The Personal Information Protection and Electronic Documents Act (PIPEDA) establishes rules to govern the collection, use, and disclosure of personal information in a manner that recognizes the right to privacy of individuals with respect to their personal information and the need of organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Driven Brands Canada is committed to protecting and respecting the personal information of its customers, employees, business partners, and all other entities it interacts with in accordance with PIPEDA. This policy will provide guidelines to ensure that Driven Brands Canada remains compliant with PIPEDA requirements.
Breach of security safeguards – The loss of, unauthorized access to, or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards, or from a failure to establish those safeguards.
Personal information – Information about an identifiable individual.
Security safeguards – Security safeguards include the following:
Significant harm – Includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property
The following guidelines have been implemented to ensure Driven Brands Canada remains compliant with PIPEDA requirements. The personal information of Driven Brands Canada employees, customers, clients, business partners, etc., must be managed so as to meet the following PIPEDA requirements:
In addition to the above requirements, Driven Brands Canada will designate a representative to hold accountability for the organization's compliance with PIPEDA. The representative will hold responsibility for the management of the personal information policies and procedures of Driven Brands Canada.
The PIPEDA representative shall be responsible for:
Breaches of Security Safeguards
If Driven Brands Canada becomes aware of a breach of our security safeguards that compromises the privacy of the personal information retained by the company, the following action shall be taken:
Notifying Affected Individuals
Determining Whether a Real Risk of Significant Harm Exists
Driven Brands Canada will assess the following factors when determining whether a security breach constitutes a real risk of significant harm to an individual or individuals:
Notice to Nevada Residents
Nevada law allows consumers to direct certain businesses not to sell their personally identifiable information to third parties to license or sell that information to additional third parties. If you are a Nevada resident, you may submit such opt-out requests to firstname.lastname@example.org. To be effective, your request must include your full name, address, phone number, and email address [or other information reasonably necessary to verify the authenticity of the consumer request]. Driven Brands Canada will endeavor to respond to your verified request within 60 days of receiving the request. However, due to unforeseen circumstances, Driven Brands Canada may need to extend this period by up to 30 days. If an extension is reasonably necessary, Driven Brands Canada will notify you of this during the initial 60-day period.
(Insert Title of Appropriate Authority) is responsible for ensuring that all individuals affected by the breach for whom the breach creates a real risk of significant harm are notified at the earliest available opportunity, subject to any legal restrictions. Notifications shall:
In addition to the individual(s) affected by the breach, Driven Brands Canada may notify other parties of the breach or disclose personal information relating to the breach, subject to the following guidelines:
Driven Brands Canada has adopted this Policy to ensure that all Driven Brands Canada employees are aware of our commitment to the privacy and protection of client information.
Protecting the privacy and confidentiality of personal information is an important aspect of the way Driven Brands Canada conducts its business. Collecting, using, and disclosing personal information in an appropriate, responsible, and ethical manner is fundamental to Driven Brands Canada's daily operations.
Driven Brands Canada strives to protect and respect the personal information of its customers, employees, business partners, and so on in accordance with all applicable regional and federal laws. Each staff member of Driven Brands Canada must abide by the organization's procedures and practices when handling personal information.
Requirement of Confidentiality
In accordance with the Privacy Act and PIPEDA (Personal Information Protection and Electronic Documents Act), Driven Brands Canada requires all employees to handle sensitive personal client information in a confidential and appropriate manner. It is understood that employees of Driven Brands Canada will become aware of confidential information regarding our clients through the course of their employment. Employees agree that if confidential information is not effectively protected, the operations of Driven Brands Canada may be threatened, and the well-being and privacy of our clients may suffer irreparably.
Employees of Driven Brands Canada are required to keep all confidential information and relevant medical knowledge regarding both the Company and our clients confidential both during and after their term of employment. These practices have been adopted as they have been deemed essential to the protection of Driven Brands Canada, and the well-being and privacy of our clients.
The following is classed as Confidential Information:
Any information relating to the Company that is freely in the public domain may not be considered "Confidential". In the event that an employee can prove that information was possessed before it was received from Driven Brands Canada, or that information was gained from an unrelated third party, said information will not be classified as "Confidential".
In working for Driven Brands Canada, employees shall not divulge, disclose, provide or disseminate Confidential Information to any third party not employed by Driven Brands Canada at any time, unless Driven Brands Canada gives written authorization. Furthermore, Confidential Information shall not be used for any purpose other than its reasonable use in the normal performance of employment duties for Driven Brands Canada.
Upon termination of employment with Driven Brands Canada, employees shall promptly return (without duplicating or summarizing), any and all material pertaining to Driven Brands Canada business in their possession including, but not limited to: all client information (charts, lists, etc.),physical property, documents, keys, electronic information storage media, manuals, letters, notes and reports.
This agreement will not supersede any legal obligation to disseminate information when required to do so in a court of law.