Our Privacy Policy sets out our standards for collecting, using, disclosing and storing your personal information and is committed to treat personal information with respect and operate in accordance with PIPEDA’s 10 Fair Information Principles as outlined below. Our Privacy Policy also explains how we safeguard personal information and an individual’s right to access that information and is designed to address regulatory expectations.
PRINCIPLE 1 - ACCOUNTABILITY
Cormark will maintain and protect all information under our control. Our Privacy Officer, Julie Eisenstat, is responsible for monitoring appropriate collection, use, and disclosure of personal information as well as handling privacy enquiries and complaints. She is also responsible for privacy governance including, educating our personnel, handling complaints and other issues arising from the obligations under this privacy policy.
PRINCIPLE 2 - IDENTIFYING PURPOSES
At Cormark, we gather and use personal information in accordance with all applicable securities legislation, regulations, rules and policies, as well as the rules of any self-regulatory agency (collectively, the "Securities Laws") applicable to Cormark. We only use personal information for the purposes that we have disclosed such as establishing and servicing your account(s) and to satisfy our obligations pursuant to the “Know-Your-Client” rule. If for any reason personal information is required to fulfill a different purpose, we will obtain consent before we proceed.
PRINCIPLE 3 - CONSENT
When you complete Cormark’s client account form, you are expressly consenting to the collection, use and, where appropriate, disclosure of your personal information. In certain cases, your consent for the collection, use, or disclosure of your personal information can be implied when we can reasonably conclude that you have given your consent by some action you have taken or decided not to take. Your consent can be written or verbal. The choice to provide us with your personal information, either directly or through a third party, is always yours. However, your decision to withhold particular information may result in limiting our ability to provide you with the services or products you requested. Also, from time to time, we may identify a new purpose and seek your consent to use and/or disclose your personal information after it was collected. In some cases, without your consent we may be required to close your existing account(s).
PRINCIPLE 4 - COLLECTION
We may gather such personal information from you in person, over the telephone or by corresponding with you via mail, facsimile, the Internet, or from third parties who have your authority to disclose such personal information to us. With your consent, we may obtain information from other sources, such as a credit bureau or employer. Additionally, by completing the account opening form, you are expressly consenting to disclosure of your personal information to enable us to update your personal information on our records.
While we try to ensure that every third party who discloses personal information to us has your consent to do so, if you believe that a third party has inappropriately disclosed your personal information to us, please contact that third party. If they do not adequately respond to your inquiries, please let us know immediately. When you visit our website, information is not collected that could identify you personally unless you choose to provide it voluntarily. You are welcome to browse the website at any time, anonymously and privately without revealing any personal or financial information about yourself.
The collection, use and disclosure of information by Cormark may include, but is not limited to, the following:
- Surveillance of trading-related activity;
- Sales, financial compliance, trading desk review and other regulatory audits;
- Investigation of potential regulatory and statutory violations;
- Regulatory databases;
- Enforcement or disciplinary proceedings;
- Reporting to securities regulators; and
- Information-sharing with securities regulatory authorities, regulated marketplaces, other self-regulatory organizations and law enforcement agencies in any jurisdiction with any of the foregoing.
PRINCIPLE 5 - LIMITING USE, DISCLOSURE AND RETENTION
In the course of daily operations, access to private, sensitive and confidential or personal information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. As a condition of their employment, all employees of Cormark are required to abide by the privacy standards we have established. Employees are informed about the importance of privacy and they are required to agree to Cormark's Privacy Policy that prohibits the disclosure of any customer information to unauthorized individuals or parties. Unauthorized access to and/or disclosure of personal information by an employee of Cormark is strictly prohibited. All employees are expected to maintain the confidentiality of personal information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
In order to serve you better, we may share some or all of your personal information with entities who provide certain services for our operations. In such situations, we ensure that the third-party service providers will provide same or greater level of protection for your personal information. When we contract our suppliers to provide specialized services, they are given only the information necessary to perform those services. Additionally, they are prohibited from storing, analyzing or using that information for purposes other than to carry out the service they have been contracted to provide. In certain circumstances, we may be compelled by law, regulations or self-regulation to share your personal information. The type of information we are legally required to disclose may relate to criminal investigations or government tax-reporting requirements. In some instances such as a legal proceeding or court order, we may also be required to disclose certain information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the request have legitimate grounds to do so. There are some situations where we are legally permitted to disclose personal information, such as employing reasonable and legal methods to enforce our rights or to investigate suspicion of illegal activities. If you have any questions about how we share your personal information please write to our Privacy Officer. We retain your personal information so long as we need it when you are a customer and for a reasonable time thereafter, or as required by relevant statutory, regulatory or self-regulatory requirements. Our retention standards fulfill our privacy obligations. We destroy your personal information when we no longer need it and is permitted by law, regulations and self- regulation.
