Definition of Personal Information
Personal information is information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization. It includes information that the customer has provided to the Company or was collected by the Company from other sources with the customer's consent or authorization. It could include details such as the customer's name and address, telephone number and other contact information, age and gender, personal financial records, securities ownership information, identification including Social Insurance Number, and employment background.
Ten Principles of Privacy
The Company is firmly committed to safeguarding our customers' confidentiality and protecting their personal, financial and business information. The principles that follow apply to the Company's interaction with our customers. These ten principles of privacy are interrelated and must be read in conjunction with the accompanying commentary.
Principle #1: Accountability
Principle #2: Identifying the Purpose of Collecting Personal Information
The Company will identify the purposes for which it collects personal information, before or when the information is collected. The Company will ask for personal information for the following purposes:
To verify our customers' identity and to protect against fraud
To administer and update account records, respond to inquiries and fulfill our contractual service obligations
To understand the customers' instructions, and
To comply with legal or regulatory requirements.
The Company will not use our customers' information for any purpose for which they would reasonably expect the Company not to use it. No person shall collect personal information on behalf of the Company unless the collection is expressly authorized by statute, used for the purposes of law enforcement or necessary to the proper administration of a lawfully authorized activity.
Principle #3: Obtaining the Customer's Consent
The Company will make a reasonable effort to ensure that the customer understands how their personal information will be used. The Company will seek to obtain the customers' consent to collect, use or disclose any personal information. The Company will not make attempts to deceive the customer into providing their consent.
A customer's consent can be express, implied, or given through an authorized representative. Express consent may be provided in writing, orally or electronically. Implied consent occurs when the Company can reasonably infer consent from an action taken or not taken, or where the circumstances reasonably requires that the Company have and use the information to fulfill the customer's directions. A customer may, at any time, withdraw their consent as long as:
They provide reasonable notice
The Company is not legally required to collect, use or disclose the customer's information
Withdrawing their consent does not impede the Company's ability to fulfill the Company's legal or contractual requirements.
The Company, however, may collect, use or disclose personal information without the customer's knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or as required by law.
The Company will not obtain consent through deceptive or misleading practices.
Principle #4: Limits for Collecting Personal Information
The Company limits the amount and type of personal information collected and therefore, collects only the information needed. The Company will collect personal information for the purposes identified. The Company collects personal information using policies and procedures which are fair and lawful. The Company may ask the customer to provide the following personal information:
Social insurance Number (SIN) for tax reporting purposes as well as other government purposes, such as when opening a registered retirement savings plan. This is done to comply with the Canada Revenue Agency's reporting requirements. The Company may also collect and use the customer SIN for administrative purposes, such as an internal identification number to accurately identify customers that have similar names.
Contact Information such as the customer's name, address, telephone number or email address.
The information that the customer provides to the Company is always their choice. The customer may in some situations not provide the Company with certain information. However, if the customer chooses not provide the Company with certain information, the Company may not be able to provide the level of service that the customer expects. The Company may monitor or record incoming or outgoing telephone calls with the customer for our mutual protection (e.g. to ensure that all instructions are carried out properly, to document that the Company has made the required disclosures to the customer, and to ensure that high customer service levels are maintained). The Company will make certain that the customer is informed of the purposes listed above where the customer is directly engaging in business with the Company. If a new purpose for using a customer's personal information develops, the Company will ask for the customer's consent.
Principle #5: Limits for Using, Disclosing and Retaining Personal Information
The Company will only use or disclose personal information for the reason(s) it was collected, unless the customer gives consent to use or disclose it for another reason, or it is permitted or required by law. However, in the ordinary course of the Company fulfilling its obligations, the Company may have to share personal information with other parties. For example, the information of securityholders or plan participants will also be available to the issuer or plan sponsor. Under no circumstances will the Company sell or give lists of clients to other companies for their own use and, if the Company obtains client lists from another organization, we require that organization to confirm their compliance with all relevant privacy legislation.
Under certain exceptional circumstances, the Company has a legal duty or right to disclose personal information without the customer's knowledge or consent to protect matters which include the Company or the public interest. Personal information may be released to legal or regulatory authorities in cases of suspected money laundering, insider trading, manipulative or deceptive trading, or other criminal activity, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of government, regulatory authorities or other self-regulatory organizations.
