FACEBOOK TO MAKE CHANGES TO COMPLY WITH CANADIAN PRIVACY LAWS
|
|
- Dorcas Long
- 5 years ago
- Views:
Transcription
1 Editor-in-Chief: Professor Michael A. Geist, Canada Research Chair in Internet and E-Commerce Law University of Ottawa, Faculty of Law VOLUME 10, NUMBER 7 Cited as ( ) 10 I.E.C.L.C. NOVEMBER 2009 FACEBOOK TO MAKE CHANGES TO COMPLY WITH CANADIAN PRIVACY LAWS Eric Smith Fraser Milner Casgrain LLP In This Issue FACEBOOK TO MAKE CHANGES TO COMPLY WITH CANADIAN PRIVACY LAWS Eric Smith...57 WEBSITE OWNERS MAY FACE LIABILITY FOR HYPERLINKS TO DEFAMATORY MATERIAL David Crerar and Michael Skene...61 On August 27, 2009, the Office of the Privacy Commissioner of Canada ( OPC ) announced that Facebook, the world s largest social networking site, has agreed to make significant changes to the manner in which it collects and safeguards the personal information of individuals. This agreement, reached over one year after the original complaint against Facebook was made, is significant not only as it relates to Facebook s operations, but also for the clear message it sends to all organizations, both Canadian and foreign, that compliance with Canada s privacy laws must not be taken lightly. BACKGROUND The OPC s investigation into the practices of Facebook was initiated in response to a complaint filed with the OPC by the Canadian Internet Policy and Public Interest Clinic ( CIPPIC ) dated May 30, In its complaint, the CIPPIC alleged that Facebook was engaged in "unnecessary and nonconsensual collection and use of personal information" and in doing so, was in violation of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ( PIPEDA ). The complaint focused on 12 areas in which CIPPIC alleged that Facebook was not compliant with PIPEDA. Some of the areas identified in the complaint were the collection of date of birth, default privacy settings, disclosure of personal information through third party applications, account deactivation and deletion, use of personal information of deceased users, and the collection of personal information of non-users. REPORT OF FINDINGS Following the OPC s investigation into theallegations made by CIPPIC, which included consultations with and representations by Facebook, the OPC
2 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 INTERNET AND E-COMMERCE LAW IN CANADA Internet and E-Commerce Law in Canada is published monthly by LexisNexis Canada Inc., 123 Commerce Valley Drive East, Suite 700, Markham, Ontario L3T 7W8 LexisNexis Canada Inc All rights reserved. No part of this publication may be reproduced or stored in any material form (including photocopying or storing it in any medium by electronic means and whether or not transiently or incidentally to some other use of this publication) without the written permission of the copyright holder except in accordance with the provisions of the Copyright Act. ISBN: ISSN ISBN: (print & PDF) ISBN: (PDF) Subscription rates: $180 plus GST per year (print or PDF) $285 plus GST per year (print & PDF) Please address all editorial inquiries to: Boris Roginsky, Journals Editor LexisNexis Canada Inc. Tel. (905) ; Toll-Free Tel Fax (905) ; Toll-Free Fax Internet ieclc@lexisnexis.ca. EDITOR-IN-CHIEF EDITORIAL BOARD Michael A. Geist, LL.B., LL.M., J.S.D., Canada Research Chair in Internet and E-Commerce Law, University of Ottawa, Faculty of Law, Ottawa ADVISORY BOARD MEMBERS Peter Ferguson, Industry Canada, Ottawa Bradley J. Freedman, Borden Ladner Gervais, Vancouver John D. Gregory, Ministry of the Attorney General, Toronto Dr. Sunny Handa, Blake Cassels & Graydon, Montréal Mark S. Hayes, Hayes elaw LLP, Toronto Ian R. Kerr, University of Ottawa, Faculty of Law, Ottawa Cindy McGann, Halogen Software Inc., Kanata Suzanne Morin, Bell Canada, Ottawa Roger Tassé, Gowling Lafleur Henderson, Ottawa. Note: This newsletter solicits manuscripts for consideration by the Editor-in-Chief, who reserves the right to reject any manuscript or to publish it in revised form. The articles included in Internet and E-Commerce Law in Canada reflect the views of the individual authors. This newsletter is not intended to provide legal or other professional advice and readers should not act on the information contained in this newsletter without seeking specific independent advice on the particular matters with which they are concerned. released its "Report of Findings" on July 16, In the Report of Findings, the OPC stated that, on four of the 12 subjects identified in the complaint (i.e. new uses of personal information, collection of personal information from sources other than Facebook, Facebook Mobile safeguards, and deception and misrepresentation), it found no evidence of contravention of PIPEDA. With respect to another four subjects identified in the complaint (i.e. collection of date of birth, default privacy settings, advertising, and monitoring of anomalous activity), the OPC concluded that the allegations were well-founded, but that they had been resolved by corrective actions taken by Facebook in response to recommendations made by the OPC during the investigation and consultation process. Finally, the report indicated that the four remaining subjects identified in the complaint (i.e. third-party applications, account deactivation and deletion, accounts of deceased users, and personal information of non-users) were wellfounded and had not been resolved, as Facebook had not agreed to adopt the recommendations of the OPC. A closer look at these unresolved issues provides insight into the conflict between an organization s desire to use personal information for its business purposes and its legal obligation to safeguard such information and only use it with the informed consent of the individual to whom the information relates. (I) THIRD-PARTY APPLICATIONS In May 2007, Facebook opened its platform to allow third party developers to create applications (e.g. games, quizzes, etc.) that are accessible to users within Facebook. 2 By adding an application to their Facebook account, users enable such applications to access most of the personal information found in such account, including personal information related to their Facebook friends. 3 In its Report of Findings, the OPC identified a number of concerns with third party applications. These include: the making available of more personal information than is necessary for the purpose of the application; 58
