Enersource Corporation is committed to respecting the privacy of individuals through the protection of personal information.
Enersource Corporation gathers information about our customers in order to provide electricity, construction, maintenance and telecommunications services. The administration of our business requires this information to be used for billing, determining customers' credit ratings, and collections. Personal information is used only for the purposes for which it was obtained.
Personal information is not disclosed to anyone outside our group of companies or agents without consent, unless required by law. The information is protected by administrative, technical, contractual and physical practices designed to ensure that personal information is managed in confidence.
Procedures
These details describe the procedures that Enersource Corporation follows in order to maintain the privacy of personal data.
Privacy procedures are waived when the safety of any person is at risk, or when required by law. Otherwise privacy procedures will always be followed
Cookies
Many web sites place "cookies", which are small files, on the visitor’s hard drive in order to improve the appearance of the web site. The Enersource web site does not use cookies.
Personal Data
Personal data is any data about an identifiable individual, except business card data. Business card data concerns information about a person in their role as a business person, often as an employee of a business. Business card data is the name, working address, work contact numbers and work e-mail address, company and title. All data about an individual except for business card data is personal and will only be used for the purposes for which it was collected with the person’s consent.
Some examples of personal data that must be kept private include:
• Name
• Addresses
• Phone number
• Account number
• SIN #
• Driver’s License
• Payment and invoice history
• Bank information
• Service orders
• Copies of bills and collection notices
• Reports with customer names or accounts on them
Protecting Privacy
No personal data will be provided to anyone outside the company collecting the data and the agents of that company, without the consent of the individual. Personal data will only be provided for purposes for which the person has consented. Agents of the company have agreed in their contracts to protect all personal data provided to them.
Data will only be collected to the extent necessary to fulfill the business function. Within the company, access to personal data will be provided only when there is a business need. When data is no longer required, it will be deleted or destroyed in a confidential manner.
Privacy Officer
The Privacy Officer is responsible for monitoring the compliance with this policy.
Office Procedures
No personal data will be left in plain view and unattended in an unsecured area. Areas such as Customer Service where personal data is managed on a continuous basis will be kept locked and only available to authorized employees. All employees with computer access to personal data will lock their computers whenever they leave their desks. Waste paper with personal data will be shredded on site.
All sensitive personal data will be maintained in locked storage cabinets.
Electronic records are secured by application, network and server security according to Enersource security policies.
Consent
The individual must consent to recording their data in the corporate records and the use to which the data will be put. This data will only be used for the purposes stated when the data is collected. Individual customer data will only be obtained directly from the person to whom the information pertains.
Every area collecting personal data will use a pre-defined script to inform the person about the use to which the data will be put and to obtain the person’s consent before recording the information. The wording of the script will vary depending on the business function.
Care will be taken to record the minimum amount of information required for business purposes.
Individual’s Access to Their Own Data
While providing routine customer service, customers frequently inquire about the data on their own account, and there are routine procedures in place to provide this information. Care will be taken when multiple persons have access to the data or have provided the data. Data about one person will not be shared with another person except under exceptional circumstances, even if the data is on the same account. It may be necessary to sever information in order to limit the information provided. Departmental procedures will outline procedures for specific circumstances.
Individuals may inquire for all the information an organization may store about them. As Enersource has many sources of personal information, and many places where it could be stored, these requests will be processed via the Privacy Officer. The request will be circulated around the organization, via the privacy representatives in the different parts of the organization, and then a coordinated response will be provided to the individual.
It is a serious offense to destroy personal information that is the subject of an inquiry. Before information is removed from our systems we will ensure that none of it is currently the subject of an inquiry.
Retention and Disposal of Personal Data
Data retention policies are available for all personal data, depending on the nature and purpose of the data. After the retention period is over, the data is disposed of, according to policy, as long as it is not the subject of an inquiry.
Employee Personal Data
Employee personal data is protected in the same way that all other personal data is protected. Employee files are safeguarded in the Human Resources area and do not leave this area. Employee data is treated as highly confidential. Caution will be used in e-mailing messages containing employee data. Some employee related documents should not be e-mailed even within Enersource, and hard copy should be employed instead.
Purchasing
All contracts with vendors who have access to personal data include privacy clauses. In addition the standard purchase order contains a privacy clause.
Personal data obtained by purchasing is safeguarded and is not retained longer than necessary for the management of the purchasing agreement.
Disclosing the Privacy Policy
Privacy Policy statements are prepared to be communicated to customers and to anyone else who inquires. The privacy policy is also available on the web site at www.enersource.com.
Privacy Complaints
Complaints about our privacy policy and procedures will be forwarded immediately to the Privacy Officer. The Privacy Officer will investigate all complaints promptly, and take corrective action as required.
If you would like any further information about our privacy policies and procedures please contact us at privacy@enersource.com, or by mail: Privacy Officer, Enersource Corporation, 3240 Mavis Road, Mississauga, Ontario, L5C 3K1. Our customer service department will also be pleased to answer any questions that you may have. They may be contacted at 905-273-9050.
This statement was last revised on November 27, 2003.