GCFDC is a federally supported not-for-profit community
organization with a volunteer board of directors and
professional staff whose purpose is to develop and
diversify local economies. GCFDC supports community
economic development and small business growth by developing
and implementing strategic community plans, delivering
a range of counselling and information services to
small business and operating locally controlled investment
funds to provide repayable financing to new and existing
businesses.
This privacy policy has been developed to comply with
Canada’s Personal Information Protection and Electronic Documents
Act ("PIPEDA"). PIPEDA sets out rules
for the collection, use and disclosure of personal
information in the course of commercial activity as
defined in the Act.
1.1 The Ten Principles of
PIPEDA Summarized
The ten Principles of PIPEDA that form the
basis of this Privacy Policy are as follows:
Accountability: organizations are accountable for
the personal information they collect, use, retain
and disclose in the course of their commercial activities,
including, but not limited to, the appointment of
a Chief Privacy Officer;
Identifying Purposes: organizations are to explain
the purposes for which the information is being used
at the time of collection and can only be used for those
purposes;
Consent: organizations must obtain an Individual’s
express or implied consent when they collect, use, or
disclose the Individual’s personal information;
Limiting Collection: the collection of personal information
must be limited to only the amount and type that is reasonably
necessary for the identified purposes;
Limiting Use, Disclosure and Retention: personal information
must be used for only the identified purposes, and must
not be disclosed to third parties unless the Individual
consents to the alternative use or disclosure;
Accuracy: organizations are required to keep personal
information in active files accurate and up-to-date;
Safeguards: organizations are to use physical, organizational,
and technological safeguards to protect personal information
from unauthorized access or disclosure;
Openness: organizations must inform their clients and
train their employees about their privacy policies and
procedures;
Individual Access: an Individual has a right to access
personal information held by an organization and to challenge
its accuracy if need be; and
Provide Recourse: organizations are to inform clients
and employees of how to bring a request for access, or
complaint, to the Chief Privacy Officer, and respond
promptly to a request or complaint by the Individual.
This Privacy Policy applies to GCFDC's Board of Directors,
members, employees and contracted employees. As well;
GCFDC ensures that all third party service providers
sign confidentiality agreements prior to any transfer
of an Individual's personal information in the course
of providing the business loans, business development
advice, and other related information and/or services.
1.2 Definitions
"Personal information" means any information
about an identifiable Individual. It includes, without
limitation, information relating to identity, nationality,
age, gender, address, telephone number, e-mail address,
Social Insurance Number, date of birth, marital status,
education, employment health history, assets, liabilities,
payment records, credit records, loan records, income
and information relating to financial transactions
as well as certain personal opinions or views of an
Individual.
"Business information" means business name,
business address, business telephone number, name(s)
of owner(s), officer(s) and director(s), job titles,
business registration numbers (GST, RST, source deductions),
financial status. Although business information is
not subject to PIPEDA, confidentiality of
business information will be treated with the same
security measures by GCFDC staff, members and Board
members, as is required for Individual personal information
under PIPEDA.
"Client" means the business that is applying
for or has been granted a loan, (including sole proprietorships
and Individuals carrying on business in a partnership);
"Individual" means the client’s owner(s)
or shareholders, co-signors, and/or any guarantor associated
with a client.
"Member" means a person who volunteers on
a GCFDC committee, but who is not a current or active
board member, or chair of the committee.
"Application" means the application form
or related forms completed by the Individual(s) to
request financing for the client through the Investment
Fund of GCFDC.
"Data base" means the list of names, addresses
and telephone numbers of clients and Individuals held
by GCFDC in the forms of, but not limited to, computer
files, paper files, and files on computer hard-drives.
"File" means the information collected in
the course of processing an application, as well as
information collected/updated to maintain /service
the account.
"Express consent" means the Individual signs
the application, or other forms containing personal
information, authorizing GCFDC to collect, use, and
disclose the Individual's personal information for
the purposes set out in the application and/or forms.
"Implied Consent" means the organization
may assume that the Individual consents to the information
being used, retained and disclosed for the original
purposes, unless notified by the Individual.
"Third Party" means a person or company that
provides services to GCFDC in support of the programs,
benefits, and other services offered by GCFDC, such
as other lenders, credit bureaus, persons with whom
the Individual or client does business, but does not
include any Government office or department to whom
GCFDC reports in the delivery of such programs, benefits
or services.
2.0 Purposes of Collecting
Personal Information
Personal information is collected in order to assess
the eligibility of the Individual completing an application
for financial assistance, as well as to report to Industry
Canada. The Individual is the main source of information
but GCFDC will also ask to obtain information directly
from a third source where the Individual does not have
the required information.
