Privacy Policy
Introduction
Digital Products Limited (hereinafter “DPL”) is committed to fair information practices in relation to its customers and others who access our applications, website, email and support calls.
This Privacy Policy outlines the principles and guidelines by which DPL operates to protect the personal information of its customers and others that we collect, use or disclose in the conduct of our operations.
The objective of DPL is to promote responsible and transparent practices in the management of personal information in accordance with the provisions of the Personal Information, Protection and Electronic Documents Act (hereinafter “PIPEDA”) and any applicable Provincial privacy legislation.
This Privacy Policy incorporates the ten principles of the Canadian Standards Association Model Code On The Protection of Personal Information and the provisions of PIPEDA. These principles are as follows:
Principle 1 – Accountability
Principle 2 – Identifying Purposes
Principle 3 – Consent
Principle 4 – Limiting Collection
Principle 5 – Limiting Use, Disclosure and Retention
Principle 6 – Accuracy
Principle 7 – Safeguards
Principle 8 – Openness
Principle 9 – Individual Access
Principle 10 – Challenging Compliance
Scope of this Policy
For the purposes of this Privacy Policy, “personal information” refers to personal information about a customer or potential customer of DPL or other individuals with whom DPL deals in the conduct of its operations. Personal information of DPL customers includes your name, your address including ZIP or postal code, email address and telephone number.
This Privacy Policy applies to DPL and its affiliates and subsidiaries. Personal information may be transferred between DPL and its affiliates and subsidiaries and may be transferred in connection with a corporate merger, corporate consolidation, the sale of related assets or a corporate division or any other fundamental corporate change.
This Privacy Policy does not apply to personal information about employees of DPL.
DPL’s applications and websites may contain informational links to other websites, sources and industry organizations that may offer products or services that our customers may find useful. In instances where these other sites request personal information from you, the collection, use and disclosure of the personal information will be governed by the privacy policy applicable to that site. This Privacy Policy does not apply to these other sites. DPL does not control the privacy policies, contents or links that appear on these sites. DPL encourages you to review the privacy policies of any third party websites or services before providing your personal information.
Definitions
The following definitions apply in this Privacy Policy:
“Collection” – the gathering, acquiring, recording or obtaining of personal information from any source, including any third parties, by any means.
“Consent” – voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can either be expressed or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Express consent is unequivocal and does not require any inference on the part of DPL. Implied consent is consent that can reasonable be inferred from an individual’s action or inaction.
“Customer” – an individual or organization who obtains or uses, or applies to obtain or use, DPL’s products or services, or a potential customer.
“Disclosure” – making personal information available to a third party who is not DPL or any of its affiliates or subsidiaries.
“Personal Information” – means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
“Third Party” – an individual or organization outside of DPL.
“Use” – the treatment, handling and management of personal information by and within DPL.
Principle 1 – Accountability
DPL is responsible for all personal information under its control and shall designate an individual who is accountable for DPL’s compliance with this Privacy Policy (hereinafter the “Privacy Officer”).
The Privacy Officer is responsible for compliance with this Privacy Policy. Other individuals within DPL may be responsible for the day-to-day collection and processing of personal information. Other individuals within DPL may be delegated to act on behalf of the Privacy Officer.
The identity of the Privacy Officer designated by DPL to oversee compliance with this Privacy Policy shall be made known upon request.
DPL is responsible for personal information in its possession or custody including any information that has been transferred to a third party for processing. DPL shall use contractual or other means to provide a comparable level of protection while the personal information is being processed by a third party.
DPL will implement policies, practices and procedures to give effect to this Privacy Policy including:
- implementing procedures to protect personal information;
- implementing procedures to oversee compliance with this Privacy Policy;
- establishing procedures to receive and respond to complaints and inquiries;
- training staff in connection with DPL’s policies, practices and procedures; and
- developing information to explain DPL’s policies, practices and procedures.
Principle 2 – Identifying Purposes
DPL will identify the purposes for which personal information is collected, used or disclosed at or before the time the information is collected.
