PRIVACY POLICY
INTRODUCTION
Throughout LARA-TECH’s interactions with Customers and Employees, we are committed to respecting the privacy, confidentiality and security of Personal Information.
This Privacy Policy (the “Privacy Policy”) is a formal statement of the principles and guidelines that govern our practices at LARA-TECH and ensure that we meet, and wherever possible, exceed, the requirements of the Personal Information Protection and Electronic Documents Act and all other applicable federal and provincial laws and regulations.
LARA-TECH will continue to review the Privacy Policy on an ongoing basis to ensure that it remains current with evolving technologies and the needs of LARA-TECH, its Customers, its Employees and the public at large.
LARA-TECH has established its Privacy Policy based on the following eleven principles:
- Accountability
- Identifying purposes for collection of Personal Information
- Obtaining consent for collection, use or disclosure of Personal Information
- Limiting collection of Personal Information
- Limiting use, disclosure and retention of Personal Information
- Accuracy of Personal Information
- Security safeguards
- Openness concerning policies and practices
- Customer and Employee access to Personal Information
- Breach of Security Safeguards
- Challenging Compliance
This Privacy Policy does not apply with respect to the Business Contact Information of an individual that LARA-TECH collects, uses or discloses solely for the purpose of communicating or facilitating communication with that individual in relation to their employment, business or profession.
DEFINITIONS
“Breach of Security Safeguards” means the loss of, unauthorized access to, or unauthorized disclosure of Personal Information resulting from a breach of LARA-TECH’s security safeguards.
“Business Contact Information” means any information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession and includes, without limitation, that individual’s:
- Name;
- Position name or title;
- Work address;
- Work telephone number;
- Work fax number; or
- Work email address.
“Business Transaction” means a transaction that excludes a business transaction of which the primary purpose or result is the purchase, sale or other acquisition or disposition, or lease of Personal Information and includes:
(a) the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
(b) the merger or amalgamation of two or more organizations;
(c) the making of a loan or provision of other financing to an organization or a part of an organization;
(d) the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
(e) the lease or licensing of any of an organization’s assets; and
(f) any other prescribed arrangement between two or more organizations to conduct a business activity.
“Customer” means an individual who: (a) has an account with LARA-TECH; (b) subscribes for, uses, has used, or applies to use LARA-TECH products and/or services; (c) corresponds with LARA-TECH; and/or (d) is a Web Site User.
“Employee” means an individual who: (a) is an employee of LARA-TECH; and/or (b) is an applicant for employment with LARA-TECH.
“LARA-TECH”, “we”, “our” means LARA-TECH LIMITED, its parents, subsidiaries, affiliates and their respective officers, directors, agents, suppliers, resellers and distributors.
“LARA-TECH Website” means a website owned, controlled or managed by LARA-TECH, including the following domain: https://laratech.com/.
“Personal Information” means information about an identifiable individual, including a Customer or Employee, but does not include aggregated information that cannot be associated with a specific individual.
Personal Information includes, without limitation an individual’s:
- Name;
- Email address;
- Residential mailing address;
- Birth dates;
- Credit and financial information;
- Billing records;
- LARA-TECH service and product records; and
- Recorded complaints.
“Significant harm” means bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.
“Web Site User” means a user of LARA-TECH Websites from which LARA-TECH collects Personal Information.
1. ACCOUNTABILITY
1.1 LARA-TECH has designated one or more persons within senior management who are responsible for ensuring that LARA-TECH complies with the Privacy Policy. The persons so designated have the title of “Privacy Officer”. Other individuals within LARA-TECH may be delegated to act on behalf of the Privacy Officer(s) or to take responsibility for the day-to-day collection and processing of Personal Information. Questions regarding LARA-TECH’s collection, use or disclosure of Personal Information or any other matter relating to this Privacy Policy can be directed to the Privacy Officer(s) by using the following contact coordinates:
By mail at:
Privacy Officer
D1-130 Terence Matthews Cresc
Kanata, ON
K2M 0J1
By email at: privacy@laratech.com
By phone at: 613-288-0924
1.2 LARA-TECH is responsible for Personal Information in its possession or control, including information that has been transferred to a third party for processing. LARA TECH shall use means to provide an appropriate level of protection while information is being processed by a third party (see Principle 7).
2. IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
2.1 LARA-TECH shall identify orally, electronically or in writing, the purposes for which Personal Information is collected at or before the time the information is collected. Unless required by law, LARA-TECH shall not use or disclose for any new purpose Personal Information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the Customer or Employee.
