1 - INTRODUCTION
1.1 - Purpose
The purpose of this Policy is to establish common rules to govern the collection, use and disclosure of Personal Information by 1379769 Alberta Ltd. o/a GlobalTill (“GlobalTill”) in Canada, in a manner that balances an Individual’s right to privacy with the need of GlobalTill to collect, use or disclose Personal Information for purposes that a reasonable person would consider appropriate in the circumstances, and in accordance with Privacy Laws.
1.2 - Application
This Policy applies to all GlobalTill personnel.
1.3 - Definitions
“collection” – means the act of gathering, acquiring, recording, or obtaining Personal Information from any source, including sources other than the Individual to whom the Personal Information belongs (and collects and collected have a corresponding meaning).
“consent” – means voluntary agreement to the collection, use and/or disclosure of Personal Information for defined purposes.
“disclosure” – means making Personal Information available outside GlobalTill other than a transfer (and disclose and disclosed have a corresponding meaning).
“Employee” – means a current or former director, employee or independent contractor of GlobalTill.
“GlobalTill Website” – means any GlobalTill website.
“identified purposes” – means those purposes for the collection, use and/or disclosure of Personal Information that are identified to the Individual, the types of which are set out in Schedule “A”.
“Individual” – means any individual who directly or indirectly provides their Personal Information to GlobalTill.
“Personal Information” – means any information about an identifiable Individual (or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an Individual), regardless of form, but does not include:
business contact information – the name, title, business address, business telephone number, business e-mail address or business fax number of any employee or official of any organization, to the extent that such information is collected, used or disclosed for the purpose of contacting an Individual in that person’s capacity as an employee or official of that organization;
work product information – information prepared or collected by an Individual or group as a part of its employment or business (except where that work product information is about an Individual who did not prepare or collect the work product information); or
Publicly Available Information.
“Privacy Commissioner” – means, as applicable, a federal or provincial privacy commissioner or provincial Privacy Law authority.
“Privacy Laws” – means privacy laws and regulations applicable to GlobalTill (as may be amended from time to time), including, without limitation, the Personal Information Protection and Electronic Documents Act (Canada) and the Personal Information Protection Act (Alberta).
“Privacy Officer” – means the person who is appointed the privacy officer of GlobalTill.
“Publicly Available Information” – varies by jurisdiction, and has the applicable meaning set out in Schedule “C”.
“sensitive” – means sensitive in the context in which the information is collected, used or disclosed, but includes an Individual’s personal financial or health information.
“transfer” – means a temporary arrangement in which Personal Information is provided to a third party to handle on behalf of GlobalTill, and the third party is not intended to have any independent right to use or disclose the Personal Information (and transferred has a corresponding meaning)
“use” – means treatment, handling, management and retention of Personal Information (and uses and used have a corresponding meaning).
2 - ACCOUNTABILITY
2.1 - Privacy Officer
Role. The Privacy Officer is accountable within GlobalTill for GlobalTill’s compliance with this Policy, and for ensuring that this Policy complies with applicable Privacy Laws.
Comments/Questions. Comments and questions regarding this Policy or its administration should be forwarded to the Privacy Officer’s attention.
Policy Review. On a periodic basis, the Privacy Officer will review this Policy, and related practices or procedures, to ensure that each is relevant and remains current with changing laws and technologies, GlobalTill’s practices, and the evolving privacy expectations of Individuals. The Privacy Officer will bring forward any proposed amendments to this Policy, or changes to GlobalTill practices or procedures, as a result of that review.
2.2 - Personal Information in Possession or Control
Responsibility. GlobalTill is responsible for Personal Information in its possession or control, including where a third party is collecting, using or disclosing Personal Information on behalf of GlobalTill.
Third Party Agents. Where Personal Information is transferred to a third party for processing on behalf of GlobalTill, GlobalTill must ensure that:
- (i) to the extent the Personal Information is collected by a third party on behalf of GlobalTill, the third party has obtained appropriate consent on its own behalf and/or on behalf of GlobalTill, as appropriate; and
- (ii) each third party receiving such Personal Information is contractually bound to protect such information. See Section 5.4 (Transfers or Disclosures of Personal Information).
2.3 - Training
GlobalTill has implemented programs to communicate information to Employees about this Policy and related privacy procedures (including Employee privacy training).
3 - IDENTIFYING PURPOSES FOR COLLECTION
3.1 - Purposes for Collection
Types of Purposes. GlobalTill collects Personal Information from the persons and for the types of purposes set out in Schedule “A”.
