PRIVACY POLICY

of

ReportTech Mobile Risk Management

1) INTRODUCTION

a. This privacy policy is revised as of: October 3, 2022.

b. The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA) governs how organizations collect, use, and disclose personal information of individuals in the course of business.

c. This privacy policy is intended to provide information on the way in which ReportTech Mobile Risk Management uses, collects, and discloses the personal information of its clients and customers.

d. Only the information that ReportTech Mobile Risk Management requires in order to carry out its services to clients and customers will be documented and stored in a secure manner. Our business to our clients and customers includes the following and is the reason for which we require personal information:

Information required for the preparing of documentation regarding inspections of locations and employees of various commercial properties including insurance information as required.

e. ReportTech Mobile Risk Management always ensures to protect the personal information of its clients while in the course of business.

f. The Office of the Privacy Commissioner (Commissioner) oversees PIPEDA and addresses complaints by individuals.

2) COLLECTION AND CONSENT

a. Collection of personal information is classified as an individual's name, age, income, heritage, credit records, medical records, Social Insurance Number, marital status, education level, and more.

b. Consent can be either express or implied.

c. Consent to use, collect and disclose your personal information may be implied by your conduct with ReportTech Mobile Risk Management. This may include correspondence and communications with us about retaining our services. By engaging ReportTech Mobile Risk Management, consent to the collection, use and disclosure of our clients' and customers' personal information is implied by such engagement. Throughout the duration of our engagement, ReportTech Mobile Risk Management will continue to obtain necessary personal information in order to accurately represent its' clients and customers, and such, in accordance with PIPEDA.

d. ReportTech Mobile Risk Management makes attempts to collect information directly from our clients and customers, but may need to collect information indirectly from other sources when necessary, all of which is completed in a legal manner consistent with PIPEDA.

e. Legal exceptions to having to obtain consent include as follows:

•  

  • if asking for express consent has the effect of compromising the accuracy of the information;

  • collection of information is in the best interests of our client or customer;

  • information is in a witness statement and the collection is needed to settle an insurance claim;

  • to comply with the law, including warrants, subpoenas, and investigations.

f. Clients and customers may withdraw their consent. This withdrawal may be subject to certain restrictions depending on the circumstances. If that's the case, reasonable notice may be required.

3) PURPOSE OF COLLECTION

a. ReportTech Mobile Risk Management needs to collect personal information from its clients or customers in order to properly and accurately represent its clients and customers, and such, in accordance with PIPEDA. Information also needs to be collected for the following purposes:

Information required for the preparing of documentation regarding inspections of locations and employees of various commercial properties including insurance information if required.

b. The information that we collect may also include information of other entities with whom our clients or customers conduct business. This may be needed in order to facilitate our services to our clients and customers.

c. Any changes in the use of the information that we collected shall be done with the express consent of our clients and customers. This means that if we collected client information for a certain purpose and later needed to conduct a separate, unrelated matter for the same client, we will obtain the client's consent prior to using the information for the separate, unrelated matter.

4) USE AND DISCLOSURE OF INFORMATION

a. Personal information provided to ReportTech Mobile Risk Management by its clients and customers may need to be disclosed to third parties in order for us to properly represent and act in our clients' and customers' best interests. Only the information required by a third party is disclosed in order to complete the tasks for which the information was needed. This may include, for example, having to disclose personal information to a government authority in order to register our client or customer with a regulatory government body.

b. Information may need to be disclosed in the narrowest of circumstances to facilitate our engagement.

c. When information is provided to us, whether upon our request or not, the delivery of such information is deemed to be done with consent, and ReportTech Mobile Risk Management may collect, use, and disclose that information.

d. Notwithstanding the foregoing, our clients' and customers' personal information shall be treated with the strictest confidence, and thus, any personal information shall not be disclosed without consent, unless otherwise required by law.

5) SECURITY AND RETENTION OF INFORMATION

a. When it is reasonable and legal to do so, ReportTech Mobile Risk Management shall discard all of our clients' and customers' personal information, whether digitally stored or otherwise, and shall comply with applicable law in doing so.

b. During the destruction process, all information that ReportTech Mobile Risk Management holds shall be kept confidential.

6) SAFEGUARDING INFORMATION

a. Employees of ReportTech Mobile Risk Management shall only have access to relevant records if they are delegated tasks for which access to those records is necessary. Access to records is on a need-to-know basis.

b. ReportTech Mobile Risk Management is a paperless office and will protect electronic records by:

Electronic records are saved via a third party party web site. The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that the Company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.

c. ReportTech Mobile Risk Management ensures that all of the hardware is password-protected.

d. Workplace policies are in place which prohibit ReportTech Mobile Risk Management from clicking on any form of spam mail, suspicious messages, or access to malicious websites.

e. Personal devices and hardware of employees and staff at ReportTech Mobile Risk Management is prohibited unless specific authorization is requested and subsequently granted.

f. Where applicable, ReportTech Mobile Risk Management will utilize public and private clouds to store and secure client and customer data across all of their devices. Public cloud use is through one or more of Google, Microsoft, Dropbox, and more. Private cloud use is done with the storage of files and records on secure servers using a private cloud network with, typically, more than one harddrive working in tandem through usage of a NAS (Network Attached Storage) and specific configurations.

7) REQUEST FOR ACCESS TO INFORMATION

a. Individuals have the right to submit a written request to have their information removed from the records of ReportTech Mobile Risk Management, and to access and verify their information. Where permitted by law, we will respond to any request in the timeframe provided for under PIPEDA.

b. Access may not be granted in certain circumstances, including the following:

I. Information protected by solicitor-client privilege;

II. Information that could be reasonably expected to reveal confidential commercial information;

III. Information disclosed to law enforcement;

IV. Information produced in a formal dispute; and

V. All other exceptions under PIPEDA.

c. Information that clients or customers have with ReportTech Mobile Risk Management may be corrected and amended upon written request. Notice must be provided with the updated information so that our records can be duly updated to reflect the changes. Once the changes are made, we shall also provide notice to relevant third parties and keep them informed.

d. Personal information maintained is kept accurate, up-to-date, and complete. Individuals may challenge any information that is incorrect or incomplete by giving notice to ReportTech Mobile Risk Management. However, only information that is necessary for purposes related to the collection of the information in the first place shall be changed by ReportTech Mobile Risk Management.

e. The Office of the Privacy Commissioner can be contacted for any complaints.

8) CONTACT

Should you have any questions or concerns regarding this privacy policy, or the manner in which information is stored or kept confidential, do not hesitate to contact ReportTech Mobile Risk Management using the below contact information. We shall respond to inquiries as soon as practicable. For inquiries with specific timelines established under PIPEDA, we shall adhere to those criteria.

ReportTech Mobile Risk Management

106 Marianne Drive,

Quispamsis, NB

E2E1G5

‪(506) 248-0626

info@reporttech.ca