The purpose of this policy is to comply with privacy legislation which requires organizations to build privacy policies that outline how they collect, use and disclose personal information.
There are three beneficial outcomes to this policy:
- Increase customer trust. When our visitors, clients or employees become concerned about the privacy of their personal information, they have a resource they can inspect to be reassured. This document helps reinforce their perception of trust for our company.
- Reduce risk and liability. When we comply with our legal obligations surrounding the management of customer data, we are therefore protecting the company from associated risks which occur from data loss or theft.
- Expose organizational weakness. By taking the time to understand this policy, we are taking the time to think about our customer’s private data and what we are currently doing to protect it.
This policy outlines how Securitas collects, uses, retains, safeguards, discloses and disposes of the personal information of its customers, employees and website visitors.
This Policy describes the way that Securitas will adhere to all relevant federal and where applicable, provincial legislative privacy requirements. The Policy follows the ten principles identified in the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The Policy describes each principle and the method of implementation. Securitas strives to meet or exceed federal and provincial legislative requirements and ensures that it remains current with changing technologies and laws.
Securitas Canada will always respect the confidentiality of the personal information placed in its care. We will endeavor to ensure that the policies affecting the collection, storage and disclosure of personal information reflect the confidential nature of the information.
The Company will comply with all applicable privacy legislation and regulations in force now and in the future related to protecting the confidentiality of personal information.
In Canada, the S e c u ri t as ’ Chief Privacy Officer is:
- Vice President Human Resources, Canada (Alternate as designated by VP HR)
Securitas may designate a Privacy Coordinator, reporting to VP Human Resources, Canada.
The Chief Privacy Officer will ensure that Securitas manages all personal information in its possession in accordance with this Policy including that which may be transferred to a third party. Third party organizations who handle information on behalf of Securitas are contractually obligated to adhere to Securitas’ standards.
- security measures at all levels designed to protect personal information in our possession;
- procedures designed to respond to complaints and/or inquiries;
2. Purpose and Type of Information Collected
Personal information belonging to Customers and Customer's Employees/Visitors
Securitas collects personal information from its customers and members of the public for the following purposes:
- to collect, on behalf of its customers; names. dates, addresses, times of access and times of exit of members of the public to premises for which security services are provided by Securitas
- to provide a record of such access and egress to its customers;
- to provide monitoring and surveillance services for and on behalf of its customers to ensure the safety and security of the premises for which its services have been retained;
- to collect personal information for the purposes of extending credit to its customers and prospective customers and monitoring the credit of its customers in respect of providing services;
- to identify products or services of value to current and prospective customers and to sell or promote such products and services including by direct marketing;
- to comply with legal and regulatory requirements;
- to assist in providing security services for customers;
- to assist in crime prevention and the detection. apprehension and prosecution of offenders.
Securitas will obtain assurances and representations that the necessary consents have been obtained from its customers before providing and/or implementing the services set forth above.
Personal Information belonging to Visitors of Securitas’ Website
Securitas may collect information about an individual who accesses secure areas of our website: www.securitas.ca
Information a visitor may be asked to provide during their use of our website may include the individual's name, address, e-mail address, IP address, age, sex and the other types of personal information as necessary.
All personal information will be treated within the same care and control as other personal information collected by Securitas through other means. It is always the website visitor's choice to provide information in certain fields although failure to complete certain sections may inhibit the user's ability to fully access all areas of the website. Our website also collects non-identifiable information about users such as the user's IP address, the sections of the website visited, and the information downloaded. Securitas may use this non-identifiable information and disclose it to service providers for system administration purposes and to improve the website.
Personal information belonging to Securitas’ Applicants and Employees
Personal information submitted by an applicant to Securitas will only be used by Securitas to support a responsible and efficient recruitment and selection process. Securitas recruitment purposes are as follows:
- matching applicant data with Securitas’ current open positions;
- communicating Securitas’ recruitment and selection procedures;
- contacting applicants to schedule interviews/tests and sending information to applicants about other relevant vacancies.
- processing includes obtaining, recording, holding, organizing, transferring, adapting, amending, recovering, consulting, using, limiting, disclosing by transmission, disseminating or otherwise making available, aligning, blocking destroying and erasing recruitment data.