3 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 the reliance on contractual covenants by the developers to respect users privacy settings and safeguard their personal information in lieu of technological safeguards and effective monitoring of compliance; a lack of meaningful consent to the collection and use of personal information by the user who adds the third party application; and a lack of meaningful consent from users when their friends and fellow network members add applications that expose their own personal information to access the application. In its recommendations, the OPC asked Facebook to implement measures that would limit third-party developers access to personal information that is not required for the purposes of the application, inform users of the specific information that an application requires and for what purpose, obtain the express consent of users in each instance, and prohibit all disclosures of personal information of users that are not themselves adding the application. 4 Facebook declined to implement such measures. (II) ACCOUNT DEACTIVATION AND DELETION Facebook allows users to deactivate or delete their account. When a user deactivates an account, his or her personal information is retained indefinitely, a practice which the OPC concluded is a contravention of Principle 4.5 and of PIPEDA. In addition, while a user can find information concerning how to delete an account, such option is not given the same exposure as the deactivation option, making it less obvious to users as to how their accounts and personal information can be deleted from the service. To address these concerns, the OPC recommended in a preliminary report that Facebook set a cutoff date after which Facebook would no longer retain the personal information of users who had deactivated accounts. The OPC did not suggest what a reasonable period of time would be, rather it suggested that the period of time be a period "that a reasonable person would consider appropriate in the circumstances and based on [Facebook s] experiences with user reactivation patterns". 5 The OPC also recommended that Facebook include an account deletion option on the users Account Settings pages, as is the case with the deactivation option. Facebook declined to act on these recommendations. (III) ACCOUNTS OF DECEASED USERS When Facebook is notified that a user has died, it generally keeps such user s profile active in a "memorialized" status (i.e. with certain information removed and only confirmed friends provided access) for a period of time. Such a practice is not referred to in Facebook s Privacy Policy. 6 In its Report of Findings, the OPC concluded that the failure to advise users of this potential use of their personal information was a contravention of Principles 4.2.1, 4.2.3, and 4.8 of PIPEDA which, in essence, require organizations that collect personal information to advise individuals as to the purposes for which such information is collected. Facebook declined to follow OPC s recommendation of referencing such use in its Privacy Policy. (IV) PERSONAL INFORMATION OF NON-USERS Facebook allows users to post personal information of non-users to their Facebook pages, thereby making it available to anyone who has access to the applicable portions of that user s Facebook account. While the majority of such postings are made for the personal use of the user, and therefore outside the scope of PIPEDA, the OPC determined that, in some instances, Facebook uses such non-user personal information for its own purposes. For example, when a user tags a non-user in a photograph that has been uploaded to his or her Facebook account, Facebook gives the user the option of providing to Facebook the non-user s address, which is then used by Facebook to send a notification to the non-user of the tagging and an invitation to join Facebook. While the notification of tagging is for the benefit of the non-user, the invitation to join Facebook is for the benefit of Facebook. In addition, Facebook allows users to provide Facebook with the addresses of non-users that Facebook uses to send invitations to nonusers to join Facebook. Facebook retains such information for an indefinite period of time. In 59
4 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 addition to using the addresses to deliver invitations, Facebook uses the addresses to provide users with a history of invitations sent out on their behalf and for tracking the success of the referral program. The OPC concluded that in instances where personal information about an individual (i.e. the nonuser) is being collected from another individual (i.e. the user), it is reasonable to allow Facebook to rely on the user to obtain the direct consent of the nonuser, provided that Facebook takes reasonable measures to ensure that such consent is obtained. In the opinion of the OPC, merely referencing the requirement for the user to obtain the non-user s consent in the Privacy Policy is not sufficient, and Facebook should include a reminder each time that a user discloses a non-user s address to Facebook. Facebook should also take action against those users who violate such consent requirements. In addition, the OPC concluded that the retention of non-users addresses for the purpose of invitation history and tracking without informing nonusers of such use is a contravention of PIPEDA s informed consent requirement. Retaining such addresses indefinitely beyond the time necessary for the initial purpose of collection was also a violation of PIPEDA. RESOLUTION OF OUTSTANDING ISSUES As part of its Report of Findings, the OPC requested that Facebook reconsider the OPC recommendations that it had declined to adopt, and that the OPC would give Facebook 30 days in which to do so. We do not know what actions the OPC would have taken had Facebook not satisfied the OPC s request, as, on August 27, 2009, the OPC announced that the outstanding matters had been resolved to its satisfaction. In a letter to CIPPIC dated August 25, 2009, the OPC advised CIPPIC of the outcome of its discussions with Facebook regarding the CIPPIC allegations that it determined were well-founded, including those that remained unresolved at the time that the OPC issued its Report of Findings. With respect to the previously unresolved matters, the OPC reported as follows: (i) Third-Party Applications Facebook agreed to redesign its API so that users will have greater control over the type of personal information that third party application developers may access, and the purposes for which such information can be used. While access to the personal information of friends and fellow network members may still be accessed by the third party applications, users will be able to control whether such information is made available to developers. Users will also be presented with a link to a statement of the developer explaining how it will use such personal information. The introduction of this new model for information sharing with third-party applications is to take place on or before September 1, (ii) Account Deactivation and Deletion On the basis that most users reactivate accounts and expect to have access to their personal information when they do so, Facebook has not accepted the OPC s recommendation that a finite retention period be instituted for deactivated accounts. The OPC accepted this position, provided that users are well informed of the differences between deactivating and deleting an account. To this end, Facebook has undertaken to include a more complete explanation of the differences between the two options in its Privacy Policy and Help Center, and include links to each option. (iii) Accounts of Deceased Users In accordance with the recommendations of the OPC, Facebook has agreed to include a reference to the use of accounts to memorialize deceased users in its Privacy Policy within ten weeks time. (iv) Personal Information of Non-Users Facebook has agreed to include additional language in its Statement of Rights and Responsibilities that informs users of their obligation to obtain the consent of non-users before providing the non-user s address to Facebook. Facebook further undertook to follow up on any complaints by non-users with respect to the use of their address. Facebook also confirmed that it does not retain the 60
