Fairchild Media Group ("Fairchild") Commitment to Privacy
This policy applies to
This policy does not apply to
Fairchild is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the Fairchild's compliance with the following principles: the Person Responsible for Privacy.
The Person Responsible for Privacy for Fairchild is the respective Administration Manager or designated staff for each individual Fairchild company.
|1.1||Accountability for Fairchild's compliance with the principles rests with the Person Responsible for Privacy, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within Fairchild may be delegated to act on behalf of the Person Responsible for Privacy.|
|1.2||The name of and contact information for the Person Responsible for Privacy shall be made known upon request.|
|1.3||Fairchild is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. Fairchild shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.|
|1.4||Fairchild shall implement policies and practices to give effect to the principles, including
|1.5||The designation of a Person Responsible for Privacy does not relieve Fairchild from accountability for compliance with these Principles.|
Fairchild shall identify the purposes for which personal information is collected at or before the time the information is collected. The purposes for which information is collected, used or disclosed by an organization must be those that a reasonable person would consider are appropriate in the circumstances.
|2.1||Fairchild shall document the purposes for which personal information is collected in order to comply with the Openness principle (Clause 8) and the Individual Access principle (Clause 9).|
|2.2||Identifying the purposes for which personal information is collected at or before the time of collection allows Fairchild to determine the information they need to collect to fulfill these purposes. The Limiting Collection principle (Clause 4) requires Fairchild to collect only that information necessary for the purposes that have been identified.|
|2.3||The identified purposes should be specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. An application form, for example, may give notice of the purposes.|
|2.4||When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.|
|2.5||Persons collecting personal information should be able to explain to individuals the purposes for which the information is being collected.|
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where consent is not required by law. As an exception to this general rule, consent is not required under the Personal Information Protection and Electronic Documents Act if the collection, use or disclosure of the personal information is solely for journalistic, artistic or literary purposes.
|3.1||Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Typically, Fairchild will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when Fairchild wants to use information for a purpose not previously identified).|
|3.2||The principle requires "knowledge and consent". Fairchild shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.|
|3.3||Fairchild may collect, use or disclose personal information without consent only in those circumstances permitted by sections 7 or 9 of the Personal Information Protection and Electronic Documents Act. Fairchild should consult the Personal Information Protection and Electronic Documents Act to determine whether an exception to the obligation to obtain consent applies. Legal, medical, or security reasons may make it impossible or impractical to seek consent. For example, when information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated, in which case consent must be obtained from parents, guardians or legal representatives of such individuals.|
|3.4||Fairchild shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified, and legitimate purposes.|
|3.5||The form of the consent sought by Fairchild may vary, depending upon the circumstances and the type of information. In determining the form of consent to use, Fairchild shall take into account the sensitivity of the information. Although some information (for example, medical records and income records) is almost always considered to be sensitive, any information can be sensitive, depending on the context. For example, the names and addresses of subscribers to a newsmagazine would generally not be considered sensitive information. However, the names and addresses of subscribers to some special-interest magazines might be considered sensitive.|
|3.6|| In obtaining consent, the reasonable expectations of the individual are also relevant. Consent shall not be obtained through deception.
|3.7||The way in which Fairchild seeks consent may vary, depending on the circumstances and the type of information collected. Fairchild should generally seek express consent when the information is likely to be considered sensitive. Implied consent should only be relied on where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney).|
|3.8|| Individuals can give consent in many ways.
|3.9||An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Fairchild shall inform the individual of the implications of withdrawing consent.|
The collection of personal information shall be limited to that which is necessary for the purposes identified by Fairchild. Information shall be collected by fair and lawful means.
