0 items | $0.00
No products in the cart.
0 items | $0.00
No products in the cart.

Metrax Indigenous Corp.

Privacy Policy

Procedure Management Responsibility:

Staff Responsible: Chief Privacy Officer
Oversight by: Finance Audit and Technology Committee
Approval by: Board of Directors

Purpose and Scope

MIC (Metrax Indigenous Corp.) is committed to maintaining the confidentiality, security, and accuracy of the Personal Information of the Metrax Indigenous Corp.’s Personnel and other third parties that is in its possession because of its normal business, including with respect to volunteer and charitable operations.

MIC collects, uses, and discloses Personal Information about its Personnel, donors, customers, suppliers, and others with whom it has contact while conducting its normal business operations, including for purposes of establishing, managing, or terminating employment and contractual relationships between Personnel and MIC. This Policy describes and governs the collection, use and disclosure of Personal Information by MIC.

This Policy applies to MIC, and to all Representatives. When a Representative, donor, customer, or supplier provides MIC with Personal Information, that individual consents to MIC’s collection, use and disclosure of their Personal Information for the designated purpose and agrees to the terms for accessing and correcting data as described below.

The Policy governs MIC’s activities that are subject to the provisions of applicable privacy legislation, including the Personal Information Protection Act (Alberta). However, as a not-for-profit organization, please note that certain of MIC’s activities may not be subject to applicable privacy legislation in all instances.

Definitions

Personal Information

Information, recorded in any form, about an identifiable individual (including, (i) for employees: a home address and phone number, names of partners and spouses, a social insurance number, performance appraisals, medical and benefit information, or hobbies and interests, and (ii) for donors: any donation and billing information).

This does not include the name, title, business address or telephone/facsimile number or business email address of an employee of an organization, when used for business communications. Also, it does not include anonymous, aggregated, or non-personal information or statistical data (i.e., information that cannot be associated with or tracked back to a specific individual).

Personnel

A director, officer, employee, volunteer, or independent contractor of MIC.

Representative

An employee or prospective employee of MIC, as well as any other individuals, including third parties that may provide and have access to Personal Information in MIC’s possession.

MIC

Metrax Indigenous Corp. and its divisions and affiliates, including all internal governance bodies.

Questions

If an individual has a question about (a) access to Personal Information, (b) the collection, use, management, or disclosure of Personal Information, (c) changing or withdrawing consent with respect to Personal Information, or (d) obtaining more information about this Policy or relevant legislation, please contact the office of our Privacy Officer by telephone or in writing or by e-mail at:

Metrax Indigenous Corp.
163 Valley Ridge Green NW

Calgary, Alberta, T3B 5L6, Canada
Attention: Transparency, Compliance & Privacy Officer

Tel: (403) 243-9640
Email: info@metraxindigenous.com

Web: www.metraxindigenous.com

MIC endeavours to answer all questions raised in a timely manner and advise in writing of any steps taken to address an issue brought forward. If an individual is not satisfied with MIC’s response, they may be entitled to make a written submission to the privacy authority applicable to their authority.

Policy Statement

Collection, Use and Disclosure of Personal Information

Contents

  1. Personal Information
    II. Collection Rationale
    III. Use Or Disclosure of Personal Information
    IV. Protection Of Personal Information
    V. Consent
    VI. Monitoring
  2. Personal Information

MIC collects and maintains diverse types of Personal Information about individuals with whom it interacts (such as those who seek to be, are, or were employed by MIC, or volunteers, donors, customers, or suppliers of MIC), including:

  • identification and contact information: such as a Representative’s name, home address, telephone, personal email address, date of birth, social insurance number, marital and dependent status, videos, photographs, and beneficiary and emergency contact information.
  • employment information: such as a Representative’s job title, resumes and/or applications, interview notes, letters of offer and acceptance of employment, compensation and benefit information, background verification information, employment references, mandatory policy acknowledgement sign-off sheets and evaluations.
  • benefit information: such as forms relating to the application or change of employee health and welfare benefits, including but not limited to health care, life insurance, short- and long-term disability, medical and dental care.
  • payroll and financial information: including but not limited to social insurance numbers, wages, pay cheque deposit information, pension information, group savings plans, information, and tax related information.
  • business relationship and operations information: such as customer and supplier names, customer addresses and personal contacts, credit information, billing records, service and equipment records, any recorded customer complaints, investor contact information and requests, agreement terms, preferences, and information necessary to effect emergency response plans.
  • donor information: such as donor identities, donation amounts and banking information; and
  • other information necessary for MIC’s business purposes, which may be voluntarily disclosed or collected during a Representative’s application to and employment with MIC.

As a rule, MIC collects Personal Information directly from the individual it pertains to. If third parties hold information MIC requires, MIC will endeavour to ensure the information has been collected with the appropriate consent.

Where permitted or required by applicable law or regulatory requirements, MIC may collect Personal Information about an individual without their knowledge or consent.

