Last updated: 2016-08-16
4141903 Canada Inc. c.o.b. Storm Internet provides telecommunications services to Customers (as defined below) including Internet access services. Throughout Storm’s interactions with Customers and Employees, we are committed to respecting the privacy, confidentiality and security of Personal Information.
- Identifying purposes for collection of Personal Information
- Obtaining consent for collection, use or disclosure of Personal Information
- Limiting collection of Personal Information
- Limiting use, disclosure and retention of Personal Information
- Accuracy of Personal Information
- Security safeguards
- Openness concerning policies and practices
- Customer and Employee access to Personal Information
- Challenging Compliance
- means an individual who: (a) has an account with Storm; (b) subscribes for, uses, has used, or applies to use Storm products and/or services; (c) corresponds with Storm; and/or (d) is a Web Site User
- means an individual who: (a) is an employee of Storm; and/or (b) is an applicant for employment with Storm.
- Storm, we, our
- means 4141903 Canada Inc., its parents, subsidiaries, affiliates and their respective officers, directors, agents, suppliers, resellers and distributors
- Storm Website
- means a website owned, controlled or managed by Storm, including the following domain: www.storm.ca
- Personal Information
- means information about an identifiable Customer or Employee, but does not include aggregated information that cannot be associated with a specific individual. Personal Information does not include an Employee’s name, title, business address or business telephone number.Personal Information includes, without limitation:
- A Customer’s Name
- A Customer’s Email address
- A Customer or Employee’s residential mailing address
- Birth dates
- Credit and financial information
- Billing records
- Storm service and product records
- Recorded complaints
- Web Site User
- means a user of Storm Websites from which Storm collects Personal Information
1.2 Storm is responsible for Personal Information in its possession or control, including information that has been transferred to a third party for processing. Storm shall use means to provide an appropriate level of protection while information is being processed by a third party (see Principle 7).
2. IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
2.1 Storm shall identify orally, electronically or in writing, the purposes for which Personal Information is collected at or before the time the information is collected. Unless required by law, Storm shall not use or disclose for any new purpose Personal Information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the Customer or Employee.
2.2 We may ask for Personal Information only for the following purposes:
- To establish and maintain a responsible commercial relationship
- To allow us to provide ongoing services and support
- To bill for and collect payment for Storm services and products
- To manage, develop and market Storm’s network, business and operations
- To manage personnel and employment matters
- >To meet legal and regulatory requirements
- To obtain credit information or provide it to others
- For any other purpose with explicit consent.
2.3 During a Customer’s or Employee’s interaction with Storm Websites, Storm may use a browser feature called a “Cookie". Cookies are small information packets created by the website and stored on the hard drive of a Web Site User’s computer. Cookies are used to collect information anonymously and track user patterns on the Storm Websites. For example, Cookies might help us determine whether Customer is a repeat or first time visitor of a Storm Website.
3. OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
3.1 Storm requires Customers’ and Employees’ knowledge and consent for the collection, use or disclosure of Personal
Information, except in the circumstances described in Section 3.3 below, where knowledge or consent would be inappropriate.
3.2 In general, implied consent for Storm to collect, use and disclose Personal Information for all identified purposes is obtained in the following circumstances: (1) when a Customer applies for Storm services or products; (2) when a Customer uses Storm services or products; (3) when an individual submits an application for employment with Storm; or (4) when an Employee accepts employment or benefits from Storm. Notwithstanding, Storm shall seek consent to use and disclose Personal Information at the same time it collects the information. However, Storm may seek consent to use and disclose Personal Information after it has been collected, but before it is used or disclosed for a new purpose.
3.3 Storm may collect, use or disclose Personal Information without a Customer’s or Employee’s knowledge only in the following, exceptional circumstances:
- Where it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated
- Where it is in relation to the investigation of a breach of an agreement
- Where it is to a lawyer representing Storm
- Where it is to collect a debt
- Where it is to comply with a subpoena, warrant or other court order
- Where it is for any other purpose otherwise required by law
- In the case of an emergency where the life, health or security of an individual is threatened.
3.4 In obtaining consent, Storm shall use reasonable efforts to ensure that the Customer or Employee is advised of the identified purposes for which Personal
Information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the Customer and Employee.
3.5 Storm will require consent for the collection, use or disclosure of Personal Information as a condition of the supply of a service or product only if such collection, use or disclosure is required to fulfill the identified purposes.
3.6 In determining the appropriate form of consent, Storm shall take into account the sensitivity of the Personal Information and the reasonable expectations of its Customers and Employees.
3.7 A Customer or Employee may withdraw or vary consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and Employees may contact Storm for more information regarding the implications of withdrawing or varying consent.
4. LIMITING COLLECTION OF PERSONAL INFORMATION
4.1 Storm shall limit the collection of Personal Information to that which is necessary for appropriate purposes identified by Storm. Storm shall collect Personal Information by fair and lawful means.
4.2 Storm collects Personal Information primarily from its Customers and Employees.
4.3 Storm may also collect Personal Information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.
5. LIMITING USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
5.1 Storm shall not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual
or in the circumstances listed under Section 3.3, above. Storm shall retain Personal Information only as long as necessary for the fulfillment of those purposes or as required by law.
