PRIVACY POLICY OF
Oberon Capital Corporation
Oberon Capital Corporation (“Oberon”, “we” or “our”) is committed to protecting the personal information we collect in the course of our business. This privacy policy (the “Policy”) describes in clear and simple terms the manner in which we respect our obligations in terms of protection of personal information and more specifically our practices regarding the collection, use, disclosure, retention and destruction of your personal information. Our person in charge of the protection of personal information (the “Chief Compliance Officer”), whose full contact details can be found in article 10, ensures compliance and implementation of the Policy.
In order to ensure the implementation of the Policy, be assured that we have put in place internal practices concerning the management of your personal information. These practices include a framework on:
- The security of your personal information;
- Management and prevention of confidentiality incidents;
- Performing privacy impact assessments; and
- Retention of your information throughout its life cycle.
Our commitment to you is clear :
- Be concise, clear and transparent;
- Obtain your consent when necessary;
- Allow you to exercise your rights regarding your personal information; and
- Protect the confidentiality of your personal information.
Our Policy has been developed in compliance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, the Act respecting the protection of personal information in the private sector, RLRQ, c. P-39.1 and similar provincial legislation.
Policy content
1. TO WHOM OUR POLICY IS AIMED AT?
2. WHAT PERSONAL INFORMATION DO WE COLLECT AND FOR WHAT PURPOSES?
3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
4. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
5. TO WHOM MAY WE COMMUNICATE YOUR PERSONAL INFORMATION?
6. CAN YOUR PERSONAL INFORMATION BE COMMUNICATED OR STORED OUTSIDE QUEBEC OR CANADA?
7. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
8. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION?
9. CONFIDENTIALITY INCIDENT
10. HOW TO CONTACT OUR PERSON IN CHARGE OF THE PROTECTION OF PERSONAL INFORMATION?
11. POLICY UPDATE
1. TO WHOM OUR POLICY IS AIMED AT?
The Policy applies to personal information collected in the course of all our activities, with the exception of personal information collected in respect of our employees, former employees and applicants for employment with us. It applies in particular to personal information collected when you visit our website and when you contact us by any other means of communication or when you visit our offices or one of our service points. The Policy therefore applies, for example:
- To our past, present and future customers;
- To all users of our website;
- To all persons contacting us.
Please note, however, that you are still responsible for protecting your personal information when you visit other third-party websites. Our Policy does not apply to the collection, use, disclosure or retention of your personal information by other websites, although some links on our website may allow you to access content from other third parties. We are not responsible for their policy regarding the protection of personal information and we encourage you to read the privacy notices or policies regarding the protection of personal information governing these third parties.
This Policy does not apply to the personal information of our employees, former employees or applicants for employment with us in the context of their employment, past, present or future, as another policy applies specifically to them and is available to them by contacting the Chief Compliance Officer.
2. WHAT PERSONAL INFORMATION DO WE COLLECT AND FOR WHAT PURPOSES?
Personal information is any information which relates to a natural person and allows directly or indirectly that person to be identified, whether taken separately or in combination with other information. For greater clarity, personal information is any information which allows you to identify:
- a person directly, for example an identifier such as a name, government ID; or
- indirectly through the combination of several specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity.
Please note that we collect only the personal information necessary to provide you with our products and services. Below are the categories of personal information we collect and examples for each category. This information is all collected for a specific purpose detailed after the following table.
TYPES OF PERSONAL INFORMATION | EXAMPLES | PURPOSES |
---|---|---|
Identity and contact information |
|
For identification or authentication purposes (see paragraph 2.1) |
Contacting you (see paragraph 2.3) | ||
Meet our legal and regulatory obligations (see paragraph 2.5) | ||
Send you advertising offers, promotions or any other communications (see paragraph 2.6) | ||
Commercial information |
|
To provide you with our products and services (see paragraph 2.2) |
For identification or authentication purposes (see paragraph 2.1) | ||
Meet our legal and regulatory obligations (see paragraph 2.5) | ||
Financial information |
|
To provide you with our products and services (see paragraph 2.2) |
Meet our legal and regulatory obligations (see paragraph 2.5) | ||
Information about your communications with us |
|
Contacting you (see paragraph 2.3) |
To provide you with our products and services (see paragraph 2.2) | ||
Information about your digital interactions
To learn more about our use of cookies, please see our Cookie Policy. |
|
Send you advertising offers, promotions or any other communications (see paragraph 2.6) |
Managing our risks (see paragraph 2.4) | ||
Analytics (see paragraph 2.7) | ||
Sensitive information |
|
For identification or authentication purposes (see paragraph 2.1) |
Meet our legal and regulatory obligations (see paragraph 2.5) |
Scroll right to view more
In general, we collect your personal information in order to offer you our products and services and to improve them. Except as provided by law, if we need to use your personal information for purposes other than those set out in this Policy, we will obtain your consent before using this information.