  1. Collection Rationale

MIC collects Personal Information to manage and develop its business and operations, and to support its volunteer and charitable activities, including:

  • determining eligibility for initial employment, including the verification of references and qualifications.
  • administration of pay and benefits.
  • establishing training and/or development requirements and assessing qualifications for a particular job or task.
  • performance reviews and determining performance requirements.
  • processing employee work-related claims (e.g., worker compensation, insurance claims, etc.).
  • establishing, managing, and terminating business relations with volunteers, customers, donors, and suppliers.
  • protection against error, fraud, theft damage or nuisance relating to MIC’s assets, operations or reputation and securing organization-held information.
  • compliance with individual requests.
  • compliance with applicable law or regulatory requirements.
  • maintaining and improving its service offerings to employees, volunteers, donors, and customers; and
  • any other reasonable purpose required by MIC and to which an individual consents.

III. Use or Disclosure of Personal Information

MIC may use and disclose Personal Information provided it is required in the following circumstances:

  • for purposes described in this Policy.
  • where the information is publicly available.
  • where necessary to protect the rights and property of MIC.
  • when emergencies occur or where it is necessary to protect the safety of a person or group of people.
  • where required by Personnel and other parties (including its related business entities or affiliates) who require Personal Information to assist in establishing, maintaining, and managing MIC’s relationship with an individual, including, for example, third parties who provide services to MIC or on MIC’s behalf or third parties who collaborate with MIC in the provision of services to an individual; or
  • MIC has otherwise obtained an individual’s consent.

MIC may use or disclose Personal Information without an individual’s knowledge or consent where it is permitted or required by applicable law or regulatory requirements to do so, including, but not limited to, circumstances relating to the establishment, maintenance, or termination of an employment relationship.

MIC does not sell employee, volunteer, donor, or customer information to third parties.

  1. Protection of Personal Information

MIC endeavours to maintain physical, technological, and procedural safeguards that are appropriate to the sensitivity of the Personal Information in question. These safeguards are designed to prevent Personal Information from loss and unauthorized access, copying, use, modification, or disclosure. Examples of these safeguards include password, encryption, and other electronic security means; locked or limited access premises and file cabinets; and the security monitoring methods. MIC cannot guarantee the security of transferring information by virtual means, including via the Internet or telephone.

Retention of Personal Information

Except as otherwise permitted or required by applicable law or regulatory requirements, MIC endeavours to retain Personal Information only for as long as it believes is necessary to fulfill the purposes for which the Personal Information was collected (including, for the purpose of meeting any legal, accounting, or other reporting requirements or obligations). MIC may, instead of destroying or erasing Personal Information and where this is economically feasible, make it anonymous such that it cannot be associated with or tracked back to a specific individual.

Updating Personal Information

It is important that Personal Information contained in MIC’s records is both accurate and current. MIC asks that Personnel, donors, customers, and suppliers keep it informed of changes to Personal Information during the individual’s employment, charitable or business relationship with MIC.

If an individual believes the Personal Information about them held by MIC is not correct, the individual may request an update of that information by making a request to our Privacy Officer using the contact information set out below.

Accessing Personal Information

An individual may ask to see the Personal Information that MIC holds about them. If individuals want to review, verify, or correct their Personal Information, they may contact our Privacy Officer at the coordinates set out below. Please note that any such communication must be in writing (whether by traditional or electronic means).

When making an access request, MIC may require specific information from an individual to confirm their identity and right to access, as well as to search for, and provide that individual with, the Personal Information that it holds about them. MIC may charge a fee to access Personal Information; but it will advise of any fee in advance. If help is needed in preparing a request, please contact the office of our Privacy Officer. Where Personal Information will be disclosed to an individual, MIC will endeavour to provide the information in question within a reasonable time, and in most cases, no later than 30 days following the request.

An individual’s right to access the Personal Information that it holds about them is not absolute. There are instances where applicable law or regulatory requirements permit or require MIC to refuse a Personal Information access request. MIC also reserves the right to decline to provide access to Personal Information where the information requested:

  1. would disclose:
    1. Personal Information, including opinions, about another individual or about a deceased individual; or
    2. trade secrets or other business confidential information that may harm MIC or the competitive position of a third party or interfere with contractual or other negotiations of MIC or a third party.
  1. is subject to solicitor-client or litigation privilege.
  2. is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information.
  3. could result in serious harm to any individual.
  4. may harm or interfere with law enforcement activities and other legal or employment related investigative or regulatory functions.

In addition, the Personal Information may no longer exist, may have been destroyed, erased, or made anonymous in accordance with MIC’s record retention obligations and practices.

If MIC cannot provide an individual with access to their Personal Information, it will endeavour to inform that individual of the reasons why access has been denied, subject to any legal or regulatory restrictions.

Out of Country Storage and Processing of Personal Information

MIC has and will invest in new data management systems and software solutions on a routine basis, to work with or provide its services to its Personnel, Representatives, donors, customers, suppliers, and others. As data processing technologies continually evolve, more systems and software solutions utilize “cloud-based” delivery models, where data processing and storage functionality is delivered from outside MIC’s premises and through the internet or similar connections to the service provider, and where MIC does not host the system or software solution within its physical premises. Accordingly, while MIC maintains its responsibility for the protection of this data and of the Personal Information contained within it, Personal Information collection, use, disclosure, processing, and storage may occur outside of Canada.