The Company has policies in place that govern the retention of personal information only for as long as deemed necessary for the identified intended purposes for which it was originally collected or as legally required.
Principle #6: Maintaining Accurate Personal Information
The Company is committed to maintaining personal information as accurately, complete and up-to-date as necessary for the identified purposes for which it was collected. If the customer discovers inaccuracies in their personal information, or their personal information changes, the customer is responsible for notifying the Company, so that the necessary changes are made promptly. Subject to security requirements, corrections to personal information can be delivered to the Company by mail, fax, e-mail or through the website.
Principle #7: Appropriate Safeguarding of Personal Information
The Company maintains appropriate safeguards to protect the sensitivity of the customer's personal information. The customer's personal information is secure within the Company, regardless of the format in which it is held. The Company has comprehensive security controls to protect against unauthorized use, access, alteration, duplication, destruction, disclosure, loss or theft of the customer's personal information.
Within the Company website, cookies or other information-tracking technologies may be used to improve the functionality or security of the Company web site, or to provide the customer with a more customized online experience. Please note that cookies cannot capture files or data stored on the customer's computer.
Principle # 8: Availability of Information about Policies and Procedures to Customers
Principle # 9: Providing Customer Access to Personal Information
When customers make a request in writing along with providing satisfactory identification and proof of entitlement, the Company will within a reasonable time inform them what personal information the Company has, what it is being used for, and to whom it has been disclosed. The Company may need specific information about the customer to enable the Company to search for, and provide the customer with, the personal information that the Company holds about them. When customers request in writing along with providing satisfactory identification and proof of entitlenent, the Company will provide them with access to their personal information. The Company will respond to the written request in a timely fashion. Customers can verify, update and correct their information as well as have obsolete information removed, by submitting such requests in writing. In certain situations, however, the Company may not be able to provide customers access to their personal information. The Company will explain the reasons for this lack of access and any recourse that the customer may have, except where prohibited by law.
The Company may charge the customer a nominal fee for processing the customer request and if so, the Company will give the customer advance notice of the fee amount before proceeding with the customer request.
Principle # 10: Handling Complaints and Questions
Customers may challenge the Company's compliance with this policy. The Company has policies and procedures to receive, investigate, and respond to customers' complaints and questions. Such questions or concerns should be directed to the Company's Privacy Officer by e-mail (Ombudsman@olympiatrust.com) or by mail (2300, 125 – 9th Ave. S.E. Calgary, Alberta T2G 0P6). Further documentation or information may be asked for at the time of the request to verify the customer's identity.
Internet Services Privacy
The safeguarding of personal information while interacting with the Company via the Internet is also extremely important. The Company applies the ten principles discussed above in caring for our customers' personal information. When browsing the Company's website, personal information, such as the customers email address, is not collected. Some areas of the Company website require information, such as the customer account number, to enable the customer to perform certain tasks (e.g. to review their accounts, use one of the website forms or tools, or correspond with the Company). In these cases, the Company will need to collect the information necessary to interact with the customer.
Regular Internet E-mail is Not Secure
E-mail sent within the Company's IT system, is not secure. The Company will preserve the content of a customers' email, the customers' e-mail address and the Company's response, so that the Company can be effective and efficient in responding to any follow-up questions from the customer. The Company also retains this information to meet legal and regulatory requirements.
Protection against Fraud
The Company believes that working together is the best way to safeguard against financial fraud. The Company is dedicated to prevent, detect and investigate fraud and the Company works closely with government, industry associations and law enforcement, to prevent fraud from occurring. The Company invests in emerging and new technologies and maintains rigorous security procedures to ensure that the customer enjoys doing business with us in a safe and secure environment.
Fraud prevention measures are built into the Company's due diligence process and regularly upgrade the Company's fraud detection/prevention systems.
Fraud detection and prevention activities are part of the Company's normal business activities
Although technologies can make it easier for fraud to occur, the Company employs around the clock sophisticated monitoring systems and controls to detect and prevent fraudulent activity.
This policy may be reviewed and updated more frequently, if and when, deemed necessary. The Policy may only be changed by the written action and approval of the Board.