Notice of Purposes. GlobalTill informs the Individual of the applicable identified purposes at or before the time that the Personal Information is collected and as part of obtaining the consent of the Individual to that collection of Personal Information.
Limited Collection. GlobalTill only collects Personal Information that is necessary for identified purposes and any collection of Personal Information is limited to what a reasonable person would consider appropriate in the circumstances. See Section 5.1 (Limiting Collection).
New Purposes. If Personal Information that was previously collected by GlobalTill is to be used or disclosed for a new purpose (i.e. a purpose that was not identified to the Individual), GlobalTill will clearly identify the new purpose to the Individual prior to engaging in that new use or disclosure. The Individual whose Personal Information is at issue must consent before GlobalTill can use or disclose the information for this new purpose, unless such use or disclosure without consent is permitted by this Policy or otherwise permitted or required by law.
Clarity of Purposes. To be meaningful, the identified purposes must be stated in such a manner that the Individual can reasonably understand how the Personal Information will be used or disclosed.
3.2 - Direct or Indirect Collection
Direct Collection. When collecting Personal Information directly from an Individual, GlobalTill personnel must explain the identified purposes to the applicable Individual.
Indirect Collection. When collecting Personal Information indirectly, that is, from a third party instead of the Individual, GlobalTill must either:
- (i) have previously explained the identified purpose to the Individual and directly obtained their consent to the collection of Personal Information from a third party for that purpose; or
- (ii) be satisfied that the third party organization has obtained the informed consent of the Individual – which requires that GlobalTill do the following:
- (A) provide the third party with sufficient information regarding the purpose of the collection so that the third party can determine whether the disclosure would be in accordance with applicable legislation; and
- (B) obtain a representation from the third party that either: (1) it has obtained the consent of the Individual for the collection, use and disclosure of the Personal Information by GlobalTill for the above purpose; or (2) the consent of the Individual is not required by law.
3.3 - Notice Regarding Foreign Transfers
Foreign Transfer Notice. Subject to 3.3(b), to the extent that GlobalTill transfers, uses or retains Personal Information outside of Canada, GlobalTill will ensure that the applicable Individual is notified about that foreign transfer, use or retention arrangement. In giving such a notice, GlobalTill will state:
- (i) the applicable foreign country (or countries);
- (ii) that the Personal Information will be subject to the laws of the country in which it is retained or used, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country;
- (iii) how the Individual may obtain access to written information about GlobalTill’s policies and practices with respect to GlobalTill service providers outside Canada; and
- (iv) the name or title of a person who is able to answer on behalf of GlobalTill the Individual’s questions about the collection, use, disclosure or storage of Personal Information by GlobalTill service providers outside Canada.
Exception to Notice. If GlobalTill is not required under this Policy or Privacy Laws to notify or obtain the consent of an Individual in connection with the use or disclosure of their Personal Information, then GlobalTill is not required to give the notice about foreign transfer, use or retention described above.
4 - OBTAINING CONSENT
4.1 - When to Seek Consent
Consent. Generally, the knowledge and consent of the Individual are required for the collection, use, or disclosure of Personal Information by GlobalTill, except as discussed under Section 4.3 (Withdrawal of Consent) and 4.4 (Exceptions to Knowledge and/or Consent).
Timing of Consent. Typically, GlobalTill seeks consent for the use or disclosure of Personal Information at the time of its collection. In certain circumstances, consent for the use or disclosure of Personal Information may be sought after that information has been collected, but before it is used or disclosed (for example, when GlobalTill wants to use Personal Information for a purpose not previously identified to the Individual).
No Tied Consent. GlobalTill will not require an Individual to consent to the collection, use, or disclosure of Personal Information in order to receive any information, goods or service unless that Personal Information is required for a related purpose that is legitimate and identified to the Individual. For example, GlobalTill will not require an Individual to consent to receive marketing emails from GlobalTill in order to inquire about GlobalTill products.
Qualified Consent. An Individual can make their consent subject to reasonable terms, conditions or qualifications that are established, set, approved by or otherwise acceptable to the Individual.
4.2 - Express or Implied Consent
Types of Consent. Consent can be either “express” or “implied” and can be provided directly by the Individual or by an authorized representative. “Express” consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of GlobalTill. “Implied” consent is consent that can reasonably be inferred from an Individual’s action or inaction.
Determining Type of Consent. Generally, GlobalTill will obtain the express consent of Individuals; however, GlobalTill may rely on implied consent in appropriate circumstances. In determining the form of consent (i.e. whether express or implied), GlobalTill takes into account:
- (i) the sensitivity of the Personal Information involved – GlobalTill seeks express consent when the Personal Information is likely to be considered sensitive; and
- (ii) the reasonable expectations of the Individual.