More specifically:

  • The purposes for which MIC may utilize such cloud-based systems and solutions for the collection, use, disclosure, processing, and storage of Personal Information, are those purposes that are otherwise described in this Policy.
  • MIC has and will only engage service providers for such collection, use, disclosure, processing, and storage of Personal Information, where such Personal Information is or will be in and outside Canada.
  • Any Personnel, Representative, donor, customer, supplier or third person may obtain further information about MIC’s collection, use, disclosure, processing, and storage of such Personal Information, or about MIC’s policies and practices with respect to such service providers, located in and outside Canada, by contacting MIC’s Privacy Officer through the contact information below.
  1. Consent

It is important to MIC that it collects, uses, or discloses Personal Information with consent to do so or as otherwise provided in this Policy. Depending on the sensitivity of the Personal Information, consent may be implied, deemed (using an opt-out mechanism) or express. Express consent can be given orally, electronically or in writing. Implied consent is consent that can be inferred from an individual’s action or inaction. For example, when financial information is requested for donation purposes, MIC will assume consent to the collection, use or disclosure of Personal Information for purposes related to that request for information or for other purposes identified by the requesting individual at the time.

Typically, MIC will seek consent at the time that it collects the Personal Information. In some circumstances consent may be obtained after collection but prior to MIC’s use or disclosure of Personal Information. If MIC plans to use or disclose Personal Information for a purpose not previously identified (either in this Policy or separately), it will endeavour to advise an affected individual of that purpose before such use or disclosure.

MIC may collect, use, or disclose Personal Information without an individual’s knowledge or consent where it is permitted or required to do so by applicable law or regulatory requirements.

MIC assumes that, unless it is advised otherwise, by receiving a copy of this Policy or by continuing to engage in business with MIC, an individual will have consented to the collection, use and disclosure of their Personal Information as explained in this Policy.

An individual is entitled to change or withdraw their consent at any time, subject to legal or contractual restrictions (and reasonable notice), by contacting our Privacy Officer using the contact information set out below. In some circumstances, a change in or withdrawal of consent may limit MIC’s ability to provide products or services to, or acquire products or services from, that individual.

  1. Monitoring

The work output of Personnel, whether in paper record, computer files, or in any other storage format belongs to MIC, and that work output, whether it is stored electronically, on paper or in any other format, and the tools used to generate that work product, are always subject to review and monitoring by MIC.

While conducting MIC’s business, MIC may monitor Representative activities and its property. Pursuant to the Ownership of Computer Data, E-mail and Internet Use and Social Media policies, MIC has the capability to monitor all Personnel’s computer and e-mail use.

Representatives should not have any expectation of privacy with respect to their use of MIC’s equipment or resources. This section is not meant to suggest that all Representatives will be monitored or their actions subject to constant surveillance – as MIC has no duty to monitor – it is meant to bring to each Representative’s attention the fact that such monitoring may occur and may result in the collection of Personal Information (e.g., through their use of MIC’s electronic resources).

Any collection of Personal Information held or used while monitoring will not be more than is necessary for the purpose of the monitoring. Monitoring is or will be done on an “as required” basis and will be in proportion to the risks that MIC faces. MIC will conduct any monitoring in the least intrusive way possible. In some instances, when necessary, MIC may supplement this monitoring notice with more specific policies or statements as appropriate.

We partner with Microsoft to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. View Microsoft’s recommendations.

Responsibility & Interpretation

Any violation of this Policy will result in action by MIC. If any Representative misuses the Personal Information of another Representative, donor, or customer of MIC, it will be considered a serious offence for which appropriate disciplinary action may be taken, up to and including termination of employment. If any individual or organization misuses the Personal Information of a Representative – provided for the purpose of providing services to MIC – it will be considered a genuine issue for which appropriate action may be taken, up to and including termination of the service agreement or court action.

Any interpretation associated with this Policy will be made by the Privacy Officer. This Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word ‘including’ is used, it shall mean ‘including without limitation’.

Policy Revision

MIC will review and revise this Policy from time to time to reflect changes in legal or regulatory obligations or changes in the manner in which it deals with Personal Information, and in any event, at least every 12 months. Any revised version of this Policy will be posted, and each Representative is encouraged to refer back to it on a regular basis. Any changes to this Policy will be effective from the time they are posted, provided that any change that relates to why MIC collects, uses or discloses Personal Information will not apply to a particular Representative, where their consent is required to such collection, use, or disclosure, until MIC has obtained that Representative’s consent to such change.

This Policy does not create or confer upon any individual any rights, or impose upon MIC any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable privacy legislation. Should there be, in a specific case, any inconsistency between this Policy and relevant legislation, this Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy legislation.

Related Policies

This policy is one of a series of related policies addressing the collection, use, disclosure, and security of Personal Information by MIC, including:

  • Information Technology Usage Policy;
  • Information Services Security Policies

as defined in MIC’s policies.

Effective Date:

This Policy shall have effect from January 30, 2025

Revisions:

Frequency: 12 months
Date of last Committee review: January 2025