PRINCIPLE 6 - ACCURACY
You have the right to access, verify and amend the information held in your personal files. To help us keep your personal information up to date, we encourage you to amend inaccuracies and make corrections as often as necessary. Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file(s), we will make the proper changes. Where appropriate, we will communicate these changes to other parties who may have unintentionally received incorrect information from us. Before Cormark is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavour to respond within an appropriate timeframe.
PRINCIPLE 7 - SAFEGUARDS
We use industry-standard technologies and maintain current security standards to ensure that personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse. Electronic customer files are kept in a highly secured environment with restricted access. Paper-based files are stored in locked filing cabinets. Access is also restricted. We manage our server environment appropriately and our firewall infrastructure is strictly adhered to. Our security practices are reviewed on a regular basis and we routinely employ current technologies to ensure that the confidentiality and privacy of your information is not compromised. Our website uses Secure Socket Layer (SSL) to enhance security when you visit the secured areas of these sites. SSL is the industry-standard tool for protecting and maintaining the security of message transmissions over the Internet. When you access your accounts or send information from secured sites, encryption will scramble your data into an unreadable format to inhibit unauthorized access by others. To safeguard against unauthorized access to your accounts, you are required to "sign-on" using a user ID and a password to certain secured areas of Cormark's website. Both user ID and password are encrypted when sent over the Internet. If you are unable to provide the correct password, you will not be able to access these sections.
PRINCIPLE 8 - OPENNESS
Cormark has policies and procedures for managing personal information. Our Privacy Policy is publicly available on our website and is readily available upon request. If you ask, we will let you know the names of outside companies or organizations we have given information to, unless otherwise prohibited by law. This will not include information given to entities engaged during the normal course of our business or our reporting obligations to statutory, regulatory or self- regulatory authorities including but not limited to Canada Customs and Revenue Agency.
PRINCIPLE 9 – CLIENT ACCESS
If you wish to verify or review your personal information or to find out to whom we have disclosed it pursuant to this privacy policy, we will need 30 days written notice. If we are unable to respond to your query within 30 days, we will inform you of this fact. In certain limited and specific circumstances, we may refuse to provide to you the requested information. Exceptions to your access right can include information that contains personal information about another person, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that has been obtained in the course of an investigation of a potential breach of contract or fraud and information that is subject to solicitor-client or litigation privilege.
If we cannot provide you access to your personal information, we will explain the reason why.
PRINCIPLE 10 – HANDLING CLIENT COMPLAINTS AND SUGGESTIONS
We are committed to treating you with respect and consideration. Despite this, there may be times when you feel you have been treated unjustly when dealing with privacy issues. In most circumstances, such misunderstanding can be cleared by talking to your Registered Representative at Cormark.
If your concern is not resolved, please contact:
Julie Eisenstat, Managing Director, Chief Compliance Officer Cormark Securities Inc.
Royal Bank Plaza, North Tower
200 Bay Street, Suite 1800, P.O. Box 63
Toronto, Ontario M5J 2J2
Tel: 416-943-6494
Email: jeisenstat@cormark.com
If the above steps fail to resolve your concern to your satisfaction, you may contact the Privacy Commissioner of Canada by writing to: The Privacy Commissioner of Canada, Place de Ville Tower B, 3rd Floor, 112 Kent Street, Ottawa, ON, K1A 1H3 or call: 1-800-282-1376 or fax: (613) 947-6850
FOR QUEBEC RESIDENTS
Please note that when your personal information is collected, that information could be disclosed outside your province. If such is the case, the information may be released only after Cormark conducts a Privacy Impact Assessment (“PIA”) and if the PIA establishes that it would receive adequate protection in the service provider’s jurisdiction and in consideration of generally recognized principles regarding the protection of personal information. Cormark will enter into a written agreement with the recipient, the provisions of which will consider the results of the PIA as well as the risk mitigation measures.
UPDATING THIS PRIVACY POLICY
Any changes to our privacy policy and information-handling practices will be acknowledged in this policy in a timely manner. We may add, modify or remove portions of this policy when we feel it is appropriate to do so.
WEBSITES GOVERNED BY THIS PRIVACY POLICY
The website that is governed by the provisions and practices stated in this privacy policy is: www.cormark.com. Cormark's website may contain links to other third-party sites that are not governed by this privacy policy. Although we endeavour to only link to sites with high privacy standards, our privacy policy will no longer apply once you leave the Cormark website. Additionally, we are not responsible for the privacy practices employed by other third-party websites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.