Zayo Canada Inc.. and its subsidiaries (hereafter the “Company”) provide a complete range of services to customers, including voice, data and cyber security services within Canada.
The Company is committed to maintaining the accuracy, confidentiality, security and privacy of personal information of customers and employees. The Company’s “Privacy Code” is a formal statement of principles and guidelines concerning the minimum requirements for the protection of personal information provided by the Company to its customers and employees. The objective of the Privacy Code is to ensure responsible and transparent practices in the management of personal information, in accordance with the Personal Information Protection and Electronic Documents Act [PIPEDA]. This version of the Privacy Code was updated August 2016.
The Company will review its Privacy Code at least every five years to ensure it is relevant and remains current with changing technologies and laws and the evolving needs of the Company, its customers and employees.
The Privacy Code is approved for use by the General Counsel – Zayo Group LLC.
The ten principles that form the basis of the Company’s Privacy Code are interrelated and the Company will adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. As permitted by the Personal Information Protection and Electronic Documents Act [PIPEDA], the commentary in this Privacy Code has been tailored to reflect personal information issues specific to the Company.
The scope and application of the Privacy Code are as follows:
1. The Privacy Code applies to Zayo Canada Inc. and its subsidiaries. The Privacy Code applies to business a customer transacts with the Company or anyone acting as an agent on the Company’s behalf.
2. The Privacy Code applies to personal information about the Company’s customers and employees that is collected, used, or disclosed by the Company.
3. The Privacy Code applies to the management of personal information in any form whether oral, electronic or written.
4. The Privacy Code does not impose any limits on the collection, use or disclosure of the following information by the Company:
a) the name, title, business address, electronic address or telephone number of an employee of the Company or a customer of the Company; or
b) other information about the customer or employee that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act.
5. The application of the Company’s Privacy Code is subject to the requirements or provisions of Part I of the Personal Information Protection and Electronic Documents Act, and any other applicable legislation or regulation, including any applicable regulations of the Canadian Radio-television and Telecommunications Commission, or the order of any court, or other lawful authority.
“collection” – the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
“consent” – voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of the Company. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
“customer” – a corporation, limited liability company, trust, joint venture, association, company, limited or general partnership, unincorporated organization, governmental authority or other entity who uses the Company’s products or services or otherwise provides personal information on behalf of itself or its associated clients to the Company in the course of the Company’s commercial activities.
“disclosure” – making personal information available to a third party.
“employee” – an employee or pensioner of the Company, and for the purpose of this Privacy Code only, includes independent and other contractors performing services within the Company.
“Company” – Zayo Canada Inc. and its subsidiaries: Allstream Business Inc. and Allstream Voice Inc..
“personal information” – information about an identifiable individual but not aggregated information that cannot be associated with a specific individual.
For a customer, this includes “client” information processed on behalf of the customer by the Company and is limited to personal information specifically identified and mutually agreed to by both parties within executed contract documents.
For an employee, such information includes information found in personal employment files, performance appraisals, and medical and benefits information.
“third party” – an individual other than the customer, or the customer’s agent, or organization outside the Company.
“use” – the treatment, handling, and management of personal information by and within the Company.
The Company is responsible for personal information under its control. The Privacy Officer for Zayo Canada Inc. is accountable for the Company’s compliance with the Privacy Code.
1.1 Other individuals within the Company may be delegated to take responsibility for the day-to-day collection and processing of personal information through approved methods and procedures.
1.2 The Company is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing or other purposes related to the Company’s business and operations. The Company uses contractual means to provide a comparable level of protection while the information is in the possession of the third party.
The Company will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 The Company collects personal information only for the following purposes:
a) to establish and maintain responsible commercial relations with customers and to provide ongoing service;
b) to manage and develop the Company’s business and operations, including personnel and employment matters; and
c) to meet legal and regulatory requirements.
2.2 The Company will disclose to the customer or employee using plain language, the purpose of personal information collection. Persons collecting personal information are accountable to explain these identified purposes or refer the individual to a designated person within the Company who will explain the identified purposes.
2.3 Unless required or permitted by law, the Company will not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer or employee.
The knowledge and consent of a customer or employee are required for the collection, use, or disclosure of personal information, except where inappropriate.
3.1 In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, the Company may collect, use or disclose personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way.
The Company may also collect, use and disclose personal information without knowledge or consent if:
a) seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law;
b) there is an emergency where the life, health or security of an individual is threatened;
c) disclosure is to a lawyer representing the Company, to collect a debt, to comply with a subpoena, warrant or other court order, or otherwise required or permitted by law; or
d) the customer has acted as the “data collector” on behalf of its “client” and has contractually engaged the Company to process personal information on its behalf for the delivery of contracted services.
3.2 In obtaining consent, the Company will use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes will be stated in plain language, easily understood by the customer or employee.
