BridgeGreen Capital Inc. (“BridgeGreen”) is committed to protecting the privacy and security of personal information under its control about its members, website visitors and others whose personal information may be collected by BridgeGreen.
In an effort to maintain appropriate standards of care in managing personal information, BridgeGreen commits to the following ten principles, as outlined in the Canadian Standards Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and that comply with provincial and federal legislation:
This Policy is subject to change due to changes in organizational practices or legal and regulatory requirements. We encourage you to periodically check our website for updates to this Policy.
Definition of Personal Information
“Personal information” is any information about an identifiable individual, other than an individual’s business contact information that is used to communicate with the individual in relation to their business, employment or profession. Thus, personal information includes, but is not limited to, your name, contact information, date of birth, credit card details or other financial information, hours of availability, schedule, personal preferences, employment details, opinions and other demographics that help BridgeGreen service your specific needs.
Personal information does not include anonymous or aggregated information that cannot be tracked back to you personally. For example, we may use aggregate data to improve the quality and efficiency of our products and services, and to enhance our marketing efforts.
Principle 1: Accountability
BridgeGreen accepts full responsibility for the personal information under our control. To that end, we have established internal procedures to comply with this Policy and have designated a Privacy Officer to be accountable for compliance with the following principles.
1.1 Responsibility for ensuring compliance with the provisions inherent in this Policy rests with BridgeGreen’s Privacy Officer. The Privacy Officer may delegate responsibilities to one or more employees to oversee privacy compliance.
1.2 BridgeGreen shall use contractual and other commercially reasonable means to ensure that any third parties with access to personal information entrusted to BridgeGreen provide a comparable level of protection while such information is being processed by them.
1.3 To give effect to the principles of privacy, in addition to developing this Policy, BridgeGreen has:
Principle 2: Identifying Purposes
BridgeGreen collects personal information for specific purposes and identifies these purposes at or before the time the information is collected.
2.1 Personal information is collected for purposes such as the following:
2.2 Unless otherwise permitted or required by law, BridgeGreen shall make reasonable efforts to only collect and use personal information that is necessary for the purposes identified in section 2.1.
2.3 Upon request, representatives of BridgeGreen collecting personal information shall explain the purposes for which such information will be used or refer the individual to another BridgeGreen representative who can explain the purposes.
Principle 3: Consent
BridgeGreen obtains informed consent for the collection, use or disclosure of personal information, except where inappropriate.
3.1 Unless otherwise permitted or required by law, BridgeGreen shall not use or disclose personal information for any new purpose that is not outlined in section 2.1 without first identifying and documenting the new purpose and obtaining the express consent of the individual.
3.2 Consent can be obtained in person, by phone, by mail, or via the Internet. Consent is only implied or assumed if the collection, use or disclosure of personal information is obvious based on the individual’s actions or inactions, and the personal information is non-sensitive in nature and context.
3.3 BridgeGreen will only require individuals to consent to the collection, use or disclosure of personal information as a condition to the supply of a product or service if such collection, use or disclosure is required to fulfill the identified purposes.
3.5 If you provide BridgeGreen or its service providers with personal information about another person, it is your responsibility to obtain consent from such person to enable us to collect, use and disclose such information for the purposes set forth in this Policy.
3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. For example, you are always given the ability to opt-out of receiving promotional electronic messages from BridgeGreen by using the available “unsubscribe” link. BridgeGreen will inform customers of the implications of withdrawing consent, as we may be limited or unable to provide information, products or services as a result.
Principle 4: Limiting Collection
BridgeGreen limits the collection of personal information to that which is necessary for purposes identified by BridgeGreen. Personal information is collected by fair and lawful means.
4.1 Every BridgeGreen department or business unit is responsible for ensuring that all information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.
4.2 For the most part, personal information is collected directly from the individual who it is about, for example through applications and supporting documentation provided.
4.3 Only with the authorization of the individual or where permitted or required by law, BridgeGreen may also collect personal information from references, financial institutions, credit reporting agencies or other third parties.
