personal information to purposes that a reasonable person would consider appropriate in the circumstances and where our organization has either received consent or is authorized to collect without consent. Privacy Matters will not collect, use, or disclose personal information except for the identified purposes for collection, unless you have provided additional consent or the processing is authorized without consent.

We do not sell, rent, trade, or otherwise share any of your personal information to any third parties. Links to other websites and references to third-party products or services are provided for convenience only and do not constitute an endorsement by Privacy Matters. We are not responsible for the privacy practices or content of third-party websites and we strongly encourage you to review their privacy policies.

In circumstances where Privacy Matters work with service providers, your information will be treated with the same level of privacy and security as we are committed to providing, and will not be used for other purposes.

Privacy Matters may disclose your personal information when we are required or authorized by law to cooperate with local, national, or international law enforcement or other authorities for the reporting of and/or investigation of improper or unlawful activities, or if we need to comply with court orders.

5. Retention

PIPA requires Privacy Matters to retain personal information used to make decisions that directly affect individuals for at least one year after we make that decision. When the time period has passed, we will securely destroy or anonymize personal information once it is no longer necessary to fulfill the identified purposes or any other legal or business purposes. Personal information is retained as part of our retention schedule.

6. Safeguards

PIPA requires Privacy Matters to protect personal information under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.

The protection of personal information is important to us, and Privacy Matters uses a combination of administration, physical, and technical safeguards to reduce the risk of loss, misuse, unauthorized access, disclosure, and alteration of your personal information. All our physical devices are encrypted and password protected, administrative accounts are protected using multi-factor authentication, and we work behind top-of-the-line network security.

7. Accuracy

We are required to make reasonable efforts to ensure that personal information collected is accurate and complete if that information is used in decisions that affect individuals or to be disclosed to another organization.

Privacy Matters will update your personal information as and when necessary to fulfill the identified purposes, or upon your request. If you believe that your personal information is not accurate, you can send us a request to correct your personal information by writing to privacy@privacy-works.ca. We will ensure that third parties who have access to your personal information will be updated to reflect the amendments.

8. Access

PIPA allows individuals to request access to their own personal information that is under our control. You have the right to access the following:

Your personal information,
Information about the ways in which your personal information is or has been used, and
The names of the individuals and organizations to which their personal information has been disclosed

This request must be made in writing, and you must be prepared to prove your identity before access can be given. Privacy Matters will then have 30 business days to respond to your request, unless a time extension is granted under PIPA.

If access is refused by Privacy Matters, we will inform you in writing stating the reasons for the refusal and outline further steps that are available.

9. Challenging Compliance

PIPA requires Privacy Matters to have a process for responding to complaints that may arise. We have procedures in place for responding to all inquiries and complaints you may have regarding our handling of your personal information. All complaints must be made in writing, and you may be required to prove your identity before discussing any complaint or request that involves personal information. All inquiries and complaints can be directed to privacy@privacy-matters.ca.

We will investigate all complaints concerning compliance with this Notice in a timely manner, and if a complaint is found to be justified, Privacy Matters will take appropriate measures to resolve the complaint. If we are unable to resolve your concern, you may write to the Office of the Information and Privacy Commissioner for British Columbia (OIPC) here: