As of January 1, 2004, organizations in Canada, which collect, use or disclose personal information in the course of commercial activities will have to comply with the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).
As required by the legislation, Gateway Group has put in place policies and procedures to effectively safeguard any confidential information that we have on file or collect going forward. To meet our obligations, we closely follow the ten fundamental principles set out under PIPEDA.
Gateway Group has designated a Privacy Officer (“PO”). A PO is a person within an organization whose job it is to:
· Respond to requests for access to and correction of personal information and general issues concerning personal information. Contact information for the PO is set out below. Every complaint will be investigated and where a complaint is found to be justified, Gateway Group will take appropriate measures, including amending our policies and practices, when necessary.
PURPOSE OF COLLECTING PERSONAL INFORMATION
Gateway Group will identify the purposes for which it collects the personal information before or when we ask for the information. We will also ensure that the collection of personal information is necessary to fulfill the purposes identified. We will not use or disclose this information for any other purpose other than those for which it was collected.
The purposes for which the personal information of employees is collected may include, but is not limited to:
· Administering payroll and employee benefit programs;
· Conducting performance evaluations and discipline;
· Conducting internal reviews, investigations and complaint resolution processes;
· Complying with legal and regulatory obligations; and,
· Celebrating milestones in the employees career and life.
The purposes for which the personal information of customers is collected may include, but is not limited to:
· Processing and completing transactions;
· Verifying credit card numbers;
· Communicating with customers;
· Establishing and maintaining relations;
· Developing, marketing or providing products and services;
· Recommending particular products and services; and,
· Complying with legal and regulatory obligations.
Gateway Group will obtain consent from a customer whose personal information is collected, used or disclosed. This consent will be obtained before or at the time of collection. In obtaining consent, Gateway Group shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.
In obtaining consent, Gateway Group will take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees. Consent will not be obtained through deception.
Should Gateway Group wish to use your personal information for a purpose not contemplated at the time of the initial collection we may use your contact information to ask you for your consent to use your personal information for the new purpose. Gateway Group may also use your contact information to let you know of promotions or new products that may be of interest to you.
The way in which Gateway Group seeks consent may vary, depending on the circumstances and the type of information collected. We will generally seek express consent when the information is likely to be considered sensitive. This may be done through the use of either the credit application or the cookbook order form, depending on the type of business you are conducting with Gateway Group. We will rely on implied consent only where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating. Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
We collect personal information only to the extent that is necessary for the purposes identified above. The personal information is collected using policies and procedures that are fair and lawful.
LIMITING USE, DISCLOSURE AND RETENTION
Gateway Group will use or disclose personal information only for the reasons it was collected, unless a customer provides consent to use or disclose it for another reason, or law requires it. Customer information on file will be kept for a minimum of seven years from the final closing of the customer file, or the date the last service was provided to the customer.
The type of information we collect is limited to the following:
· Company name and address for billing purposes
· Customer name and address for the purposes of sending out information or promotional packages
· Annual Sales volume, federal tax ID#, for credit purposes
· Bank name, address, phone number and contact person, for reference purposes
· Credit card information for transaction purposes
· Drivers license number for credit card verification purposes.
· Information required for tax reporting purposes
This information may be made available to related companies or third party service providers to fulfill the purposes for which it has been collected.
The information may also be disclosed to self-regulatory organizations, which may use the information to review, monitor, and audit or investigate Gateway Group’s compliance with securities rules. The information provided to the self-regulatory organizations may, in turn, be reported to other securities regulators, regulated marketplaces, other self-regulatory organizations or law enforcement agencies.
KEEPING INFORMATION ACCURATE
Gateway Group has a responsibility to ensure that all personal information on file is accurate, complete and up-to-date. Customers may, verbally or in writing, request that their personal information be amended as appropriate.
SAFEGUARDING PERSONAL INFORMATION
Security safeguards are in place to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, uses, or modification regardless of the format in which it is held. Gateway Group’s safeguards vary depending on the sensitivity of the personal information. The highest level of protection is given to the most sensitive personal information.
Gateway Group ensures that customers have access to information regarding the policies and practices we use to manage your personal information. This information is made available in a variety of formats so that it is readily available and easy to understand.
A customer may request in writing access to their personal information on request to the Privacy Officer. Gateway Group will inform the customer whether or not the organization holds personal information and provide an account of the use that has been made of this information, and identify any third parties to which it has been disclosed. When a customer demonstrates the inaccuracy or incompleteness of personal information, the information will be amended as required.
COMPLAINTS AND SUGGESTIONS
If you would like to make an inquiry, suggestion or complaint regarding Gateway’s personal information handling practices, please contact the Privacy Officer.