Only that information which is required to make a
determination of an Individual's eligibility will be
collected. Although the Individual's Social Insurance
Number may be requested in the application for confirming
identification of the Individual to the credit reporting
agency, provision of this personal information is optional.
The Individual may provide alternative forms of identification,
such as date of birth and driver's license number.
3.0 Consent
An Individual’s express, written consent will be obtained
before or at the time of collecting personal information.
The purposes for the collection, use or disclosure
of the personal information will be provided to the
Individual at the time of seeking his or her consent.
Once consent is obtained from the Individual to use
his or her information for those purposes, GCFDC has
the Individual's implied consent to collect or receive
any supplementary information that is necessary to
fulfil the same purposes. Express consent will also
be obtained if, or when, a new use is identified.
By signing the application and/or other forms, implied
consent is granted by the Individual to obtain and/or
to verify information from third parties such as banks,
credit bureaus, other lenders, and insurance companies
in the process of assessing the eligibility of an Individual
or client. Implied consent is also granted by the Individual
to permit GCFDC to report or otherwise disclose information
to Industry Canada that is the government department
that oversees GCFDC's activities.
An Individual can choose not to provide some or all
of the personal information at any time, but if GCFDC
is unable to collect sufficient information to validate
the request for financing, the Individual's Application
for such financing may be turned down.
A client or an Individual can withdraw consent to
GCFDC’s use of personal information at any time prior
to the application being approved, by making such request
in writing. Once a loan has been approved, an Individual
cannot withdraw consent authorizing GCFDC to use and
disclose the personal information for the purposes
set out in this Privacy Policy. Express consent will
be obtained from the Individual prior to disclosing
the Individual's personal information to other lenders,
credit insurers and credit bureaus.
This Privacy Policy does not cover statistical data
from which the identity of Individuals cannot be determined.
GCFDC retains the right to use and disclose statistical
data as it determines appropriate.
4.0 Limiting Collection
Personal information collected will be limited to
the purposes set out in this Privacy Policy, GCFDC
applications, and/or other forms.
5.0 Limiting Use, Disclosure
and Retention
5.1 Use of Personal Information
Personal information will be used for only those purposes
to which the Individual has consented with the following
exceptions, as permitted under PIPEDA:
GCFDC will use personal information without the
Individual's consent, where:
the organization has reasonable grounds to believe
the information could be useful when investigating
a contravention of a federal, provincial or foreign
law and the information is used for that
investigation;
an emergency exists that threatens an Individual’s
life, health or security;
the information is for statistical study or research;
the information is publicly available;
the use is clearly in the Individual’s interest, and
consent is not available in a timely way;
knowledge and consent would compromise the availability
or accuracy of the information, and
collection is required to investigate a breach of an
agreement.
5.2 Disclosure and Transfer
of Personal Information
Personal information will be disclosed to only those
GCFDC employees, members of GCFDC committees, and the
Board of Directors that need to know the information
for the purposes of their work or making an assessment
as to the Individual's eligibility to the loan program.
Personal information will be disclosed to third parties with the
Individual's knowledge and consent.
PIPEDA permits GCFDC to disclose personal
information to third parties, without an Individual's
knowledge and consent, to:
a lawyer representing our GCFDC;
collect a debt owed to GCFDC by the Individual or client;
comply with a subpoena, a warrant or an order made
by a court or other body with appropriate jurisdiction;
a law enforcement agency in the process of a civil
or criminal investigation;
a government agency or department requesting the information;
or,
· as required by law.
PIPEDA permits GCFDC to transfer personal
information to a third party, without the
Individual's knowledge or consent, if the transfer
is simply for processing purposes and the third party
only uses the information for the purposes for which
it was transferred. GCFDC will ensure, by contractual
or other means, that the third party protects the information
and uses it only for the purposes for which it was
transferred.
5.3 Retention of Personal
Information
Personal information will be retained in client files
as long as the file is active and for such periods
of time as may be prescribed by applicable laws and
regulations.
A file will be deemed inactive if the Investment Committee
rejects an application, when a loan is repaid in full
and securities are discharged, or when a guarantee
is terminated. Information contained in an inactive
file will be retained for a period of seven (7) years,
except in the case where an application is rejected.
Where an application has been rejected, the file and
all personal information contained in the file will
be retained for a period of two (2) years.
6.0 Accuracy
GCFDC endeavours to ensure that any personal information
provided by the Individual in his or her active file(s)
is accurate, current and complete as is necessary to
fulfill the purposes for which the information has
been collected, used, retained and disclosed. Individuals
are requested to notify GCFDC of any change in personal
or business information.