We collect your personal information, to the extent permitted by law, for:
2.1 Identification or authentication purposes
When we wish to register you as a new customer, we require certain information to identify you. This information will be used in particular to find your file and to ensure that your information is associated with your account when you wish to benefit from our products and services and the associated guarantees.
In general, we collect Identity and contact Information to fulfill this purpose. Your information may also be used in certain cases to authenticate you, for example to ensure that you are the right person when you wish to access your file.
2.2 Providing you with our products and services
When you do business with us, it is necessary for us to process some of your information in order to determine your eligibility for our products and services, to advise you appropriately based on your needs, to answer any questions you may have, to handle your complaints and to assist you in all your dealings. In achieving this purpose, it is possible that:
- Determine your eligibility for our services;
- Advise you adequately based on your needs;
- Register you as a client;
- Provide and administer financial services or other services or solutions; and
- Administer and manage the relationships we have with you, including accounting and taking other measures related to the quality of our business relationships.
2.3 Contacting you
As part of our business relationship with you, we may need to contact you from time to time to inform you of important changes applicable to your products and services and inform you of changes to our Policy or Cookie Policy.
In general, we collect Identity and contact Information to fulfill this purpose.
2.4 Managing our risks
As an enterprise, we need to take a number of preventive actions to manage the risks associated with our activities, in order to avoid financial losses, operational breakdowns and internal and external fraud. To this end we:
- Monitor any suspicious activity in your account;
- Monitor any suspicious activity and ensure the security of our communications and other systems to prevent security threats, fraud, and other criminal or malicious activities;
- Monitor access to our offices; and
- Use surveillance camera recordings.
2.5 Meet our legal and regulatory obligations
In operating our enterprise and due to the nature of our activities, we must comply with certain legal and regulatory obligations. We are therefore obliged to use your information in order to, for example:
- Comply with the Income Tax Act;
- Defend ourselves in the event of legal claims or demands;
- Comply with the requirements of the Autorité des marchés financiers (AMF).
2.6 Send you promotions or any other communications by email, paper mail or telephone
In order to offer you a more personalized service, we may use your personal information to communicate offers likely to meet your needs, our latest promotions, newsletters or surveys, for example.
In order to adequately personalize these communications, we may analyze your personal information for profiling purposes. This allows us to avoid sending you communications that do not correspond to your expectations.
Please note that we will only send you these communications if you have, where required by law, chosen to receive them, and that you may withdraw your consent at any time.
2.7 Analytics purposes
As part of our business relationship, we may track information about your digital interactions for internal analytics purposes and for testing purposes to ensure the safety of our system and safeguard of the information uploaded thereon.
3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Most of the time, we collect your personal information directly from you. There are, however, situations in which we may collect your personal information from other sources, with your consent or as required by law:
- From other third parties to help us serve or protect you, for example:
- From other entities affiliated with our group;
- From our business partners;
- From your financial advisors.
- Based on your use of our products and services or our website.
4. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to protecting personal information in our possession in accordance with industry standards. To this end, we implement reasonable security measures to protect your personal information against loss, theft, unauthorized access, disclosure and unauthorized use. Our security measures are adapted to the amount and sensitivity of personal information.
TYPES OF MEASURES | EXAMPLES OF MEASURES |
---|---|
Technical measures |
|
Administrative measures |
|
Material measures |
|
Scroll right to view more
Please note, however, that the transmission of personal information over the Internet is never completely secure. Although we take every precaution to protect your personal information, we cannot guarantee the security of personal information transmitted over the Internet. You choose to transmit information through this channel at your own risk.
If you believe that your personal information has been compromised or if you have any concerns in this regard, we invite you to contact our Chief Compliance Officer at the contact details provided in article 10.