Format of Consent. GlobalTill may seek consent in various ways, depending on the circumstances and the type of information collected, including, for example, using a paper form, online check-box, or collecting oral consent. Oral consent should be documented in an appropriate manner.
4.3 - Withdrawal of Consent
An Individual may withdraw their consent at any time, on reasonable notice, subject to legal or contractual restrictions. When an Individual seeks to withdraw their consent, GlobalTill will inform the Individual of the implications of such withdrawal. For example, withdrawing consent for GlobalTill to collect, use or disclose Personal Information could mean that an Individual may forfeit certain services or information.
4.4 - Exceptions to Knowledge and/or Consent
GlobalTill Employees. Generally, GlobalTill is not required to obtain the consent of an Employee in connection with the collection, use or disclosure of Employee Personal Information for employment purposes – namely, establishing, managing or terminating an employment relationship between GlobalTill and the Employee. However, GlobalTill must give prior notice to the Employee of the collection, use and disclosure of the Employee’s Personal Information for such employment purposes.
Other Exceptions. Privacy Laws and other legislation set out specific circumstances under which GlobalTill may collect, use, or disclose Personal Information without the knowledge or consent of the Individual. Schedule “B” sets out a sample of the circumstances likely to apply to GlobalTill, wherein GlobalTill may collect, use, or disclose Personal Information without knowledge or consent.
5 - LIMITING COLLECTION, USE, DISCLOSURE AND RETENTION
5.1 - Limiting Collection
Necessity. GlobalTill only collects Personal Information if it is necessary to fulfil identified purposes.
Reasonableness. GlobalTill only collects Personal Information that a reasonable person would consider appropriate in the circumstances.
Fair/Lawful. GlobalTill collects Personal Information by fair and lawful means.
5.2 - Limiting Use and Disclosure
Purposes for Use/Disclosure. GlobalTill only uses or discloses Personal Information for identified purposes, except (i) with the consent of the Individual, or (ii) as permitted or required by applicable law.
Specific Disclosure Purposes. GlobalTill may disclose Personal Information to the persons and for the purposes set out in Schedule “A”.
5.3 - Access by GlobalTill Personnel
Only GlobalTill personnel whose duties reasonably require access to Personal Information in order to fulfill the identified purposes are granted access to Personal Information.
5.4 - Transfers or Disclosures of Personal Information
GlobalTill Affiliates. Any sharing of Personal Information by GlobalTill with any affiliate of GlobalTill is considered to be done at arm’s length, and is either a disclosure or a transfer under this Policy.
Transfer Agreements. GlobalTill shall only transfer or disclose Personal Information to a third party subject to a written agreement that imposes requirements on that third party that are substantially similar to this Policy (or that require compliance with this Policy), including:
- (i) requiring the Personal Information to be treated as confidential;
- (ii) stating the purposes for use and disclosure of Personal Information; and
- (iii) requiring the consent of GlobalTill or the Individual for any transfer or disclosure of Personal Information to third parties.
No Transfer if Privacy Risk. Notwithstanding such an agreement, if GlobalTill is of the opinion that the third party will not provide the foregoing protections (or if the third party will transmit or retain the Personal Information in a jurisdiction whose laws conflict with or impede the Privacy Laws), GlobalTill shall not transfer such Personal Information to that third party.
5.5 - Transfers to Foreign Service Providers
Foreign Transfer Notice. GlobalTill may use a service provider outside of Canada (which may include a GlobalTill affiliate) to collect, use, disclose or store Personal Information on behalf of GlobalTill. To support the notice required under Section 3.3 (Notice Regarding Foreign Transfers), GlobalTill will identify foreign service provider arrangements in Schedule “D” of this Policy.
Purpose and Location of Foreign Service Providers. The Privacy Officer shall ensure that Schedule “D” is kept up to date.
5.6 - Retention of Personal Information
Location. GlobalTill retains Personal Information at [•] [NTD: GlobalTill to describe the location(s) of Personal Information.]
Service Providers. GlobalTill’s other service providers may, from time to time, also hold Personal Information on behalf of GlobalTill. GlobalTill shall ensure that all Personal Information is retained by all service providers (including GlobalTill affiliates) in accordance with Section 3.3(a) (Foreign Transfer Notice) and Section 5.4 (Transfers or Disclosures of Personal Information).
Foreign Retention Privacy Risk. GlobalTill shall not retain Personal Information in any jurisdiction whose laws conflict with or impede the Privacy Laws.
