PRINCIPLE 1 - ACCOUNTABILITY
PRINCIPLE 2 - IDENTIFYING PURPOSES
At Cormark, we gather and use personal information in accordance with all applicable securities legislation, regulations, rules and policies, as well as the rules of any self-regulatory agency (collectively, the "Securities Laws") applicable to Cormark. We only use personal information for the purposes that we have disclosed such as establishing and servicing your account(s) and to satisfy our obligations pursuant to the “Know-Your-Client” rule. If for any reason personal information is required to fulfill a different purpose, we will obtain consent before we proceed.
PRINCIPLE 3 - CONSENT
When you complete Cormark’s client account form, you are expressly consenting to the collection, use and, where appropriate, disclosure of your personal information. In certain cases, your consent for the collection, use, or disclosure of your personal information can be implied when we can reasonably conclude that you have given your consent by some action you have taken or decided not to take. Your consent can be written or verbal. The choice to provide us with your personal information, either directly or through a third party, is always yours. However, your decision to withhold particular information may result in limiting our ability to provide you with the services or products you requested. Also, from time to time, we may identify a new purpose and seek your consent to use and/or disclose your personal information after it was collected. In some cases, without your consent we may be required to close your existing account(s).
PRINCIPLE 4 - COLLECTION
We may gather such personal information from you in person, over the telephone or by corresponding with you via mail, facsimile, the Internet, or from third parties who have your authority to disclose such personal information to us. With your consent, we may obtain information from other sources, such as a credit bureau or employer. Additionally, by completing the account opening form, you are expressly consenting to disclosure of your personal information to enable us to update your personal information on our records.
While we try to ensure that every third party who discloses personal information to us has your consent to do so, if you believe that a third party has inappropriately disclosed your personal information to us, please contact that third party. If they do not adequately respond to your inquiries, please let us know immediately. When you visit our website, information is not collected that could identify you personally unless you choose to provide it voluntarily. You are welcome to browse the website at any time, anonymously and privately without revealing any personal or financial information about yourself.
The collection, use and disclosure of information by Cormark may include, but is not limited to, the following:
PRINCIPLE 5 - LIMITING USE, DISCLOSURE AND RETENTION
- Surveillance of trading-related activity;
- Sales, financial compliance, trading desk review and other regulatory audits;
- Investigation of potential regulatory and statutory violations;
- Regulatory databases;
- Enforcement or disciplinary proceedings;
- Reporting to securities regulators; and
- Information-sharing with securities regulatory authorities, regulated marketplaces, other self-regulatory organizations and law enforcement agencies in any jurisdiction with any of the foregoing.
In the course of daily operations, access to private, sensitive and confidential or personal information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. As a condition of their employment, all employees of Cormark are required to abide by the privacy standards we have established. Employees are informed about the importance of privacy and they are required to agree to Cormark's Policy and Procedure Manual that prohibits the disclosure of any customer information to unauthorized individuals or parties. Unauthorized access to and/or disclosure of personal information by an employee of Cormark is strictly prohibited. All employees are expected to maintain the confidentiality of personal information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
In order to serve you better, we may share some or all of your personal information with entities who provide certain services for our operations. In such situations, we ensure that the third-party service providers will provide same or greater level of protection for your personal information. When we contract our suppliers to provide specialized services, they are given only the information necessary to perform those services. Additionally, they are prohibited from storing, analyzing or using that information for purposes other than to carry out the service they have been contracted to provide. In certain circumstances, we may be compelled by law, regulations or self-regulation to share your personal information. The type of information we are legally required to disclose may relate to criminal investigations or government tax-reporting requirements. In some instances such as a legal proceeding or court order, we may also be required to disclose certain information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the request have legitimate grounds to do so. There are some situations where we are legally permitted to disclose personal information, such as employing reasonable and legal methods to enforce our rights or to investigate suspicion of illegal activities. If you have any questions about how we share your personal information please write to our Privacy Officer. We retain your personal information so long as we need it when you are a customer and for a reasonable time thereafter, or as required by relevant statutory, regulatory or self-regulatory requirements. Our retention standards fulfill our privacy obligations. We destroy your personal information when we no longer need it and is permitted by law, regulations and self- regulation.
PRINCIPLE 6 - ACCURACY
You have the right to access, verify and amend the information held in your personal files. To help us keep your personal information up to date, we encourage you to amend inaccuracies and make corrections as often as necessary. Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file(s), we will make the proper changes. Where appropriate, we will communicate these changes to other parties who may have unintentionally received incorrect information from us. Before Cormark is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavour to respond within an appropriate timeframe.
PRINCIPLE 7 - SAFEGUARDS
We use industry-standard technologies and maintain current security standards to ensure that personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse. Electronic customer files are kept in a highly secured environment with restricted access. Paper-based files are stored in locked filing cabinets. Access is also restricted. We manage our server environment appropriately and our firewall infrastructure is strictly adhered to. Our security practices are reviewed on a regular basis and we routinely employ current technologies to ensure that the confidentiality and privacy of your information is not compromised. Our website uses Secure Socket Layer (SSL) and 128-bit encryption technologies to enhance security when you visit the secured areas of these sites. SSL is the industry-standard tool for protecting and maintaining the security of message transmissions over the Internet. When you access your accounts or send information from secured sites, encryption will scramble your data into an unreadable format to inhibit unauthorized access by others. To safeguard against unauthorized access to your accounts, you are required to "sign-on" using a user ID and a password to certain secured areas of Cormark's website. Both user ID and password are encrypted when sent over the Internet. If you are unable to provide the correct password, you will not be able to access these sections.
PRINCIPLE 8 - OPENNESS
PRINCIPLE 9 – CLIENT ACCESS
If we cannot provide you access to your personal information, we will explain the reason why.
PRINCIPLE 10 – HANDLING CLIENT COMPLAINTS AND SUGGESTIONS
We are committed to treating you with respect and consideration. Despite this, there may be times when you feel you have been treated unjustly when dealing with privacy issues. In most circumstances, such misunderstanding can be cleared by talking to your Registered Representative at Cormark.
If your concern is not resolved, please contact:
Julie Eisenstat, Managing Director, Chief Compliance Officer Cormark Securities Inc.
Royal Bank Plaza, North Tower
200 Bay Street, Suite 1800, P.O. Box 63
Toronto, Ontario M5J 2J2
If the above steps fail to resolve your concern to your satisfaction, you may contact the Privacy Commissioner of Canada by writing to: The Privacy Commissioner of Canada, Place de Ville Tower B, 3rd Floor, 112 Kent Street, Ottawa, ON, K1A 1H3 or call: 1-800-282-1376 or fax: (613) 947-6850