INTRODUCTION
Eastlink is a Maritime-owned and operated company delivering world-class communications and entertainment services to residential and business customers throughout the Maritimes. In order to provide, maintain and enhance the services available to our customers, Eastlink must collect, use, and disclose customers’ personal information. At the same time, Eastlink recognizes the importance of respecting and protecting our customers’ privacy. That is why we have developed the Eastlink Customer Privacy Policy (the “Policy”) and the Eastlink Code of Fair Information Practices (the “Code”). These documents detail our commitment to safeguarding the privacy of our customers’ personal information.
Eastlink’s Code and Policy were developed to be fully compliant with the federal government’s privacy legislation, the “Personal Information Protection and Electronic Documents Act” (“PIPEDA”). The Code governs the behaviour of our employees and agents with respect to customers’ personal information. The Policy is designed to inform customers about our privacy practices, and is intended as a less formal summary of Eastlink’s approach to customer privacy.
Eastlink will continue to stay current on the critical issue of privacy. In doing so, we may modify the Code and Policy when we feel it is appropriate to do so. If we change our Code or Policy, we will post those changes on our web site in a timely manner. You may determine when this Code was last updated by referring to the date found at the bottom left hand corner of each page.
For complete information, this Code should be read in conjunction with the Policy, a copy of which is available on our web site.
SCOPE AND APPLICATION
This Code applies to the personal information of Eastlink’s customers that is collected, used or disclosed by Eastlink.
This Code does not impose any limits on the collection, use or disclosure of the following information by Eastlink:
(a) publicly available information, such as a customer’s name, address and telephone number, when listed in a directory or available through directory assistance; or
(b) the name, title, business address or business telephone number of an employee of an organization.
This Code does not apply to information regarding Eastlink’s corporate customers. However, such information is protected by other Eastlink policies and practices and through contractual arrangements.
The application of the Eastlink Code is subject to the requirements or provisions of any applicable legislation, regulations, tariffs or agreements (such as collective agreements), or the order of any court or other lawful authority.
Every Eastlink employee is responsible for maintaining the confidentiality of all personal information to which they have access. As a condition of employment, Eastlink employees are required to comply with all Eastlink policies regarding the management of personal information and to sign an agreement binding them to this responsibility.
DEFINITIONS
Collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
Consent: Voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative.
Express consent is given explicitly, either orally, electronically or in writing. Express
consent is unequivocal and does not require any inference on the part of Eastlink.
Implied consent arises where consent may reasonably be inferred from an individual’s
action or inaction.
Customer: An individual who:
(a) uses, has used, or applies to use Eastlink’s products or services, where such
individual is a residential customer; or
(b) enters a contest or promotion sponsored by Eastlink.
Disclosure: Making personal information available to third parties.
Eastlink: All affiliated, subsidiary or successor companies operating under the name Eastlink, as they may exist from time to time, as well as employees and agents acting on behalf of Eastlink. “Eastlink” does not include independent dealers and distributors of Eastlink products and services.
Personal Information: Information about an identifiable customer, but not aggregated information that cannot be associated with a specific individual. For Eastlink customers, this includes, but is not limited to, the items noted in the Eastlink Customer Privacy Policy.
Third Party: An individual or organization outside Eastlink, other than the customer, or his/her authorized agent.
Use: The treatment, handling and management of personal information by Eastlink.
THE PRIVACY PRINCIPLES
The ten principles which form the basis of the Eastlink Code of Fair Information Practices are interrelated and Eastlink shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. As permitted by the Personal Information Protection and Electronic Documents Act, the commentary in the Eastlink Code has been tailored to reflect personal information issues specific to Eastlink.
Principle 1: Eastlink's accountability
Eastlink is responsible for personal information under its control and shall designate one or more persons who are accountable for Eastlink’s compliance with this Code.
1.1 Responsibility for ensuring compliance with the provisions of the Eastlink Code rests with the senior management of Eastlink, which has designated two individuals within the company who are accountable for Eastlink’s compliance with this Code, one for customer contacts and the other for employees. Other individuals within Eastlink may be delegated to act on behalf of the designated persons or to take responsibility for the day-to-day collection and processing of personal information.
1.2 The title of the individuals designated by Eastlink to oversee the company’s compliance with this Code shall be made known internally and shall be made available to customers upon request.