|4.1||Fairchild shall not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified. Fairchild shall specify the type of information collected as part of its information-handling policies and practices, in accordance with the Openness principle (Clause 4.8).|
|4.2||The requirement that personal information be collected by fair and lawful means is intended to prevent Fairchild from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. This requirement implies that consent with respect to collection must not be obtained through deception.|
LIMITING USE, DISCLOSURE, AND RETENTION
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
|5.1||Fairchild using personal information for a new purpose shall document this purpose (see Clause 2.1). Consent of the individual must be obtained prior to use of the information for a new purpose.|
|5.2||Fairchild should develop guidelines and implement procedures with respect to the retention of personal information. These guidelines should include minimum and maximum retention periods. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. Fairchild may be subject to legislative requirements with respect to retention periods.|
|5.3||Personal information that is no longer required to fulfill the identified purposes should be destroyed, erased, or made anonymous. Fairchild shall develop guidelines and implement procedures to govern the destruction of personal information.|
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
|6.1||The extent to which personal information shall be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.|
|6.2||Fairchild shall not routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected.|
|6.3||Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.|
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
|7.1||Fairchild shall implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which the information is held.|
|7.2||The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.|
|7.3|| The methods of protection should include
|7.4||Fairchild shall make its employees aware of the importance of maintaining the confidentiality of personal information.|
|7.5||Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information (see Clause 5.3).|
Fairchild shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
|8.1||Fairchild shall be open about its policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about Fairchild policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.|
|8.2|| The information made available shall include
|8.3||Fairchild may make information on its policies and practices available in a variety of ways. The method chosen depends on the nature of its business and other considerations. For example, Fairchild may choose to make brochures available in its place of business, mail information to its customers, provide online access, or establish a toll-free telephone number.|
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information except where Fairchild is permitted or required by law not to disclose personal information to the individual. An individual shall be able to challenge the accuracy and completeness of the information disclosed to the individual and have it amended as appropriate.
|9.1||Upon request, Fairchild shall inform an individual whether or not Fairchild holds personal information about the individual except where permitted or required by law not to disclose personal information to the individual. Fairchild is encouraged to indicate the source of this information. Fairchild shall allow the individual access to this information. In addition, Fairchild shall provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.|
|9.2||An individual may be required to provide sufficient information to permit Fairchild to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.|
|9.3||In certain situations, Fairchild may not be able to provide access to all the personal information it holds about an individual. Fairchild may refuse access to personal information it holds about an individual only in those circumstances permitted or required by sections 8 or 9 of the Personal Information Protection and Electronic Documents Act. Organizations should consult the Personal Information Protection and Electronic Documents Act to determine whether an exception to the obligation to provide access applies. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.|
|9.4||In providing an account of third parties to which it has disclosed personal information about an individual, Fairchild should attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, Fairchild shall provide a list of organizations to which it may have disclosed information about the individual.|
|9.5||Fairchild shall respond to an individual's request within a reasonable time and in any event within thirty (30) days of the request. Fairchild may extend the time for responding for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of Fairchild, or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. Fairchild may also extend the time for responding for such period of time as is necessary to be able to convert the personal information into an alternative format. Fairchild shall provide notice to the individual of any extension taken within thirty days of the individual's request and shall advise the individual of the right to make a complaint to the Privacy Commissioner about the extension. The requested information shall be provided or made available in a form that is generally understandable. For example, if Fairchild uses abbreviations or codes to record information, an explanation shall be provided.|
|9.6||Upon request by an individual with sensory disabilities, Fairchild shall give access to personal information about the individual in an alternative format if a version of the information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of Fairchild under Principle 10 or complain to the Privacy Commissioner of Canada.|
|9.7||Fairchild shall respond to an individual's request for access to his or her personal information at minimal or no cost. Fairchild may respond to an individual's request at a cost to the individual if they have informed the individual of the approximate cost and the individual advises the organization that the request is not being withdrawn.|
|9.8||When an individual successfully challenges the accuracy or completeness of personal information, Fairchild shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.|
|9.9||Fairchild shall record the substance of any challenge that is not resolved to the satisfaction of the individual. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.|
An individual shall be able to address a challenge concerning compliance with the above principles to the Person Responsible for Privacy.
|10.1||The Person Responsible for Privacy is discussed in Clause 1.1.|
|10.2||Fairchild shall put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures should be easily accessible and simple to use.|
|10.3||Fairchild shall inform individuals who make inquiries or lodge complaints about its complaint procedures.|
|10.4||Fairchild shall investigate all complaints. If a complaint is found to be justified, Fairchild shall take appropriate measures, including, if necessary, amending its policies and practices.|
|10.5||If an individual is not satisfied with the response from the Person Responsible for Privacy, he or she may have recourse to the Office of the Privacy Commissioner.|