To regulate the collection, use and disclosure of personally identifiable information of employees, customers or other individuals, and to ensure compliance with privacy legislation.
Emco, as a leading distributor and manufacturer of building materials for the residential, commercial and industrial construction markets, must collect personal information from employees, customers or other individuals in order to conduct its business, maintain records, and provide benefits and services to these parties.
As an organization, the collection of such personal information shall be governed by the following principles:
The Vice-President, General Counsel shall be the Chief Privacy Officer and shall oversee the administration of this policy and the development of information gathering and handling practices.
Individuals from whom information is collected shall be advised that Emco has policies and practices in place to securely manage such information.
Identify the Purpose
The specific purposes for which personal information is collected and used shall be clearly identified and explained, in writing where possible, to the individual at or before the time the information is collected.
The informed consent, in writing where possible, of the individual is required for the collection, use, or disclosure of personal information. There are limited circumstances where consent may not be possible and the Chief Privacy Officer shall be consulted prior to the collection, use or disclosure of the personal information of an individual without their consent. A new consent shall be obtained from the individual if the personal information is to be used for a purpose other than that for which it was originally collected. The individual is entitled to withdraw their consent at any time, and, with limited exceptions, this shall prohibit the corporation from making any further use of the information.
The collection of personal information shall be limited to that which is necessary for the specific purposes identified. Information shall be collected by clear, fair and open means.
Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes, or as required by law, and thereafter destroyed in a secure manner ensuring the confidentiality of the personal information.
Personal information, and any disclosure of such information, shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
Personal information, regardless of the format in which it is held, shall be protected by adequate security safeguards, including physical measures, technological tools and organizational controls, to protect against loss, theft or unauthorized access. Access to personal information shall be permitted strictly on a "need to know" basis.
Upon request, and no later than thirty days thereafter, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information, except in some limited circumstances. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. The Chief Privacy Officer shall be advised of all such challenges.
An individual shall be able to address any complaint concerning compliance with the above principles to the Chief Privacy Officer. The Chief Privacy Officer shall initiate an investigation into the complaint, notify the individual of the outcome of the investigation, and correct any compliance problems identified.
Contact Information for the Chief Privacy Officer