BlueFlag Networks (“BlueFlag”) provides a broad range of telecommunications services to customers, including Internet access, and local and long distance services in Canada.
We are committed to maintaining the privacy, confidentiality, security and accuracy of BlueFlag customer personal information.
II. SCOPE AND APPLICATION
(i) information that is publicly available; or
(ii) the name, title or business address or telephone number of an employee of an organization.
Collection – the act of gathering, acquiring, recording or otherwise obtaining any personal information from any source, including third parties, by any means.
Consent – voluntarily agreeing to the collection, use and disclosure of personal information for a defined purpose. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require any inference on the part of BlueFlag. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
Customer – an individual who uses, or applies to use, BlueFlag’s products or services or otherwise provides personal information to us in the course of our commercial activities.
Disclosure – the act of making personal information available to a third party for that third party’s use.
Personal information – any information about an identifiable individual, but not aggregated information that cannot be associated with a specific individual. For a customer, such information includes, but is not limited to, a customer’s credit information, billing records, service and equipment information, and any recorded complaints.
Third party – an individual other than the customer, their agent or an organization other than BlueFlag.
Use – the treatment, handling, and management of personal information by BlueFlag.
IV. PRIVACY PRINCIPLES
Principle 1 – Accountability
We are responsible for all personal information under our control and have designated an individual who is accountable for compliance with the following principles (see contact information, below).
1.2 BlueFlag’s designated Privacy Officer can be contacted at: firstname.lastname@example.org.
1.3 We are responsible for all personal information in our possession or control, including information that we transfer to a third party for processing. We use appropriate means to provide a comparable level of protection while information is being processed by a third party.
b) establishing procedures to receive and respond to inquiries or complaints;
c) training and communicating to staff about our policies and practices; and
d) developing public information to explain our policies and practices.
Principle 2 – Identifying Purposes for Collection of Personal Information
We will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 We collect the following personal information, for the purposes outlined below:
When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device (more information about cookies can be found below). Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
When you register for an account or enrol to receive services from us, we collect …
2.2 We collect the personal information outlined above only for the following purposes:
a) To establish and maintain responsible commercial relations with customers and to provide ongoing service;
b) To understand customer needs;
c) To develop, enhance, market or provide products and services;
d) To manage and develop our business and operations; and
e) To meet legal and regulatory requirements.
Further references to “identified purposes” mean these purposes.
2.3 Unless the purposes are obvious in the circumstances, BlueFlag shall specify orally, electronically or in writing the identified purposes at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within BlueFlag who shall explain the purposes.
2.4 Unless required by law, we will not use or disclose, for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining any consent required by law.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent is required for the collection, use or disclosure of personal information, except for in limited circumstances, as outlined below.
3.1 In certain circumstances, personal information can be collected, used or disclosed without the knowledge or consent of the individual. For example, BlueFlag may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated.
BlueFlag may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a law.
BlueFlag may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.
BlueFlag may disclose personal information without knowledge or consent to a lawyer representing BlueFlag, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required by law.
3.2 In obtaining consent, we will use reasonable efforts to ensure that you are advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood.
3.3 Generally, we will seek consent to use and disclose personal information at the same time they collect the information. However, BlueFlag may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.
3.4 BlueFlag will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes. For example, we may collect customers’ IP address, MAC address, and router settings from routers connected to our network for the purpose of providing ongoing service. We use this data to routinely monitor and manage end-users’ connectivity and performance on our network.
3.5 In determining the appropriate form of consent, we will take into account the sensitivity of the personal information and the reasonable expectations of our customers.
3.6 In general, the use of products and services by a customer constitutes implied consent for us to collect, use and disclose personal information for all identified purposes.
3.7 A customer may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw your consent, we may no longer be able to provide you with services and may need to terminate your account. Customers may contact BlueFlag at email@example.com for more information regarding the implications of withdrawing consent.
Principle 4 – Limiting Collection of Personal Information
We limit the collection of personal information to that which is necessary for the purposes identified, and only collect personal information by fair and lawful means.