Retention Period. GlobalTill keeps Personal Information:
- (i) only as long as necessary or relevant for the identified purposes;
- (ii) as required by law [(see GlobalTill’s record retention policy)];
- (iii) if the Personal Information has been used to make a decision about an Individual, long enough to allow the Individual access to the information for a reasonable period of time after the decision has been made, and in any case, for at least one year after such decision has been made; and
- (iv) if the Personal Information is the subject of a request from an Individual, for as long as is necessary to allow the Individual to exhaust any recourse under Privacy Laws.
Timing of Destruction. When Personal Information is no longer needed pursuant to Section 5.6(d) (Retention Period), it is securely destroyed according to Section 7.2 (Secure Destruction).
6 - ACCURACY
Accuracy Standard. Personal Information used by GlobalTill is kept accurate, complete and as up-to-date as reasonably possible:
- (i) for consumers, GlobalTill requires each Individual to ensure that the Personal Information that they have provided to GlobalTill is accurate and remains current; and
- (ii) for Employees, GlobalTill requires each Employee to ensure that the Personal Information that they have provided to GlobalTill is accurate and remains current. In addition, Employee Personal Information is periodically updated by third party providers of benefits, pension arrangements and other related Employee services, for the purpose of providing such services to each such Employee.
Updates. GlobalTill does not routinely update Personal Information, unless such a process is necessary to fulfill the purposes for which the information was collected. Personal Information that is used continually, including information that is disclosed to third parties, is generally kept accurate and up-to-date, unless limits to the requirement for accuracy are clearly established (and apparent to any person using the Personal Information).
7 - SAFEGUARDS AND SECURITY
7.1 - General Safeguards and Security
Security Standard. GlobalTill has implemented security safeguards to protect Personal Information, regardless of the format in which it is held, against loss or theft, unauthorized access, collection, disclosure, copying, use, or modification. These security safeguards are appropriate to the sensitivity of the Personal Information, the amount, distribution and format of that information, and the method of storage. A higher level of protection is used to safeguard more sensitive Personal Information.
Security Methods. The methods of protection used include:
- (i) physical measures, for example, locked filing cabinets and restricted access to overall premises;
- (ii) organizational measures, for example, limiting access on a “need-to-know” basis; and
- (iii) technological measures, for example, the use of passwords and encryption.
Security Awareness. GlobalTill makes its Employees and agents aware of the importance of maintaining the confidentiality of Personal Information.
7.2 - Secure Destruction, Deletion or De-Identification
Destruction Standard. Once Personal Information is no longer to be retained pursuant to Section 5.6(d) (Retention of Personal Information), GlobalTill destroys or deletes it, or renders it anonymous.
Destruction Methods. To prevent unauthorized parties from gaining access to Personal Information once it is no longer needed, GlobalTill uses care in destroying, deleting or rendering anonymous any Personal Information. GlobalTill has developed guidelines and implemented procedures to govern such destruction, erasure and anonymization of Personal Information.
- (i) Personal Information in a paper format will be destroyed by cross-cut shredding. Documentation containing Personal Information will not be placed in waste bins, unless that waste is subsequently cross-cut shredded and the information is secure from unauthorized access pending destruction; and
- (ii) Personal Information stored electronically will be destroyed by using secure deletion software or by physically destroying or de-magnetizing electronic storage media.
7.3 - Privacy Breaches
If GlobalTill determines that any incident has occurred (or is reasonably suspected of having occurred) involving the loss of or unauthorized access to or disclosure of Personal Information, GlobalTill may, on its own initiative, notify affected Individuals of this breach of Privacy Laws. The Privacy Officer is to be consulted in advance of any such notice, if possible.
For the province of Alberta, GlobalTill must notify the Alberta Privacy Commissioner of certain breaches of the Privacy Laws of Alberta. This notice requirement arises if Personal Information in GlobalTill’s custody or control that was collected, used or retained in Alberta is lost or subject to unauthorized access or disclosure, resulting in circumstances in which a reasonable person would consider that there exists a real risk of significant harm to an Individual. The written notice to the Alberta Privacy Commissioner must be made without unreasonable delay, and must state the following:
- (i) a description of the circumstances of the loss or unauthorized access or disclosure;
- (ii) the date on which (or time period during which) the loss or unauthorized access or disclosure occurred;
- (iii) a description of the Personal Information involved in the loss or unauthorized access or disclosure;
- (iv) an assessment of the risk of harm to Individuals as a result of the loss or unauthorized access or disclosure;
- (v) an estimate of the number of Individuals to whom there is a real risk of significant harm as a result of the loss or unauthorized access or disclosure;
- (vi) a description of any steps GlobalTill has taken to reduce the risk of harm to Individuals; and
- (vii) a description of and contact information for a person who can answer, on behalf of GlobalTill, the Alberta Privacy Commissioner’s questions about the loss or unauthorized access or disclosure.
