Privacy Policy
The purpose of this policy is to ensure personal and confidential information collected from clients is used for the stated purpose(s) and to safeguard such information as required by law. Doyenne has designated Jennifer Snyder as Privacy Officer to ensure compliance and to respond to any questions or complaints regarding Doyenne’s privacy policy and practices.
Personal information is governed by the Freedom of Information and Protection of Privacy Act (Manitoba), the Personal Information Protection and Electronic Delivery Act (PIPEDA) in Ontario and federally, the Act Respecting the Protection of Personal Information in the Private Sector (Québec) and the Personal Information Protection Act of Ontario (collectively referred to as the “Privacy legislation”).
Privacy legislation governs the collection, use and disclosure of personal information in a manner that recognizes both the right of an individual to have personal information protected and the need of organizations to collect, use or disclose personal information for purposes that are reasonable.
Privacy legislation gives individuals the right to:
· know why an organization collects, uses or discloses their personal information;
· expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
· know who in the organization is responsible for protecting their personal information;
· expect an organization to protect their personal information by taking appropriate security measures;
· expect the personal information an organization holds about them to be accurate, complete and up-to-date;
· obtain access to their personal information and ask for corrections if necessary; and
· complain about how an organization handles their personal information if they feel their privacy rights have not been respected.
Privacy legislation requires organizations to:
· obtain consent when they collect, use or disclose their personal information;
· supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
· collect information by fair and lawful means; and
· have personal information policies that are clear, understandable and readily avail–able.
Definition - “Personal Information” is defined as information about an "identifiable individual". This includes such things as age, income, education, home address and phone number. It does not cover general contact information such as name, title, business address, business phone number, etc.
Records with personal information falling under the definitions in PIPA, or records that contain information about an identifiable individual include: (a) name, age, weight, height; (b) medical records; (c) income, assets, bank accounts, purchases and spending habits; (d) race, ethnic origin and colour; (e) blood type, DNA code, fingerprints; (f) marital status and religion; (g) education; (h) home address and phone number; and (i) social insurance number.
Where Doyenne collects any information related to clients or prospective clients, this information is required to be kept confidential and maintained in accordance with this and other policies governing the protection of client information.
Information that Doyenne collects on the KYC Form or through the account opening process and other ongoing discussions with clients is subject to strict confidentiality regardless of whether it is deemed to be Personal Information.
21.1 Disclosure and Consent
The knowledge and consent of clients to the collection of personal information is required by privacy legislation. Doyenne’s purpose for collecting Personal Information from clients is to meet various regulatory obligations and to establish an appropriate investment mandate for its clients’ account(s).
Doyenne provides the firm’s Privacy Policy document to clients at account opening. The KYC Form asks for explicit client consent.
21.2 Requests for Access
Requests for access to Personal Information should be handled solely through the Privacy Officer (the CCO). Pursuant to privacy legislation, an individual may submit a written request to provide them with:
· a record of their Personal Information in Doyenne’s custody or control;
· information about the purposes for which their Personal Information under Doyenne’s custody or control has been and is being used; and
· the names of persons to whom and the circumstances in which their Personal Information has been and is being disclosed.
The Privacy Officer is required to make a reasonable effort to assist each applicant as accurately and reasonably as possible. When a request is received, the Privacy Officer will respond to a client no later than 30 days after receiving the request. Doyenne must keep accurate records of the information provided to the client.
Requests may be subject to certain fees and disbursements in accordance with the provisions of the Act.
Content of Response
In a response to a client request, if access to all or part of the personal information requested by the applicant is refused, Doyenne must tell the applicant:
· the reasons for the refusal and the provision of the Act on which the refusal is based,
· the name, position title, business address and business telephone number of an officer or employee of the organization who can’ answer the applicant's questions about the refusal, which is the Privacy Officer, and
· that the applicant may ask for a review within 30 days of being notified of the refusal.
Doyenne may refuse in a response to confirm or deny the existence of personal information collected as part of an investigation. The Privacy Officer is to consult with legal counsel if any questions or concerns arise.
Privacy legislation provides that Doyenne must not disclose personal information where:
· the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request;
· the disclosure would reveal personal information about another individual and consent is not obtained; or
· the disclosure would reveal the identity of an individual who has, in confidence, provided Doyenne with an opinion about another individual, and the individual providing the opinion does not consent to the disclosure of their identity.
Privacy legislation further provides that Doyenne may choose not to disclose personal information where the Personal Information:
· is protected by legal privilege;
· was collected for an investigation or legal proceedings;
· was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act under an agreement, under an enactment, or by a court; or
· relates to or may be used in the exercise of prosecutorial discretion.
Additionally, Doyenne may choose not to disclose if the information would reveal confidential commercial information, and it is not unreasonable to withhold such information. If questions arise as to whether or not the information should be shared, Doyenne should consult with external resources.
21.3 Requests for Corrections
An individual may submit a written request to correct errors or omissions in their personal information.
When provided with a written request, the Privacy Officer will assist with the correction of the personal information and, if reasonable, send correction notifications to any organizations to whom the information was disclosed.
If it is decided not to correct the personal information (based on immateriality or information that cannot be validated against the original which appears more appropriate), the Privacy Officer will ensure the conclusion and the reason the personal information was not corrected is documented.
For more information, refer to:
Manitoba: https://www.gov.mb.ca/fippa/index.html
Ontario PIPA: https://www.Ontario.ca/personal-information-protection-act.aspx
PIPEDA: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-privacy-act/
Québec: http://www.legisquebec.gouv.qc.ca/en/showdoc/cs/P-39.1
21.3 Retention and Destruction
Privacy legislation requires that for legal or business purposes, Doyenne may retain Personal Information for as long as is reasonable but further requires that Doyenne have procedures to destroy the Personal Information when it is no longer required.