Privacy Policy of Organization - Template, Sample Form Pro · EN-CA-law

✓ Valid in Canada (English) · drafted to comply with local law

Create your Privacy Policy of Organization - Template, Sample Form for use in Canada (English). Answer a few plain-English questions and the document fills in automatically as you go — then download it in Word and PDF, ready to sign or share. This version has been professionally rewritten to comply with local law.

Answer 12 simple questions — the document fills in as you go
Live preview: watch your document update in real time
Download as Word (.docx) and PDF
Edit your answers and re-download anytime

Save to access it later, on any device.

Fill in the details

0/12

Type below — the document on the right updates as you go.

🔒The clauses below are blurred in the preview. Fill in your details, then pay once to unlock the full document and download it as Word & PDF.

PRIVACY POLICY

________

Compliant with the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5)

§ 1) INTRODUCTION

1.a. This privacy policy is effective and was last revised as of ________.

1.b. The Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ("PIPEDA"), together with any applicable substantially similar provincial privacy legislation in the Province of ________ (collectively, the "Applicable Privacy Laws"), governs how organizations collect, use, and disclose the personal information of individuals in the course of commercial activity.

1.c. This privacy policy describes the manner in which ________ (the "Organization", "we", "us", or "our") collects, uses, discloses, retains, and safeguards the personal information of its clients, customers, and other individuals.

1.d. We collect only the personal information reasonably required to carry out our services to clients and customers, and such information is documented and stored in a secure manner. The services we provide, which constitute the purposes for which we require personal information, include the following:

________

1.e. We are committed to protecting the personal information of our clients and customers in accordance with the Applicable Privacy Laws and the ten fair information principles set out in Schedule 1 to PIPEDA.

1.f. The Office of the Privacy Commissioner of Canada (the "Commissioner") oversees compliance with PIPEDA and addresses complaints by individuals.

1.g. We have designated an individual who is accountable for our compliance with the Applicable Privacy Laws (the "Privacy Officer"), whose contact details are set out in § 9.

§ 2) COLLECTION AND CONSENT

2.a. "Personal information" means information about an identifiable individual and may include, among other things, an individual's name, age, income, ethnic origin, credit records, medical records, Social Insurance Number, marital status, and education level.

2.b. Consent to the collection, use, and disclosure of personal information may be either express or implied, having regard to the sensitivity of the information and the reasonable expectations of the individual.

2.c. We obtain consent from our clients and customers at or before the time of collection. Consent is generally obtained by:

________

2.d. We make reasonable efforts to collect personal information directly from our clients and customers, but may collect information indirectly from other sources where necessary and permitted, in a manner consistent with the Applicable Privacy Laws.

2.e. We may collect, use, or disclose personal information without consent only where permitted or required by law, including, without limitation:

where seeking consent would compromise the availability or accuracy of the information and collection is required to investigate a breach of an agreement or contravention of law;
where collection, use, or disclosure is clearly in the interests of the individual and consent cannot be obtained in a timely way;
where the information is contained in a witness statement and collection is necessary to assess, process, or settle an insurance claim;
to comply with a subpoena, warrant, court order, or rules of court relating to the production of records, or for the purposes of a lawful investigation; and
any other circumstance permitted under sections 7, 7.2, and 7.3 of PIPEDA or applicable provincial legislation.

2.f. Subject to legal or contractual restrictions and reasonable notice, an individual may withdraw consent to the continued collection, use, or disclosure of personal information at any time. We will inform the individual of the implications of such withdrawal.

§ 3) PURPOSE OF COLLECTION

3.a. We identify the purposes for which personal information is collected at or before the time of collection and limit the collection of personal information to that which is necessary for the purposes identified, all in accordance with the Applicable Privacy Laws.

3.b. The information we collect may include information relating to other entities with whom our clients or customers conduct business, where this is necessary to facilitate our services.

3.c. We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Where we wish to use previously collected information for a new and unrelated purpose, we will obtain fresh consent.

§ 4) USE AND DISCLOSURE OF INFORMATION

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et.

