1. Roca Networks Privacy Policy
1.1. Introduction
Roca Networks Inc. (“Roca”) is an Information Technology Service Provider and Value-Added Reseller.
Roca is committed to keeping the personal information of its customers accurate, confidential, secure, and private. Our Privacy Policy has been designed to inform employees, customers, and third parties of Roca of our commitment and recognition to our obligation to meet the spirit and terms of Canada’s Federal Personal Information Protection and Electronic Documents Act(“PIPEDA”).
This privacy policy has been developed to comply with PIPEDA. PIPEDA sets out rules for the collection, use and disclosure of Personal information in the course of commercial activity as defined in the Act.
1.2. The ten principles of PIPEDA that form the basis of this Privacy Policy are as follows:
Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer;
Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
Consent: organizations must obtain an Individual’s express or implied consent when they collect, use, or disclose the individual’s personal information;
Limiting Collection: the collection of Personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
Limiting Use, Disclosure, and Retention: Personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
Accuracy: organizations are required to keep Personal information in active files accurate and up-to-date;
Safeguards: organizations are to use physical, organizational, and technological safeguards to protect Personal information from unauthorized access or disclosure.
Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
Individual Access: an individual has a right to access Personal information held by an organization and to challenge its accuracy if need be; and
Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual.
This Privacy Policy applies to the Roca’s customers, employees and contracted employees and other third parties Roca works with in relation to the purposes herein.
2. Accountability
Roca is accountable for the protection of all personal information within the organization’s possession or control, including any personal information (as defined by PIPEDA).
Roca has assigned a data classification of “Private” for all personal information that will be assigned to any information assets that Roca is obligated to collect and manage.
Roca will require a comparable level of protection of this information from its third-party relations.
Roca has established a Privacy Officer – Role, which has responsibility for our protection of personal information and for Roca’s compliance with this Privacy Policy.
3. Purpose of Collecting of Personal Information
We may collect Personal information and Business information that is relevant for the purposes of providing services to our clients and service providers, securing our websites, meeting our legal obligations, promoting, advertising and marketing our products, partners and services and, in some cases, researching and developing new products, services and techniques to improve our services, business or websites.
4. Consent
The knowledge and consent of an individual are generally required for the collection, use or disclosure of personal information. Roca will seek to obtain consent before or when it collects, uses or discloses personal information about an individual. An individual can provide consent to the collection, use and disclosure of personal information about them expressly or implicitly.
By signing an application and/or other forms, including digital, obtaining products or services from Roca, or providing products or services to Roca you grant us implied consent to obtain Personal information or Business information for the purposes set out in this Privacy Policy, including to obtain and/or to verify information from third parties such as banks, credit bureaus, other lenders, and insurance companies in the process of assessing the eligibility of an individual, supplier, or customer.
5. Limiting Collection
Roca limits the amount and type of personal information it collects to that which is necessary for the business purposes and as permitted by law. Personal Information will be collected using procedures that are fair, transparent and lawful.
6. Limiting Use, Disclosure and Retention
In general, we may use and/or disclose your Personal information only in relation to the purposes identified herein. In connection with such identified purposes, we may employ third parties to process Personal/Business information or perform tasks on our behalf, including website, App and Software licensors and hosting partners and other parties who assist us in operating our website, conducting our business, or serving our clients. We seek assurances to ensure personal information is similarly protected by these third parties in accordance with all applicable privacy and data security laws.
Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:
Roca will use Personal information without the individual’s consent, where:
- the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
- an emergency exists that threatens an individual’s life, health or security;
- the information is for statistical study or research;
- the information is publicly available;
- the use is clearly in the individual’s interest, and consent is not available in a timely way;
- knowledge and consent would compromise the availability or accuracy of the information, and collection is required to investigate a breach of an agreement.
Personal information will be disclosed to only those Roca employees, suppliers and the Directors that need to know the information for the purposes set out in this Privacy Policy.
PIPEDA permits Roca to disclose Personal information to third parties, without an individual’s knowledge and consent, to:
- a lawyer representing Roca;
- collect a debt owed to Roca by the individual or client;
- comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
- a law enforcement agency in the process of a civil or criminal investigation;
- a government agency or department requesting the information; or,
- as required by law.
PIPEDA permits Roca to transfer Personal information to a third party, without the individual’s knowledge or consent, if the transfer is simply for processing purposes and the third party only uses the information for the purposes for which it was transferred. Roca will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was transferred.
7. Accuracy
Roca endeavours to ensure that any Personal information provided by the individual is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify Roca of any change in personal or Business information.
8. Safeguards
In executing its responsibilities with respect to the confidentiality of personal information, Roca will employ a number of safeguards, appropriate to the sensitivity of the information, to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Such safeguards will include physical measures, organizational measures and technological measures, restricted access to offices, limiting access on a “need to know” basis and the use of passwords and encryption. Procedures for implementing these measures will be communicated to all employees and third parties to ensure compliance with this principle.
9. Openness
Roca will endeavour to make its privacy policies and procedures known to the individual via this Privacy Policy.
10. Individual Access
An Individual who wishes to review or verify what Personal information is held by Roca, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing, to Roca ‘s Privacy Officer.
Upon verification of the individual’s identity, the Privacy Officer will respond within 60 days. Roca is entitled to request sufficient Personal information to allow us to confirm whether or not we have Personal information relating to you, the individual making the request.
We reserve the right to charge a minimal fee for copies of documents requested under this Privacy Policy. Please advise us if you need any help in preparing your request and we will ensure you are provided with such assistance. Additionally, for those with a sensory disability, we will endeavour to provide you with access to your personal information in an alternate format, if so requested. Please contact our Privacy Officer for such requests and assistance. There may be circumstances where we are unable to provide the requested access. Those circumstances include if the cost of providing access would be prohibitive, the information contains references to other individuals, disclosure is prohibited for legal, security or commercial proprietary reasons, and/or the information is subject to solicitor client or litigation privilege.
11. Compliance/Recourse
If an individual has a concern about Roca’s Personal information handling practices, a complaint, in writing, may be directed to the Roca’s Privacy Officer.
Upon verification of the individual’s identity, Roca’s Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.
Where Roca ‘s Privacy Officer makes a determination that the individual’s complaint is well-founded, the Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise Roca’s privacy policies and procedures.
Where Roca ‘s Privacy Officer determines that the individual’s complaint is not well-founded, the individual will be notified in writing.
If the individual is dissatisfied with the finding and corresponding action taken by Roca’s Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner.