|
Privacy Policy
The privacy of individuals connected with our business, including our customers, contractors, employees, independent operators and website visitors has always been of great importance to George Weston Limited (“Weston”). Keeping personal information in strict confidence is a cornerstone of our business. Regardless of how the range of products we offer our customers expands, and the technology we use changes, we will always strive to protect the privacy of personal information, subject to any consent an individual has provided for its use.
This policy describes the principles on which Weston and its subsidiaries and divisions will protect the privacy of personal information. Loblaw Companies Limited has implemented its own privacy policy, which is substantially the same as this policy. The policy is based on the Canadian Standards Association Model Code for the Protection of Personal Information. While this document sets out the principles on which Weston’s privacy practices are based, privacy laws will vary from province to province and those laws may also govern Weston’s privacy practices in such province. This policy is part of Weston’s commitment to ensure that all personal information of individuals in its possession is protected and used in accordance with the law. Privacy laws across Canada are evolving, and therefore this policy is subject to change.
Personal Information is any information about an identifiable person, other than the name, title, business address and business telephone number of a person. It includes such things as a person’s home address, date of birth, social insurance number, medical and financial information. With respect to customers, such information is collected primarily in connection with products provided by Weston. Employees may be asked to provide such information to Weston in connection with matters relating to their employment. In all cases, Weston is committed to protecting the privacy of individuals and the integrity of their personal information.
1. Accountability
Weston is responsible for personal information under its control, including any personal information disclosed to third parties for handling or administrative purposes. Weston has designated a Privacy Officer who is accountable for Weston’s compliance with this Policy and with privacy legislation.
1.1 While ultimate accountability for Weston’s compliance with the Policy rests with the Privacy Officer and Senior Management of Weston, day-to-day compliance with the Policy is delegated to individuals throughout Weston’s business.
1.2 With respect to personal information that has been transferred to a third party for processing, Weston will use contractual or other means, and may include the examination of such third party’s practices with respect to personal information, to safeguard personal information while it is being processed by a third party.
1.3 Weston has implemented internal guidelines and practices to give effect to this Policy, including:
(a) establishing procedures to protect personal information;
(b) establishing procedures to receive and respond to complaints and inquiries;
(c) developing information to explain the organization's policies and procedures; and
(d) training staff and communicating to staff information about the organization's policies and procedures.
1.4 Weston has implemented practices to effectively monitor compliance with this policy across its business, including the appointment of a Privacy Officer and regional privacy coordinators and regular privacy compliance reviews.
2. Identifying the Purposes for which Personal Information is Collected
The purposes for which personal information is collected will be identified by Weston at or before the time the information is collected, unless such purposes are obvious.
2.1 Weston will ensure that the purposes for which personal information is collected and the way in which the information may be used are clear to the individual. In some cases, the purpose will be clear from the context
of the interaction, in other circumstances, a written or
verbal explanation may be required. For example,
employees are required to give certain personal
information that is essential to the employer-employee
relationship, such as SIN and banking information for
payroll deposits.
3. Consent
Weston will not
collect, use or disclose the personal information of a
person without the individual’s knowledge and consent,
except in certain limited circumstances permitted by
law, such as where immediate health of a person is at
risk, or in connection with the breach of an agreement
or a law.
3.1
Weston will obtain consent, either express or implied,
for the use or disclosure of personal information at the
time of the collection of the information. In certain
circumstances, consent with respect to use or disclosure
will be sought after the information has been collected
but before use, particularly if Weston wants to use the
information for a purpose not previously identified to
the individual.
3.2
Weston is committed to obtaining meaningful consent to
the collection, use and disclosure of personal
information. To achieve this aim, the purposes for which
the information will be used, if not obvious, will be
explained in such a manner that the individual can
reasonably understand how the information will be used
or disclosed.
3.3
Weston will not, as a condition of the supply of a
product or service, unreasonably require an individual
to consent to the collection, use, or disclosure of
information beyond what is required in the
circumstances.
3.4
The way in which Weston seeks consent may vary,
depending on the circumstances and the type of
information collected. In determining the type of
consent that may be required, Weston will consider the
nature of the information, the use to which the
information will be put, applicable laws and the type of
interaction in which the information is provided.
3.5 Consent may be express or implied,
given orally, electronically or in writing and provided
by an action or inaction. Consent may be given through a
legally appointed representative or a legal guardian.
3.6 An individual, subject to legal or contractual
limitations, may withdraw his or her consent at any time
on sufficient notice to Weston. Withdrawal of consent
may result in Weston becoming unable to provide or
continue to provide the person with certain services,
products or benefits, and the individual will be given
notice of the implications of the withdrawal of his or
her consent.
4. Limits on
the Collection of Personal Information by Weston
The collection of
personal information by Weston will be limited to that
which is necessary for the purposes identified by
Weston. At all times, Weston will collect personal
information by fair and lawful means.
It is possible that
Weston may, with the consent of an individual, collect
and use information about that individual from a third
party. For instance, credit references may be checked in
appropriate circumstances.
5. Limits on
the Use, Disclosure and Retention of Personal
Information by Weston
Personal information will not be used or disclosed by
Weston for purposes other than those for which it was
collected, except with the consent of the individual or
as required or permitted by law. Personal information
will be retained only as long as reasonably necessary
for the fulfillment of those purposes or as required by
law.
