Purpose of this Policy
Keller Engineering is committed to upholding the privacy principles of the Personal Information Protection and Electronic Documents Act (PIPEDA), which establishes the standards for the collection, disclosure, use and deletion of personal information in the course of standard business activities. Further details on PIPEDA can be found here: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/
The Ten Principles of PIPEDA
Keller Engineering commits to upholding the ten Principles of PIPEDA, as outlined below:
Accountability: Keller Engineering is solely responsible for the personal information we collect, retain, disclose and use and will do everything within our power to uphold the principals of the Act, including, but no limited to, the appointment of a Chief Privacy Officer.
Identifying Purposes: Keller Engineering will define the purpose for which the information we collect is being used or disclosed at the time that we collect that information. We will only use collected information for those defined purposes.
Consent: We commit to obtaining the meaningful consent of any individual providing us with personal information before we collect, retain, use or disclose that information. The form of the consent will match the sensitivity of the personal information collected.
Limiting Collection: We will limit the collection of personal information to the type of information that is reasonably required for its identified purpose.
Limiting Use, Disclosure and Retention: The personal information we collect will only be used for its identified purpose. We will not disclose collected information to another third party without the prior consent of the individual who provided the information. We will receive new consent if we intend to use or disclose personal information for a new purpose.
Accuracy: We commit to keep our collected personal information accurate, and to not make decisions about an individual using inaccurate data or to share inaccurate data with third parties, when such disclosure is appropriate.
Safeguards: Keller Engineering uses physical measures, organizational controls and technological tools to protect the personal information we have collected.
Openness: We commit to making this policy available to all of our clients. All of Keller Engineering’s privacy practices and policies will be communicated to our clients in a clear and concise manner.
Individual Access: Any individual whose information we have obtained has the right to access their personal information and to challenge the accuracy of that information, as necessary.
Challenging Compliance: Our clients are welcome to challenge our compliance with PIPEDA and its fair information principles. The processes for how complaints can be brought to our Chief Privacy Officer is included in this policy.
Purposes of Collecting Personal Information
Personal information will only be gathered from our clients for the reasons enclosed in this policy. Consent will be requested prior to the gathering and storing of any personal information. Information collected will be restricted to that which is strictly necessary to fulfill the business practice listed below.
Business Development, Client Services, and Client Satisfaction
Personal information may be collected in order to assess the appropriate fit of our services with a perspective client’s needs. Information requested may include the contact information of key decision makers (including names, emails, and phone numbers), and the service preferences of those decision makers.
Over the course of a project, the contact information of key stakeholders will be requested (including names, emails, and phone numbers). The service preferences, and customer feedback of those stakeholders may be stored and used to assess future business practices.
The personal information of a client, including their home address, and building schematics, may be made available to our team members over the course of a construction project. Such information will be only maintained for the purpose of safely completing construction to the client’s specifications.
Only that information which is necessary to attain and complete a client’s business will be collected.
As part of our invoicing process, we will require the financial information of our clients, including relevant banking information to establish direct payment methods, such as an e-transfer. This personal information is only collected for invoicing purposes and will not be used or disclosed for another purpose without our clients’ express permission.
Only the financial information that is required to complete our financial transaction will be collected.
As part of the delivery of our services, we may need to complete a survey using video photography. The purpose of this video documentation is strictly limited to creating a record of the physical condition of any structures we will be repairing or are in the vicinity of our construction project prior to the repair. A copy of any videos created will be made available to our clients in the event of suspected damage to the property, so that both parties are able to confirm the prior condition of the construction site and the structures in its immediate vicinity.
As part of the service we provide our clients, we may collect personal information from members of the general public directly effected by our construction projects. This personal information will be gathered strictly to acquire feedback from relevant local stakeholders on our projects. Stakeholders include neighbouring landowners, tenants, and other interested parties. Contact information from the general public (including names, emails, home addresses, and phone numbers) may be requested in order to respond to general inquiries.
We may collect information from our clients, project stakeholders and the general public for marketing purposes. This includes to send email and mailed newsletters, notification of future business opportunities, and other promotional information. Personal information gathered for marketing purposes will only be collected with the full knowledge and consent of the individuals involved. This includes individuals who send a request for proposal email from our website, consenting clients, and other individuals who request to be added to our mailing list. Individuals on our contact list will be removed immediately upon request to our Chief Privacy Officer, whose contact information is included below.