Information contained in inactive files is not updated.
7.0 Safeguards
GCFDC will use physical, organizational, and technological
measures to safeguard personal information to only
those GCFDC employees, volunteers, or third parties
who need to know this information for the purposes
set out in this Privacy Policy.
Organizational Safeguards: Access to Personal information
will be limited to the Loans Officer, the Administration
Officer, and/or the Executive Director who have to
make a determination as to the Individual's eligibility
for a business loan. Personal information provided
to members of GCFDC committee(s) will be limited to
only that information required to carry out the mandate
of that committee. Members of the GCFDC committee(s)
and/or Board of Directors are not permitted to copy
or retain any personal information on Individuals or
clients and must return for destruction all such information
given to them to review once the purpose for being
provided with this information has been fulfilled.
Employees and members of GCFDC committee(s) and/or
Board of Directors are required to sign a confidentiality
agreement binding them to maintaining the confidentiality
of all personal information to which they have access.
Physical Safeguards: Active files are stored in locked
filing cabinets when not in use. Access to work areas
where active files may be in use is restricted to GCFDC
employees only and authorized third parties.
All inactive files or personal information no longer
required are shredded prior to disposal to prevent
inadvertent disclosure to unauthorized persons.
Technological Safeguards: Personal information contained
in GCFDC computers and electronic data bases are password
protected in accordance with GCFDC's Information
Security Policy. Access to any of the GCFDC's
computers also is password protected. GCFDC's Internet
router or server has firewall protection sufficient
to protect personal and confidential business information
against virus attacks and "sniffer" software arising
from Internet activity. Personal information is not
transferred to volunteer committee members, the Board
of Directors, or third parties by e-mail or other electronic
form.
8.0 Openness
GCFDC will endeavour to make its privacy policies
and procedures known to the Individual via this Privacy
Policy as well as the GCFDC Privacy Statement.
This document will also be available on GCFDC’s website: http://www.grenvillecfdc.com/.
9.0 Individual Access
An Individual who wishes to review or verify what
personal information is held by GCFDC, or to whom the
information has been disclosed (as permitted by the Act)
may make the request for access, in writing, to the
Chief Privacy Officer. Upon verification of the Individual's
identity, the Chief Privacy Officer will respond within
60 days.
If the Individual finds that the information held
by GCFDC is inaccurate or incomplete, upon the Individual
providing documentary evidence to verify the correct
information, GCFDC will make the required changes to
the Individual's active file(s) promptly.
10.0 Complaints / Recourse
If an Individual has a concern about GCFDC's personal
information handling practises, a complaint, in writing,
may be directed to the Chief Privacy Officer.
Upon verification of the Individual's identity, GCFDC's
Chief Privacy Officer will act promptly to investigate
the complaint and provide a written report of the investigation's
findings to the Individual.
Where GCFDC's Chief Privacy Officer makes a determination
that the Individual's complaint is well founded, the
Chief Privacy Officer will take the necessary steps
to correct the offending information handling practise
and/or revise GCFDC's privacy policies and procedures.
Where GCFDC's Chief Privacy Officer determines that
the Individual's complaint is not well founded, the
Individual will be notified in writing.
If the Individual is dissatisfied with the finding
and corresponding action taken by GCFDC's Chief Privacy
Officer, the Individual may bring a complaint to the
Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada
112 Kent Street, Ottawa,
Ontario K1A 1H3
Tel 1-800-282-1376
Email address: www.privcom.gc.ca
Questions / Access Request / Complaint
Any questions regarding this or any other privacy
policy of GCFDC may be directed to the Chief Privacy
Officer. Requests for access to information, or to
make a complaint, are to be made in writing and sent
to the Chief Privacy Officer at the address below:
Chief Privacy Officer
Grenville Community Futures Development Corporation
197 Water Street, Suite 405
P.O. Box 309
Prescott, ON
K0E 1T0
This GCFDC Privacy Policy is in effect as of August
2004 and is retroactive to January 1, 2004. This policy
is subject to amendment in response to developments
in the privacy legislation. The Chief Privacy Officer
will review and revise the Privacy Policy from time
to time as required by changes in privacy law. Notification
of any changes in the Privacy Policy will be posted
on GCFDC's website, as well as in GCFDC's Privacy Statement.
Any changes in the Privacy Policy will apply to Personal
information collected from the date of the posting
of the revised Privacy Policy on GCFDC's website: http://www.grenvillecfdc.com/.