Securitas shall only collect the personal information belonging to Securitas employees in order to properly establish and maintain our employer/employee relationship regarding an identifiable person that is a present, future or former employee of the Company. Such information will be protected with appropriate safeguards. The Company recognizes the confidential nature of the personal information in its care and its accountability for protecting this personal information. Accountability extends to all employees of Securitas and its directors, officers, managers, employees, representatives and agents including consultants and independent contractors.
Personal information belonging to an employee includes but is not limited to name, home address, home phone number, email address.identity verification information, social insurance number, physical description, age, gender, salary, education, professional designation, personal hobbies and activities, medical history, employment history, credit history, contents of resume, references, interview notes, performance review notes and emergency contact information.
During the hiring process, after an offer of employment an individual may be asked to provide some or all the following:
- Social Insurance Number
- A void cheque or direct deposit form from the employee's financial institution
- Two forms of currently valid Canadian Government issue photo ID; Passport, Birth Certificate.
- Security Guard Licence, Permanent Resident Card, Citizenship Card or Certificate, Provincial Photo Identification Card, Card/Certificate of Indian Status, Age of Majority Card, Work Permit/Work Visa
- Emergency contact information and phone number
- Vehicle Operator's Permit/Driver's Licence and Abstract (for driving positions)
Personal information will be collected, used and disclosed for purposes pertaining to the individual's employment relationship with the Company, including but not limited to the administration of employee hiring, performance reviews. the administration of employee payroll, processing of employee benefit claims, and for the purpose of complying with all applicable labour and employment legislation.
Purposes for the collection, disclosure and use of personal information belonging to employees:
- to verify past employment references pertaining to an application or offer of employment
- to administer payroll, wages and benefits
- to submit income tax contributions under the Income Tax Act
- to verify an individual's date of birth and other identifying information
- to complete enhanced security screening which may require information obtained from credit bureaus, or credit reporting agencies
- to comply with the collection and disclosure of personal information for the purpose of legal, regulatory and/or governmental regulations in accordance with the law.
The purposes for collecting personal information will be documented by the Company. Personal information will only be used for the stated purpose or purposes for which it was originally collected. The purposes for which personal information is being collected will be identified orally or in writing to the individual before it is collected. The person collecting the information will be able to explain the purpose at the time that the information is collected.
The Company may use personal information for a purpose other than the originally stated purpose where the new purpose is required by law or where the Company has obtained consent in writing from the affected individual for each new purpose.
Securitas will use the personal information for the uses specified in Sections 2 and 3.
In addition to using personal information for the provision of security services, Securitas may from time use customer names, addresses and contact information for the purposes of providing promotional opportunities, including by providing the information to Securitas’ marketing and sales departments and other third parties who Securitas believes provide services or goods that may be of interest to an individual. Securitas and any such third parties may contact an individual with promotional information. Securitas will provide an opportunity for the recipient to consent to these opportunities during the registration process. If a recipient consents but later wishes to opt out of this use of information later, they may do so by contacting us as described at Section 3, below.
If at any time, you wish to withdraw y o u r consent to the use of your information for any purposes, you may do so by contacting Securitas’ Chief Privacy Officer at email@example.com. We will do our best to accommodate this request in a timely fashion without diminishing the services we provide. We will explain the impact of such withdrawal on any services or provisions we provide.
Securitas may collect personal information without consent where reasonable to do so and where it is permitted by law.
4. Limiting Collection
Securitas will not indiscriminately collect information. The amount and type of information we collect is limited to that which is required to fulfill our identified purposes.
Securitas will not use any form of deception in gaining personal information.
5. Limiting Use, Disclosure and Retention
Subject to applicable legislation, Securitas shall limit use of personal information it collects to purposes that we have disclosed in Section 2 (Identifying Purposes) and Section 3 (Consent).
Securitas shall maintain documents for certain periods of time dependent upon necessity, for example, occurrence reports for a seven-year period after completion;
Securitas may at some point be involved in the sale, merger, transfer or reorganization of its activities.
Securitas may disclose the personal information collected to a government authority that has asserted its lawful authority to obtain the information or where the organization has reasonable grounds to believe the information is required for an investigation of an unlawful activity, or to comply with a subpoena/warrant/order made by the court, person, or body with jurisdiction to compel the production of the information or otherwise as permitted by applicable law.
Securitas may at its discretion release personal information for the purposes of collecting debts which may be owed to Securitas and may disclose in this regard the personal information it collects to credit reporting agencies.
Certain documents may be subject to legislated retention periods either federally or provincially and these will always be respected by Securitas.