We will seek the express consent to obtain an individual’s personal information for the reasons outlined above before collecting that information. As part of the consent process, we will disclose the reason for the collection of the personal information to the party in question. If a new use for the information is identified new consent will be obtained, unless otherwise required by law or permitted under PIPEDA.
A client, stakeholder or member of the general public may withdraw their consent to our use of their personal information at any time, by providing our Chief Privacy Officer with a written request to that effect. Express consent will be obtained prior to disclosing the individual's personal information to other third parties, unless otherwise required by law or permitted under PIPEDA.
PIPEDA permits Keller Engineering to transfer personal information to a third party, without knowledge or consent of the individual, if the transfer is only for processing purposes and the third party only uses the information for the purposes for which the information was originally acquired. We will ensure, through contracts and confidentiality agreements that the third party protects the information and uses it only for the purposes for which it was transferred.
Personal information collected will be limited to the purposes set out in this policy, client agreements, and other forms signed and agreed to by both parties.
Retention of Personal Information
Personal information will be retained in internal files if the file is active and for such periods of time as may be prescribed by applicable federal and provincial laws and regulations.
A file will be deemed inactive if the business relationship with a client ends, or the project that the information was exclusively obtained for is completed. Information contained in an inactive file will be retained for a period of seven years, except in the case of personal information solely acquired for marketing purposes. Such information will be deleted immediately after a request for said deletion is made by the individual.
Keller Engineering commits to ensuring that all collected personal information is current, accurate and complete, as required to fulfill the purpose for which the information has been originally collected, used, retained or disclosed. If you are aware that information, we have collected from you is no longer accurate, please inform our Chief Privacy Officer immediately.
Information in inactive files will not updated.
All reasonable measures will be taken to protect the personal information we have collected and are using. All employees are required to review this policy and have been instructed in its proper implementation. Employees have been instructed to immediately alert our Chief Privacy Officer if they believe any aspect of this policy has not been properly implemented and maintained. Any third parties, including independent contractors, who may have access to personal information will be required to sign confidentiality agreements restricting their use and disclosure of that information prior to their gaining access to the information.
To enforce compliance with this policy, Keller Engineering has appointed a Chief Privacy Officer. The Chief Privacy Officer is empowered to investigate and correct any breach of this policy. In the event of a privacy breach, the Chief Privacy Officer is responsible for enacting Keller Engineering’s privacy breach procedures, which includes reporting the data breach to the effected individuals. The current Chief Privacy Officer is Andree Ball.
Chief Privacy Officer
Director of Client Relations
885 Meadowlands Drive, Suite 500
All paper copies of personal information are stored in Keller Engineering’s locked office, under the supervision of the Chief Privacy Officer. The mailing of paper copies of personal information will only be done using a reputable courier service. Paper copies will be shredded when disposed of at the end of the appropriate period.
Electronic copies of personal information are stored on secure Keller Engineering servers. All files will be deleted, and any backups destroyed, at the end of the appropriate period of inactivity. Computers with the pertinent information will have their hard drives rendered unusable when the computer is disposed of. All outbound emails by Keller Engineering employees will have a privacy statement. Access to Keller emails, servers and other data repositories will be password protected. Company internet routers and servers have firewall protection sufficient to protect confidential information against virus attacks.
Any individual who wishes to review their personal information may do so after providing a written request to the Chief Privacy Officer. The Chief Privacy Officer may request additional information to verify your identity prior to providing access. In the event of such a request, we will provide you with all of personal information we currently have on file within 60 days of the original request. If we are legally or contractually restricted in providing you with any information, we will disclose the reasons for those restrictions. In the event that we are unable to fully disclose your information due to legal or contractual restrictions, we will seek permission for the pertinent party to lift those restrictions.
Information Correction and Formal Complaints
If correction to your information is required, we request that you submit a request for correction to our Chief Privacy Officer, who may request additional documentation to back up your claim. The Chief Privacy Officer will review the information, and if she agrees that the information is incorrect make the appropriate adjustments. If the Chief Privacy Officer does not agree that the information is incorrect, she will notify you of her finding and include both your complaint and her finding in your file. If we are required to adjust your information, we will inform any third party that may have received the incorrect information of the necessary corrections.