Introduction
1. This
Employee Privacy Policy Statement (the “Privacy Policy”) contains the
policies, procedures and practices to be followed by MadWall Inc. and
any of its present or future subsidiaries (the “Company”) pertaining to
the collection, use and disclosure of personal information (the
“Personal Information”) of an identifiable person (the “Individual”)
that is a present, future or former employee of the Company.
2. The Company recognizes the confidential
nature of the Personal Information in its care and is accountable for
the compliance of itself and its directors, officers, management,
employees, representatives and agents including consultants and
independent contractors (the “Staff”) in protecting this Personal
Information.
3. For the purpose of this Privacy Policy, the term
“Personal Information” has the meaning of any information or collection
of information in any form, whether oral, electronic or written that
pertains to the Individual excluding information that is publicly
available in its entirety. Personal Information will also include any
publicly available information that is combined with non-publicly available information.
4.
Personal Information includes but is not limited to name, home address,
home phone number, home email address, identity verification
information, Social Insurance Number, physical description, age, gender,
salary, education, professional designation, personal hobbies and
activities, medical history, employment history, credit history,
contents of resume, references, interview notes, performance review
notes and emergency contact information.
5. Personal Information will not include the Individual's business title, and business address
and contact information when used or disclosed for the purposes of reasonable business
communication.
6.
The Company will implement policies and procedures that give effect to
this Privacy Policy including procedures to protect and secure Personal
Information, procedures to receive, investigate and resolve complaints,
procedures to ensure adequate training of the Staff concerning the
Company's privacy policies, and procedures to distribute new and current information pertaining to the Company's Privacy Policy.
Corporate Privacy Policy
7. The Company and the Staff will at all times respect the confidentiality of the Personal
Information
placed in its care. The Company will endeavor to ensure that the
policies affecting the collection, storage and disclosure of Personal
Information reflect the confidential nature of the information.
8.
The Company will comply with all applicable privacy legislation and
regulations in force now and in the future related to protecting the
confidentiality of Personal Information.
Purposes for which Personal Information is Collected
9.
Personal Information will be collected, used and disclosed for purposes
pertaining to the Individual's employment relationship with the
Company, including but not limited to the administration of employee
hiring, performance reviews, the administration of employee payroll,
processing of employee benefit claims, and for the purpose of complying
with all applicable labor and employment legislation.
10. The
purposes for collecting Personal Information will be documented by the
Company. Personal Information will only be used for the stated purpose
or purposes for which it was originally collected. The purposes for
which Personal Information is being collected
will be identified
orally or in writing to the Individual before it is collected. The
person collecting the information will be able to explain the purpose at
the time that the information is collected.
11. The Company may use
Personal Information for a purpose other than the originally stated
purpose where the new purpose is required by law or where the Company
has obtained consent in writing from the affected Individual for each
new purpose. Knowledge and Consent.
12. Knowledge and consent is
required from the affected Individual for the collection, use and
disclosure of all Personal Information subject to exceptions noted
elsewhere in the Privacy Policy statement. Users of the MadWall App,
through acceptance of the Terms and Conditions, shall have consented to
the collection, use, disclosure and retention of personal information by
and between MadWall and third-party clients for the strict purposes
required in order for you to be employed by MadWall and provide
temporary work for clients (which shall include but not be limited to
all purposes specifically listed herein) and shall have accepted the
within Policy.
13. Consent will not be obtained through deception or misrepresentation.
14. Any use or disclosure of Personal Information will be within the reasonable expectations of the Individual.
15. Subject to legal and contractual obligations, an Individual may withdraw their consent on reasonable notice.
Legislation and Regulation
16.
Where the Company has Individuals living and working in different
jurisdictions the specific rights and obligations of Individuals may
vary between jurisdictions.
17. The Company is subject to the privacy
legislation in all jurisdictions in which the Company operates. If any
term, covenant, condition or provision of this Privacy Policy is held by
a court of competent jurisdiction to be invalid, void or unenforceable,
it is the intent of this Privacy Policy that the scope of the rights
and obligations of the PrivacyPolicy be reduced only for the affected
jurisdiction and only to the extent deemed necessary under the laws of
the local jurisdiction to render the provision reasonable and
enforceable and the remainder of the provisions of the Privacy Policy
statement will in no way be affected, impaired or invalidated as a
result.
18. Where this Privacy Policy provides greater rights and
protections to the Individual than the available governing law, the
terms of this Privacy Policy will prevail wherever allowed by law.
Scope and Application
19.
The rights and obligations described in this Privacy Policy will apply
to all Individuals. The Company and the Staff must comply with the
policies, procedures and practices described in the Privacy Policy.
