SPRIGGHR Inc. provides online Talent Management products and services to its Clients (Users) by authorising licensed access to its website services as stipulated and outlined in Client Agreement contracts.
“Personal information” means any information about an identifiable individual. It includes, without limitation; information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, marital status, education, employment health history, assets, liabilities, payment records, credit records, loan records, income and information relating to financial transactions as well as certain personal opinions or views of an Individual.
“Business information” means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (GST, RST, source deductions), financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by SPRIGGHR staff, members and Board members, as is required for individual personal information under PIPEDA.
“Client” means the business that is applying for or has been approved for a loan, (including sole proprietorships and individuals carrying on business in a partnership);
“Individual” means the client’s owner(s) or shareholders, co-signers, and/or any guarantor associated with a client.
“Member” means a person who volunteers on a SPRIGGHR committee, but who is not a current or active board member, or chair of the committee.
“Application” means the application form or related forms completed by the individual(s) to request financing for the client through payment arrangements defined by SPRIGGHR.
“Data base” means the list of names, addresses and telephone numbers of clients and individuals held by SPRIGGHR in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
“File” means the information collected in the course of processing an application, as well as information collected/updated to maintain /service the account.
“Express consent” means the individual signs the application, or other forms containing personal information, authorizing SPRIGGHR to collect, use, and disclose the individual’s personal information for the purposes set out in the application and/or forms.
“Implied Consent” means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
“Third Party” means a person or company that provides services to SPRIGGHR in support of the programs, benefits, and other services offered by SPRIGGHR, such as persons with whom the individual or client does business.
Personal information is collected in order to assess the eligibility of the individual completing an application for processing of online payment of services that SpriggHR provides. The individual is the main source of information but SPRIGGHR will also ask to obtain information directly from a third source where the individual does not have the required information.
Only that information which is required to make a determination of an individual’s eligibility will be collected. Although the individual’s Social Insurance Number may be requested in the application for confirming identification of the individual to the credit reporting agency, provision of this personal information is optional. The individual may provide alternative forms of identification, such as date of birth and driver’s license number.
An individual’s express, written consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the individual at the time of seeking his or her consent. Once consent is obtained from the individual to use his or her information for those purposes, SPRIGGHR has the individual’s implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
By signing the application and/or other forms, implied consent is granted by the individual to obtain and/or to verify information from third parties such as banks, credit bureaus, other lenders, and insurance companies in the process of assessing the eligibility of an individual or client.
An individual can choose not to provide some or all of the personal information at any time, but if SPRIGGHR is unable to collect sufficient information to validate the request for financing, the individual’s application for such financing may be turned down.
Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:
SPRIGGHR will use personal information without the individual’s consent, where:
Personal information will be disclosed to only those SPRIGGHR employees, members of SPRIGGHR committees, and the Board of Directors that need to know the information for the purposes of their work.
Personal information will be disclosed to third parties with the individual’s knowledge and consent.
PIPEDA permits SPRIGGHR to disclose personal information to third parties, without an individual’s knowledge and consent, to:
PIPEDA permits SPRIGGHR to transfer personal information to a third party, without the individual’s knowledge or consent, if the transfer is information for the purposes for which it was transferred. SPRIGGHR will ensure, by contractual or other means that the third party protects the information and uses it only for the purposes for which it was transferred.
Personal information will be retained in client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.
A file will be deemed inactive if the SpriggHR rejects an application, when a Client discontinues services and / or Client Agreement is terminated. Information contained in an inactive file will be retained for a period of seven (7) years, except in the case where an application is rejected. Where an application has been rejected, the file and all personal information contained in the file will be retained for a period of two (2) years.
SPRIGGHR endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify SPRIGGHR of any change in personal or business information.
Information contained in inactive files is not updated.
Organizational Safeguards: Access to personal information will be limited to the appropriate employees of SpriggHR, Business Partners (authorised third parties) of SpriggHR who require access to manage and process personal information in order to carry out SpriggHR services to satisfy Client Agreement. Personal information provided to members of SPRIGGHR committee(s) will be limited to only that information required to carry out the mandate of that committee. Members of the SPRIGGHR committee(s) and/or Board of Directors are not permitted to copy or retain any personal information on individuals or clients and must either return for destruction all such information given to them to review or acknowledge through signature of termination of personal information once the purpose for being provided with this information has been fulfilled.
Employees and members of SPRIGGHR committee(s) and/or Board of Directors are required to sign a confidentiality agreement binding them to maintaining the confidentiality of all personal information to which they have access.
Physical Safeguards: Active files are stored in locked filing cabinets when not in use. Access to work areas where active files may be in use is restricted to SPRIGGHR employees only and authorized third parties.
All inactive files or personal information no longer required are shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons.
Technological Safeguards: Personal information contained in SPRIGGHR computers and electronic data bases are password protected in accordance with SPRIGGHR’s Information Security Policy. Access to any of the SPRIGGHR’s computers also is password protected. SPRIGGHR’s Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from Internet activity.
An Individual who wishes to review or verify what personal information is held by SPRIGGHR, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing, to SPRIGGHR’s Chief Privacy Officer. Upon verification of the individual’s identity, the Chief Privacy Officer will respond within 60 days.
If the individual finds that the information held by SPRIGGHR is inaccurate or incomplete, upon the individual providing documentary evidence to verify the correct information, SPRIGGHR will make the required changes to the individual’s active file(s) promptly.
If an individual has a concern about SPRIGGHR’s personal information handling practices, a complaint, in writing, may be directed to SPRIGGHR’s Chief Privacy Officer.
Upon verification of the individual’s identity, SPRIGGHR’s Chief Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.
Where SPRIGGHR’s Chief Privacy Officer makes a determination that the individual’s complaint is well founded, the Chief Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise SPRIGGHR’s privacy policies and procedures.
Where SPRIGGHR’s Chief Privacy Officer determines that the individual’s complaint is not well founded, the individual will be notified in writing.
If the individual is dissatisfied with the finding and corresponding action taken by SPRIGGHR’s Chief Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada Email address: www.privcom.gc.ca.
112 Kent Street
Chief Privacy Officer Email address: email@example.com
Chief Privacy Officer at the address below:
55 Mill Street, Building 36
Amendment to SPRIGGHR’s Privacy Policies