DPL collects, uses and discloses personal information for the following purposes:
- DPL collects information from our customers through applications, websites, emails and support calls for the purposes of conducting business with our customers, as well as to analyze and improve DPL’s products and services;
- DPL uses information from our customers to configure products, save preferences, save necessary account information and to keep our customers informed about our products;
- DPL collects personal information from its customers only if the customer voluntarily submits such personal information to DPL;
- DPL will not disclose any personal information collected in relation to its customers to any third party without having received the customer’s permission and consent to do so;
- If customers do not opt out, DPL will use personal information for the marketing of DPL’s products and services including receipt of periodic emails, mailings, ads or telephone calls from DPL with information on new products and services, important issues or alerts about service;
- DPL collects certain technical and routing information from our customers in order to better administer the services our customers procure from DPL, to facilitate the use of applications, websites and related services and to understand and measure traffic patterns on the applications and website;
- DPL uses aggregate, non-identifying statistical data for statistical analysis, marketing or similar promotional services;
- DPL tracks customers’ preferences or activities based on the customers’ use of DPL’s applications or websites including using pixels and retargeting to understand our customers’ behaviour or to follow up with our customers on other websites, including displaying relevant content or advertising to our customers on social media and relevant websites to comply with legal requirements; and
- DPL discloses the information entered by a customer when making a purchase with the appropriate payment processors, financial gateways and credit card companies to authorize credit card payment.
Principle 3 – Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
DPL will obtain the consent of its customers before or when it collects, uses or discloses personal information, except when inappropriate.
DPL will make reasonable efforts when obtaining consent to ensure that individuals understand how DPL will use and disclose the personal information it collects.
All of the circumstances in which DPL may collect, use or disclose personal information without the knowledge or consent of an individual are as specified and permitted by legislation including PIPEDA. Exceptions to the collection, use and disclosure of personal information without the knowledge and consent of the individual are found in Section 7 of PIPEDA and include, inter alia, the following:
- disclosure to a barrister or solicitor (or in Quebec to an advocate or a notary) who is representing DPL;
- disclosure for the purposes of collecting a debt owed by the individual to DPL;
- disclosure to comply with a subpoena, summons, warrant or order made by a court, person or a body with jurisdiction to compel the production of information;
- disclosure to a government institution with lawful authority to request the information;
- disclosure to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as required by section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act;
- disclosure to an investigative body or a government institution where DPL has reasonable grounds to believe that the information relates to a breach of an agreement or a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed or DPL suspects that the information relates to national security, the defence of Canada or the conduct of international affairs;
- disclosure for the purposes of investigating a breach of an agreement or the contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the investigation;
- disclosure for the purposes of detecting, suppressing or preventing fraud;
- disclosure for the purposes of preventing or investigating financial abuse;
- disclosure to identify an injured, ill or deceased individual;
- disclosure in an emergency that threatens the life, health or safety of an individual;
- disclosure of publicly available information; and
- disclosure where required by law.
DPL will use reasonable efforts to ensure that an individual is advised of the identifying purposes for which personal information will be used or disclosed. Purposes will be stated in a manner than can be reasonably understood by the individual.
DPL will seek consent to use and disclose personal information at the same time it collects the information. DPL may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
DPL shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond that required to fulfil the explicitly specified and legitimate purposes.
In determining the form of consent to use, DPL shall take into account the sensitivity of the information in question. DPL recognizes that some information (for example, medical records and income records) is almost always considered to be sensitive.
In obtaining consent, DPL recognizes that the reasonable expectations of the individual are relevant. Consent shall not be obtained through deception.
DPL will seek the express consent of the individual where the information to be collected, used or disclosed is likely to be considered sensitive. Implied consent is appropriate and will be used by DPL where the information is less sensitive. Consent can be given by an authorized representative (such as a legal guardian or a person having a power of attorney).
A customer may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers may contact DPL for more information regarding the implications of withdrawing consent.
Customers who wish to be removed from any postal, email, telephone or other subscription lists may do so by contacting DPL by emailing DPL at support@dplwireless.com, by telephone at 1-800-561-8880 or by using any built-in unsubscribe functionality.
Principle 4 – Limiting Collection
DPL shall limit the collection of personal information to that which is necessary for the purposes identified by DPL. DPL will collect personal information by fair and lawful means. DPL shall not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfil the purposes identified.
Principle 5 – Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained by DPL only as long as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy
DPL will keep personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
DPL will update personal information about customers on an ongoing basis, when necessary to fulfill the purposes identified in this Privacy Policy, or upon notification by the customer or individual.
Principle 7 – Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
DPL’s applications and websites have security measures in place to protect against the loss, misuse and alteration of the personal information under DPL’s control. DPL protects the security of your personal information during transmission by using Transport Layer Security (TLS) software, which encrypts the information you input and send to DPL.
DPL shall make its employees aware of the importance of maintaining the confidentiality of personal information.