Collection of Personal Information
20. The type and amount of
Personal Information collected by the Company will be limited to the
minimum necessary to accomplish reasonable business purposes. Personal
Information will not be collected maliciously, indiscriminately or
without a reasonable business purpose.
21. Personal Information will be collected using fair and lawful means. Access by Authorized Company Representatives
22.
All Personal Information will be released internally only on a
need-to-know basis. In the course of normal and reasonable business
practices it is the policy of the Company to grant designated Company
representatives access to Personal Information files. This access will
not exceed that necessary to accomplish the specific business function
of the Company representative nor the purpose for which the information
was originally collected.
Accuracy of Personal Information
23.
The Company will endeavor to ensure that all Personal Information
collected is accurate and validated using reasonable business practices
and procedures. The Company is also committed to ensuring that the
Personal Information remains accurate for the purpose for which it was
collected.
Rights of Access and Correction
24.
The Company will make reasonable efforts to ensure that Personal
Information is at all times complete and accurate for its stated
purpose.
25. An Individual may apply for access to their Personal
Information by submitting a request in writing along with adequate proof
of identity to an authorized personnel officer. Where the application
is made in person the requirement for proof of identity will be at the
discretion of the personnel officer. The Individual will be provided
with a copy of all available information that is not subject to
restriction as described in this Privacy Policy.
The Company may
elect to provide sensitive medical information (the “Medical
Information”) through a licensed medical practitioner. All Personal
Information and Medical Information will be provided at no cost or at a
minimal cost that is not prohibitive.
26. The Company will also
provide a specific summary of how the Personal Information has been used
and to whom it has been disclosed. Where a detailed account of
disclosure is not available, the Company will provide a list of
organizations to which the Personal Information may have been disclosed.
27.
The Personal Information disclosed to an Individual must be in a form
that is reasonable and understandable. Where the meaning of information
is not clear then translations and explanations will be provided without
additional cost.
28. Where an Individual suspects that an error
exists in their Personal Information, the Individual may submit a
request in writing for correction. This request should include any
relevant information substantiating the error and should describe the
correction to be made. The Company will make all reasonable efforts to
address any request for correction.
29. Where the Individual
successfully demonstrates an error in their Personal Information the
Company will make appropriate corrections. Any modifications, additions
or deletions to the Individual's Personal Information will be made only
by an authorized personnel officer.
30. Where a request for
correction is not successful, the details and substantiating evidence of
the request will be recorded and retained by the Company.
31. The
Company will endeavor to respond promptly to any reasonable request for
disclosure and correction made by an Individual to ensure the continued
accuracy of Personal Information.
32. In some instances the Company
may be required to limit access to Personal Information because of
statutory or regulatory requirements. In all instances however the
Company will make all reasonable efforts to comply with the Individual's
request for access and correction to the extent of what is allowed by
statute or regulation.
33. The Company may refuse access to portions
of the Personal Information of an Individual where it is found to
contain Personal Information pertaining to another Individual.
Use and Disclosure of Personal Information
34.
The Company and the Staff will keep confidential all Personal
Information in its control except where one or more of the following
conditions apply:
- where the Individual who is the subject of disclosure has provided written consent;
- where the disclosure is in accord with the purposes for which the Personal Information was originally collected;
- where
the disclosure is for the purpose of providing employment references to
prospective employers and where the Personal Information disclosed is
limited to information considered reasonably necessary for the purpose
of providing
employment references; - where the Company is permitted or required to do so by applicable legislation or regulation;
- where the disclosure is directed to health benefit providers and where the purpose
of the disclosure is in accord with the purposes for which the Personal
Information was originally collected; - where the disclosure is required by authorized government representatives who
are acting to enforce any federal, provincial or territorial law or carrying out an
investigation relating to the enforcement of any federal, provincial or territorial
law or gathering information for the purpose of enforcing any federal, provincial
or territorial law; - where the Company is required to comply with valid court orders, warrants or
subpoenas or other valid legal processes and - in an emergency to protect the physical safety of any person or group of persons.
Disclosure Log
35.
The Company will take reasonable care to maintain a disclosure
transaction log that accurately records all use, corrections, additions,
deletions and disclosures including the names of all parties enabling
the transaction. Where the Personal Information of the Individual is
disclosed to any person or organization, the name of the person or
organization to which the Personal Information is disclosed will be
recorded along with a reasonably thorough description of the purpose of
the disclosure.
Medical Information
36.
