Personal Information and Privacy Policy

Strum Environmental adheres to and abides by the principles set out in the Personal Information Protection and Electronic Documents Act. All employees associated with this office must be made aware of the requirements of the Act.

1. The Policy Statement

Strum only collects personal information which is necessary to effectively investigate and assess environmental issues. This information is kept confidential and is utilized exclusively to provide professional and competent consultant services to clients.

2. The Person In Charge

Contact details for the Privacy Compliance Officer responsible for privacy compliance at Strum is made available to all clients on our webpage. The responsibilities of the Privacy Compliance Officer shall include:

(a) Establish and update information protection policies;
(b) Ensure policies are implemented by other organizations to which data-processing functions are outsourced;
(c) Establish criteria for classification of information;
(d) Evaluate the accessibility of sensitive information and take corrective action where necessary;
(e) Provide education to employees on the importance of information protection;
(f) Attempt to resolve client privacy complaints to the satisfaction of the client.

3. The Collection, Use and Disclosure of Personal Information

(a) Only information necessary to effectively investigate and assess environmental issues, and to otherwise provide professional and competent consultant services to clients will be collected;
(b) No personal information shall be collected from an individual without first obtaining the consent of the individual for the collection, use and dissemination of that information;
(c) Express consent (whether oral or written) must always be obtained - except in the following situation: Consent may be implied where the information is not sensitive and where it can be reasonably assumed that the individual would expect the information to be disclosed in this fashion;
(d) Once information is collected, it will be used and disclosed only for the purposes disclosed to the individual;
(e) All representation agreements must include the approved privacy clauses.

4. Disclosure for New Purpose

(a) Anyone using personal information for some new purpose that extends beyond the consent already provided must obtain the express consent of the person for that use;
(b) Requests for information by law enforcement officials, lawyers, private investigators or other agents or subpoenas for documents issued by the court must be referred to the (privacy officer/office manager or broker/agent as appropriate).

5. Protection Information

Information must be protected in a manner commensurate with its sensitivity, value and criticality. This policy applies regardless of the media on which information is stored, the locations where the information is stored, the systems used to process the information, or the processes by which information is handled.

(a) Collection and Disclosure
(i) Meetings with clients on these premises must take place in a place and manner to ensure confidentiality;
(ii) Mail and faxes must be routed directly to the intended recipient;
(iii) Information should be available to other persons in the office only on a need-to-know basis.

(b) Storage
(i) Filing cabinets designated by the Office Manager to contain personal, including sensitive, information are to be kept secured at all times;
(ii) All personnel have computer passwords. These passwords are confidential and are not to be shared with any unauthorized persons.

(c) Destruction
(i) Strum has implemented a record retention and destruction policy. All paper documentation that is not filed is promptly shredded once the project has been finalized.

6. Accuracy of Personal Information

To ensure the quality of the information collected:

(a) Insofar as possible, personal information should be collected directly from the client;
(b) Public property information should be verified;
(c) Disclaimers of accuracy in the form approved by the office should always be attached to any disclosure of information.

7. Access to Personal Information

(a) Copies of this policy, approved by Strum, should always be available to the public in the reception area of the office;
(b) The individual set out in Section 3 as being responsible for privacy compliance is the person responsible for responding to access requests and all such requests will be referred to her. All staff will co-operate fully with the privacy compliance officer in responding to requests;
(c) On written request and appropriate identification satisfactory to the organization, an individual will be advised of personal information about him/her retained in the firm's records;
(d) Where information cannot be disclosed (for example the information contains reference to other individuals or is subject to solicitor-client privilege) the individual will be given reasons for non-disclosure;
(e) An individual may have appended to a record, any alternative information where the office is of the view that the appended information is, in fact, correct;
(f) A minimal administrative fee may be charged to supply the information.

8. Compliance

(a) Any complaints from an individual concerning the collection, use or disclosure of their personal information or concerning the individual's ability to access their personal information must be referred to the privacy compliance officer, who will attempt to resolve the complaint to the individual's satisfaction;
(b) In the event the complaint cannot be resolved internally to the individual's satisfaction, he or she will be advised of where to direct the complaint.