5. TO WHOM MAY WE COMMUNICATE YOUR PERSONAL INFORMATION?
Within our enterprise, access to your personal information is limited to those employees who require access in order to perform their duties. These employees are made aware of the need to protect personal information, and policies are in place to ensure their protection.
However, in order to offer you affordable, quality products and services, we must communicate some of your personal information outside our enterprise. Rest assured that we require third parties to whom we disclose your personal information to respect the standards set by law and the security measures required to protect your personal information. We never sell your personal information, and will only disclose in compliance with applicable privacy laws.
5.1 To our service providers and partners
In order to carry out certain purposes described in the Policy, we do business with service providers to whom we may communicate or give access to your personal information when necessary for the performance of their service contract.
However, rest assured that we put in place written contracts with our service providers in order to nameley:
- Guarantee the confidentiality of your personal information;
- Ensure that the information is used only to perform the service agreement;
- Ensure that the service provider does not retain any personal information when it is no longer required for the performance of the service agreement, with the exception of information contained in backup systems, which will be deleted according to the deletion cycle predetermined by the service provider;
- Ensure that the service provider communicates with us immediately in the event of a confidentiality incident or any attempt to do so.
The categories of service provider with whom we do business include the following:
- Computer and technical services
- Communication and marketing firms;
- Accounting firms;
- Law firms;
- Printing service;
- Security and surveillance camera service;
- Mail delivery service;
- Cloud hosting service.
5.2 To our various legal entities within our group
We may share some of your personal information with other legal entities within our group where necessary to comply with our legal and regulatory obligations as described in paragraph 2.5 and to provide you with our products and services.
For example, certain entities belonging to our group specialize in offering certain products and services and offer them on behalf of our entire group. In this context, the communication of your personal information is necessary in order to offer you the products and services required.
5.3 To courts, law enforcement authorities, regulators, governmental officials or prosecutors
More specifically, we may disclose your personal information to comply with a search warrant, to respond to an investigative body, to comply with a court order, if we believe disclosure is necessary to comply with applicable laws, if required by law, to pursue a legal claim or to assert a defence. For example, in certain circumstance we may be required to disclose your personal information to AMF.
5.4 To other third parties
We may need to disclose your personal information to other third parties in certain specific circumstances, always within the limits permitted by law or after obtaining your consent, for example:
- As part of a business transaction (a merger, an acquisition by another enterprise, obtaining a loan or financing, for example);
- In the event of insolvency or bankruptcy.
6. CAN YOUR PERSONAL INFORMATION BE COMMUNICATED OR STORED OUTSIDE QUEBEC OR CANADA?
Yes. Our headquarters are in the province of Ontario and we process your personal information in Ontario. The subcontractors with whom we do business and other third parties to whom we disclose your personal information may operate outside Quebec and Canada. Some of our service providers are in the United States and process your personal information outside Quebec or Canada and some are located in the United States but their databases where they stock your Personal Information are located in Canada.
In all cases where we disclose your personal information outside Quebec or Canada, we ensure that your personal information is handled securely and in compliance with this Policy, and that a written agreement exists with the third party regarding the handling of your personal information. In addition, before disclosing your personal information outside Quebec, we always conduct a privacy impact assessment to evaluate, among other things, the risks inherent in the disclosure as well as the applicable legal regime of the state where your information would be disclosed.
We will not disclose your personal information unless we are satisfied that it will be adequately protected.
7. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
The personal information we collect is retained only as long as necessary to fulfill the purposes set out in article 2 of the Policy and to comply with our legal and regulatory obligations. We have internal procedures and policies in place to ensure that your personal information is subject to a specified retention schedule, and that it is securely destroyed or, when allowed by application privacy laws, anonymized once this period has elapsed. If the information has been anonymized, it is no longer possible to identify you directly or indirectly, as this is an irreversible process.
If you have any questions concerning the retention of your personal information, please contact our Chief Compliance Officer using the contact details provided in article 10.
8. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION?
