BlueFlag Networks Privacy Policy
I. SUMMARY
This is BlueFlag’s Privacy Policy.
BlueFlag Networks (“BlueFlag”) provides a broad range of telecommunications services to customers, including Internet access, and local and long distance services in Canada.
We are committed to maintaining the privacy, confidentiality, security and accuracy of BlueFlag customer personal information.
In this privacy policy we use the terms “you”, “your” or “customer” to refer to individuals who interact with BlueFlag as a customer, a potential customer or user of BlueFlag products or services.
This Privacy Policy is a formal statement of principles and guidelines concerning the minimum requirements for the protection of personal information provided by BlueFlag to our customers, and describes how we collect, use and disclose personal information when customers visit or make a purchase from blueflagnetworks.ca (the “Site”). The objective of the Privacy Policy is responsible and transparent practices in the management of personal information, in accordance with the Canadian Standards Association (CSA) Model Code and federal privacy legislation as set out in the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5, as amended (PIPEDA).
II. SCOPE AND APPLICATION
The Privacy Policy applies to all personal information about our customers and potential customers that we collect, use or disclose, and to the management of personal information in any form whether oral, electronic or written. The Privacy Policy does not impose any limits on the collection, use or disclosure of the following information by BlueFlag:
(i) information that is publicly available; or
(ii) the name, title or business address or telephone number of an employee of an organization.
The application of the Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, tariffs or agreements, or the order or determination of any court or other lawful authority, including any applicable regulations, orders or determinations of the Canadian Radio-television and Telecommunications Commission.
III. DEFINITIONS
Collection – the act of gathering, acquiring, recording or otherwise obtaining any personal information from any source, including third parties, by any means.
Consent – voluntarily agreeing to the collection, use and disclosure of personal information for a defined purpose. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require any inference on the part of BlueFlag. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
Customer – an individual who uses, or applies to use, BlueFlag’s products or services or otherwise provides personal information to us in the course of our commercial activities.
Disclosure – the act of making personal information available to a third party for that third party’s use.
Personal information – any information about an identifiable individual, but not aggregated information that cannot be associated with a specific individual. For a customer, such information includes, but is not limited to, a customer’s credit information, billing records, service and equipment information, and any recorded complaints.
Third party – an individual other than the customer, their agent or an organization other than BlueFlag.
Use – the treatment, handling, and management of personal information by BlueFlag.
IV. PRIVACY PRINCIPLES
Principle 1 – Accountability
We are responsible for all personal information under our control and have designated an individual who is accountable for compliance with the following principles (see contact information, below).
1.1 Responsibility for ensuring compliance with the provisions of the Privacy Policy rests with the senior management of BlueFlag. Other individuals within BlueFlag may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.
1.2 BlueFlag’s designated Privacy Officer can be contacted at: info@blueflagnetworks.ca.
1.3 We are responsible for all personal information in our possession or control, including information that we transfer to a third party for processing. We use appropriate means to provide a comparable level of protection while information is being processed by a third party.
1.4 We have implemented policies and procedures to give effect to the Privacy Policy, including:
a) implementing procedures to protect personal information and to oversee our compliance with the Privacy Policy;
b) establishing procedures to receive and respond to inquiries or complaints;
c) training and communicating to staff about our policies and practices; and
d) developing public information to explain our policies and practices.
Principle 2 – Identifying Purposes for Collection of Personal Information
We will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 We collect the following personal information, for the purposes outlined below:
When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device (more information about cookies can be found below). Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
When you register for an account or enrol to receive services from us, we collect …
2.2 We collect the personal information outlined above only for the following purposes:
a) To establish and maintain responsible commercial relations with customers and to provide ongoing service;
b) To understand customer needs;
c) To develop, enhance, market or provide products and services;
d) To manage and develop our business and operations; and
e) To meet legal and regulatory requirements.
Further references to “identified purposes” mean these purposes.
2.3 Unless the purposes are obvious in the circumstances, BlueFlag shall specify orally, electronically or in writing the identified purposes at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within BlueFlag who shall explain the purposes.
2.4 Unless required by law, we will not use or disclose, for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining any consent required by law.
2.5 We use cookies in order to understand consumer interests. “Cookies” are small information packets that a website creates which are stored on the hard drive of a user’s computer by the user’s browser software. We use cookies to track and collect information relating to use of the Site by the public. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. We also collect information using log files (which track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps), web beacons, tags and pixels (electronic files used to record information about how you browse the Site).
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent is required for the collection, use or disclosure of personal information, except for in limited circumstances, as outlined below.
3.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge or consent of the individual. For example, BlueFlag may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated.
BlueFlag may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a law.
BlueFlag may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.
BlueFlag may disclose personal information without knowledge or consent to a lawyer representing BlueFlag, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required by law.
3.2 In obtaining consent, we will use reasonable efforts to ensure that you are advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood.
3.3 Generally, we will seek consent to use and disclose personal information at the same time they collect the information. However, BlueFlag may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.
3.4 BlueFlag will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes. For example, we may collect customers’ IP address, MAC address, and router settings from routers connected to our network for the purpose of providing ongoing service. We use this data to routinely monitor and manage end-users’ connectivity and performance on our network.
3.5 In determining the appropriate form of consent, we will take into account the sensitivity of the personal information and the reasonable expectations of our customers.
