Red Cloud Securities Inc. is subject to privacy legislation, including the Freedom of Information (FOIP), the Personal Information and Protection of Electronic Documents Act (PIPEDA), and Canada’s Anti-Spam Legislation (CASL).
All organizations in Canada who collect, use or disclose “personal information” in the course of its business activities are required to comply with PIPEDA, except in those provinces which have enacted legislation that is substantially similar to PIPEDA. For the purposes of compliance, Red Cloud Securities Inc. has established rules and procedures in accordance with PIPEDA.
Part 1: Purpose and Policy
Definitions
Objective
The purpose of this Policy is to document Red Cloud Securities Inc.’s commitment to the protection of personal information in accordance with federal and provincial legislation, and to outline safeguards and procedures we have implemented in this regard.
This Policy sets out the principles Red Cloud Securities Inc. has adopted to deal with the collection, use and disclosure of personal information as well as access to information and quality issues.
Part 2: Collection & Protection of Personal Information
Under the PIPEDA, personal information collected about an individual:
Limitations on Collection
Red Cloud Securities Inc. will not collect personal information unless the information is necessary for one or more of its business activities or in order for the organization to comply with regulatory or legal requirements. The two primary reasons we collect personal information are as follows.
Notification Required for Collection
Where personal information is to be collected directly from an individual, reasonable steps will be taken to ensure the individual is aware of the purpose of collection. When personal information is to be obtained from third parties (such as a financial institution or a credit bureau), such information will be limited to that required for the identified purpose and will be collected by lawful and fair means for purposes directly related to Red Cloud Securities Inc.’s activities. An individual may give his or her consent in writing or verbally. At the time of account opening, clients will be asked to sign a document consenting to the collection, use and disclosure of their personal information.
Withdrawal of Consent
Clients will be given a reasonable opportunity to decline or object to the proposed collection, use or disclosure of their personal information. Such withdrawal of consent must be provided to Red Cloud Securities Inc. in writing. In some cases, Red Cloud Securities Inc. may be unable to open or continue to maintain an account on a client’s behalf given the regulatory and legal requirements Red Cloud Securities Inc. is subject to.
Limitations on Use or Disclosure
Red Cloud Securities Inc. will only use or disclose information regarding our clients or employees for the purpose for which it was collected or where a lawful exception applies.
Employees, agents or contractors of the firm are only authorized to access or use personal information in the legitimate performance of their duties, as outlined in the Containment of Information Policy.
The misuse of personal information is a serious offence and is not permitted by the Act. Red Cloud Securities Inc. considers any failure by staff to comply with this policy to be serious misconduct and may give rise to disciplinary action up to and including dismissal. Agents and contractors shall be contractually bound to comply with the Privacy Policy, Containment of Information Policy, and Confidentiality Policy in the same manner as Red Cloud Securities Inc.’s employees.
Disclosure of Personal Information
As noted previously, Red Cloud Securities Inc. is regulated by a number of organizations. From time to time these bodies may demand that we produce, or make available for inspection, documents and information that clients have provided us for the following regulatory purposes:
We also have relationships with other non-regulatory organizations that require us to share and/or have access to, information regarding our clients and/or their accounts. This includes entities such as our clearing broker and our external Auditors.
Use or Disclosure without Consent
Red Cloud Securities Inc. may use or disclose personal information about an individual without consent under the following circumstances:
Care of Personal Information – Accuracy of Information
Red Cloud Securities Inc. will use its best efforts to ensure that personal information is relevant, accurate, complete and up-to-date for the purpose for which it is to be used. Where personal information is collected directly from an individual, it will be presumed to be accurate and complete at the time of collection, unless there is other information which suggests it is not. Personal information will be updated as required by the regulatory authorities.
Protection of Information
Red Cloud Securities Inc. will take reasonable steps to protect the personal information it holds from misuse or loss and from unauthorized access, modification or disclosure.