6. Accuracy of
Personal Information held by Weston
Weston will make
reasonable efforts to ensure that personal information
of individuals is as accurate, complete, and up-to-date
as is necessary for the purposes for which it is to be
used.
6.1 Personal information will not be
updated without the consent of the individual and it
will only be updated if it is necessary for the
continued use of the personal information.
6.2 Weston will make reasonable efforts to obtain
information from individuals in order to update
information on hand if required to fulfill the purposes
for which the information was collected. Once informed
by a person that personal information held by Weston
about them is inaccurate, Weston will update the
information as soon as possible.
7.
Safeguarding Personal Information
Weston will protect
personal information by the use of security safeguards
appropriate to the sensitivity of the information.
7.1 Weston will employ security safeguards that
will protect personal information against loss or theft,
as well as unauthorized access, disclosure, copying,
use, or modification, regardless of the format in which
the information is held.
7.2 The nature of the safeguards used by Weston will vary
depending on the sensitivity of the information that has
been collected, the amount, distribution, and format of
the information, and the method of storage of the
information. More sensitive information will be
safeguarded by a higher level of protection.
7.3 The methods of protection used by Weston will include:
(a)
physical measures, for example, locked filing cabinets
and restricted access to offices;
(b) organizational measures, for example,
security clearances and limiting access on a
“need-to-know” basis; and
I technological measures, for example, the use of
passwords and encryption.
7.4
Weston will ensure that its employees who are in contact
with personal information are trained in the appropriate
protection of personal information and that they are
aware of the importance of maintaining the
confidentiality of personal information. Employees are
required to abide by this Policy.
7.5 If personal information is disclosed to third parties
for the purpose of processing or another administrative
purpose, Weston will make reasonable efforts to ensure
that the third party uses safeguards to protect personal
information which are comparable to those used by
Weston.
8. Openness
Weston will make
available to individuals information about its policies
and practices relating to the management of personal
information. Weston is open about the policy it has to
ensure the protection of personal information.
8.1 Weston will make this information
readily available to individuals. The information will
be made available in a form that is generally
understandable.
8.2 Weston may make information on its
policies and practices available in a variety of ways,
depending on the nature of the service or product being
provided and the nature of the personal information.
Weston will make all such information available in both
English and French.
9. Individual
Access to Personal Information
Upon the receipt by
Weston of a written request, an individual will be
informed, within a reasonable time following such
request, of the existence, use, and disclosure of his or
her personal information and will be given access to
that information. In certain limited circumstances, as
permitted by law, certain information, such as that
collected and held in the context of an investigation of
the breach of a law or a contract, will not be disclosed
to the individual. Weston has established procedures for
an individual to follow in order to access their
personal information.
9.1 Subject to applicable laws, upon receipt of a written
request from an individual, Weston will inform him or
her whether or not Weston holds personal information
about the individual and make reasonable efforts to
indicate the source of the information. In addition,
Weston will, upon written request, provide a summary of
the use that has been made or is being made of this
information.
9.2 An individual may be required to
provide sufficient information to permit Weston to
provide an account of the existence, use, and disclosure
of personal information. The information provided will
only be used for this purpose.
9.3 Upon receipt of a written request,
Weston will provide an individual the identities of
third parties to which it may have disclosed personal
information about the individual and the purpose for
which the information may have been disclosed to the
third party.
9.4 Weston may charge a reasonable fee to cover its cost of
providing the information, provided that Weston will
inform the individual of the approximate cost of
providing the information prior to doing so and will
afford the individual the opportunity to withdraw his or
her request.
9.5 If an individual successfully demonstrates
the inaccuracy or incompleteness of personal information
held by Weston, Weston will amend the information as
required. Where appropriate, the amended information
will be transmitted to third parties having access to
the information in question.
9.6 Weston may decline to provide an
individual access to his or her information in
accordance with applicable laws. If such a refusal is
made, Weston will inform the individual of the reasons
why such access has been denied, except when Weston is
prohibited from doing so by law.
10. Complaints
and Questions
A person about whom personal information is kept may
challenge Weston concerning its compliance with this
Policy.
10.1 Complaints and questions regarding
Weston’s compliance with this Policy may be made in
writing to the Weston Privacy Officer at 22 St. Clair
Avenue East, Suite 1901, Toronto, Ontario, M4T 2S7, by
phone at 1-800-594-1495 or by e-mail at
westonprivacy@weston.ca.
10.2 Weston has procedures in place to
receive and respond to inquiries or complaints about
this Policy and its practices relating to the handling
of personal information. These procedures will be
provided upon request and are easily accessible on
Weston’s website, www.Weston.ca, and in other published
material with respect to privacy.
10.3 If an individual is not satisfied
with a response by Weston to a complaint or is otherwise
not satisfied with Weston’s policies and practices with
respect to its handling of personal information, a
complaint may be made to the provincial privacy
commissioner of the province where the personal
information of the individual is kept, or to the Federal
Privacy Commissioner at 112 Kent Street, Ottawa,
Ontario, K1A 1H3, 1-800-282-1376. More information can
be obtained at the federal privacy commissioner’s
website,
www.privcom.gc.ca. |
