“Personal information” means information that identifies an individual but does not include the type of information that would be found on a business card or through publicly available information such as the phone book. If the information cannot be directly associated with an individual, it does not fall within the statutory definition of “personal information”.
All IFDS employees are mandated to complete an annual Privacy training program. This is done through our PACE Partner tool and is closely monitored for completion.
As a provider of transfer agency technology and services, IFDS does not directly collect, nor does it use, personal information from or about individuals for its own independent purposes. Rather, we receive personal information from our clients or their distributors for processing purposes. We operate under the direction of our clients and on the understanding that appropriate consents have been obtained, either expressly or implied, for the collection, use and disclosure of personal information. IFDS uses the personal information we receive solely to provide services to our clients in accordance with our contractual obligations and for no other purposes. Our staff is required, as a condition of employment, to limit access to and use of personal information to the extent necessary for the performance of their specific employment duties.
We do not use or disclose personal information for any marketing purposes.
We collect the personal information of our employees for recruiting and hiring purposes and in order that we can check references and properly administer payroll and benefit plans. Our human resources department collects the following employee information: name, address, telephone numbers, work and business information, banking information, social insurance number, driver’s license number, dependent particulars, among other information. This information is collected and used for payroll and benefit plans setup, administration, payment and tax remittance, to process any benefit or other claims, such as WSIB or medical-related claims, and to comply with applicable employment legislation.
In addition, images, movements, actions, or other identifiable information about our employees may be captured by video equipment monitoring the common areas at offices and buildings under our management that an employee may visit as part of their duties.
Consent to use the information supplied by prospective employees is provided by means of the completion of an application for employment and/or acceptance of an offer of employment.
IFDS may retain an affiliated company or an independent third party (“authorized service provider”) to perform, on our behalf, certain functions in support of the services we provide. Such functions could include, for example, application development, support, testing or transaction processing. Accordingly, in certain instances, these affiliates or third parties may be provided with access to personal information to the extent that it is necessary for the performance of those functions.
As a processor of information on behalf of our clients, one of our most important privacy obligations is to take appropriate precautions to hold secure the information we receive. To that end, we apply security safeguards to our computing infrastructure and data in all forms. We maintain security policies, procedures and controls to protect the personal information we receive against loss or theft. We have safeguards in place to prevent unauthorized access, disclosure, copying, use and modification. We work with our clients to apply, to the extent that it is commercially and technologically feasible, the security standards required by our clients for the information we receive from them and which pertains to their business. Such safeguards and controls include, but are not limited to, the following:
Individuals have the right to access their personal information held by an organization and to challenge an organization about its personal information practices. However, as a provider of transfer agency technology and related services, IFDS does not respond directly to requests from individuals to access personal information or to complaints from individuals about the personal information practices of our clients. Any such requests and inquiries are referred back to our clients. This procedure is necessary to ensure that the authenticity of the request and the identity of the requester can be established by an individual’s firm and/or the distributor, as applicable, and that IFDS can receive specific instructions before personal information is released by IFDS on the individual’s behalf.
Personal information is collected only for the purposes set out herein and not indiscriminately. If we require information for any purpose not specified herein, the owner of the information will be notified of the new purpose and, subject to their consent, that new purpose will become an identified purpose. IFDS will only collect personal information by fair, lawful means and a responsible staff member will explain why the information is needed.
IFDS has guidelines and procedures in place for the retention and destruction of personal information, taking into account legal requirements and restrictions. Personal information that has been used to make a decision about an individual will be kept for a reasonable time period so as to permit access to the information by the individual following the decision having been made. Information that does not have a specific purpose, or that no longer fulfils its intended purpose, will be destroyed in a secure manner.
We will strive to keep personal information as accurate, complete and up to date as necessary, taking into account its use and the interests of the individual. Personal information will only be updated when necessary to fulfill the purposes specified. We rely on individuals to disclose all material information to us and to inform us of any changes required. With proof of entitlement, a request to correct information in our possession may be made by contacting the Chief Privacy Officer at the address set out below in the section called “Contacting the Chief Privacy Officer”.
Because the right to access information is not absolute, IFDS may decline access to information that we have under our control for reasons such as:
Often all the individual has to do is ask, but it is possible we may request that the reason be stated in writing. If we cannot give access to the information requested, we will tell the person within 30 days, explaining as best we can why we cannot give access to the information. We will only refuse access as authorized by law, and in any event, will provide the individual with a written explanation for refusing the request.