Red Cloud Securities Inc. will document security, storage and disposal requirements for all personal information for which it is responsible. In documenting these requirements Red Cloud Securities Inc. will take into consideration the sensitivity of the information, its form and volume, its frequency of use and retention period, the circumstances of its use and storage, and any legal or regulatory requirements. When personal information is no longer required to be kept, such information will be destroyed or made anonymous in a controlled and secure manner in order to prevent any unauthorized persons having access to that information. Personal information which is the subject of a complaint, inquiry or legal process will not be destroyed until the resolution of that process.
Retention and Disposal of Information
As noted previously, Red Cloud Securities Inc. will document retention and disposal requirements for all personal information for which it is responsible, taking into consideration the sensitivity of the information, its form, the circumstances of its use and any legal or regulatory requirements.
Part 3: Access to Information
1. Access to and Correction of Information
Accessing Personal Information
Individuals are entitled to inquire whether Red Cloud Securities Inc. holds personal information concerning them and, if so, to be advised of its use and disclosure. Individuals are also entitled to obtain a copy of the information we have on file.
How to Request a Copy of Personal Information
To obtain a copy of their information, clients must submit a written request to the Privacy Officer for our firm. The Chief Compliance Officer will serve as the firm’s Privacy Officer. Requests may be sent by mail to:
Red Cloud Securities Inc.
Attention: Privacy Officer
120 Adelaide Street W Suite 1400
Toronto ON., M5H 1T1
Time Limit for Responding
Red Cloud Securities Inc. will respond to a written request for access, acknowledging the request within 14 business days.
If a request is straightforward, Red Cloud Securities Inc. will provide a copy of the information on file within 14 business days or, if the request is more complicated, within 30 business days. There may be circumstances under which we may not be able to provide clients with certain information. For example, the information may have been destroyed or, in our opinion, it is too costly, or we are unable to retrieve the information.
Fees
Red Cloud Securities Inc. will not charge individuals a fee for access to personal information concerning them, unless requests are considered unnecessarily frequent or extensive.
Correction of Information on File
Any individual may challenge the completeness or accuracy of personal information concerning them and request that the information be corrected. To amend any information we have on file, clients must submit a written request detailing the changes to be made. The Privacy Officer will acknowledge the request and provide written confirmation that the changes or amendments have been made.
Part 4: Reviews and Complaints
Filing a Complaint with Red Cloud Securities Inc.
Right to Initiate a Complaint
An individual who believes his or her privacy may have been interfered with or compromised by Red Cloud Securities Inc. may initiate a complaint requesting a review of the matter.
How to Initiate a Complaint
Individuals will be required to submit a written complaint to our Privacy Officer who will consider the complaint and attempt to resolve it. Our Privacy Officer will reply to the individual within 45 working days. If the complaint is not resolved in a manner acceptable to the individual, the firm will advise of:
Appeal to the Privacy Commissioner
Right to a Review or to Initiate a Complaint
As noted above, an individual who is not satisfied with Red Cloud Securities Inc.’s handling of his or her privacy complaint may ask the Privacy Commissioner to review any decision, act or failure of Red Cloud Securities Inc. The Privacy Commissioner has powers to investigate and make a determination on the complaint.
How to Request a Review or Initiate a Complaint
To ask for a review or to initiate a complaint an individual must submit a written request to the Commissioner within 30 days from the day he or she was notified of the firm’s decision. Please note that a longer period may be allowed by the Commissioner.
Notifying Others of a Review
Upon receipt of such a request, the Commissioner must give a copy of the written request to the organization concerned.
Inquiry by the Privacy Commissioner
If a matter under review or relating to a complaint is not referred to mediation, settled pursuant to mediation or resolved, then the Commissioner may conduct an inquiry and decide all questions of fact and law arising in the course of the inquiry. The individual making the complaint and the organization concerned will be given an opportunity to make representations to the Commissioner and be represented by a lawyer at the proceedings.