2.2 We may ask for Personal Information only for the following purposes:
a). To establish and maintain a responsible commercial relationship;
b). To allow us to provide ongoing services and support;
c). To bill for and collect payment for LARA-TECH services and products;
d). To manage, develop and market LARA-TECH’s business and operations;
e). To manage personnel and employment matters;
f). To meet legal requirements;
g). To obtain credit information or provide it to others; and
h). For any other purpose with explicit consent.
2.3 During a Customer’s or Employee’s interaction with LARA-TECH Websites, LARATECH may use a browser feature called a “Cookie”. Cookies are small information packets created by the website and stored on the hard drive of a Web Site User’s computer. Cookies are used to collect information anonymously and track user patterns on the LARA-TECH Websites. For example, Cookies might help us determine whether Customer is a repeat or first-time visitor of a LARA-TECH Website. When visiting the LARA-TECH Websites, you will be prompted with a notice that explains our use of Cookies. The notice will also ask for your prior consent to receiving and using our cookies. Cookies will not be stored on your devices without your consent. You may withdraw your consent at any time. If you do not wish to consent to our Cookies, or if you withdraw your consent to our Cookies, you may not be able to access all or part of the LARA-TECH Websites.
3. OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
3.1. LARA-TECH requires Customers’ and Employees’ knowledge and consent for the collection, use or disclosure of Personal Information, except in the circumstances described in Sections 3.3 through 3.6 below.
3.2 In general, implied consent for LARA-TECH to collect, use and disclose Personal Information for all identified purposes is obtained in the following circumstances: (1) when a Customer applies for LARA-TECH services or products; (2) when a Customer uses LARA-TECH services or products; (3) when an individual submits an application for employment with LARATECH; or (4) when an Employee accepts employment or benefits from LARA-TECH. Notwithstanding, LARA-TECH shall seek consent to use and disclose Personal Information at the same time it collects the information. However, LARA-TECH may seek consent to use and disclose Personal Information after it has been collected, but before it is used or disclosed for a new purpose.
3.3 LARA-TECH may collect, use or disclose Personal Information without a Customer’s or Employee’s knowledge or consent only in the following, exceptional circumstances:
a). Where it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated;
b). Where it is in relation to the investigation of a breach of an agreement;
c). Where it is necessary to assess, process or settle an insurance claim;
d). Where it is to a lawyer representing LARA-TECH;
e). Where it is to collect a debt;
f). Where it is to comply with a subpoena, warrant or other court order;
g). Where it is produced by an Employee in the course of their employment and the collection, use or disclosure is consistent with the purposes for which the information was produced;
h). Where it is for any other purpose otherwise required by law;
i). In the case of an emergency where the life, health or security of an individual is threatened; or
j). If a Breach of Security Safeguards has occurred and disclosure to an organization or government institution that has been notified of the breach is made solely for the purpose of (1) reducing the risk of harm to the individual that could result from the breach; or (2) mitigating that harm.
3.4 LARA-TECH may also disclose Personal Information without a Customer’s or Employee’s knowledge:
a). For the purposes of investigating a breach of an agreement or contravention of a law that has been, is being or is about to be committed;
b). Detecting or suppressing fraud or of preventing fraud that is likely to be committed.
and it would be reasonable to expect that disclosure with the knowledge or consent of an individual would compromise the investigation or the ability to prevent, detect or suppress the fraud.
3.5 LARA-TECH may also use and disclose Personal Information without a Customer’s or Employee’s knowledge in the context of a prospective Business Transaction if:
a) LARA-TECH and the other entity(ies) involved in the prospective Business Transaction have entered into an agreement that requires the organization that receives Personal Information:
(i) To use and disclose that information solely for purposes related to the Business Transaction;
(ii) To protect that information by security safeguards appropriate to the sensitivity of the information; and
(iii)If the Business Transaction does not proceed, to return that information to the organization that disclosed it, or destroy it, within a reasonable time; and
b) The Personal Information is necessary
(i) To determine whether to proceed with the Business Transaction; and
(ii) If the determination is made to proceed with the transaction, to complete it.