Eastlink has designated the Eastlink Privacy Officer to oversee compliance with the Eastlink Code as it relates to customers’ personal information. Customers should write to:
Eastlink
Attn: Privacy Officer
P.O. Box 8660, Station A
6080 Young Street, 8th Floor
Halifax, NS B3K 5M3
e-mail: privacy@corp.Eastlink.ca
1.3 Eastlink is responsible for personal information in its possession or control, including
information that has been transferred to a third party for processing. Eastlink shall use
contractual or other means to provide a comparable level of protection while information is being processed by a third party.
1.4 Eastlink has implemented policies and practices to give effect to this Code, including:
(a) implementing procedures to protect personal information;
(b) establishing procedures to receive and respond to complaints and inquiries;
(c) training staff and communicating to staff information about Eastlink’s policies and
procedures; and
(d) developing information to explain Eastlink’s policy and procedures.
Principle 2: Identifying the purposes for personal information collection
Eastlink shall identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 Eastlink shall document the purposes for which personal information is collected.
2.2 Eastlink collects, uses and discloses customers’ personal information primarily for the purpose of providing Eastlink products and services to our customers (i.e., to set up and maintain customers’ accounts and to effectively deal with issues concerning their service). In addition, Eastlink may collect, use and disclose customers’ personal information to:
(a) provide better customer service (e.g., by keeping customers informed of new products, services and promotions);
(b) help Eastlink better understand customers’ communications needs and preferences so that Eastlink can develop, enhance, market and provide products and services (e.g.,
Eastlink may analyze customers’ use of Eastlink’s products and services to help us
provide better product recommendations and special offers); and
(c) manage and develop Eastlink’s business operations.
Further references to “identified purposes” means the purposes identified in this principle 2.2.
2.3 The identified purposes should be specified to the customer at or before the time of collection. Upon request, persons collecting personal information should be able to clearly explain to customers the purposes for which the information is being collected, or refer the individual to a designated person within Eastlink, who shall explain the purposes.
2.4 If Eastlink proposes to use personal information for a purpose not previously identified, the new purpose shall be identified and documented prior to the new use. Unless the new purpose is required or permitted by law, the consent of the customer is required before the information can be used for that purpose.
Principle 3: Obtaining consent
The knowledge and consent of a customer are required for the collection, use or disclosure of personal information, except where inappropriate.
3.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. All of the circumstances in which Eastlink may collect, use or disclose personal information without knowledge or consent are as specified and permitted by law.
3.2 In most cases, Eastlink will seek consent for the use or disclosure of personal information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected, but before it is used or disclosed (for example, when Eastlink wants to use information for a purpose not previously identified).
3.3 In obtaining consent, Eastlink shall use reasonable efforts to ensure that customers are advised of the identified purposes for which personal information will be used or disclosed.
Purposes shall be stated so that the customer can reasonably understand how the information will be used or disclosed.
3.4 Eastlink may not, as a condition of providing a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond that required to provide the product or service itself.
3.5 In determining the form of consent to use, Eastlink shall take into account the sensitivity of the information and the reasonable expectations of the customer.
3.6 Where permitted by the Act, unless otherwise specified by a customer, the use of products and services by a customer constitutes implied consent for Eastlink to collect, use and disclose personal information for all identified purposes.
3.7 Customers may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers may contact Eastlink for more information regarding the implications of withdrawing consent.
Principle 4: Limiting the collection of personal information
The collection of personal information by Eastlink shall be limited to that which is necessary for the purposes identified by Eastlink.
Information shall be collected by fair and lawful means and Eastlink shall not mislead or deceive customers about the purposes for which personal information is being collected.
4.1 Eastlink collects personal information from its customers for the purposes described under
Principle 2.2.
Principle 5: Limiting use, disclosure, and retention of personal information
Eastlink shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the customer, or as required by law.
Eastlink shall retain personal information only as long as necessary for the fulfillment of the identified purposes.
5.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge or consent of the individual (see Principle 3.1).
5.2 In addition, Eastlink may disclose a customer’s personal information to:
(a) an agent or supplier who assists us in the development, enhancement, marketing or
provision of any Eastlink products or services;
(b) another communications service provider, in order to offer efficient and effective
communications services;
(c) a credit reporting or collection agency;
(d) law enforcement agencies and other parties with a court order;
(e) investigative bodies and legal counsel;
(f) a financial institution or credit grantor;
(g) emergency services;
(h) a person who, in the reasonable judgment of Eastlink, is seeking the information as an agent of the customer;
(i) a third party or parties, where the customer consents to such disclosure or disclosure is required by law.