Principle 5: Limiting Use, Disclosure and Retention
BridgeGreen does not use or disclose personal information for purposes other than those for which it is collected (as outlined in section 2.1), except with the consent of the individual or as required by law. BridgeGreen retains personal information only as long as necessary for the fulfillment of those purposes, or as required by law.
5.1 There are circumstances where a disclosure without consent is justified or permitted, for example in the context of a legal investigation or a request from law enforcement or other governmental authorities, or where BridgeGreen believes, upon reasonable grounds, that the disclosure is necessary to protect the rights or safety of an identifiable person or group.
5.2 Also, note that your information may be shared with service providers who assist us in establishing, managing or maintaining our relationship with you. These organizations, such as data hosting providers, banking institutions and credit agencies, as well as other software service providers, commit to safeguarding your personal information.
5.3 Note that your personal information may be transferred to a foreign jurisdiction to be processed or stored by BridgeGreen or its service providers, including data hosting providers. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
5.4 BridgeGreen does not and will never sell any personal information to third parties for marketing or any other commercial purposes.
5.5 Personal information may be shared within the entities comprising BridgeGreen for internal audit, management, billing, promotional or administrative purposes including defending and bringing legal actions.
5.6 BridgeGreen retains personal information only as long as it is deemed necessary, to fulfill the purposes identified in section 2.1 or as required by law. BridgeGreen has established departmental retention timelines for staff to follow and also periodically reviews BridgeGreen’s retention needs. The retention period may extend beyond your relationship with us.
5.7 Personal information no longer necessary or relevant for the identified purposes or no longer required to be retained by law, shall be securely destroyed, erased or made anonymous.
Principle 6: Accuracy
BridgeGreen makes reasonable efforts to keep personal information as accurate, complete and up-to-date as is necessary to fulfil the purposes for which the information is to be used.
6.1 BridgeGreen relies upon the individuals who provide us with their personal information to ensure its accuracy and completeness.
6.2 BridgeGreen has established internal procedures to preserve the integrity of the personal information received by individuals in accordance with reasonable commercial standards.
6.3 BridgeGreen shall update personal information about customers as and when necessary to fulfill the identified purposes, or upon notification by the individual.
Principle 7: Safeguards
BridgeGreen protects personal information with security safeguards appropriate to the sensitivity of the information.
7.1 With the use of appropriate security measures, BridgeGreen protects personal information against a variety of risks, such as loss, theft, unauthorized access, unauthorized disclosure, unauthorized copying, unauthorized use, unauthorized modification or unauthorized destruction of such information.
7.2 Safeguards involve physical, organizational and technical measures including but not limited to:
7.3 All of BridgeGreen’s employees with access to personal information shall be required, as a condition of employment, to safeguard personal information viewed or handled by the employee. Employees sign confidentiality agreements and must complete privacy awareness training.
Principle 8: Openness
BridgeGreen makes readily available specific information about its personal information management policies and practices to individuals upon request.
8.1 This information includes:
8.2. BridgeGreen makes information available to help individuals exercise choices regarding the use and disclosure of their personal information upon request. BridgeGreen staff are able to answer inquiries about our information handling practices and appropriately refer unanswered questions or privacy complaints to BridgeGreen’s Privacy Officer.
Principle 9: Individual Access
BridgeGreen informs individuals of the existence, use and disclosure of his or her personal information upon request, and gives the individual access to that information. Individuals are given the opportunity to challenge the accuracy and completeness of their information and have it amended as appropriate.
9.1 Upon written request, BridgeGreen will afford customers a reasonable opportunity to review their personal information as contained in BridgeGreen’s files, whether in electronic or in paper form. The written request must provide sufficient detail so that BridgeGreen can properly and efficiently locate the records requested.
9.2. Upon request, BridgeGreen will provide an account of the use and disclosure of the individual’s personal information and, where reasonably possible, will state the source of the information.
9.3 In order to safeguard and prevent fraudulent access to personal information, we may take steps to verify the identity of an individual, or their legally authorized representative, before granting them with access to their file.