5 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 addresses of non-users in order to track the success of its invitation feature. While the CIPPIC may take further action if it is not satisfied that the actions taken by Facebook adequately address its concerns, the OPC letter indicates that, so long as Facebook follows through on its undertakings, the OPC is satisfied with Facebook s response. CONCLUSION The investigation into the practices of Facebook, and the resulting changes that Facebook has agreed to make to its service, were the result of a lengthy and, no doubt, costly process. While some suggest that individuals should resign themselves to the fact that privacy does not exist in the on-line world, the CIPPIC complaint and its apparent resolution illustrate the power that users have to change the behaviour of on-line business organizations, even if they are located outside of the country in which the users reside. This matter also demonstrates the seriousness with which Canadian regulators treat well-founded complaints. The Facebook complaint is a strong reminder that all businesses should be proactive in examining their practices in relation to the collection, use and safeguarding of personal information. Failing to do so can be costly, not only in time and money, but also with respect to the damage it can cause to relationships with customers. [Editors note: Eric Smith is the Co-Chair of Fraser Milner Casgrain LLP's National Technology Transactions Practice Group. This article first appeared on FMC's website at: < A copy of the complaint, as well as the report of findings and other announcements by the OPC referenced below can be found on the website of the Office of the Privacy Commissioner of Canada at < As of June 4, 2009, Facebook stated that there were over 350,000 Facebook applications from over 950,000 developers in over 180 countries see para. 148 of the Report of Findings. To illustrate the sharing of personal information with third-party applications, the Northern California chapter of the American Civil Liberties Union ( ACLU ) created a Facebook application that allows users to see personal information that the ACLU application can access on the user s Facebook account. See Report of Findings, para Ibid. para As noted in para. 275 of the Report of Findings, the practice of using accounts for memorial purposes was, at the time of complaint, identified in Facebook s Terms of Use. In the time between the filing of the complaint and the issuance of the Report of Findings, Facebook replaced its Terms of Use with a Statement of Rights and Responsibilities ( SRR ). The SRR does not include a reference to using accounts for memorial purposes. WEBSITE OWNERS MAY FACE LIABILITY FOR HYPERLINKS TO DEFAMATORY MATERIAL David Crerar and Michael Skene Borden Ladner Gervais LLP The British Columbia Court of Appeal has just issued an important judgment on the increasingly important issue of Internet defamation: Crookes v. Newton, [2009] B.C.J. No. 1832, 2009 BCCA 392 ( Crookes ). The decision is vital to every person and business that publishes material on the Internet or that operates a website. The judgment provides more good news than bad to persons participating on the Internet, confirming that hyperlinks will not in themselves implicate a website owner in publishing defamatory material found on the hyperlinked website. But, if a Court finds that the hyperlinking website endorses or adopts the defamatory content, or explicitly encourages the reader to link to the offending material, then the hyperlinking website owner may be deemed to have participated in a republication of the offending material, and face liability and damages. THE CROOKES FACTS The plaintiff in Crookes is a Vancouver-based businessman and sometime member of the Green 61
6 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 Party of Canada. His Green Party ties were the subject of various articles he claimed to be defamatory. In an earlier lawsuit, he sued the supposed author of those articles. This case arises from a second lawsuit commenced by Mr. Crookes. In the facts leading to the present decision, the defendant Jon Newton runs a website, < On his website, Mr. Newton published an article entitled, Free Speech in Canada. The Newton article referred to the earlier Green Party article, and provided a hyperlink to that article. Newton did not quote the earlier article, or comment on its content. PUBLICATION It is not widely known, but almost everyone who plays a role in the writing, publication, or distribution of a defamatory article can be sued and can be found liable in defamation. It is not generally a defence that one is only repeating what another person originally said. A plaintiff in a defamation lawsuit must prove, among other matters, that the defendant published the defamatory words. The primary question is whether that person played a role in writing, publishing, or distributing those words. The issue of publication looks to both the giver and receiver of the offending material. On the one hand, did the defendant participate in disseminating the offending material? On the other, did anyone actually receive and read the offending material? Crookes considers both sides of the question of publication. PUBLICATION VIA HYPERLINK In order to be liable for defamation, it must be proved that the defendant published the offending words. When the offending words appear in a newspaper or magazine, or are directly placed or quoted on a website, publication seems obvious. But what if the website does not directly publish the offending words on its own website, but instead provides for its readers a hyperlink to another website where the offending words are found? The British Columbia Court of Appeal concluded that providing a hyperlink, in itself, does not establish that publication has occurred. If the website simply provides a hyperlink, or describes the hyperlinked contents in a neutral manner, then the hyperlink is serving as no more than a footnote or a card in a library catalogue. The website is not adopting the