Securitas shall strive to ensure that the information entrusted to us is maintained in an accurate manner. We shall try to maintain the interests of the individual and attempt to ensure that decisions are not made for or about an individual based on personal information that is flawed.
Security safeguards have been implemented to ensure that the personal information collected by Securitas is protected from theft as well as unauthorized access, disclosure, copying, use or modification thereof.
The level of safeguards employed shall be directly related to the level of sensitivity of the personal information collected . The more sensitive the information, the higher the level of security employed.
Methods of protection and safeguards to be employed include limited access (by authorized individuals on a need to know basis) to locked files, offices and storage areas, security clearances as well as technological measures such as passwords and encryption.
Securitas will, upon request, disclose the methods by which it handles personal information. The information available includes:
- the name, work address and phone number of the Chief Privacy Officer for Securitas;
- the forms which one may use to access one's information or change your information;
- a description of the type of personal information held by Securitas and our general uses thereof.
9. Individual Access
Securitas shall disclose whether it holds personal information on an individual upon request by the individual concerned. We shall disclose the source of this information when requested and provide an account of third parties to whom the information may have been disclosed.
Securitas will request enough information to confirm the requestor's identity before releasing their personal information.
Securitas will endeavour to provide this information within 30 days of receipt of the request for information and only charge nominal fees for the purpose of off-setting expenses incurred in supplying the requested information. This information shall be provided in an understandable format. Securitas may extend such 30-day period by up to an additional 30-days by providing written notification to the requestor, if meeting the time limit would unreasonably interfere with the activities of Securitas or the time required to under-take any consultations necessary to respond to the request.
Information that is deemed inaccurate and brought to our attention will be corrected by Securitas as quickly as possible and any pertinent third parties shall be apprised of the corrections in due course.
10. Challenging Compliance
Upon receipt of a complaint Securitas shall make available the complaint procedures which will be simple and easy to access.
Securitas will investigate all complaints. If the complaint is deemed justified Securitas will take the appropriate steps to ensure that compliance is achieved and will make changes to its policies to allow for compliance in the future.
All complaints shall be addressed in writing to: firstname.lastname@example.org
Guidelines for Securitas Employees
Securitas encourages the use of on-line storage for files, documents and data.
It is the responsibility of all mobile/electronic device users accessing corporate resources to ensure all security protocols are followed in the management of data utilizing only the authorized cloud storage services provided by the Company. For example, use OneDrive to immediately store all information.
Safeguarding Privacy/Mobile Devices
Take these precautions when using mobile or other electronic devices – cell phones, portable drives, laptops and related. Securitas has taken precautions to encrypt and safeguard personal information. If it is necessary for you to store personal information on a mobile or similar device, you are responsible for safeguarding such information. (Please refer to the Securitas IT Policy for further information about safeguarding electronic devices.)
Some precautions are (but, not limited to):
1. Consider alternatives to storing personal information on a mobile or other electronic device.
2. Store the information on a server via a protected remote connection.
3. Take only the records that you need to work with.
4. Encrypt the data and password-protect the device.
5. Do not write down or store passwords and encryption keys on the device.
6. Enable the automatic lock feature on your device after five minutes or less of idle time.
7. Set your device so Bluetooth is "off” by default. Turn it on only as necessary.
8. Ensure your mobile device is protected by anti-virus and anti-spyware programs and that they are up to date with the latest security patches.
9. Use a lockable briefcase or laptop case that does not bear any visible logos of the company.
10. Place an "if found, return by calling (phone number)” card inside your briefcase (or knapsack etc.) or on the bottom of your laptop with no other identifying information.
11. When accessing public wireless networks in hot spots in airports. hotels, coffee shops, public libraries. etc. consider that these networks are open and unsafe. Data transmitted by your device across the open airwaves can easily be picked up and read by another device.
12. Do not leave devices containing personal information or other confidential information in your vehicle. When travelling by car, lock your device in the trunk.
13. When carrying portable devices, make sure you have each device and all your belongings when you leave a cab, hotel room, meeting place, airplane or restaurant.
14. Secure your device using a cable lock that can be secured to an immovable object.
15. When the personal information stored on a mobile device is no longer required ensure that it is deleted completely immediately.
16. Ensure that you know exactly what type of personal information is stored on your mobile device if it is lost or stolen.
17. If you lose your device or it is stolen, report the loss Immediately to the Company and to local police. You may be legally required to notify all individuals potentially put at risk.