a) G-Tech Services, Inc. (the “Company”) has adopted this Policy to govern the treatment of Personal Information. While the Company generally does not proactively seek Personal Information, it does receive voluntarily proffered Personal Information from: (i) Employees and prospective employees, in support of the Company’s human resources and business operations (“employee-employer” contact); (ii) Clients and Consultants in the course of the Company’s business operations (“business-to-business” contact); and (iii) visitors to the Company’s website. The Company is committed to protecting the confidentiality and integrity of Personal Information. Compliance with this Policy is mandatory for all Company employees Accessing Personal Information. Failure to comply with the Policy may result in discipline, up to and including termination.
b) The Company recognizes the confidential nature of the Personal Information in its care and is accountable for the compliance of itself and its directors, officers, management, employees, representatives and agents including consultants and independent contractors (the “Staff”) in protecting this Personal Information.
iii) Telephone numbers.
iv) Email addresses.
v) Employee identification numbers.
vi) Government-issued identification numbers (e.g., driver’s license, Social Security, or passport numbers).
vii) User passwords or PINs.
viii) User identification and account access credentials, passwords, PINs and security question answers.
ix) Financial account numbers (e.g., bank account numbers, credit and debit card information).
x) Geolocation data (e.g., location data from IP addresses, cellular networks, and GPS).
xi) Biometric, medical, health, or health insurance information.
xii) Religious or philosophical beliefs or political opinions.
xiii) Sexual orientation.
xiv) Criminal records.
e) The Company and the Staff will at all times respect the confidentiality of the Personal Information placed in its care. The Company will endeavor to ensure that the policies affecting the collection, storage and disclosure of Personal Information reflect the confidential nature of the information.
f) The Company will comply with all applicable privacy legislation and regulations in force now and in the future related to protecting the confidentiality of Personal Information.
2. Purposes for which Personal Information is Collected
a) The Company collects Personal Information from employees and prospective employees for the following purposes, among others: assessing qualifications for employment; enrollment in various Company benefit/insurance plans/programs; administering payroll; and providing evidence of individual skill and experience to clients and partners. The Company collects Personal Information from clients and consultants for the following purposes, among others: providing and marketing Company services; communicating Company news; and identifying industry demands and trends. The Company collects Personal Information from website visitors for the limited purpose of tracking visitors’ activity on the Company’s website.
b) The Company will not use Personal Information for a purpose other those generally identified above without first amending this Policy and posting the amended Policy on the Company’s website.
3. Knowledge and Consent
a) Consent to use and disclose Personal Information is presumed by the actions of affected Individuals, such as accepting employment with the Company, doing business with the Company, or browsing the Company’s website.
b) Subject to legal and contractual obligations, an Individual may withdraw their consent at any time, by giving notice to firstname.lastname@example.org.
4. Scope and Application
5. Access by Authorized Company Representatives
a) All Personal Information will be released internally only on a need-to-know basis. In the course of normal and reasonable business practices it is the policy of the Company to grant designated Company representatives access to Personal Information files. This access will not exceed that necessary to accomplish the specific business function of the Company representative nor the purpose for which the information was originally collected.
6. Rights of Access and Correction
b) Upon request, the Company will also provide a specific summary of how the Personal Information has been used and to whom it has been disclosed. Where a detailed account of disclosure is not available, the Company will provide a list of organizations to which the Personal Information may have been disclosed.
c) Where a request for correction is not successful, the details and substantiating evidence of the request will be recorded and retained by the Company.
d) The Company will endeavor to respond promptly to any reasonable request for disclosure and correction made by an Individual to ensure the continued accuracy of Personal Information.
e) In some instances the Company may be required to limit access to Personal Information because of statutory or regulatory requirements. In all instances however the Company will make all reasonable efforts to comply with the Individual’s request for access and correction to the extent of what is allowed by statute or regulation.
7. Use and Disclosure of Personal Information
a) The Company and the Staff will keep confidential all Personal Information in its control except where one or more of the following conditions apply:
i. where the Individual who is the subject of disclosure has provided written consent;
ii. where the disclosure is in accord with the purposes for which the Personal Information was originally collected;
iii. where the disclosure is for the purpose of providing employment references to prospective employers and where the Personal Information disclosed is limited to information considered reasonably necessary for the purpose of providing employment references;
iv. where the Company is permitted or required to do so by applicable legislation or regulation;
v. where the disclosure is directed to health benefit providers and where the purpose of the disclosure is in accord with the purposes for which the Personal Information was originally collected;
vi. where the disclosure is required by authorized government representatives who are acting to enforce any federal, provincial or territorial law or carrying out an investigation relating to the enforcement of any federal, provincial or territorial law or gathering information for the purpose of enforcing any federal, provincial or territorial law;
vii. where the Company is required to comply with valid court orders, warrants or subpoenas or other valid legal processes; and
viii. in an emergency to protect the physical safety of any person or group of persons.
8. Ownership of Personal Information
9. Retention and Disposal of Personal Information
a. Any Personal Information collected by the Company will be retained by the Company during the period of active employment of the Individual as well as during the post-employment period only as long as the Personal Information is required to serve its original purpose or as directed by applicable legislation or regulation.
b. Personal Information that is no longer needed for its stated purpose will be destroyed, erased or made anonymous.
c. The Company will ensure that all practices and procedures relating to the disposal of Personal Information will respect the fundamental policy of confidentiality. All Personal Information disposal procedures, including the disposal of computerized data storage devices, will ensure the complete destruction of Personal Information so that there will be no risk of subsequent unauthorized disclosure of Personal Information.
a. The Company will take and enforce all reasonable security measures appropriate for the sensitivity of the information to ensure that all Personal Information for every Individual is protected against any form of unauthorized use including but not limited to accidental or malicious disclosure, unauthorized access, unauthorized modification, unauthorized duplication or theft.
b. Methods of security will include but not be limited to the following:
i. physical security including locked filing cabinets and secure-access offices;
ii. organizational security including security clearances and access limited on a “need-to-know” basis; and
iii. technological security including passwords and encryption.