offending words as its own, and is not indirectly publishing them. If, however, the linking website endorses the content of the hyperlinked material or encourages the reader to click to the hyperlinked material, the website defendant may be seen to be participating in the dissemination of the offending material, and publication may be found. To provide hypothetical examples, the first may well lead to a finding of publication, while the second would probably be safe: Click here to learn the truth about Mr. Smith s history of fraud and corruption. As shown here, Mr. Smith s business practices have been the subject of some (unproven) criticism and litigation. The Court also confirmed that providing a website address (as opposed to providing a clickable hyperlink), without more, does not constitute publication. PRESUMPTION THAT THE MATERIAL WAS READ WITHIN THE JURISDICTION The plaintiff must also prove the other aspect of publication: that the offending material was received and read by someone. This proof is fundamental to a claim in defamation. It is also fundamental to the issue of whether it is appropriate to sue in a given jurisdiction. A plaintiff suing in British Columbia must prove that at least one person in British Columbia read the offending material. In Crookes, the Newton article providing the hyperlinks had been accessed a total of 1,788 times. It was not clear whether anyone accessing the Newton article had actually clicked on the hyperlinks to the offending material. Nor was it clear what number of these hits came from independent or repeat visits. Nor was it clear how many hits came from humans or from information-gathering Internet robot software. Nor was it clear whether any of the readers were located in British Columbia. In the circumstances, the Court found that the bald fact that there was a certain number of hits on the website article could not prove that anyone had 62
7 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 clicked the hyperlink to read the Green Party article via the Newton article. Accordingly, the plaintiff had also failed to prove that anyone in British Columbia had read the article, and thus could not show that British Columbia courts had jurisdiction to hear the matter. In contrast, the one dissenting justice on the Court of Appeal would have found that 1,788 hits on an article on the topic of free speech provided ample evidence from which a court could infer that at least one person had read the article and clicked on the hyperlink to the offending article, which then establishes publication. LIABILITY FOR REFUSING TO REMOVE DEFAMATORY MATERIAL Mr. Crookes also argued that publication should be established because Mr. Newton refused to remove the hyperlinks to the offending material after Mr. Crookes had asked that he do so. Mr. Crookes argued that this refusal showed that Mr. Newton exercised control over the hyperlinks, and that he had participated in their dissemination. The Court declined to address this issue, which had not been argued on a full evidentiary record in the Court below. As the lower Court had found that it could not be inferred that anyone had clicked on the hyperlinks, it was unnecessary to address this issue. This issue remains unsettled, but cases both in British Columbia and England suggest that a defendant website host that fails to remove defamatory postings after having received notice of their potentially defamatory content may be liable for republication of those materials: Godfrey v. Demon Internet Ltd. [2001] Q.B. 201 and Carter v. B.C. Federation of Foster Parents Assn., [2005] B.C.J. No. 1720, 2005 BCCA 398. RECOMMENDATIONS The Court of Appeal decision provides useful guidance for Internet participants, and rules out the possibility that publication flows from the simple act of hyperlinking. But Crookes confirms that each case will turn on its own specific facts, including the wording, tone, and placement of the introduction to the hyperlink. A website owner or manager would be wise to seek legal advice before hyperlinking to a potentially defamatory website, or else risk a finding of publication and liability just as if it were the author of the offending material. [Editors note: Michael Skene is a partner at the Vancouver office of Borden Ladner Gervais LLP. Michael practises in the areas of media law and defamation, construction and surety law, and commercial litigation. He was selected by peers for inclusion in the 2010 edition of The Best Lawyers in Canada (Defamation and Media Law). David Crerar is a partner at the Vancouver office of Borden Ladner Gervais and an Adjunct Professor at the University of British Columbia Faculty of Law, lecturing in civil procedure. He practises in the areas of civil and commercial litigation, media law and defamation, injunctions, shareholder disputes, and banking and pension litigation. A version of this article originally appeared in the November 20, 2009 issue of The Lawyers Weekly published by LexisNexis Canada Inc.] ELECTRONIC VERSION AVAILABLE A PDF version of your print subscription is available for an additional charge. A PDF file of each issue will be ed directly to you 12 times per year, for internal distribution only. 63
8 Internet and E-Commerce Law in Canada November 2009 Volume 10, No. 7 INVITATION TO OUR READERS Do you have an article that you think would be appropriate for Internet and E-Commerce Law in Canada and that you would like to submit? AND/OR Do you have any suggestions for topics you would like to see featured in future issues of Internet and E-Commerce Law in Canada? If so, please feel free to contact Michael A. OR ieclc@lexisnexis.ca 64
Re: PIPEDA s.11 complaint re: canada.com service - outsourcing to US-based service provider
Canadian Internet Policy and Public Interest Clinic Clinique d intérêt public et de politique d internet du Canada July 25, 2007 Philippa Lawson Director (613) 562-5800 x2556 plawson@uottawa.ca Privacy
More informationCanada s New Anti-Spam Law. David Fraser
Canada s New Anti-Spam Law David Fraser Spam Overview Background Overview of legislation Anti-spam rules Key concepts Violation and penalties Private right of action Comparison to US CAN-SPAM Act Amendments
More informationFrequently Asked Questions Regarding Charitable Fundraising & The Personal Information Protection and Electronic Documents Act (PIPEDA)
Frequently Asked Questions Regarding Charitable Fundraising & The Personal Information Protection and Electronic Documents Act (PIPEDA) On January 1, 2004, the federal Personal Information Protection and
More informationEDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017
This Privacy Policy (this Privacy Policy ) applies to Edenred Commuter Benefits Solutions, LLC, (the Company ) online interface (i.e., website or mobile application) and any Edenred Commuter Benefit Solutions,
More information2. What is Personal Information and Non-Personally Identifiable Information?
