bitHeads has a practice of protecting the privacy and security of customer, supplier, and employee records. We are committed to meeting our obligations under Canadian data privacy laws, including the Personal Information Protection and Electronic Documents Act and applicable provincial laws. We adhere to the privacy principles set out below, which govern the way we collect, use, store, and disclose personal information that is obtained in the course of development, sales, promotion, and distribution of our products or in the course of employment.
“Personal Information”, as used in this policy, means any information about an identifiable person, including employee records, and customer and supplier information, but does not include the name, title, business address, business telephone number, business fax number, or a business e-mail address of an employee of an organization.
Policy for the Protection of Personal Information:
We will collect, use, store, and disclose personal information in accordance with the following privacy principles:
We are responsible for personal information in our possession or custody, including personal information that we may transfer to third parties for processing. We will require our service providers to agree to contractual requirements that are consistent with our privacy and security policies. We will require that our service providers are prohibited from using personal information, except for the specific purpose for which we supply it to them.
2. Identifying Purposes
Either before or at the time of collection, we will identify the purposes for which we plan to use the Personal Information. Depending upon the way in which the personal information is collected, this can be done orally or in writing. bitHeads may use the information we collect for the following purposes:
- to ship products or provide services to our customers;
- to provide customers access to bitHeads products;
- to respond to customer inquiries about accounts and other services;
- to understand our customers, and prospective customers’ needs, and to offer products and services to meet those needs;
- to conduct credit checks on customers or prospective customers; and
- to meet legal requirements.
Unless required by law, we will not use personal information for a new purpose without the knowledge and consent of the individual to whom the information relates.
Personal information will only be collected, used, or disclosed with the consent of the individual, except in certain circumstances permitted or required by law. The way in which we seek consent may vary depending upon the sensitivity of the information. We will obtain consent in all cases where the personal information involved is considered sensitive, such as income or health information.
Typically, we will seek consent for the use or disclosure of personal information at the time of collection. However, additional consent will be sought after the personal information has been collected, if it is required for a new purpose.
In certain circumstances, obtaining consent would be inappropriate. The federal Personal Information Protection and Electronic Documents Act and provincial privacy laws provide for exceptions where it is impossible or impractical to obtain consent.
4. Limiting Collection
We will collect personal information by fair and lawful means and will limit the amount and type of personal information we collect to that which is necessary for our identified purposes.
5. Limiting Use, Disclosure, and Retention
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
We will use our best efforts to ensure that personal information that is used on an ongoing basis and information that is used to make a decision about an individual is as accurate, complete, and up-to-date as necessary for the purpose for which it is to be used.
We will protect personal information with safeguards appropriate to the level of sensitivity of the information. Our safeguards protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which the information is held. We will exercise care in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the information. Our methods of protection include physical measures (e.g., locked file storage and restricted access to offices), organizational measures (e.g., security clearances and limiting access on a need-to-know basis), and technological measures (e.g., the use of passwords and encryption). We also require our outside service providers to provide a comparable level of protection to personal information that we may supply to them.
8. Individual Access
Upon written request, we will inform an individual of the existence, use, and disclosure of his or her personal information, and give him or her reasonable access to that information. We may deny access for legally permissible reasons, such as situations where the information is prohibitively costly to provide, if it contains references to other individuals, or where it cannot be disclosed for legal, security, or commercial proprietary reasons. We will advise the individual of any reason for denying an access request.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information held by us, we will correct or update the information as required.
9. Filing Inquiries and Complaints
We will investigate all written complaints and respond to all written inquiries. If we find a complaint to be justified, we will take appropriate measures to resolve it.
To file an opt-out request, request access to your information, report incorrect information, file a complaint, please write to Human Resources.