- The Alberta Privacy Commissioner may thereafter require GlobalTill to notify affected Individuals if it determines that there is a real risk of significant harm as a result of the loss, unauthorized access or disclosure of Personal Information. If GlobalTill is required by the Alberta Privacy Commissioner to notify affected Individuals, the notice must be given directly to the Individuals (other than where the Commissioner determines that direct notification would be unreasonable in the circumstances), and must include: (1) description of the circumstances of the loss or unauthorized access or disclosure; (2) the date on which or time period during which the loss or unauthorized access or disclosure occurred; (3) a description of the Personal Information involved in the loss or unauthorized access or disclosure; (4) a description of any steps GlobalTill has taken to reduce the risk of harm, and (5) contact information for a person who can answer, on behalf of GlobalTill, questions about the loss or unauthorized access or disclosure.
For all other provinces and territories (and if the breach occurs in relation to cross-border or international transfers of Personal Information), if Personal Information in GlobalTill’s custody or control is lost, subject to unauthorized access or to unauthorized disclosure resulting from a breach of GlobalTill’s security safeguards (or from a failure to establish appropriate safeguards) (a “Privacy Breach”), GlobalTill will assess whether to notify the affected Individuals based on the circumstances.
8 - OPENNESS
Openness Standard. GlobalTill makes information about this Policy, and other policies and practices relating to the management of Personal Information, readily available to Individuals. It does so in a form that is generally understandable.
Openness Methods. Information that is made readily available includes:
- (i) the name or title and the address of the Privacy Officer, and how to submit inquiries or complaints with respect to GlobalTill’s treatment of Personal Information;
- (ii) the means of gaining access to Personal Information held by GlobalTill;
- (iii) a description of the type of Personal Information held by GlobalTill, including a general account of its use;
- (iv) what Personal Information is made available to other organizations, the identity of those organizations, and for what purposes those organizations will use or disclose such Personal Information; and
- (v) on the GlobalTill Website, a privacy statement that explains GlobalTill’s privacy policies and standards.
9 - INDIVIDUAL ACCESS AND CORRECTION
9.1 - Request for Details Concerning Personal Information Holdings
GlobalTill will respond to any written request from an Individual for information about the following (except if GlobalTill is entitled to refuse to provide this information, per Section 9.8 (Refusing Access)):
- (i) the existence of any of their Personal Information in the possession or control of GlobalTill;
- (ii) the source of that Personal Information;
- (iii) the uses to which the Personal Information has been put; and
- (iv) any disclosures of that Personal Information (which can take the form of a list of the organizations to which GlobalTill has, or may have, disclosed such Individual’s Personal Information).
9.2 - Request for Access to Personal Information
GlobalTill will respond to any written request from an Individual for access to their Personal Information in GlobalTill’s possession or control. In responding, GlobalTill will provide that Individual with access to their Personal Information (except if GlobalTill is entitled to refuse to provide this information, per Section 9.8 (Refusing Access).
9.3 - Request for Correction
Request. GlobalTill will respond to any written request from an Individual for the correction of Personal Information in GlobalTill’s possession or control. GlobalTill will notify the Individual of its decision to correct or refusal to correct the Personal Information and will include the reasons for the refusal. In responding, GlobalTill will provide that Individual with a process for expressing any concern about the accuracy and completeness of the Personal Information. See Section 10 (Challenging Compliance).
Correction. If an Individual successfully demonstrates the inaccuracy or incompleteness of Personal Information, GlobalTill will amend the Personal Information as required as soon as reasonably possible. Where reasonably appropriate, GlobalTill will transmit the amended information to third parties having access to the Personal Information in question.
9.4 - Duty to Assist
Assistance. Where an Individual informs GlobalTill that they require assistance in making any of the above requests, GlobalTill will provide that Individual with assistance.
Explanation of Records. GlobalTill will make the requested information available in a form that is generally understandable, and will include an explanation of any terminology, abbreviations or codes.
Accommodation. A person with a form of sensory disability has the right to access Personal Information in an alternative format if the information is available in that format or its conversion is reasonable and necessary.
9.5 - Verifying Identity
Identity Verification Standard. GlobalTill shall only disclose Personal Information or details concerning Personal Information to an Individual who can reasonably demonstrate to GlobalTill that they are the subject of the Personal Information.