Privacy Notice Snipp Interactive, Inc. Last Updated: February 11, 2016 Contents: 1. Introduction 2. What is Personal Information? 3. Information we collect about you 4. Use of Your Information 5. Location
More informationVISTRA (CYPRUS) LTD. PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA (CYPRUS) LTD. PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights
More informationPrivacy Law Doing Business In Canada
Privacy Law Doing Business In Canada Does Canada Have Privacy Legislation? Federal Legislation Canada has a comprehensive legal framework that governs the collection, retention, use and disclosure of the
More informationPRIVACY COMMITMENT. Information We Collect and How We Use It. Effective Date: July 2, 2018
Effective Date: July 2, 2018 PRIVACY COMMITMENT Protecting your privacy is very important to Prosci and this privacy policy is our way of providing you with details about the types of information we collect
More informationCanada Anti-Spam Legislation: Review and Update
Canada Anti-Spam Legislation: Review and Update Agenda Introduction Overview Nuts and Bolts Compliance Strategies CRTC Administrative Penalties July 1, 2017 Changes July 1, 2017 What Does it Mean? Final
More informationCanadian Anti-Spam Legislation (CASL) Campaign and Database Compliance Checklist
Canadian Anti-Spam Legislation (CASL) Campaign and Database Compliance Checklist Database Checklist Use this Checklist as a guide to assessing existing databases for compliance with Canada s Anti-Spam
More informationCanada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask
Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask Author: Jennifer Babe, LL.M, ICD.D Why Should I Read This Alert? a) despite its name, this Act covers much more
More informationVistra International Expansion Limited PRIVACY NOTICE
Effective Date: from 25 May 2018 Vistra International Expansion Limited PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal
More informationPrivacy Policy. Full name and contact details (including your contact number, and postal address).
01326 270212 sales@htiddy.co.uk www.htiddy.co.uk Privacy Policy This privacy notice sets out how we will process personal data we collect from or about you, or which you provide to us. Please read this
More informationRe: PIPEDA Complaint: Royal Bank of Canada
Canadian Internet Policy and Public Interest Clinic Clinique d intérêt public et de politique d internet du Canada Philippa Lawson Director (613) 562-5800 x2556 plawson@uottawa.ca August 1, 2008 Privacy
More informationGeneral Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:
General Legal Requirements regarding the Personal Data Protection ( PDP ) Principles under the PDP Act 2010 ( Act ) and the relevant Subsidiary Legislations PDP Principles General Principle Data users
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationEmergency Nurses Association Privacy Policy
Emergency Nurses Association Privacy Policy The Emergency Nurses Association ( ENA, we, or us ) has created and posted this privacy policy in an effort to maintain efficient service while respecting your
More informationWithin the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):
Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this
More informationVERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT
VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the
More informationPolicies & Medical Disclaimer
Policies & Medical Disclaimer Money Back Guarantee Heather Woodruff Nutrition proudly stands behind its programs. To help you feel comfortable we offer a Money-Back Guarantee* If you are not absolutely
More informationDCU Guide to Subject Access Requests. Under Irish Data Protection Legislation
DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may
More informationThroughout this Data Use Notice, we use plain English summaries which are intended to give you guidance about what each section is about.
