Privacy Code Sysmarc is committed to protecting and safeguarding the privacy and security of customer and employee personal information. Sysmarc has implemented a Privacy Code and has updated its Customer Privacy Policy to comply with the Personal Information Protection and Electronic Documents Act that comes into effect on January 1, 2001. Sysmarc’s Privacy Code sets out the principles and guidelines that Sysmarc has adopted for the management of personal information of its customers and employees and is in accordance with the Personal Information Protection and Electronic Documents Act and the ten principles of Canadian Standards Association Model Code for the Protection of Personal Information (the "Privacy Principles"). Sysmarc’s Privacy Code is based on the Privacy Principles that establish the minimum requirements for the protection of personal information provided by customers and employees. The Privacy Code applies to personal information about customers and employees of Sysmarc that we collect, use or disclose. Personal information is defined as information about an identifiable individual. For a customer, personal information includes subscriber information and usage of our products and services, credit information, billing records, any recorded dealings with us. See our Customer Privacy Policy for more details. For an employee, such information includes information found in employee personal files, medical and benefits information, performance evaluations. Personal Information does not include information that is publicly available, such as a customer’s name, address, telephone number, when listed in a directory or any other similar sources. The name, title or business address and telephone number of an employee is not considered personal information. 1. Accountability 1.1 Sysmarc is responsible for all customer and employee personal information in its possession and under its control. Sysmarc has designated its Vice President as Privacy Officer to oversee the organization’s compliance with its privacy code and the federal Privacy Act. There maybe other individuals within Sysmarc who are designated with the responsibility for day-to-day collection and management of customer and employee personal information. 1.2 Sysmarc has established policies and procedures to implement and comply with its Privacy Code, including procedures relating to the collection, handling, storage and destruction of personal information. Sysmarc’s staff has been provided the requisite education and training to protect personal information and to deal with complaints on privacy issues. 1.3 Sysmarc is not responsible for any personal information transferred to third parties for processing on its behalf. Sysmarc uses contractual means to provide an appropriate level of protection for such transferred information. 2. Identifying the purposes for collection of personal information 2.1 Generally, Sysmarc collects personal information from customers for the following purposes: to establish and maintain commercial relations with customers and to provide ongoing service;to understand customer needs and to provide personalized features and services;to administer billing and accounting services and security measures in relation to the customer’s business with Sysmarc;to monitor customer history, evaluate credit standing, to share or exchange credit reports and information with credit reporting agencies and credit bureaus and to collect any unpaid amounts owing to Sysmarc;to develop, enhance, market or provide products and services;to promote and to market additional products, goods and services offered by Sysmarc, including by means of direct marketing;to prepare aggregated user statistics or information summaries in order to describe our services to third parties such as prospective business partners and advertisers;to contact the customer to fulfill distribution of prizes if the customer wins a promotion or contest;to manage and develop Sysmarc’s business and operations;to meet legal and regulatory requirements including requirements or requests of government agencies or pursuant to a subpoena or other legal proceeding.2.2 The purposes for the collection, use and disclosure of customer personal information are identified in Sysmarc’s Customer Privacy Policy and in our general terms and conditions of service.2.3 Sysmarc collects and uses personal information about its employees for the following purposes:to evaluate your qualifications and suitability for and to consider offering you employment with us;to initiate, maintain and develop our relationship with you in connection with your employment with us;to administer salary payments and employment benefits;to monitor your employment record with us and your compliance with our policies and business practices;to conduct performance appraisals;to meet federal and provincial requirements, including for statutory salary deductions; and to comply with any legal and regulatory requirements, including requirements or requests of government agencies or pursuant to a subpoena or other legal proceeding.Business related information such as name, title, address and telephone/fax/e-mail address of employees are not considered to be personal information.2.4  In the event that customer or employee personal information is required to be used or disclosed for a purpose that is not listed above and in respect of which the customer or employee has not previously granted his or her consent, the personal information will not be used or disclosed without first identifying the new purpose and obtaining the customer's or employee’s consent. 3. Obtaining consent 3.1 The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where noted below.3.2 The consent may be express, implied, or given through an authorized representative. In determining the appropriate form of consent, the sensitivity of the information and reasonable expectations of the individual is taken into account. Implied consent is generally appropriate when the information is less sensitive.3.3 Sysmarc makes reasonable efforts to inform its customers and employees how any personal information collected will be used and disclosed. Sysmarc makes each customer aware that the products and services to which he or she is subscribing are provided pursuant to Sysmarc’s general terms and conditions of service and its Privacy Policy. The customer can view the terms and conditions and the Customer Privacy Policy on Sysmarc’s web site at www.Sysmarc.ca or contact Sysmarc for a copy of the general terms and conditions and Customer Privacy Policy.3.4 Generally, consent to use and disclose personal information is sought at the same time it is collected. Sometimes, however, Sysmarc may identify a new purpose and seek consent to use and disclose the personal information after it has been collected.3.5 An individual can withdraw consent to use personal information at any time, subject to any legal or contractual restrictions and reasonable notice. Sysmarc will inform individuals of the implications, if any, of withdrawing consent and how to do so.3.6 Exceptions for collection, use and disclosure without consent(a) Personal information may be collected without the knowledge or consent of the individual if:the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way;it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; orthe information is publicly available and is specified by the regulations.(b) Personal Information may be used without the knowledge or consent of the individual if:in the course of its activities, Sysmarc becomes aware of information that it has reasonable grounds to believe could be useful in the investigation of a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed, and the information is used for the purpose of investigating that contravention;it is used for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual;it is used for statistical, or scholarly study or research purposes that cannot be achieved without using the information, the information is used in a manner that will ensure its confidentiality, it is impracticable to obtain consent and Sysmarc informs the Privacy Commissioner of the use before the information is used;it is publicly available and is specified by the regulations; orit was collected under paragraph (a)(i) or (ii) above.