Need Help?

Do you have questions that you need answered?

Privacy Policy

SECTION 33 - PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (“PIPEDA”)

Please refer to Division 1, Section 2 for all definitions used in this section.

33.1 The Corporation is committed to creating opportunities for Aboriginals in Manitoba in compliance with Federal statutory provisions and in compliance with the reasonable expectations of the clients of the Corporation.
33.2 The Corporation engages in commercial activities by providing loans and financial services to clients of the Corporation.
33.3 The Personal Information Protection and Electronics Documents Act (“PIPEDA”) came into force in January of 2004 in relation to all organizations that collect, use or disclose Personal Information in the course of commercial activities.
33.4 All Persons are committed to adopting policies which deal with privacy in relation to information about an identifiable individual and to maintaining the privacy of Personal Information. As part of this commitment, it is the goal of the Corporation to maintain a workplace which complies with PIPEDA.
33.5 Employees and clients of the Corporation are entitled to have their Personal Information kept private and maintained and dealt with in accordance with the provisions of PIPEDA.
33.6 The Corporation shall appoint a Privacy Officer who shall be responsible for the Personal Information collected, used, stored and disclosed by the Corporation and for overall compliance with PIPEDA.
33.7 During the course of all business conducted by the Corporation, it is important that the Corporation adheres to PIPEDA in relation to the collection, use and disclosure of Personal Information. Therefore, Employees and Directors of the Corporation are required to adhere to the privacy policy set out in this Policy and Procedure Manual and summarized in the Privacy Brochure.
33.8

All Directors and employees of the Corporation agree to handle all Personal Information in the possession or control of the Corporation in accordance with the following ten rules:

33.8A Accountable: the Corporation is accountable for Personal Information in its possession. The Corporation has appointed a Privacy Officer to ensure that Personal Information is protected, to ensure compliance with PIPEDA and to develop privacy policies.

33.8B Documented Purpose: when the Corporation obtains Personal Information, the Corporation gives reasons for collecting, using and disclosing Personal Information.

33.8C Consent – the Corporation obtains consent prior to collecting, using and disclosing Personal Information.

33.8D Limits on Collection – the Corporation only collects the information that it needs.

33.8E Limits on Use, Disclosure and Retention – the Corporation uses or discloses Personal Information for identified purposes, in accordance with consent or as required or permitted by law. The Corporation retains Personal Information for as long as it requires, at which time the Personal Information is destroyed in a responsible manner.

33.8F Accurate Information – the Corporation attempts to ensure that Personal Information continues to be accurate and the Corporation requires assistance in maintaining accurate information.

33.8G Safeguards in Place – the Corporation protects Personal Information against loss, unauthorized access, disclosure, copying and other unauthorized uses.

33.8H Openness About Our Policies – the Corporation is open about its privacy policies.

33.8I Access by Individuals – Access to Personal Information is achieved by providing a written request to the Privacy Officer who will amend your Personal Information as appropriate.

33.8J Recourse to a Complaint Process – Our compliance with PIPEDA and our privacy policies may be challenged by contacting the Privacy Officer.
33.9 The Corporation collects Personal Information by lawful and fair means, including by conducting searches and by obtaining information from other lenders, credit institutions, financial services providers, insurance companies, credit reporting agencies, collection agencies, motor vehicle authorities, driver licensing authorities, medical professionals, government agencies and accountants.
33.10 The Corporation shall obtain consent from a client or employee prior to collecting, using or disclosing Personal Information. Normally, consent will be in writing or provided orally. Sometimes consent may be implied through conduct.
33.11 The Corporation collects, uses and discloses Personal Information for a number of reasons, including the following:
(i) where required to do so by law;
(ii) where a client or employee has consented to the disclosure;
(iii) if the Corporation engages third parties to provide services;
(iv) if the information is publicly known;
(v) to verify identity;
(vi) to assist in the provision of financial services;
(vii) to determine eligibility for loans;
(viii) to obtain insurance;
(ix) to determine costs, fees and premiums;
(x) to inform clients about our financial services;
(xi) to provide clients with ongoing service;
(xii) to satisfy legal and regulatory requirements;
(xiii) to obtain or provide information to or from other lenders,
credit institutions, financial services providers, insurance companies, credit reporting agencies, collection agencies, motor vehicle authorities, driver licensing authorities, medical professionals, government agencies and accountants;
(xiv) to provide information to our strategic business partners;
(xv) to determine eligibility for employment with the Corporation.
33.12 When Personal Information is provided to the Corporation or the Corporation is authorized to disclose or use Personal Information, the Corporation will do so in accordance with the identified purposes set out in our privacy policy and in your application. The Corporation shall implement safeguards to protect against the possible misuse of Personal Information. The Corporation maintains Personal Information as up-todate and accurate as is possible. The Corporation keeps Personal Information for only as long as needed.
33.13 A client should be requested by the Corporation periodically to provide accurate and updated information. If a client or employee can establish that Personal Information in the possession of the Corporation is not accurate, complete and up to date, the Corporation will take reasonable steps to correct it.
33.14 Clients and employees may ask for access to Personal Information. Detailed requests which require archive or other retrieval costs may be subject to a charge.
33.15 Rights of access to Personal Information are not absolute. Access may be denied under the following circumstances:
(i) where required by law;
(ii) when granting access would have an unreasonable impact on another person’s privacy;
(iii) to protect the Corporation’s rights and property;
(iv) where the request is frivolous or vexatious.
33.16 The Corporation agrees to implement measures to keep Personal Information secure, including the following:
(i) door lock and an alarm at the premises of the Corporation;
(ii) restricted access to files which contain personal information;
(iii) security software and firewalls to prevent hacking or unauthorized computer access;
(iv) internal password and security policies, including a computer use policy;
(v) destroying in a responsible manner all Personal Information that is no longer required.
33.17 Personal Information complaints related to the privacy policy or any of the procedures of the Corporation shall be forwarded in writing to the Privacy Officer. Upon receipt of a complaint, the Privacy Officer shall investigate the complaint and shall provide the complainant and the Board of Directors with a copy of the report of the Privacy Officer. If a complaint is justified, it will be resolved immediately.
33.18 An employee or client who wishes to make a complaint about their Personal Information shall keep a written record of the incident or incidents leading up to the complaint.
33.19 If the report of the Privacy Officer determined that the privacy policy requires revision, the Board shall immediately authorize the appropriate revisions to the Privacy Policy.
33.20 If the Privacy Officer determines that the complaint has not been proven, then the Corporation shall take no further action except to provide the complainant with contact information for the Privacy Commissioner. The Privacy Commissioner of Canada may be reached by mail at 112 Kent Street, Place de Ville, Tower B, 3rd Floor, Ottawa, Ontario, K1A 1H3; by phone at 1-800-282-1376; or online at www.privcom.gc.ca.
33.21 This privacy policy will be posted on the Corporation’s website.
33.22 The Corporation shall regularly review this policy and change it from time to time and shall post all changes on the website of the Corporation.
33.23 All Persons shall be required to sign an Acknowledgment confirming, among other things, that they are aware of this privacy policy and agree to act in accordance therewith