3.6 If a prospective Business Transaction that is referred to in Section 3.5 is completed, the organizations that are party to that Business Transaction may use and disclose Personal Information, which was disclosed in accordance with Section 3.5, without the knowledge or consent of the Customer or Employee if:
a) The organizations have entered into an agreement that requires them to:
(i) Use and disclose the Personal Information under their respective control solely for the purposes for which the Personal Information was collected, permitted to be used or disclosed before the Business Transaction was completed;
(ii) To protect the Personal Information by security safeguards appropriate to the sensitivity of the information; and
(iii)To give effect to any withdrawal of consent by a Customer or Employee; and
b) The Personal Information is necessary for carrying on the business or activity that was the object of the Business Transaction; and
c) One of the parties notifies the Customer or Employee, within a reasonable time after the transaction is completed, that the Business Transaction has been completed and its Personal Information has been disclosed.
3.7 In obtaining consent, LARA-TECH shall use reasonable efforts to ensure that the Customer or Employee is advised of the identified purposes for which Personal Information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the Customer and Employee.
3.8 LARA-TECH will require consent for the collection, use or disclosure of Personal Information as a condition of the supply of a service or product only if such collection, use or disclosure is required to fulfill the identified purposes.
3.9 In determining the appropriate form of consent, LARA-TECH shall take into account the sensitivity of the Personal Information and the reasonable expectations of its Customers and Employees.
3.10 A Customer or Employee may withdraw or vary consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and Employees may contact LARATECH at the contact coordinates listed in Section 1.1 for more information regarding the implications of withdrawing or varying consent.
4. LIMITING COLLECTION OF PERSONAL INFORMATION
4.1 LARA-TECH shall limit the collection of Personal Information to that which is necessary for appropriate purposes identified by LARA-TECH. LARA-TECH shall collect Personal Information by fair and lawful means.
4.2 LARA-TECH collects Personal Information primarily from its Customers and Employees, as opposed to third parties.
5. LIMITING USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
5.1 LARA-TECH shall not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or in the circumstances listed under Section 3.3, above. LARA-TECH shall retain Personal Information only as long as necessary for the fulfillment of those purposes or as required by law.
5.2 Internally, only LARA-TECH employees with a business need to know, or whose duties reasonably so require, are granted access to Personal Information about Customers and Employees.
5.3 In addition, LARA-TECH may disclose an Employee’s Personal Information to:
a). An entity for regular personnel and benefits administration;
b). An Employee’s prospective employer for the purpose of providing a reference; and
c). A third party or parties, where the Employee consents to such disclosure or the disclosure is required by law.
5.4 LARA-TECH shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to Personal Information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous within a reasonable period of time after LARA-TECH no longer reasonably requires the Personal Information for legal or business purposes.
6. ACCURACY OF PERSONAL INFORMATION
6.1 LARA-TECH shall strive to keep Personal Information within its possession or control as accurate, complete, and up-to-date as is necessary to: (1) appropriately utilize that Personal. Information for the purposes for which it was collected; and (2) minimize the likelihood that inappropriate information may be used to make a decision about a Customer or Employee.
6.2 LARA-TECH shall update Personal Information about Customers and Employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
7. SECURITY SAFEGUARDS
7.1 LARA-TECH shall protect Personal Information by security safeguards appropriate to the sensitivity of the information.
7.2 LARA-TECH shall strive to protect Personal Information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. LARA-TECH shall protect the information regardless of the format in which it is held.
7.3 LARA-TECH shall utilize technological, contractual and other means to provide an appropriate level of protection for Personal Information that is disclosed to third parties for processing.
7.4 All of LARA-TECH’s employees with access to Personal Information shall be required to maintain the confidentiality of that information in accordance with this Privacy Policy.
7.5 LARA-TECH may store and process Personal Information in Canada or another country. In either case, the Personal Information is protected with appropriate security safeguards and subject to the privacy laws and regulations of the host jurisdiction.
8. OPENNESS CONCERNING POLICIES AND PRACTICES
8.1 LARA-TECH is committed to informing Customers and Employees about its Privacy Policy and related practices.
8.2 LARA-TECH shall make information about its policies and practices as accessible and easy to understand as possible, including:
a) The title and contact information of the person or persons responsible for enforcement of the Privacy Policy;
b) The contact information for forwarding any privacy complaints;
c) The means of gaining access to one’s own Personal Information held by LARA-TECH; and
d) A description of the type of Personal Information held by LARA-TECH.
8.3 All information relating to the Privacy Policy and related practices can be obtained by sending a request by contacting the Privacy Officer at the coordinates listed in Section 1.1.
