At Barometer Capital Management Inc. (“Barometer”), we are committed to maintaining the accuracy, privacy, and confidentiality of your personal information (defined as recorded information about an identifiable individual), including personal, financial and other details provided to us, or obtained from others within or outside of the firm. We will continually strive to treat you fairly and with respect. For any products or services obtained from Barometer, you will be advised of the purpose of the information collected, how it is used, and shared. And we will only do so with consent, or as required or permitted by law.
Please note that we may amend the Policy from time to time, and post the revisions on our website at www.barometercapital.ca.
Barometer abides by the Federal Personal Information Protection and Electronic Documents Act’s (“PIPEDA”) fair information principles (“Principles”), which are as follows:
1. Accountability: We are responsible for personal information under our control, and we have designated an individual(s) responsible for compliance with the Principles.
2. Identifying Purposes: The purposes for which personal information is collected, will be identified by us at or before the time the information is collected, which may include to provide investment advice, servicing your account, executing securities transactions on your behalf, and fulfilling our responsibilities as required by law.
3. Consent: Your consent is required for the collection, use and disclosure of personal information, subject to certain exceptions. Such exceptions are set out in the law and include where legal, medical or security reasons make it impossible, or impractical, to seek consent. Your consent may be expressed in writing, verbally, electronically, or through authorized representatives. In certain circumstances, it may also be implied or inferred from certain actions such as submitting personal information to Barometer and/or visiting our website. To extent that you provide personal information concerning another individual (i.e. spouse, relative, trustee, etc.) you represent that you have obtained informed consent from that individual for use to collect, use and disclose in accordance with this policy.
You can withdraw all or part of your consent for the collection, use and disclosure of personal information at any time or choose not to have it shared, so long as you give your relationship manager reasonable notice. If you do so, you will be asked to be specific about the information you choose not to be used or disclosed. We will explain to you if there any implications associated with the withdrawal and the significance of each.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified. The primary means for collecting this information is the completion and updating of our New Client Application Form and transactional information in your account. It will be collected by fair and lawful means.
5. Limiting Use, Disclosure, and Retention: Personal information may only be used or disclosed for the purposes for which it was collected, except with your consent or as required by law. It may only be kept for as long as is necessary to satisfy the purposes for which it was collected, or as required or permitted by law.
6. Accuracy: Any personal information that is collected, used or disclosed should be as accurate, complete and as up-to-date as is necessary for the purpose for which it is to be used. To do so we rely to a large extent on you to provide us with accurate information, and inform us of any changes.
7. Safeguards: Personal information shall be protected by security safeguards that are appropriate to the sensitivity of the information, to protect your personal information from unwarranted intrusion, release, or misuse. Client information is kept in a secure area, access to which is controlled. Information stored in computer systems only available to persons requiring access, and controlled by user identifications, passwords, encryption, firewalls, anti-virus, and anonymizing software. We require our service providers to adhere to privacy policies.
8. Openness: Information about our privacy policies and practices for managing your personal information shall be made available to you upon request.
9. Individual Access: Upon written request, you will be informed of the existence, use and disclosure of your personal information and you will be given access to it, subject to certain exceptions, as permitted by law. You may also verify the accuracy and completeness of your information, and request that it be amended, if appropriate.
Collecting, Using and Disclosing Your Information
We will only use fair and lawful means to collect personal information which is pertinent and consistent with the purposes of the collection. We may collect the required information directly from you, or your authorized representative(s), in completed applications and forms, through other means of correspondence, such as by telephone, mail, or through business dealings with us. We may collect your personal information through public sources such as the internet or through other their service providers. In some cases, and with your consent, we may need to ask an independent source to verify or provide supplementary information.
Generally, we collect, use and disclosure your information to:
- Confirm your identify and protect against errors, fraud or misrepresentations;
- Verify previously provided information and ensure the accuracy of our records
- Evaluate your financial needs and suitability of our products and services for you;
- Determine your eligibility for, and provide you with information about products and services;
- Properly administer the products and services we provide you;
- Communication to you with regards to the administration of your products and services;
- Provide you with financial statements, tax receipts, proxy mailings, transaction confirmations and other documentation and information that may be required or requested to service youraccount;
- Provide you and your investment advisor with account information and account statements;
- Comply with a variety of legal and regulatory requirements, such as provincial and federal tax reporting, anti-money laundering, and unclaimed property obligations; and,
- Assist us in understanding your current and future needs.
If you provide us with your email address, we may occasionally send you email offers, informing you about products and services. We require your consent to send you our marketing offers or special promotions by electronic means. Under Canada’s Anti-Spam Legislation (CASL), as our clients we have your implied consent to send you electronic messages unless you notify us otherwise. You may do this by using the unsubscribe feature found in any electronic message we send you or at any time by contacting us.