By visiting and using The Training Hub and associated companies and affiliate s websites, mobile sites, and/or applications (together, the Site ), registering to use our services offered through the Site,
More informationPRIVACY POLICY TABLE OF CONTENTS. Last updated October 05, 2018
PRIVACY POLICY Last updated October 05, 2018 Thank you for choosing to be part of Vistalytics Inc., ( Company, we, us, or our ). We are committed to protecting your personal information and your right
More informationetouches, Inc. Privacy Policy
etouches, Inc. Privacy Policy Effective Date: March 1, 2017 This privacy policy applies to etouches, Inc. ( etouches ) and covers the site, www.etouches.com corporate site and application(s) accessed via
More informationTerms & Conditions. Privacy, Health & Copyright Policy
1. PRIVACY Introduction Terms & Conditions Privacy, Health & Copyright Policy When you access our internet web site you agree to these terms and conditions. Bupa Wellness Pty Ltd ABN 67 145 612 951 ("Bupa
More informationRe: Ticketmaster non-compliance with PIPEDA
Canadian Internet Policy and Public Interest Clinic Clinique d intérêt public et de politique d internet du Canada Philippa Lawson, Executive Director and General Counsel (613) 562-5800 x2556 plawson@uottawa.ca
More informationVISTRA ZURICH AG - PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA ZURICH AG - PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationSpree Privacy Policy
Spree Privacy Policy Effective as at 21 November 2018 Introduction Spree respects your privacy and it is important to us that you have an enjoyable experience buying and selling with us but also that you
More informationGUESTBOOK REWARDS, INC. Privacy Policy
GUESTBOOK REWARDS, INC. Privacy Policy Welcome to The Guestbook and Gopher, the online and mobile services of Guestbook Rewards, Inc. ( The Guestbook, we, or us ). Our Privacy Policy explains how we collect,
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationAbout Mark Bullock & Company Chartered Surveyors
Privacy Policy Updated 28th November, 2018 By continuing to use this site you a) agree to us providing to you the information you have requested and b) confirm that you have read and agree to the use of
More informationToken Sale Privacy Policy
Token Sale Privacy Policy PRIVACY POLICY LAST UPDATED ON: [11 SEP 2018] A. OVERVIEW You must read the entirety of this Privacy Policy carefully before making any decision to purchase Tokens. You must also
More informationPrivacy Shield Policy
Privacy Shield Policy Catalyst Repository Systems, Inc. (Catalyst) has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This
More informationMichael Phelps Foundation: Privacy Policy
Effective November 7, 2018 Michael Phelps Foundation: Privacy Policy General Understanding of Our Privacy Policy The Michael Phelps Foundation ( the Foundation, We, Us, or Our ) understands and respects
More informationFinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.
FinFit Web Privacy Policy General: This Privacy Policy ( Policy ) describes the ways FinFit, LLC ( FinFit, we, us) collects, stores, uses and protects information we receive from you or that you may provide
More informationWonde may collect personal information directly from You when You:
Privacy Policy Updated: 17th April 2018 1. Scope At Wonde, we take privacy very seriously. We ve updated our privacy policy ( Policy ) to ensure that we communicate to You, in the clearest way possible,
More informationPRIVACY POLICY Last Updated May, 2018
PRIVACY POLICY Last Updated May, 2018 PRIVACY POLICY OVERVIEW This Privacy Policy establishes rules to govern the collection, use and disclosure of personal information collected by Banff & Lake Louise
More informationShaw Privacy Policy. 1- Our commitment to you
Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of
More informationSCALARR PRIVACY POLICY
SCALARR PRIVACY POLICY Updated: May 31, 2018 Scalarr, Inc. ( Scalarr or We ) respect your privacy and is committed to protecting your privacy and ensuring you have a positive experience on our website
More informationGDPR Compliant. Privacy Policy. Updated 24/05/2018
GDPR Compliant Privacy Policy Updated 24/05/2018 Overview This privacy policy is in compliance with the General Data Protection Act which aims to empower all EU citizens data privacy and to reshape the
More informationPrivacy Notice. Lonsdale & Marsh Privacy Notice Version July
Privacy Notice Lonsdale & Marsh understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will
More informationVISTRA MONACO PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA MONACO PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights in
More informationTERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE
TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE 1. General The term PPS refers to: Professional Provident Society Holdings Trust, (The Holding Trust); Professional
More informationTerms Of Use AGREEMENT BETWEEN USER AND DRAKE MODIFICATION OF THESE TERMS OF USE LINKS TO THIRD PARTY WEB SITES USE OF COOKIES
Terms Of Use AGREEMENT BETWEEN USER AND DRAKE This website and other related websites and mobile applications (collectively referred to as "Sites") comprise various web pages and services operated by Drake
More informationPRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION
PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION 1.1 STORM RECRUITMENT is strongly committed to protecting your Personal Data. This Privacy
More informationProfessional Engineers Ontario. canada s anti-spam. Guidelines for Chapters
Professional Engineers Ontario canada s anti-spam legislation (CASL) Guidelines for Chapters Published by Association of Professional Engineers of Ontario, February 2015 Contents 1. Introduction... 3 2.
More informationVETS FIRST CHOICE PRIVACY POLICY FOR PARTICIPATING VETERINARY PRACTICES
VETS FIRST CHOICE PRIVACY POLICY FOR PARTICIPATING VETERINARY PRACTICES PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS SITE. Last Updated: January 01, 2015 Direct Vet Marketing, Inc. (hereinafter,
More informationCALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS
CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS INTRODUCTION: Before the California State Teachers Retirement System (hereinafter "CalSTRS," "We," or "Us") will provide services found at mycalstrs.com (the
More informationPrivacy Policy GENERAL
Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill
More informationPrivacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Privacy Policy Datacenter.com (referred to as we, us, our, Datacenter or the Company ) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data
More informationBarrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy
Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy Purpose 1. Privacy of personal information is governed by the Personal Information Protection and Electronics Documents Act ( PIPEDA ). Baydogs
More informationOffice Properties Income Trust Privacy Notice Last Updated: February 1, 2019
General Office Properties Income Trust Privacy Notice Last Updated: February 1, 2019 Office Properties Income Trust ( OPI ) is committed to your right to privacy and to keeping your personal information
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationSmile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.