3.3 The Company will obtain consent from an individual at the same time it collects the information using appropriate means to document acceptance. The Company will seek additional consent from an individual should previously collected information be used for additional or alternate purposes.
3.4 In general, the use of the Company’s products and services by a customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for the Company to collect, use and disclose personal information for all identified purposes.
3.5 A customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and employees may contact the Company for more information regarding the implications of withdrawing consent.
The Company will limit the collection of personal information to that which is necessary for the purposes identified by the Company.
The Company will collect personal information by fair and lawful means.
4.1 The Company collects personal information primarily from its customers or employees.
4.2 The Company may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties that represent that they have the right to disclose the information.
The Company will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
The Company will retain personal information only as long as necessary for the fulfillment of those purposes.
5.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. (See Principle 3.1)
5.2 In addition, the Company may disclose a customer’s personal information to
a) another telecommunications company for the efficient and cost-effective provision of telecommunications services;
b) a company or individual retained by the Companyto perform functions on the Company’s behalf, such as research and data processing;
c) a public authority or agent of a public authority, if in the reasonable judgment of the Company, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information;
d) a person who, in the reasonable judgment of the Company, is seeking the information as an agent of the customer; and
e) a third party or parties, where the customer consents to such disclosure or disclosure is required or permitted by law.
5.3 The Company may disclose personal information about its employees:
a) for normal personnel and benefits administration;
b) in the context of providing references regarding current or former employees in response to requests from prospective employers; or
c) where disclosure is required or permitted by law.
5.4 Only those Company employees who require access for business reasons, or whose duties reasonably so require are granted access to personal information about customers and employees.
5.5 The Company will keep personal information only as long as it remains necessary or relevant for the identified purposes, as required by law or to allow for reasonable access by an individual. Personal information will be destroyed using approved methods in accordance with records retention policies.
5.6 Personal information may be stored or processed outside of Canada to provide customer or employees with service or to support the Company’s operations, and therefore may be subject to the legal jurisdiction of such non-Canadian territory. The Company provides this information to companies it outsources in alignment with internal privacy impact assessment recommendations including negotiating suitable contracts which stipulate privacy controls on the processing, use and security of personal information needed for the purpose of providing the services in question.
The personal information the Company maintains will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by the Company will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.
6.2 The Company will update personal information about customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
The Company will protect personal information through security safeguards appropriate to the sensitivity of the information.
7.1 The Company will use appropriate security measures to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction regardless of the format in which it is held. The Company will use care in disposing of or destroying personal information to prevent unauthorized parties from gaining access to the information.
7.2 The Company will protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information, the purposes for which it is to be used.
7.3 All employees of the Company, with access to personal information will be required as an ongoing condition of employment to respect the confidentiality of personal information.
The Company will make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.
8.1 The Company will make information about its policies and practices easy to understand, including:
a) The title and address of the person or persons accountable for the Company’s compliance with the Privacy Code and to whom inquiries or complaints can be forwarded;
b) The means of gaining access to personal information held by the Company; and
c) A description of the type of personal information held by the Company, including a general account of its use.
8.2 The Company will make available information to help customers and employees exercise choices regarding the use of their personal information and the privacy-enhancing services available from the Company.
The Company will inform a customer or employee of the existence, use, and disclosure of his or her personal information upon request and will give the individual access to that information, except in certain circumstances.
9.1 A customer or employee will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Upon request, the Company will afford customers and employees a reasonable opportunity to review the personal information in the individual’s file. Personal information will be provided in understandable form within a reasonable time and at a minimal or no cost to the individual.
A customer can obtain information or seek access to its information by contacting a customer service representative.
An employee can obtain information or seek access to his or her individual files by contacting their manager or People Operations representative.
9.2 In certain situations, the Company may not be able to provide access to all of the personal information it holds about a customer or employee. The Company will provide the reasons for denying access upon request and any instructions for redress.
9.3 The Company will promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness will be noted in the individual’s file. Where appropriate, the Company will transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
A customer or employee will be able to address a challenge concerning compliance with the above principles to the Company’s Privacy Officer, the person accountable for the Company’s compliance with the Privacy Code.
10.1 The Company will maintain procedures for addressing and responding to all inquiries or complaints from its customers and employees about the Company’s handling of personal information.
10.2 The Company will investigate all complaints concerning compliance with the Privacy Code. If a complaint is found to be justified, the Company will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee will be informed of the outcome of the investigation regarding his or her complaint.
For detailed inquiries or unresolved privacy concerns related to Zayo Canada Inc., please contact:
Zayo Canada – Privacy Officer
200 Wellington Street West,
Toronto, Ontario, M5V 3G2
For a copy of the Personal Information Protection and Electronic Documents Act, or information on processing privacy complaints, please engage the Privacy Commissioner of Canada web site at http://www.priv.gc.ca/index_e.ASP.