9.4 BridgeGreen will respond to access requests in a timely manner, and in accordance with the timeframe prescribed by relevant legislation.
9.5 Individuals will be provided with any assistance required to access or understand their personal information, including clarifying exactly what personal information they are looking for or receiving in response to their access request.
9.6 Depending on the amount of information requested, there may be a nominal fee charged to cover any costs associated with responding to the request. BridgeGreen will inform the individual of any such fees prior to fulfilling the access request.
9.7 BridgeGreen shall promptly correct or complete any personal information that is successfully demonstrated by the individual, or their legally authorized representative, to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, BridgeGreen shall transmit to third parties having access to the personal information in question, any amended information or information regarding the existence of any unresolved differences.
9.8 An individual’s right to access or correct personal information is subject to applicable legal restrictions. If BridgeGreen does not have custody of the personal information requested or must decline to provide an individual with access to their personal information for legal, regulatory or other reasons, an explanation will be provided when permitted.
Principle 10: Challenging Compliance
10.1 BridgeGreen has procedures in place to receive, investigate, respond to and track concerns or complaints about BridgeGreen’s management of personal information.
10.2 Upon conclusion of a complaint investigation, the Privacy Officer will inform the complainant of:
10.3 Note that BridgeGreen is located in Canada for which the European Commission has made a positive finding of adequacy. Personal information about an EU resident may be stored on a BridgeGreen server provided that BridgeGreen complies with the General Data Protection Regulation (EU 2016/679). BridgeGreen has taken necessary GDPR compliance steps as a data controller.
Our websites may automatically record some general information about your visit in order for BridgeGreen to engage in web statistical analysis using Google Analytics and other web analytics services. We want to make sure our sites are useful to visitors, and ensure we engage in targeted advertising responsibly, such that customers receive information that is relevant to their needs and interests. User information gathered may include the:
Data collected for web analytics purposes may be processed in any country where the web analytics organization used by BridgeGreen operates servers, and thus may be subject to the governing legislation of that country.
We also use “cookies” that identify you as a return visitor and which can help us tailor information to suit your individual preferences. A cookie is a small text file that a website can send to your browser, which may then store the cookie on your hard drive. The goal is to save you time next time you visit, provide you with a more meaningful visit, and measure website activity. Cookies in and of themselves cannot be used to reveal your identity. Many browsers, however, allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.
OTHER IMPORTANT NOTES REGARDING OUR WEB PRACTICES
BridgeGreen provides links to other websites which we believe may be of interest to you. We are not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of each and every website that requests personal information from you.
THIRD PARTY SOCIAL MEDIA
BridgeGreen’s use of social media serves as an extension of its presence on the Internet. Social media account(s) are public and are not hosted on BridgeGreen’s servers. Users who choose to interact with BridgeGreen via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications used to access them.
We may offer you the opportunity to engage with our content through third party social networking websites and applications. When you engage with our content this way, you may allow us to have access to certain information associated with your social media account (e.g. name, username, e-mail address, picture) to deliver the content or as part of the website or application. We may use this information to confirm your identity and to personalize your experience.
SPECIAL NOTE FOR PARENTS
BridgeGreen takes seriously its obligations under the Children’s Online Privacy Protection Act concerning the collection of personal information from individuals under the age of thirteen (13). BridgeGreen websites are not directed at children, and we request that children under the age of 13 not provide personal information through our sites.
No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us through or in connection with BridgeGreen websites. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem in order for BridgeGreen to resolve the issue in a timely manner. Also keep in mind that email is not a secure form of communication so never send sensitive personal information to us via e-mail.
Privacy Officer Contact Information:
If you have any questions about this policy, BridgeGreen’s privacy practices, or would like to access your personal information, please contact:
BridgeGreen Capital Inc.
300-180 Kent Street
Ottawa, ON, Canada
*NOTE: We cannot guarantee the security of email communications over the Internet.
REVISIONS TO THIS POLICY