4.b. Where we engage service providers or agents to process personal information on our behalf, we use contractual or other means to provide a comparable level of protection while the information is being processed by them.

4.c. Where information is provided to us in the course of our engagement, whether or not at our request, such delivery is, to the extent permitted by law, deemed to be accompanied by consent for us to collect, use, and disclose that information for the identified purposes.

4.d. Notwithstanding the foregoing, the personal information of our clients and customers shall be treated with the strictest confidence and shall not be disclosed without consent, unless required or permitted by law.

4.e. In the event of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm to an individual, we will report to the Commissioner and notify affected individuals, and maintain records of such breaches, as required by PIPEDA and its regulations.

§ 5) RETENTION OF INFORMATION

5.a. Personal information collected by ________ shall be retained only for as long as necessary to fulfill the purposes for which it was collected, or as otherwise required by law. Our general retention period is ________, subject to any longer period mandated by applicable law.

5.b. Where personal information has been used to make a decision about an individual, it shall be retained for a period sufficient to permit the individual access to the information after the decision is made.

5.c. Once personal information is no longer required for the purposes for which it was collected, and is no longer required to be retained by law, ________ shall securely destroy, erase, or render anonymous such information in a manner consistent with the Applicable Privacy Laws.

§ 6) SAFEGUARDING INFORMATION

6.a. We protect personal information by security safeguards appropriate to the sensitivity of the information, including physical, organizational, and technological measures. Employees of ________ have access to relevant records only on a need-to-know basis, in connection with tasks delegated to them.

6.b. Physical records shall be protected by way of:

________.

6.c. All important communications from ________ to third parties or other entities containing sensitive client or customer information shall be encrypted through the use of secure-software communications and password-protected files, where applicable.

6.d. Workplace policies are in place which prohibit personnel of ________ from interacting with spam, suspicious messages, or malicious websites.

6.e. The use of personal devices and hardware by employees and staff of ________ is prohibited unless specific authorization is requested and granted.

6.f. Where applicable, ________ uses secured public and/or private cloud storage to store and protect client and customer data. We exercise due diligence in selecting service providers and require that data stored with them be protected by safeguards comparable to those described in this policy.

6.g. Care is exercised in the disposal or destruction of personal information to prevent unauthorized access to that information.

§ 7) ACCESS, CORRECTION, AND ACCURACY

7.a. Subject to the exceptions set out below, individuals have the right, upon written request, to be informed of the existence, use, and disclosure of their personal information, and to be given access to that information. We will respond to any such request within the timeframe provided for under PIPEDA (generally not later than thirty (30) days after receipt of the request).

7.b. Access may be refused, in whole or in part, in certain circumstances, including the following:

I. Information protected by solicitor-client privilege;
II. Information that could reasonably be expected to reveal confidential commercial information;
III. Information collected or disclosed in connection with law enforcement or the detection of fraud;
IV. Information that would reveal personal information about another individual; and
V. All other exceptions provided for under PIPEDA.

7.d. Where a challenge regarding the accuracy or completeness of information is not resolved to the satisfaction of the individual, we will record the substance of the unresolved challenge and, where appropriate, advise relevant third parties.

7.e. Any complaint regarding our handling of personal information may be directed to our Privacy Officer (see § 9). If the matter is not resolved, the individual may file a complaint with the Office of the Privacy Commissioner of Canada or, where applicable, the relevant provincial privacy regulator.

§ 8) AMENDMENTS TO THIS POLICY

8.a. We may amend this privacy policy from time to time to reflect changes in our practices or in applicable law. The current version will be made available upon request and, where applicable, posted at ________. The "last revised" date in § 1.a indicates when this policy was last updated.

§ 9) CONTACT

Should you have any questions, concerns, requests for access, or complaints regarding this privacy policy or the manner in which your personal information is collected, used, disclosed, stored, or kept confidential, please contact our Privacy Officer using the contact information below. We will respond as soon as practicable and within any timelines established under PIPEDA.

Attention: Privacy Officer, ________

________

Fields you complete are inserted into the document live. This template is general guidance only — not legal advice.