8.1 Access to your personal information
Subject to the exceptions provided by law, you have the right to request a copy of, or access to, the personal information we hold about you. At your request we will confirm the existence of the personal information, communicate it to you and allow you to obtain a copy of it. At your request, computerized personal information will be communicated in the form of a written and intelligible transcript. If you are handicapped, reasonable accommodation will be provided on request to enable you to exercise the right of access provided for in this section. You may exercise your right of access by contacting our Chief Compliance Officer at the coordinates provided in article10. Also note that:
- Access to your personal information is free of charge. However, in certain circumstances, such as if the request is excessive or unfounded, we may charge an administration fee for transcribing, reproducing, transmitting or requesting additional copies of your personal information. We will inform you of any such charges before processing your request;
- We generally respond to all requests for access within 30 days of receipt of any necessary information. When we are unable to grant access, or if additional time is required to fulfill a request, we will notify you in writing.
- Unless doing so raises serious practical difficulties, computerized personal information collected from you and not created or inferred using personal information concerning you, will, at your request, be communicated to you in a structured, commonly used technology format. The information will also be communicated, at your request, to any person or body authorized by law to collect such information.
8.2 Rectification of your personal information
If you consider that your personal information is inaccurate or incomplete, you may rectify it by contacting our Chief Compliance Officer at the coordinates provided in article 10. It is your responsibility to inform us of any changes to your personal information so that we can ensure that your personal information is kept up to date.
8.3 Obtain information on the processing of your personal information
You have the right to obtain additional information relating to the processing of your personal information. If you cannot find the answer to your questions in the Policy, you can contact our Chief Compliance Officer using the contact details provided in article10.
8.4 Being informed if you are the subject of a decision based exclusively on automated processing
At the moment, we do not use your personal information to make a decision based exclusively on automated processing. If we use your personal information to make a decision based exclusively on automated processing, we will notify you no later than the time we inform you of the decision. In such a case, you also have the right, upon request:
- to be informed of the information used to make the decision;
- the reasons as well as the main factors and parameters that led to the decision;
- to have the personal information used to make the decision rectified; and
- to present your observations to a member of our team able to review the decision if necessary.
You may exercise this right by contacting our Chief Compliance Officer at the coordinates provided in article 10.
8.5 Withdraw your consent
When you give your consent for secondary purposes, in other words, purposes that are not essential to offer you our products and services, you may withdraw it at any time, without any consequence.
However, if you refuse to provide us with personal information that is necessary for us to offer you our products and services or that is required by law, we may no longer be able to provide you with some of our services. In this case, we may have to cancel our commitment to you. You will, however, be informed of the occurrence of such a situation.
8.6 Dissatisfaction with the management of your personal information
If you have any questions, concerns or dissatisfaction with this Policy or with the management of your personal information or you wish to lodge a complaint, you may contact our Chief Compliance Officer at the coordinates provided in article 10.
9. CONFIDENTIALITY INCIDENT
We take any incident or attempted incident of confidentiality, whether potential or real, seriously. For the purposes of the Policy, a “Confidentiality Incident” refers to any unauthorized access, use, or communication of personal information, as well as the loss of personal information or any other breach of its protection. Any Confidentiality Incident is taken seriously and communicated to regulatory authorities and affected individuals in accordance with applicable privacy laws. Our Chief Compliance Officer will engage competent authorities to assist in resolving the issue.
If you have concerns regarding the collection, use, disclosure, retention, or destruction of your personal information, you can directly contact our Chief Compliance Officer using the contact details provided in article10.
10. HOW TO CONTACT OUR PERSON IN CHARGE OF THE PROTECTION OF PERSONAL INFORMATION?
The protection of your personal information is important to us. We have appointed a Chief Compliance Officer who oversees compliance with and implementation of applicable legislation regarding the protection of personal information and acts as the person in charge of the protection of personal information. You can reach her using the following contact details:
Aida Reis
Chief Compliance Officer
The Exchange Tower, 1800-130 King St. W.,
Toronto, Ontario, M5X 1E3
Canada
Phone number: 416-509-4827
Email: aida.reis@oberoncapcorp.com
11. POLICY UPDATE
This Policy takes effect on the date mentioned at the top of the page and replaces all previous versions. The history of previous versions of the Policy can be obtained by request to our Chief Compliance Officer.
The Policy may be updated at our sole discretion based on changes in our practices and legislation on protection of personal information. When the Policy is updated, the changes will be specifically brought to your attention and a notice will be available on the home page of our website. When the changes are of a material nature or require your consent, we will notify you by email if we have your email address.