Collection of Identity Information. GlobalTill may require an Individual to provide sufficient information to permit GlobalTill to respond to a request under this Section 9, and shall use and disclose any additional information provided by the Individual only for the purposes of fulfilling the Individual’s request.
9.6 - Time to Respond to a Request
GlobalTill will respond to any request by an Individual under this Section 9 not later than thirty (30) days after receipt of a written request. Notwithstanding the foregoing, where:
- (i) a large amount of Personal Information is requested or must be searched and meeting the time limit would unreasonably interfere with the operations of GlobalTill;
- (ii) the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet; or
- (iii) additional time is required to convert the Personal Information into an alternative format that has been requested by the Individual,
then GlobalTill shall send a notice (the “Notice of Time Extension”) to the Individual before the expiry of the initial thirty (30) day period, advising them of the new time limit (which shall be no more than an additional thirty (30) day period) the reasons for extending the time limit, and their right to make a complaint to the Privacy Commissioner in respect of the extension.
9.7 - Cost Recovery
GlobalTill will generally respond to a request by an Individual seeking access to their Personal Information at no cost to the Individual; provided that:
- (i) GlobalTill will always respond to a request by an Employee at no cost to that Employee; and
- (ii) in the case of a request that involves producing a significant volume of records, or that requires extensive search time by GlobalTill personnel, GlobalTill may recover its reasonable costs.
9.8 - Refusing Access
Discretion to Refuse. Notwithstanding the foregoing (and subject to Section 9.9 (Severance)), GlobalTill has the discretion to deny access to Personal Information if the information:
- (i) is protected by solicitor-client privilege;
- (ii) would reveal confidential commercial information that has the potential in the opinion of a reasonable person to harm the competitive position of GlobalTill;
- (iii) was collected without the knowledge and consent of the Individual (as collection with knowledge and consent would have compromised the availability or the accuracy of the Personal Information, and the collection was reasonable for purposes relating to investigating the breach of an agreement or a contravention of the laws of Canada or a province); or
- (iv) was generated in the course of a formal dispute resolution process, including a process between GlobalTill and the Individual,
- however, if the Personal Information requested by the Individual is needed because the life, health or security of any Individual (who may or may not be the requesting Individual) is threatened, then GlobalTill will provide access to such Personal Information.
Mandatory Refusal. Notwithstanding the foregoing (and subject to Section 9.9 (Severance)), GlobalTill must always deny access to Personal Information if:
- (i) the information could reasonably be expected to threaten the safety or physical or mental health of an Individual other than the Individual who made the request;
- (ii) the information could reasonably be expected to cause immediate or grave harm to the safety or physical or mental health of the Individual who made the request;
- (iii) the information would reveal Personal Information about another Individual (unless (1) that other Individual consents to such access, or (2) the information is needed because the life, health or security of an Individual (who may or may not be the requesting Individual) is threatened) – but provided that GlobalTill mails a notice of the disclosure to the last known address of that other Individual; or
- (iv) the information would reveal the identity of an Individual who has provided Personal Information about another Individual and the Individual providing the Personal Information does not consent to the disclosure of their identity.
9.9 - Severance
Notwithstanding Section 9.8 (Refusing Access), if GlobalTill is able to remove the information listed in Section 9.8(a)(ii) (Discretion to Refuse) or Section 9.8(b) (Mandatory Refusal) from a document or record that contains Personal Information about the Individual who requested it, GlobalTill must provide the Individual with access to the Personal Information after the information referred to above has been removed.
9.10 - Notice of Refusal
Notice Contents. Where GlobalTill refuses a request from an Individual under this Section 9, GlobalTill will notify that Individual of (i) the reasons for refusing the request, (ii) the contact information of the Privacy Officer, and (iii) that the Individual may complain to the Privacy Commissioner about GlobalTill’s handling of the request.
Disclosures to Government. If the Individual’s request is about any disclosure of their Personal Information to a government institution, the Privacy Officer shall be informed, and GlobalTill shall not respond to such request until the Privacy Officer has determined whether GlobalTill must notify the government institution under Privacy Laws.
10 - CHALLENGING COMPLIANCE
Openness to Complaints. GlobalTill informs Individuals who make inquiries or lodge concerns or complaints of the existence of these complaint procedures.
Investigation of Complaints. GlobalTill investigates all concerns and complaints pursuant to these complaint procedures unless the Privacy Officer determines that there is sufficient cause to handle the concern or complaint in another manner.