Smile IT Ltd Privacy Policy Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users. At Smile IT we value our clients and we re committed to protecting your
More informationCASL. What you need to know about Canada s new Anti-Spam Legislation
CASL What you need to know about Canada s new Anti-Spam Legislation Jason McLinton, Senior Director, Retail Council of Canada & Scott Smith, Director, Canadian Chamber of Commerce January 29, 2014 Format
More informationFerrous Metal Transfer Privacy Policy
Updated: March 13, 2018 Ferrous Metal Transfer Privacy Policy Ferrous Metal Transfer s Commitment to Privacy Ferrous Metal Transfer Co. ( FMT, we, our, and us ) respects your concerns about privacy, and
More informationThe Age of Consent: Canada s Opt-In Anti-Spam Law. International Legal Technology Association October 23, 2014 David Elder
The Age of Consent: Canada s Opt-In Anti-Spam Law International Legal Technology Association October 23, 2014 David Elder MONTRÉAL TORONTO OTTAWA CALGARY VANCOUVER NEW YORK LONDON SYDNEY www.stikeman.com
More informationAmerican Dental Hygienists Association Privacy Policy
American Dental Hygienists Association Privacy Policy The American Dental Hygienists Association ( ADHA, we, or us ) has created and posted this privacy policy in an effort to maintain efficient service
More informationWhat This Policy Covers
Last Updated: September 25, 2018 What This Policy Covers What personal information we collect How we use this personal information How we secure personal information How to access and control your information
More informationHow to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019
How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019 Melissa Krasnow, VLP Law Group LLP, Minneapolis, Email: mkrasnow@vlplawgroup.com
More informationOnline Ad-hoc Privacy Notice
Online Ad-hoc Privacy Notice Last revised: 24 May 2018 Table of contents 1 About us and our Surveys... 2 2 What is personal data?... 2 3 Use of personal data... 2 3.1 Categories of personal data that are
More informationThe data controller is MKCM Software, LLC, contact
PRIVACY POLICY Effective date November 2018 Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data (as defined below) and how we will treat it.
More informationWIT Diverse Campus Services Ltd. Data Protection Policy
WIT Diverse Campus Services Ltd. Data Protection Policy Introduction WIT Diverse Campus Services Limited and/or its associated companies ( us or we ) have created this privacy statement to demonstrate
More informationVISTRA NETHERLANDS PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA NETHERLANDS PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More information1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3
Privacy Notice For ad-hoc CAWI (without target list) V1.0 June 4, 2018 Contents 1 About GfK and the Survey... 2 2 What are personal data?... 2 3 Use of personal data... 2 4 How we share personal data...
More informationBirmingham Midshires - Terms and Conditions Mortgage Intermediaries On-line Terms of Use (June 2017)
Birmingham Midshires - Terms and Conditions http://www.bmsolutions.co.uk/terms/ Mortgage Intermediaries On-line Terms of Use (June 2017) 1. General Which Terms Apply? - Directly Authorised Firms:If you
More informationBIOEVENTS PRIVACY POLICY
BIOEVENTS PRIVACY POLICY At Bioevents, your privacy is important. Below you will find our privacy policy, which covers all personally identifiable data shared through Bioevents websites. Our privacy policy
More informationecare Vault, Inc. Privacy Policy
ecare Vault, Inc. Privacy Policy This document was last updated on May 18, 2017. ecare Vault, Inc. owns and operates the website www.ecarevault.com ( the Site ). ecare Vault also develops, operates and
More informationPRIVACY POLICY. [Last updated : May 24th, 2018]
PRIVACY POLICY [Last updated : May 24th, 2018] 1. WHO WE ARE. 1.1 MCO CONGRÈS SERVICES. We are a ticketing and registration platform dedicated to bringing the world together through live experiences. Through
More informationVIEWING AND/OR USE AND/OR COMMUNICATION IS CONSTRUED AS ACCEPTANCE OF THE TERMS OF THIS POLICY
PRIVACY POLICY Last Modified: September 11, 2017 PERSONS OR PARTIES COVERED This Privacy Policy is intended to cover all visitors to this website, all subscribers to lists or newsletters associated with
More informationYour Guide to PIPEDA. The Personal Information Protection and Electronic Documents Act A GUIDE FOR INDIVIDUALS
Office of the Privacy Commissioner of Canada A GUIDE FOR INDIVIDUALS Your Guide to PIPEDA The Personal Information Protection and Electronic Documents Act INTRODUCTION When you do business with a company,
More informationCURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk
CURTIS BANKS LIMITED Privacy Information Notice curtisbanks.co.uk Contents Section Page 1 Who we are 3 2 Why we need to collect, use and process personal information 3 3 The information we may collect,
More informationData Protection Policy
Data Protection Policy Introduction WIT Diverse Campus Services Limited (herein after referred to as DCS) and/or its associated companies ( us or we ) have created this privacy statement to demonstrate
More informationnanopay Privacy Notice and Policy
Last Updated: November 28, 2018 1. Executive Summary nanopay Privacy Notice and Policy This privacy notice and privacy policy ( Notice or Notice and Privacy Policy ) sets forth the manner in which the
More informationTerms of Use for companies accessing MyStay Product Database via MyStay API