Where Medical Information is collected pertaining to an Individual, the
Company will store and secure all Medical Information with a greater
level of protection and in a separate location from Personal
Information. Access to Medical Information will be restricted to Company
personnel (the “Medical Information Personnel”) specifically selected
for this task. The Company will take all reasonable care in selecting
the Medical Information Personnel recognizing the extreme sensitivity
and confidentiality of all Medical Information.
37. In all cases, any
disclosure of Medical Information by the Company to any third party or
agency will require the written consent of the affected Individual for
each instance.
Confidentiality of Drug and Alcohol Results
38.
Any documentation collected by the Company related to drug or alcohol
impairment test results, which testing shall only occur in accordance
with applicable employment laws, will remain strictly confidential and
will be stored and secured in a separate location from Personal
Information and will be safeguarded with a greater level of protection.
39. Any documentation collected by the Company related to drug or alcohol impairment test results may not be disclosed except:
- to the Individual or any other person designated in writing by the Individual;
- to the Company employee designated to evaluate these test results and
- as ordered by any government agency authorized by law or any court having
jurisdiction.
Ownership of Personal Information
40.
All Personal Information collected by the Company in compliance with
this Privacy Policy are business records of the Company and as such will
remain the property of the Company. The Company has the right to retain
all Personal Information collected subject
to the retention limits described in this Privacy Policy. Retention and Disposal of Personal Information
41.
Any Personal Information collected by the Company will be retained by
the Company during the period of active employment of the Individual as
well as during the post-employment period only as long as the Personal
Information is required to serve itsoriginal purpose or as directed by
applicable legislation or regulation.
42. Personal Information that is no longer needed for its stated purpose will be destroyed, erased or made anonymous.
43.
The Company will ensure that all practices and procedures relating to
the disposal of Personal Information will respect the fundamental policy
of confidentiality. All Personal Information disposal procedures,
including the disposal of computerized data storage devices, will ensure
the complete destruction of Personal Information so that there will be
no risk of subsequent unauthorized disclosure of Personal Information.
Deceased Individuals
44. The rights and protections of the Company's Privacy Policies will extend to deceased Individuals.
Security
45.
The Company will take and enforce all reasonable security measures
appropriate for the sensitivity of the information to ensure that all
Personal Information for every Individual is protected against any form
of unauthorized use including but not limited to accidental or malicious
disclosure, unauthorized access, unauthorized modification,
unauthorized duplication or theft.
46. Methods of security will include but not be limited to the following:
- physical security including locked filing cabinets and secure-access offices;
- organizational security including security clearances and access limited on a “need-to-know” basis and
- technological security including passwords and encryption.
47.
The Company will educate and inform all Staff regarding the Privacy
Policy and related procedures and on the importance of confidentiality
of Personal Information and will monitor compliance with the Privacy
Policy and may observe and investigate the
information management practices of all Staff having care of Personal Information.
Knowledge of Unauthorized Disclosure
48.
Responsibility for the security of Personal Information is a
responsibility that the Company holds in very serious regard. Any Staff
having knowledge of an impending unauthorized disclosure, whether
intentional or unintentional, and who fail to act to prevent the
unauthorized breach will be subject to sanction as described in the
Enforcement section of this document including the immediate dismissal
of the offending Staff.
Enforcement
49.
All Staff having care over Personal Information must comply with the
policies, procedures and practices described in the Privacy Policy. Any
breach of any term or condition of this Privacy Policy, whether
intentional or unintentional, including but not
limited to the
unauthorized disclosure of Personal Information is grounds for
disciplinary action up to and including the immediate dismissal of any
and all responsible Staff. Any breach of any term or condition of this
Privacy Policy, whether intentional or
unintentional, is grounds for dismissal with cause.
Compliance with Privacy Policy
50.
The Company will have a procedure that will allow Individuals to
challenge the Company's compliance with this Privacy Policy. The Company
will also have procedures to promptly respond to Privacy Policy
compliance challenges.
51. The Company will make all reasonable
efforts to investigate and respond to compliance challenges relating to
this Privacy Policy. Where a challenge is well founded the Company will
take action to correct any outstanding problems up to and including
amending the Privacy Policy and related procedures.
Mediation and Arbitration
52.
In the event a dispute arises out of or in connection with this Privacy
Policy, the parties will first attempt to resolve the dispute through
friendly consultation.
53. If the dispute is not resolved within a
reasonable period then any or all outstanding issues may be submitted to
mediation in accordance with any statutory rules of mediation. If
mediation is not successful in resolving the entire dispute or is
unavailable, any outstanding issues will be submitted to final and
binding arbitration in accordance with the laws of the Province of
Ontario. The arbitrator's award will be final, and judgment may be
entered upon it by any court having jurisdiction within the Province of
Ontario.