Complaint Procedure. GlobalTill’s complaint procedures are as follows:
- (i) GlobalTill encourages (but does not require) Individuals to submit complaints or inquiries in writing;
- (ii) all privacy concerns and complaints are to be forwarded to the Privacy Officer upon receipt;
- (iii) the Privacy Officer will complete the investigation of any concerns or complaints in a reasonable period of time;
- (iv) if the Privacy Officer concludes that a concern or complaint is justified, the Privacy Officer will ensure that GlobalTill takes appropriate measures to address the concern or complaint, including, if necessary, amending its policies and practices;
- (v) the Privacy Officer will inform each Individual:
- (A) of the outcome of the investigation regarding their concern or complaint; and
- (B) that if the Individual is not satisfied, the Individual may request that GlobalTill include a description of the unresolved complaint with the relevant records about the Individual;
- (vi) if a concern or complaint is not resolved to the satisfaction of the Individual and the Individual expresses this to GlobalTill, GlobalTill will:
- (A) record the substance of the unresolved concern or complaint with the relevant records about the Individual; and
- (B) where appropriate, transmit the existence of the unresolved concern or complaint to third parties having access to the Personal Information in question.
Schedule A - PURPOSES
A - Collection & Use
1 - Individuals (Other than Employees)
GlobalTill collects Personal Information in respect of Individuals (other than Employees) from the persons and for the purposes set out below: [NTD: GlobalTill to advise as to any additional Collection & Use circumstances.]
from Individuals as part of the provision of our services and products;
from Individuals to respond to their requests, complaints or inquiries;
from Individuals to advise them about new programs and services that may be of interest to them or to their organizations;
from Individuals to collect their opinions and comments in regard to GlobalTill’s services and products;
from Individuals using specific functions of the GlobalTill Website for the purposes of administering those specific functions of that Website for which the Personal Information was collected, as such purposes are identified to such Individuals;
from Individuals for the purposes of statistical research and demographic analysis;
from Individuals for the purposes of investigating legal claims;
from Individuals and other third parties, such Personal Information, and for such purposes, as an Individual may otherwise consent from time to time; and
as otherwise required or permitted by law.
2 - Employees
GlobalTill collects Personal Information in respect of Employees from the persons and for the purposes set out below: [NTD: GlobalTill to advise as to any additional Collection & Use circumstances.]
from Employees for the purpose of recruitment for positions at GlobalTill;
from Employees for the purpose of the administration of GlobalTill policies and procedures regarding the training, retention and evaluation of Employees;
from Employees for the purposes of building relationships, including coaching, mentoring and development;
from Employees for the purposes of managing productivity, including making accommodations and allowances;
from Employees for the purposes of statistical research;
from Employees to organize future events involving their participation;
from Employees for the purpose of addressing Employee concerns and complaints;
from Employees in the form of invoices, receipts and travel information for the purpose of refunding the expenses incurred by the Employees as a result of their employment with GlobalTill;
from Employees to administer the physical security of the various access points at each of GlobalTill’s facilities, through the collection of Personal Information in the form of images of the Employee captured on the security video surveillance system, in accordance with GlobalTill policies and procedures regarding same;
from Employees and third party providers of benefits, pension arrangements and insurance and other related Employee services, for the purpose of providing compensation and such services and fulfilling taxation requirements in respect of same;
from Employees for the purpose of assisting in the administration of health care for Employees who become ill or injured while working at GlobalTill;
from Employees to comply with other requirements imposed by law, including without limitation collecting personal information as required by applicable workplace insurance and safety legislation and occupational health and safety legislation;
such other collections and uses of Personal Information from such persons and for such purposes for which GlobalTill may obtain consent from time to time; and
as otherwise required or permitted by law.
B - Disclosure
1 - Individuals (Other than Employees)
GlobalTill discloses Personal Information in respect of Individuals (other than Employees) to the persons and for the purposes set out below:
to third parties, such Personal Information, and for such purposes, as an Individual may otherwise consent from time to time; and
as otherwise required or permitted by law.
2 - Employees
GlobalTill discloses Personal Information in respect of Employees to the persons and for the purposes set out below:
to credit bureaus for the purposes of reviewing or updating the credit or other rating of Employees;
to third party service providers for the purpose of administering group benefits and pension plans, including stock option and similar incentive plans, for GlobalTill Employees;
to third party service providers and financial institutions to administer payroll for Employees;
to directors and other Employees for the purpose of the administration of GlobalTill’s operations;
to legal and accounting service providers for the purpose of providing services to GlobalTill;
to medical practitioners for the purpose of administering health care to Employees who become ill or injured while working at GlobalTill;
to third party service providers to process Employee disability or injury claims;
to marketing and research agencies for the purpose of surveys;
to a potential acquiror in connection with a transaction involving the sale of the business of GlobalTill;
such other disclosures of Personal Information to such persons and for such purposes for which GlobalTill may obtain consent from time to time; and
as otherwise required or permitted by law.