4.1 We generally collect personal information directly from our customers.
4.2 We may also collect personal information from other sources including credit bureaus, personal references, or other third parties that represent that they have the right to disclose the information.
Principle 5 – Limiting Use, Disclosure and Retention of Personal Information
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law, and we will retain personal information only as long as necessary for the fulfillment of those purposes.
5.1 We do not disclose personal information with anyone outside BlueFlag where we can avoid it.
We limit how much information we disclose to third parties: With respect to third party requests for information, where we are required to disclose personal information we limit it to the information required in the circumstances, provide it only for the purpose stipulated, and make it subject to strict terms of confidentiality. When a court orders us to provide personal information, we tell you about it unless we have been ordered by law not to, and we follow up regularly to question whether non-disclosure orders ought to remain in force.
5.3 In addition, BlueFlag may disclose a customer’s personal information to:
a) another telecommunications services provider for the efficient and effective provision of telecommunications services;
b) an entity involved in supplying the customer with communications or communications directory related services;
c) another entity for the development, enhancement, marketing or provision of any of the products or services of BlueFlag;
d) an agent retained by BlueFlag in connection with the collection of the customer’s account;
e) credit grantors and reporting agencies;
f) a person who, in the reasonable judgment of BlueFlag, is seeking the information as an agent of the customer; and
g) a third party or parties, where the customer consents to such disclosure or disclosure is required by law.
However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. For example, we use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may use de-identified information that is derived from personal information for any purpose. “De-identified information” means information that cannot reasonably be connected to a particular individual.
5.4 Only those employees and contractors of BlueFlag who require access for business reasons, or whose duties reasonably so require, are granted access to personal information about customers and other employees.
5.5 We keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, we retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
Principle 6 – Accuracy of Personal Information
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by BlueFlag shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer, such as the extension of credit to the customer.
6.2. We update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7 – Security Safeguards
We protect personal information by security safeguards appropriate to the sensitivity of the information.
7.1 We protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.
7.2 We protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
7.3 All employees of BlueFlag with access to personal information are required as a condition of employment to respect the confidentiality of personal information.
Principle 8 – Openness Concerning Policies and Practices
We make readily available specific information about our policies and practices relating to the management of personal information.
8.1 We make information about our policies and practices easy to understand, including:
b) The means of gaining access to personal information we hold; and
c) A description of the type of personal information we hold, including a general account of its use.
8.2 To this end, we make available information to help customers exercise choices regarding the use of their personal information and the privacy-enhancing services available from BlueFlag.
Principle 9 – Access to Personal Information
On request, we will inform you of the existence, use and disclosure of your personal information and will give you access, as provided by law. You can challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon request, we will provide our customers with a reasonable opportunity to review the personal information about them in our custody or control. Personal information shall be provided in understandable form within a reasonable time and at minimal or no cost to the individual.
9.2 In certain situations, we may not be able to provide access to all of the personal information that we hold about a customer. For example, BlueFlag may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, we may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, we will provide the reasons for denying access to the extent that we may lawfully do so, upon request.
9.3 Upon request, we will provide an account of the use and disclosure of personal information and, where reasonably possible, state the source of the information. In providing an account of disclosure, we will provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.4 In order to safeguard personal information, you will be required to provide sufficient identification information to permit us to account for the existence, use and disclosure of personal information and to authorize access to the individual’s personal information. Any such information shall be used only for this purpose.
9.5 We will correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted. Where appropriate, we will transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.7 You can seek access to your personal information by contacting our privacy officer.
Principle 10 – Challenging Compliance
10.1 We will maintain procedures for addressing and responding to all inquiries or complaints about our handling of personal information.
10.2 We will inform our customers about the existence of these procedures as well as the availability of complaint procedures.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org, or by mail using the details provided below:
c/o Frontier Networks Inc.
530 Kipling Avenue
V. ADDITIONAL INFORMATION
For a copy of the Personal Information Protection and Electronic Documents Act, please see the Privacy Commissioner of Canada website at http://www.priv.gc.ca/.