DPL shall take all appropriate measures necessary to prevent unauthorized persons or parties from gaining access to the personal information under DPL’s control when it is necessary to dispose of or destroy the personal information.
Principle 8 – Openness
DPL shall make readily available to individuals specific information about DPL’s policies, practices and procedures relating to the management of personal information.
DPL shall be open about its policies, practices and procedures with respect to the management of personal information. Individuals shall be able to acquire information about DPL’s policies, practices and procedures without unreasonable effort. This information shall be made available in a form that is generally understandable.
The information made available shall include:
- the name, title and address of the individual who is accountable for DPL’s policies, practices and procedures and to whom complaints or inquiries can be forwarded;
- the means of gaining access to personal information held by DPL;
- a description of the type of personal information held by DPL, including a general account of its use through availability of this Privacy Policy;
- a copy of any documents that describe DPL’s policies, practices, standards and/or codes; and
- a description of the type of personal information that is made available to related organizations such as affiliates and subsidiaries of DPL.
Principle 9 – Individual Access
Upon written consent and subject to certain exemptions stipulated by law, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended accordingly.
Upon written request, DPL shall inform an individual whether or not DPL holds personal information about the requesting individual. DPL will indicate the source of this personal information, if available. DPL shall make this information available to the requesting individual. Upon written request, DPL shall provide an account of the use that has been made or is being made of this information and an account of the third parties to which the personal information has been disclosed.
In certain circumstances, DPL may not be able to provide access to all of the personal information that it holds about an individual. The circumstances include:
- access to the information would reveal personal information about a third party who has not consented to its disclosure. However, if the information about the third party is severable from the record containing the information about the requesting individual, DPL will sever the information about the third party before giving the requesting individual access;
- the information is protected by solicitor-client privilege;
- access to the information could reasonably be expected to threaten the life or security of another individual. However, if the information is severable from the record containing the other information, DPL will sever the information that could reasonably be expected to threaten the life or security of another before giving the requesting individual access;
- the information would reveal confidential commercial information. However, if the confidential commercial information is severable from the record containing the confidential commercial information, DPL will sever the confidential commercial information before giving the requesting individual access to the information;
- if the information was collected for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; or
- if the information was generated in the course of a formal dispute resolution process.
If access to personal information cannot be provided, DPL will provide the requesting individual with the reasons for denying access to the information unless prohibited by law from doing so.
DPL shall respond to an individual’s request for access within a reasonable time and at minimal or no cost to the requesting individual. The requested information shall be provided or made readily available in a form that is generally understandable.
Where an individual successfully demonstrates the inaccuracy or incompleteness of personal information, DPL shall amend the information as required. Where appropriate, the amended information will be transmitted to any third parties having access to the information in question.
Where a challenge is not resolved to the satisfaction of the individual who is challenging the accuracy or completeness of the personal information, DPL will record the substance of the unresolved challenge. Where appropriate, the existence of the unresolved challenge will be transmitted to any third parties having access to the information in question.
Principle 10 – Challenging Compliance
An individual or customer shall address a challenge concerning compliance by DPL with this Privacy Policy to the designated individual accountable for DPL’s compliance with this Privacy Policy.
DPL will put into place procedures to receive and respond to complaints or inquiries about their privacy policies, practices and procedures relating to the handling of personal information. The complaint process is intended to be easily accessible and simple to use.
DPL shall inform individuals or customers who make inquiries or who lodge complaints of the existence of DPL’s complaints procedures.
DPL may ask an individual or customer to provide details of their complaint in writing.
DPL will investigate all complaints. If a complaint is found to be justified, DPL shall take appropriate measures, including if necessary, amending its policies, practices and procedures.
For more information on DPL’s privacy practices or to make a complaint contact DPL’s Privacy Officer:
Name: John Gorham
Address: 700 Main Street, Suite 200, Moncton, NB, E1C 1E4, Canada
Phone: 1-800-561-8880
Email: privacy@dplwireless.com
Individuals also have recourse to the Office of the Privacy Commissioner of Canada at:
30 Victoria Street
Gatineau, Quebec
K1A 1H3
Toll Free: 1-800-282-1376
Phone: 819-994-5444
Online: www.priv.gc.ca
Fax: 819-994-5424
TTY: 819-994-6591
A copy of the Personal Information Protection and Electronic Documents Act (PIPEDA) can be found on the website of the Privacy Commissioner of Canada and at the Justice Laws Website at www.justice.gc.ca.
The Canadian Standards Association Model Code On The Protection of Personal Information is Schedule 1 to PIPEDA.