3.6 In general, the use of products and services by a customer constitutes implied consent for us to collect, use and disclose personal information for all identified purposes.
3.7 A customer may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw your consent, we may no longer be able to provide you with services and may need to terminate your account. Customers may contact BlueFlag at info@blueflagnetworks.ca for more information regarding the implications of withdrawing consent.
Principle 4 – Limiting Collection of Personal Information
We limit the collection of personal information to that which is necessary for the purposes identified, and only collect personal information by fair and lawful means.
4.1 We generally collect personal information directly from our customers.
4.2 We may also collect personal information from other sources including credit bureaus, personal references, or other third parties that represent that they have the right to disclose the information.
Principle 5 – Limiting Use, Disclosure and Retention of Personal Information
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law, and we will retain personal information only as long as necessary for the fulfillment of those purposes.
5.1 We do not disclose personal information with anyone outside BlueFlag where we can avoid it.
We limit how much information we disclose to third parties: With respect to third party requests for information, where we are required to disclose personal information we limit it to the information required in the circumstances, provide it only for the purpose stipulated, and make it subject to strict terms of confidentiality. When a court orders us to provide personal information, we tell you about it unless we have been ordered by law not to, and we follow up regularly to question whether non-disclosure orders ought to remain in force.
5.3 In addition, BlueFlag may disclose a customer’s personal information to:
a) another telecommunications services provider for the efficient and effective provision of telecommunications services;
b) an entity involved in supplying the customer with communications or communications directory related services;
c) another entity for the development, enhancement, marketing or provision of any of the products or services of BlueFlag;
d) an agent retained by BlueFlag in connection with the collection of the customer’s account;
e) credit grantors and reporting agencies;
f) a person who, in the reasonable judgment of BlueFlag, is seeking the information as an agent of the customer; and
g) a third party or parties, where the customer consents to such disclosure or disclosure is required by law.
However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. For example, we use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may use de-identified information that is derived from personal information for any purpose. “De-identified information” means information that cannot reasonably be connected to a particular individual.
5.4 Only those employees and contractors of BlueFlag who require access for business reasons, or whose duties reasonably so require, are granted access to personal information about customers and other employees.
5.5 We keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, we retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
Principle 6 – Accuracy of Personal Information
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by BlueFlag shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer, such as the extension of credit to the customer.
6.2. We update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7 – Security Safeguards
We protect personal information by security safeguards appropriate to the sensitivity of the information.
7.1 We protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.
7.2 We protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
7.3 All employees of BlueFlag with access to personal information are required as a condition of employment to respect the confidentiality of personal information.
Principle 8 – Openness Concerning Policies and Practices
We make readily available specific information about our policies and practices relating to the management of personal information.
8.1 We make information about our policies and practices easy to understand, including:
a) The title and address of the person or persons accountable for our compliance with the Privacy Policy and to whom inquiries or complaints can be forwarded;
b) The means of gaining access to personal information we hold; and
c) A description of the type of personal information we hold, including a general account of its use.
8.2 To this end, we make available information to help customers exercise choices regarding the use of their personal information and the privacy-enhancing services available from BlueFlag.
Principle 9 – Access to Personal Information
On request, we will inform you of the existence, use and disclosure of your personal information and will give you access, as provided by law. You can challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon request, we will provide our customers with a reasonable opportunity to review the personal information about them in our custody or control. Personal information shall be provided in understandable form within a reasonable time and at minimal or no cost to the individual.
9.2 In certain situations, we may not be able to provide access to all of the personal information that we hold about a customer. For example, BlueFlag may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, we may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, we will provide the reasons for denying access to the extent that we may lawfully do so, upon request.
9.3 Upon request, we will provide an account of the use and disclosure of personal information and, where reasonably possible, state the source of the information. In providing an account of disclosure, we will provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.4 In order to safeguard personal information, you will be required to provide sufficient identification information to permit us to account for the existence, use and disclosure of personal information and to authorize access to the individual’s personal information. Any such information shall be used only for this purpose.
9.5 We will correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted. Where appropriate, we will transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.7 You can seek access to your personal information by contacting our privacy officer.
Principle 10 – Challenging Compliance
A customer can address a challenge concerning compliance with the above principles to the designated person or persons accountable for BlueFlag’s compliance with the Privacy Policy.
10.1 We will maintain procedures for addressing and responding to all inquiries or complaints about our handling of personal information.
10.2 We will inform our customers about the existence of these procedures as well as the availability of complaint procedures.
10.3 The person or persons accountable for compliance with the Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints.
10.4 We will investigate all complaints concerning compliance with the Privacy Policy. If a complaint is found to be justified, we will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer shall be informed of the outcome of the investigation regarding his or her complaint.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@blueflagnetworks.ca, or by mail using the details provided below:
BlueFlag Networks
c/o Frontier Networks Inc.
530 Kipling Avenue
Toronto, Ontario
M8Z 5E3
BlueFlag will continue to review the Privacy Policy on a regular basis to make sure it is relevant and remains current with changing technologies and laws and the evolving needs of BlueFlag and our customers.
V. ADDITIONAL INFORMATION
For a copy of the Personal Information Protection and Electronic Documents Act, please see the Privacy Commissioner of Canada website at http://www.priv.gc.ca/.
BlueFlag Networks Privacy Policy v1 Feb 2019