MyStay Product Database and My Stay Application Programming Interface (API) MyStay Product Database is a part of Visit Finland s website www.visitfinland.com. The purpose of the database is to enable the
More informationPrivacy Policy. Last Updated: August 2017
Privacy Policy Last Updated: August 2017 Here at ConsenSys we know how much you value privacy, and we realize that you care about what happens to the information you provide to us through our website,
More informationAcceptance. Changes to this Policy
Privacy Policy Last Updated: January 3, 2019 Thank you for visiting Etalia Foods! We work hard to provide you unforgettable and naturally gluten-free pizzas. We know that by choosing Etalia Foods for your
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationPrivacy Policy. Third Party Links
Privacy Policy This Privacy Policy is provided by POP Tracker LLC, which is referred to within the policy collectively as "POP Tracker", "we", "us" and/or "our". It applies to all POP Tracker-owned websites,
More informationStarflow Token Sale Privacy Policy
Starflow Token Sale Privacy Policy Last Updated: 23 March 2018 Please read this Privacy Policy carefully. By registering your interest to participate in the sale of STAR tokens (the Token Sale ) through
More informationDentons Canada LLP. Understanding CASL. Presented to the Alberta Chambers of. Craig T. McDougall and Thomas A. Sides
Dentons Canada LLP Understanding CASL Presented to the Alberta Chambers of Commerce April 22, 2014 Craig T. McDougall and Thomas A. Sides Understanding CASL 1) Background and Key Dates 2) Commercial Electronic
More informationAccess Rights and Responsibilities. A guide for Individuals and Organisations
Access Rights and Responsibilities A guide for Individuals and Organisations This guide is aimed at both individuals and organisations. It is designed to bring individuals through the process of making
More informationWorld Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018
World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018 We understand that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy
More informationMarketing Law in Canada Has Changed... Are You Ready?
Email Marketing Law in Canada Has Changed... Are You Ready? Webinar May 29 th, 2014 Hosted by: Tracey Hart, Director of Marketing, Discover Boating Canada Presented by: Lonnie Brodkin-Schneider, Partner,
More informationBoostMyShop.com Privacy Policy
BoostMyShop.com Privacy Policy BoostMyShop.corp ( Boostmyshop.com or the Site ) makes its extensions, services, and all Site content available to you subject to this Privacy Policy and its Terms of Service.
More informationFritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?
Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice For the purposes of applicable data protection and privacy laws, The Stonhard Group, a division of Stoncor Group, Inc. ( The
More informationInsights and Commentary from Dentons
dentons.com Insights and Commentary from Dentons On March 31, 2013, three pre-eminent law firms Salans, Fraser Milner Casgrain, and SNR Denton combined to form Dentons, a Top 10 global law firm with more
More informationCANADIAN TIRE PRIVACY CHARTER
CANADIAN TIRE PRIVACY CHARTER Policy on Privacy of Customer Personal Information Canadian Tire is committed to protecting the privacy and security of your personal information obtained by reason of your
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationOHSU s Alumni Relations Program (housed at the OHSU Foundation): 1121 SW Salmon Street, Suite #100 Portland, OR
OHSU Email Address for Life Terms and Conditions These terms and conditions govern your registering, receipt, and use of an @alumni.ohsu.edu email account. Registering for an @alumni.ohsu.edu email account
More informationRights of Individuals under the General Data Protection Regulation
Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3
More informationGuidelines Concerning the Transmission, Etc. of Specified Electronic Mail
Guidelines Concerning the Transmission, Etc. of Specified Electronic Mail August 2011 Ministry of Internal Affairs and Communications Telecommunications Bureau Telecommunications Consumer Policy Division
More informationPrivacy Policy Effective May 25 th 2018
Privacy Policy Effective May 25 th 2018 1. General Information 1.1 This policy ( Privacy Policy ) explains what information Safety Management Systems, 2. Scope Inc. and its subsidiaries ( SMS ), it s brand
More informationPersonal Data & Privacy Policy Statement
Personal Data & Privacy Policy Statement Your Privacy Hong Kong Broadband Network Limited ("we" or the "Company") respect the privacy rights of visitors to all our company websites (the Websites ) and
More informationCEM Benchmarking Privacy Policy
CEM Benchmarking Privacy Policy Final Draft: 18/05/18 Next Review Date: 22/05/19 Page 1 Contents Page 1 Outline 3 2 Categories of personal data 3 3 Sources of personal data 3 4 Purposes 4 5 Lawful basis
More informationNOOTRY TERMS OF SERVICE
NOOTRY TERMS OF SERVICE Nootry LLC ( Nootry ), a Delaware limited liabilities company, provides access to and use of the services, including our website, APIs, email notifications, and application (the
More informationCopyrights and Privacy Statement
Copyrights and Privacy Statement Jesse James Hardscaping Authorization of Use Jesse James Hardscaping hereby authorizes any person to access this Website for informational purposes only. Jesse James Hardscaping
More information