8.4 LARA-TECH will make available information to assist Customers and Employees in exercising choices regarding the use of their Personal Information.
9. CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION
9.1 LARA-TECH shall inform a Customer and Employee of the existence, use, and disclosure of his or her Personal Information upon request, subject to the limitations described in Section 9.3, below.
9.2 Customers and Employees can seek access to their Personal Information by contacting the Privacy Officer(s) at the coordinates listed in Section 1.1. LARA-TECH shall afford Customers and Employees a reasonable opportunity to review the Personal Information in the individual’s file, subject to the limitations described in Section 9.3, below. Personal Information shall be provided in understandable form within a reasonable time and at a minimal or no cost to the individual. Customers and Employees may identify any issues with the accuracy or completeness of the information provided and LARA-TECH will amend it as needed.
9.3 In certain situations, LARA-TECH may not be able to provide access to all the Personal Information that it holds about a Customer or Employee. For example, LARA-TECH may not provide access to information if doing so would likely reveal Personal Information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, LARA-TECH may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor – client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement, or a contravention of federal, provincial or foreign laws and / or regulations. If access to Personal Information cannot be provided, LARA-TECH shall provide the reasons for denying access upon request unless prevented from doing so by lawful means.
9.4 Upon request, LARA-TECH shall provide an account of the use and disclosure of Personal Information and, where reasonably possible, shall state the source of the information. In providing an account of use, LARA-TECH will provide information about the purposes for which the Personal Information has been and is being used by the organization. In providing an account of disclosure, LARA-TECH shall provide a list of organizations to which it may have disclosed Personal Information about the individual when it is not possible to provide an actual list.
9.5 In order to safeguard Personal Information, a Customer or Employee may be required to provide sufficient identification information to permit LARA-TECH to account for the existence, use and disclosure of Personal Information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
9.6 LARA-TECH shall promptly correct or complete any Personal Information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. In accordance with the terms of this Privacy Policy LARA-TECH may transmit to third parties having access to the Personal Information in question any amended information or the existence of any unresolved differences.
10. BREACH OF SECURITY SAFEGUARDS
10.1 LARA-TECH is committed to protecting the Personal Information of Customers and Employees in accordance with the safeguards described in this Privacy Policy. In the event of a Breach of Security Safeguards, LARA-TECH shall report directly to the Office of the Privacy Commissioner if the breach creates a real risk of significant harm to an individual.
10.2 Unless prohibited by law, LARA-TECH shall, as soon as feasible, notify an individual of any Breach of Security Safeguards involving the Customer’s or Employee’s Personal Information under the organization’s control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual. The notification will allow the individual to understand the significance of the breach and to take steps, if any are possible, to reduce the risk of harm that could result from it or to mitigate that harm.
10.3 In assessing whether there exists a real risk of significant harm, LARA-TECH will consider factors including: (a) the sensitivity of the Personal Information involved in the breach; and (b) the probability that the Personal Information has been, is being or will be misused.
10.4 LARA-TECH shall, as soon as feasible, notify any other organization, government institution or part of a government institution of a Breach of Security Safeguards if it believes that the other organization or government institution may be able to reduce the risk of harm that could result from it or mitigate that harm.
10.5 LARA-TECH shall keep and maintain a record of every Breach of Security Safeguards involving Personal Information under its control for a period of 24 months after the day on which LARA-TECH determines that the breach has occurred.
11. CHALLENGING COMPLIANCE
11.1 A Customer or Employee may address a challenge concerning compliance with the above principles to the Privacy Officer(s) by using the contact coordinates listed in Section 1.1.
11.2 LARA-TECH shall maintain procedures for addressing and responding to all inquiries or complaints from its Customers and Employees about LARA-TECH’s handling of Personal Information.
11.3 LARA-TECH shall inform its Customers and Employees about the existence of these procedures as well as the availability of complaint procedures.
11.4 LARA-TECH shall investigate all complaints concerning compliance with the Privacy Policy. If a complaint is found to be justified, LARA-TECH shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. The complainant Customer or Employee shall be informed of the outcome of the investigation regarding his or her complaint.
11.5 A Customer or Employee may seek advice from the Office of the Privacy Commissioner of Canada (at 1-800-282-1376), and, if appropriate, file a written complaint with the Commissioner’s office. However, the Customer or Employee is encouraged to use LARA-TECH’s internal information and complaint procedures first.