During the course of providing you with products and services, we may provide personal information to others in situations where:
- Our suppliers, agents or other organizations assist us in serving you require the information (For example outside vendors who provide trading, custody, recordkeeping, and/or performancereporting services);
- We are required or permitted to do so by law or applicable regulators and self-regulatoryOrganizations (Such as financial reporting obligations, to comply with a subpoena, warrant, court order, law or legal process including respond to any government regulatory or law enforcement request, if necessary to protect the rights and property of Barometer);
- We want to prevent, detect, or supress financial abuse, fraud, criminal activity, protect our assets and interests, manage, or settle any actual or potential loss;
- We have your consentIf requested as part of a legal proceeding, we will provide this information upon receipt of the appropriate documentation.
To the extent that any personal information is out of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to governments, courts, and law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
Outside Service Suppliers
In cases where we use service providers to perform specialized services on our behalf, they are only provided with information necessary to perform the services. In addition, they will be required to adhere to confidentiality obligations and/or other restrictions or practices that provide for maintaining such information confidential and not accessible to others.
In the event our service provider is located in a foreign jurisdiction, they are bound by the laws of the jurisdiction in which they are located and may disclosure personal information in accordance with those laws.
Storage and Processing of Personal Information
Barometer stores and processes your personal information in our offices located in Toronto, Ontario or Vancouver, British Columbia, and with our IT service provider located in Canada. General entry to our offices is secured and cannot be accessed by unauthorized personnel without permission.
Respecting and Responding to Your Privacy Concerns
We will investigate and respond to your concerns about any aspect of our handling of your information. Should a privacy breach occur, Barometer implements a four-step plan which is outlined below:
Step 1: Respond and Contain – In the event of a possible security breach, the first step is responding to the potential breach. If determined that an actual breach occurred, containment of the situation will follow. To accomplish Step 1 efficiently, five (5) critical actions must be undertaken as soon as possible following the discovery of a possible incident:
- (i) Report – If a breach is suspected and has not yet been verified, it must be reported to the appropriate individual for the initial investigation (i.e. A manager, VP of Operations and Administration, Compliance, and/or the Privacy Officer). Notification may originate from either an internal or external source. Full details should be provided, including date of potential incident, when and how discovered, location, and cause.
- (ii) Assess – Once the potential incident has been reported to the appropriate individual, an assessment of the incident will be undertaken to determine if a breach has occurred, and risks associated (including information involved, cause and extent, individuals affected, foreseeable harm, etc.)
- (iii) Contain – Once it has been determined that a breach has occurred, containment is followed. This involves taking corrective action such as retrieving personal, isolating/suspending the activity, process and/or system if an electronic breach, etc.
- (iv) Document – The details of the breach will be documented in the Barometer Privacy Breach Report
- (v) Brief – The Privacy Officer will be provided with a copy of the Report to provide guidance, evaluate the response, and identify any areas for possible improvement.
Step 2: Notify – Following a full response and containment of the situation as outlined in Step 1, if a breach has occurred involving the personal information of an individual(s), except in situation when notice is not appropriate or possible (e.g. identities of an individual(s) affected by the breach is unknown, contact information is unavailable, or would interfere with a law enforcement investigation), they will be notified.
The purpose of providing notice of a privacy breach to the affected individual(s) is to provide them with sufficient information about:
- What happened and when;
- If possible, a general description of the types of personal information involved in the breach, including whether any unique identifiers or sensitive personal information was involved in the breach;
- The nature of potential or actual risk of harm;
- What action we have taken to address the situation; and,
- What appropriate action the individual(s) should undertake to protect themselves against harm. Barometer will endeavour to notify the individual(s) as soon as reasonably possible.
Step 3: Investigate – After responding and containing the breach, an internal investigation is undertaken to:
- Identify and analyze the events leading up to the breach;
- Evaluate what was undertaken to contain the breach; and,
- Recommend remedial action to help prevent further breaches.
Step 4: Implement Change – The most vital outcome of any breach is understanding why it occurred and how to prevent and avoid in the future.
A meeting will be held with all parties involved in the breach process once the breach has been fully contained, documented, and investigated. This will help to evaluate the existing privacy/security measures, incident-handling process, and identify areas and/or conduct requiring change and improvement.If you have any questions, concerns or comments regarding your privacy, would like to request access and/or correct your personal information, or opt out of marketing offers, please contact the Privacy Officer with your full name, address and telephone number at:
Barometer Capital Management Inc.
Ron Kelterborn – Privacy Officer
Suite 3220, 181 Bay Street
Toronto, Ontario, M5J 2T3