Schedule B - Examples of Exceptions to Consent Requirement for Collection, Use and Disclosure
The following is a sample of the circumstances that may apply to GlobalTill, in which GlobalTill may, without knowledge or consent collect, use and disclose Personal Information.
This is not an exhaustive list of such circumstances, and upon request the Privacy Officer can describe other circumstances where GlobalTill is permitted by law, without knowledge and consent, to collect, use or disclose Personal Information.
collect Personal Information:
- (i) where the collection is clearly in the interests of the Individual and consent cannot be obtained in a timely way; or
- (ii) where it would be reasonable to expect that the collection with the knowledge and consent of the Individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
use Personal Information:
- (i) where the information was collected in accordance with paragraphs (a)(i) or (ii) above;
- (ii) where GlobalTill becomes aware of information it has reasonable grounds to believe could be useful in investigating or preventing a contravention of the laws of Canada, a province, or another country, that has been, is being, or is about to be committed, the use with consent would compromise the investigation and the information is used to investigate that contravention; or
- (iii) where the information is used to act in an emergency that threatens the life, health or security of an Individual.
disclose Personal Information:
- (i) to another organization if reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the Individual would compromise the investigation;
- (ii) to another organization if reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the Individual would compromise the ability to prevent, detect or suppress the fraud;
- (iii) to a person who needs the information because of an emergency that threatens the life, health or security of an Individual and, if the Individual whom the information is about is alive, GlobalTill informs that Individual in writing without delay of the disclosure; and
- (iv) where the disclosure is required by law.
Schedule C - Publicly Available Information Exceptions for Applicable Jurisdictions
This Policy does not impose limits on the collection, use or disclosure by GlobalTill of the following publicly available information within the following jurisdictions:
1 - Federal - Personal Information Protection and Electronic Documents Act
Personal Information that is an Individual’s name, address, telephone number and e-mail address, when (i) listed in a public directory (where the Individual can refuse to have the Personal Information appear in the directory); (ii) available in a publication, in printed or electronic form, that is available to the public; or (iii) where the Individual has provided the information appearing in:
a professional or business directory, listing or notice;
a registry collected under a statutory authority and to which a right of public access is authorized by law; or
a record or document of a judicial or quasi-judicial body,
in which case the collection, use and disclosure of the Personal Information must relate directly to the purpose for which the information appears in, as applicable, the directory, listing or notice; the registry; or the record or document.
2 - Alberta - Personal Information Protection Act
Personal Information that is:
contained in a telephone directory but only if:
- (i) the information consists of the name, address and telephone number of a subscriber to the directory;
- (ii) the directory is available to the public; and
- (iii) the subscriber can refuse to have the personal information appear in the directory;
contained in a professional or business directory, listing or notice, including, but not limited to, the name, title, address, telephone number and e-mail address of an Individual, but only if:
- (i) the directory, listing or notice is available to the public; and
- (ii) the collection, use or disclosure of the personal information relates directly to the purpose for which the information appears in the directory, listing or notice;
- (iii) contained in a registry that is:
- (A) a Government registry; or
- (B) a non-governmental registry,
- but only if the collection, use or disclosure of the information relates directly to the purpose for which the information appears in the registry and that purpose is an established purpose of the registry;
- (iv) contained in a record of a quasi-judicial body but only if:
- (A) the record is available to the public; and
- (B) the collection, use or disclosure of the information relates directly to the purpose for which the information appears in the record;
- (v) contained in a publication, including, but not limited to, a magazine, book or newspaper, whether in printed or electronic form, but only if:
- (A) the publication is available to the public; and
- (B) it is reasonable to assume that the Individual that the information is about provided that information;
- (vi) under the control of an organization and that has been collected from outside of Alberta, that if collected within Alberta would have been collected under the authority of clause (i), (ii), (iii), (iv) or (v).
Schedule D - Purpose and Location of Foreign Service Providers
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109-5210
List of data sub processors
101 Main Street, Cambridge, MA 02142, USA
84codes AB Sveavägen 98, 113 50 Stockholm, reg. no. 556898-0782, Sweden
55 Second Street, Suite 400
San Francisco, CA 94105
185 Berry Street, Suite 550
San Francisco, CA 94107