5.2 Internally, only Storm employees with a business need to know, or whose duties reasonably so require, are granted access to Personal Information about Customers and Employees.
5.3 In addition, Storm may disclose a Customer’s Personal Information, in accordance with all applicable CRTC regulations, to:
- Another telecommunications services provider for the efficient and effective provision of telecommunications services
- An entity involved in supplying the Customer with communications or communications directory related services
- Another entity for the development, enhancement, marketing or provision of any of the products or services of Storm
- An agent retained by Storm in connection with the collection of the Customer’s account
- Credit grantors and reporting agencies
- A person who, in the reasonable judgment of Storm, is seeking the information as an agent of the Customer; and
- A third party or parties, where the Customer consents to such disclosure or disclosure is required by law.
5.4 In addition, Storm may disclose an Employee’s Personal Information to:
- An entity for regular personnel and benefits administration;
- An Employee’s prospective employer for the purpose of providing a reference; and
- A third party or parties, where the Employee consents to such disclosure or the disclosure is required by law.
5.5 Storm shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to Personal Information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous within a reasonable period of time after Storm no longer reasonably requires the Personal Information for legal or business purposes.
6. ACCURACY OF PERSONAL INFORMATION
6.1 Storm shall strive to keep Personal Information within its possession or control as accurate, complete, and up-to-date as is necessary to: (1) appropriately utilize that Personal Information for the purposes for which it was collected; and (2) minimize the likelihood that inappropriate information may be used to make a decision about a Customer or Employee.
6.2 Storm shall update Personal Information about Customers and Employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
7. SECURITY SAFEGUARDS
7.1 Storm shall protect Personal Information by security safeguards appropriate to the sensitivity of the information.
7.2 Storm shall strive to protect Personal Information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. Storm shall protect the information regardless of the format in which it is held.
7.3 Storm shall utilize technological, contractual and other means to provide an appropriate level of protection for Personal Information that is disclosed
to third parties for processing.
7.4 All of Storm’s employees with access to Personal Information shall be required to maintain the confidentiality of that information in accordance
7.5 Storm may store and process Personal Information in Canada or another country. In either case, the Personal Information is protected with
appropriate security safeguards and subject to the privacy laws and regulations of the host jurisdiction.
7.6 While the majority of Storm’s data traffic is routed domestically, some traffic may be routed through other jurisdictions while in transit.
8. OPENNESS CONCERNING POLICIES AND PRACTICES
8.2 Storm shall make information about its policies and practices as accessible and easy to understand as possible, including:
- the contact information for forwarding any privacy complaints
- the means of gaining access to one’s own Personal Information held by Storm; and
- a description of the type of Personal Information held by Storm.
8.4 Storm will make available information to assist Customers and Employees in exercising choices regarding the use of their Personal Information.
9. CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION
9.1 Storm shall inform a Customer and Employee of the existence, use, and disclosure of his or her Personal Information upon request, subject to the limitations described in Section 9.3, below.
9.2 Customers and Employees can seek access to their Personal Information by contacting a designated representative at Storm’s business offices. Storm shall afford Customers and Employees a reasonable opportunity to review the Personal Information in the individual’s file, subject to the limitations described in Section 9.3, below. Personal Information shall be provided in understandable form within a reasonable time and at a minimal or no cost to the individual. Customers and Employees may identify any issues with the accuracy or completeness of the information provided and Storm will amend it as needed.
9.3 In certain situations, Storm may not be able to provide access to all the Personal Information that it holds about a Customer or Employee. For example, Storm may not provide access to information if doing so would likely reveal Personal Information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, Storm may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement, or a contravention of federal, provincial or foreign laws and / or regulations. If access to Personal Information cannot be provided, Storm shall provide the reasons for denying access upon request unless prevented from doing so by lawful means.
9.4 Upon request, Storm shall provide an account of the use and disclosure of Personal Information and, where reasonably possible, shall state the source of the information. In providing an account of use, Storm will provide information about the purposes for which the Personal Information has been and is being used by the organization. In providing an account of disclosure, Storm shall provide a list of organizations to which it may have disclosed Personal Information about the individual when it is not possible to provide an actual list.
9.5 In order to safeguard Personal Information, a Customer or Employee may be required to provide sufficient identification information to permit Storm to account for the existence, use and disclosure of Personal Information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
10. CHALLENGING COMPLIANCE
10.2 Storm shall maintain procedures for addressing and responding to all inquiries or complaints from its Customers and Employees about Storm’s handling of Personal Information.
10.3 Storm shall inform its Customers and Employees about the existence of these procedures as well as the availability of complaint procedures.
10.5 A Customer or Employee may seek advice from the Office of the Privacy Commissioner of Canada (at 1-800-282-1376 or firstname.lastname@example.org), and, if appropriate, file a written complaint with the Commissioner’s office. However, the Customer or Employee is encouraged to use Storm’s internal information and complaint procedures first.