5.3 Eastlink shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Eastlink has a records retention policy that specifies the length of time that records are maintained. Personal information that has been used to make a decision about an individual is retained long enough to allow the individual access to the information after the decision has been made.
5.4 Only those Eastlink employees whose duties reasonably so require are granted access to personal information about customers.
5.5 Eastlink destroys, erases, or makes anonymous personal information that is no longer required to fulfill the identified purposes.
Principle 6: Accuracy of personal information
Eastlink shall keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
6.1 Personal information used by Eastlink shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer.
6.2 Eastlink shall update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7: Safeguarding personal information
Eastlink shall protect personal information with security safeguards appropriate to the sensitivity of the information.
7.1 Eastlink shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 Eastlink shall protect personal information disclosed to third parties by contractual
agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
7.3 All employees of Eastlink with access to personal information shall be required to respect the confidentiality of personal information.
Principle 8: Being open about policies and procedures
Eastlink shall make readily available to customers specific information about its policies and procedures relating to the management of personal information, in a form that is generally understandable.
8.1 Eastlink shall make its policies and practices with respect to the management of personal information easily comprehensible and accessible by providing, upon request:
(a) the title and address of the individual accountable for Eastlink’s compliance with the Code and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by Eastlink;
(c) a description of the type of personal information held by Eastlink, including a general
account of its use;
(d) a copy of any documents that describe the company’s privacy policies, standards, and/or codes; and
(e) a description of personal information made available to related organizations, including subsidiaries, affiliates or agent.
Principle 9: Providing access to personal information
Upon written request, Eastlink shall inform customers of the existence, use, and disclosure of their personal information and provide access to that information.
A customer shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon written request, Eastlink shall afford to a customer a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in an understandable form within a reasonable time and at minimal or no cost to the individual.
9.2 In certain situations, Eastlink may not be able to provide access to all of the personal information that it holds about a customer. Exceptions to the access requirement shall be limited to those allowed or required under law.
9.3 Upon request, Eastlink shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, Eastlink shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.4 An individual may be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information and to permit Eastlink to authorize access to the individual’s file. Any such information shall be used only for this purpose.
9.5 Eastlink shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Eastlink shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.6 Customers can seek access to their personal information by contacting Eastlink Customer Care or the Eastlink Privacy Officer.
Principle 10: Challenging compliance
An Eastlink customer shall be able to address a challenge concerning compliance with the above principles to the designated individuals accountable for Eastlink's compliance with this Code.
10.1 Eastlink shall maintain procedures to address and respond to complaints or inquiries about its policies and procedures relating to the handling of personal information.
10.2 Eastlink shall inform its customers about the existence of these procedures as well as the availability of complaint procedures.
10.3 The persons accountable for compliance with the Eastlink Code may seek external advice where appropriate before providing a final response to individual complaints.
10.4 Eastlink shall investigate all complaints concerning compliance with the Eastlink Code. If a complaint is found to be justified, Eastlink shall take appropriate measures, including, if necessary, amending its policies and procedures. A customer shall be informed of the outcome of the investigation regarding his or her complaint.
10.5 Customers can contact the Office of the Privacy Commissioner of Canada if they feel that Eastlink has not responded satisfactorily to their complaint or inquiry.
To contact the Office of the Privacy Commissioner of Canada:
The Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario
K1A 1H3
Telephone: 1-800-282-1376
Fax: (613) 947-6850
TTY: (613) 992-9190
e-mail: info@privcom.gc.ca
Web site: http://www.privcom.gc.ca
10.6 For more information on Eastlink’s commitment to privacy, contact the Eastlink Privacy Officer at:
Eastlink
Attn: Privacy Officer
P.O. Box 8660, Station A
6080 Young Street, 8th Floor
Halifax, NS B3K 5M3
e-mail: privacy@corp.Eastlink.ca
10.7 Copies of the Personal Information Protection and Electronic Documents Act can be obtained by accessing the website of the Office of the Privacy Commissioner of Canada at www.privcom.gc.ca or by contacting the Office of the Privacy Commissioner of Canada at 1-800-282-1376 or info@privcom.gc.ca.