The Policy of Risk Review Inc. on the Collection, Use and Disclosure of Personal Information
Objective & Scope of Policy
Risk Review Inc. is a risk management consulting practice doing business throughout Canada.
Consistent with our obligations as professionals, we are dedicated to maintaining high standards of confidentiality with respect to the information that has been provided to us.
This Policy Statement has been prepared to affirm our commitment to maintaining the privacy of our clients and others and to inform you of our practices concerning the collection, use and disclosure of Personal Information collected by Risk Review Inc.
For the purposes of this Policy, “Personal Information” means any information, recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information. This policy does not cover any information about more than one individual where the identity of the individuals is not known and cannot be inferred from the information on hand.
Using contractual or other arrangements, our firm shall ensure that agents, contractors or third party service providers, who may receive Personal Information in the course of providing services to Risk Review Inc. as part of our delivery of services, protect that Personal Information in a manner consistent with the principles articulated in this Policy Statement.
As a general rule, all information concerning the business and affairs of a person or organization acquired (1) for the purpose of determining whether Risk Review Inc. will enter into a professional relationship or (2) in the course of a professional relationship shall be held in strict confidence and not revealed to anyone unless expressly or implicitly authorized by the person or organization concerned. A professional relationship develops when Risk Review Inc. agrees to be retained to provide services to a particular individual or organization.
The Collection, Use & Disclosure of Personal Information
Risk Review Inc. collects only such information from individuals or organizations as is required for the purposes of providing services or information to them. Risk Review Inc. may collect e-mail and mailing addresses when individuals subscribe to a publication offered by our Firm. We may use information collected through such subscriptions to send subscribers the publication they have requested, and to provide information that may be of possible interest.
Risk Review Inc. does not at any time sell, trade, barter or exchange for consideration any Personal Information it has obtained. Unless permitted by law, no Personal Information is collected about an individual, without first obtaining the consent of the individual to the collection, use and dissemination of that information.
Risk Review Inc. may disclose Personal Information to organizations that perform services on behalf of our Firm. Personal Information will only be provided to such organizations if they agree to use such information solely for the purposes of providing services to Risk Review Inc. and under the instruction of Risk Review Inc. and, with respect to that information, to act in a manner consistent with the relevant principles articulated in this Policy.
Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted or where Risk Review Inc. is obliged to disclose information without consent. Such circumstances may include:
- Where we are required by law or by order or requirement of an entity legally empowered to obtain such information;
- Where Risk Review Inc. believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
- Where it is necessary to establish or collect monies owing to Risk Review Inc.;
- Where it is necessary to permit Risk Review Inc. to pursue available remedies or limit any damages that Risk Review Inc. may sustain; or
- Where the information is public.
Where obliged or permitted to disclose information without consent, Risk Review Inc. will not disclose more information than is required.
Risk Review Inc. strives to ensure that any Personal Information provided and in its possession is as accurate, current and complete as necessary for the purposes for which Risk Review Inc. uses that information.
Risk Review Inc. retains Personal Information only as long as it is required for the reasons it was collected. The length of time we retain information varies, depending on the service provided and the nature of the information. This period may extend beyond the end of an organization’s relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date. When your Personal Information is no longer required for our purposes, we will responsibly dispose of that data, thereby protecting your anonymity.
Risk Review Inc. strives to maintain adequate physical, procedural and technical security with respect to its office and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information.
Risk Review Inc. further protects Personal Information by restricting access to it to those employees that the management of Risk Review Inc. has determined need to know that information in order that our Firm may provide its services.
In terms of communicating Personal Information to Risk Review Inc., you may wish to note that there is no method of transmitting or storing data that is completely secure. While the physical characteristics of each are different, mail, telephone calls, faxes and transmissions over the Internet are all susceptible to possible loss, misrouting, interception and misuse of the information being communicated or transmitted.
Risk Review Inc. attempts to strike a reasonable balance between security and convenience. In communicating with clients and others, Risk Review Inc. often requests the right to use a method of communication that is less secure than some of its less convenient alternatives. An example of this is e-mail. At this time, when we use e-mail, it may be sent as unencrypted plain text. We do this as a measure of expedience for our clients, who may not be able to process encrypted e-mail. This is done for their convenience but has the security concern that, if misrouted or intercepted, it could be read more easily than encrypted e-mail. It is worthy of note that all fax and e-mail communications sent by Risk Review Inc. bear a “Notice of Confidentiality” of that communication, and a direction to the reader to advise our Firm of any known misdirection of that particular communication.
While Risk Review Inc. endeavours to provide reasonable security in its data storage and communications, please note that the Firm does not accept responsibility for the access to its data, communications, or website by individuals or organizations with unauthorized or malicious intent.
Risk Review Inc. Website
Risk Review Inc. provides clients and others with general access to its public website, and restricted access within its website to information proprietary to that particular client. This is done by way of user name and password. While reasonable precaution is taken to follow current protocols for internet security, Risk Review Inc. does not guarantee the security and privacy of this data due to external forces beyond the firm’s reasonable control.
In the event that you have questions about access to Personal Information, or the collection, use, management or disclosure of Personal Information you may contact the Privacy Officer at Risk Review Inc. at (416) 607-7251 or by e-mail at [email protected]