(c) Personal information may be disclosed without the knowledge or consent of the individual if the disclosure is:made to, in the Province of Quebec, an advocate or notary or, in any other province, a barrister or solicitor who is representing the organization; for the purpose of collecting a debt owed by the individual to Sysmarc;required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;made to a government institution or part of a government institution or an investigative body that has made a request for the information and identified its lawful authority to obtain the information.made to a person who needs the information because of an emergency that threatens the life, health or security of an individual and, if the individual whom the information is about is alive, the organization informs that individual in writing without delay of the disclosure;of information that is publicly available and is specified by the regulations;made by an investigative body and the disclosure is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;required by law. 4. Limiting collection of personal information4.1 Sysmarc will collect only the amount and type of personal information needed for the purposes it has identified. Personal information is collected by fair and lawful means.4.2 Although Sysmarc will collect personal information primarily from customers and employees, it may also collect personal information from other sources including credit bureaus, or other third parties who represent that they have the right to disclose the information. 5. Limiting use, disclosure and retention of personal information5.1 The personal information that Sysmarc collects is used or disclosed only for the purposes for which it was collected, unless the individual gives consent or as required by law. Sysmarc may disclose personal information without consent when it is required to do so by law, e.g. subpoenas, search warrants, other court and government orders, or demands from other parties who have a legal right to personal information, or to protect the security and integrity of its network or system. In such circumstances, the interests of the individual is protected by ensuring that:orders or demands appear to comply with the laws under which they were issued; and Sysmarc discloses only the personal information that is legally required, and nothing more. The customer or employee may be notified that an order requiring disclosure has been received, if the law allows it.5.2 Only employees with a business need-to-know, or whose duties so require, are granted access to customer and employee personal information.5.3 Sysmarc will retain personal information only as long as necessary to fulfill the identified purposes. Depending on the circumstances, personal information used to make a decision about a customer or employee is kept long enough to allow the customer or employee access to the information after the decision has been made.5.4 Sysmarc has established reasonable guidelines and procedures for information and records retention, and any personal information no longer needed for its identified purposes or for legal requirements will be destroyed, erased or made anonymous within a reasonable period of time 6. Ensuring accuracy of personal information6.1 Personal information collected by Sysmarc will be kept as accurate, complete and as up-to-date as necessary for the identified purposes. Sysmarc will rely exclusively on the representation provided by individuals in determining the completeness, accuracy, and timeliness of the personal information and will have no obligation to seek independent verification of any personal information supplied by the individual. 7. Safeguarding personal information7.1 Sysmarc will protect personal information with safeguards appropriate to the sensitivity of the information. Sysmarc has implemented appropriate safeguards to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. Sysmarc’s employees are made aware of the need to maintain the confidentiality of all personal information. 8. Making information about policies and procedures available to customers and employees8.1 Sysmarc’s policies and practices for the protection of personal information are made available to customers, employees and general public. Sysmarc’s Privacy Policy is posted on Sysmarc’s web site and informs customers about the type of personal information it collects, what it is used for and to whom the information is disclosed. 9. Providing access to personal information9.1 When customers or employees request it, Sysmarc will disclose to them what personal information Sysmarc has about the customer or employee, what it is being used for, and to whom it has been disclosed, and will give them reasonable access to their information. Sysmarc will provide a list of the third parties to which it may have disclosed the personal information when it is not possible to provide an actual list. Wrong or incomplete information will be amended and the amended information transmitted to third parties where appropriate. Any dispute over amending a file will be recorded and details of disputed data provided to third parties where appropriate.9.2 In certain situations, however, Sysmarc may not be able to give customers or employees access to all personal information it holds about the customer or employee. This may, for example, be the case when the information is unreasonably costly to provide, the information contains references to other individuals, the information cannot be disclosed for legal, security or commercial proprietary reasons or the information is subject to solicitor-client or litigation privilege. Sysmarc will explain the reasons for denying access in writing, and the recourse available to the customer or employee.9.3 Sysmarc will make reasonable efforts to respond to an individual’s request for access to his or her personal information no later than 30 days after receipt of the written request, and at minimal or no cost. The individual will be informed of any extensions to the time limit and his or her right to complain to the Privacy Commissioner.9.4 Sysmarc may not provide access to personal information to an individual if doing so would likely reveal personal information about a third party, unless:the information about the third party can be severed from the record containing the information about the individual, in which case it will be severed prior to providing the access; orthe third party consents to the access; orthe individual needs the information because an individual's life, health or security is threatened.9.5 Access to personal information will not be given if:the information is protected by solicitor-client privilege;to do so would reveal confidential commercial information;to do so could reasonably be expected to threaten the life or security of another individual; orthe information was generated in the course of a formal dispute resolution process.9.6 A customer can obtain information or seek access to his or her personal information by contacting a Sysmarc representative at any of Sysmarc’s offices.9.7 An employee can obtain information or seek access to his or her individual personal file by contacting his or her immediate supervisor at work. 10. Handling complaints and questions10.1  Customers or employees may challenge Sysmarc’s compliance with its Privacy Code. Sysmarc has implemented an internal escalation policy to deal with the receipt, investigation and responses to complaints and questions regarding privacy issues.10.2  All complaints and questions will be responded to in a timely manner under the circumstances. All complaints will be investigated and appropriate measures taken to correct deficient policies and practices. Customers or employees have the right to contact the Privacy Commissioner in the event of any dispute.If the Privacy Officer is unable to resolve the issue, a written complaint may be filed with the federal Privacy Commissioner