Principle #1: The Company is accountable for personal information in its possession or control.
• The company is accountable for all personal information in its possession or control. This includes any personal information that the company received from customers who are individuals, or employees.
• The company has:
- policies and procedures aimed at properly protecting personal information;
- See Principle #7
in keeping personal information private;
- All employees have been made aware of their responsibility to keep all personal information private and to not discuss any personal information with anyone outside of the office, without the permission of the customer or employee.
- appointed its Chief Privacy Officer to oversee privacy issues at the company.
- The Chief Privacy Officer is the Vice President of the corporation.
Principle #2 The Company identifies the purposes for which it collects personal information from customers and employees before it is collected.
• The company collects personal information from customers and employees and uses and discloses such information, only for business purposes. The types of information that may be collected for this reason, and the purposes for which it is collected, are set out in under Principles 3 and 4 of this privacy statement.
Principle #3 -The Company obtains a customer’s consent before collecting personal information from that customer, and the Company obtains consent from employees before collecting and maintaining personal information.
• For applications for credit, the customer acknowledges that the company is collecting personal information and by signing the application, consents to its use by the company.
• For employees, the employment contract signed by each employee outlines the fact that the company collects and maintains personal information, and by signing the employment contract the employee acknowledges the Company’s policy and consents to the use of the information.
Such personal information could include:
• home telephone numbers
• personal/business identification numbers (e.g., social insurance numbers, credit card numbers, tax business numbers)
• financial information (credit ratings, payroll information, personal indebtedness)
• personnel information (e.g., employment history, references to criminal records, medical records)
Principle #4 - The company collects only that personal information required to operate its business, and such information is collected by fair and lawful means.
• The company and its’ employees only collect information that is required to determine creditworthiness to customers, and such information that is required for employees to file appropriate tax documents, and maintain employee records.
Principle #5 - The company uses or discloses personal information only for purposes for which it has consent, or as required by law. The company retains personal information only as long as necessary to fulfill those purposes.
• Customer credit files are maintained as long as the customer continues to purchase or is expected to purchase product from BLM. Private information that has been obtained for credit purposes will be maintained in these files.
• The personal information collected from employees is used to maintain employee information so that tax and government reporting requirements can be met. Information is maintained for 7 years as part of the company’s policy of record retention.
• The company regularly and systematically destroys personal information no longer required to fulfill the identified collection purposes, and no longer required by laws and regulations.
Principle #6 - The company endeavors to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.
• Individual customers and employees are encouraged to contact BLM to update their personal information.
Principle #7 - The Company protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.
• Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Employees are authorized to access personal information based only on their job responsibilities.
• Passwords are used to prevent unauthorized access to personal information stored electronically.
• For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the company obtains appropriate assurance that the level of protection of personal information by the third party is equivalent to that of the company.
Principle #8 -The Company is open about the procedures it uses to manage personal information.
Principle #9 - The Company responds on a timely basis to requests from customers and employees about their personal information which the company possesses or controls.
• Individual customers and employees of the company have the right to contact the Chief Privacy Officer and obtain access to their personal information. Similarly, authorized officers, representatives or employees of organizations that are customers and employees of the company have the right to contact the Chief Privacy Officer and obtain access to personal information provided by that individual. In certain situations, however, the company may not be able to give customers and employees access to all their personal information. The company will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.
• The company has policies and procedures to receive, investigate, and respond to customers and employees' complaints and questions relating to privacy.