Privacy Policy
Diversity Trainers Plus Inc. (dba “ROCK Diversity”) is committed to ensuring that your privacy is protected while providing our client, customer, and vendor with exceptional service. Protecting personal information is one of our highest priorities.
ROCK abides by the Canadian federal legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) which came into effect on April 13, 2004. It sets out the ground rules for how businesses may collect, use, disclose and dispose personal information. We follow the key privacy principles as required by PIPEDA when collecting, and/or using your personal information. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this Privacy Policy (the “Policy”).
As such we will inform our client, customer, and vendor of why and how we collect, use, disclose and dispose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
Our privacy commitment includes terms of allowing our client, customer, and vendor to request access to, and correction of their personal information.
ROCK may change this Policy from time to time by updating this page, if you are registered on this website you will be sent an email to notify you if changes occur.
Unless indicated otherwise, this Policy applies to all our website, domains, apps, products, services, and features.
Definitions
“Business contact information” – means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email, or business fax number. It is not covered by this Policy or by Part 1 of PIPEDA.
“Personal Information” – means information about an identifiable individual. It does not include business contact information (described above).
“Privacy Officer” – means the individual designated responsibility for ensuring that ROCK complies with this Policy and with Part 1 of PIPEDA.
“ROCK” – means references to “Diversity Trainers Plus Inc.”, “ROCK Diversity”, “we”, “our”, or “us”.
What is ROCK?
ROCK supports organizations to ascertain their diversity status quo, using means such as surveys, staff engagements and reviewing internal documents. We help organizations to develop solutions and strategies to become more inclusive. We may collect personal information that may include, but not limited to:
- Name
- Contact information including email address
- Demographic information such as postal code, preferences and interests
- Raw data that may or may not identify individuals by name, but which could be used to identify the individual as the source of the input provided
- Other information relevant to surveys and engagements
What we do with the information we gather?
We require this information to understand your needs and provide you with a better service and tools such as reports and resources that meet your inclusion needs. We may also use information gathered to improve our products and services.
Policy 1 – Collecting Personal Information
1.1 Unless the purposes for collecting personal information are obvious and the client, customer, or vendor has voluntarily provided personal information for those purposes, we will seek permission either orally or in writing, before or at the time of collection.
1.2. We will only collect information that is necessary to fulfill the following purposes including but not limited to :
- verify identity
- identify preferences
- understand the needs
- deliver requested products and services
- enrol the client in a program
- send out information
- ensure a high standard of service
- meet regulatory requirements
- collect and process payments
Policy 2 – Consent
2.1 We will obtain consent to collect, use or disclose personal information.
2.2 Consent can be provided electronically through an authorized representative or it can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious.
2.3 Consent may also be implied where a client, customer, and vendor is given notice and a reasonable opportunity to opt-out of his or her personal information being used.
Policy 3 – Using and Disclosing Personal Information
3.1 We will only use or disclose personal information where necessary to fulfill the purposes identified at the time of collection or for consistent purposes.
3.2 We will not use or disclose personal information for any additional purpose unless we obtain consent to do so.
3.3 We will never sell client, customer, or vendor lists or personal information to other parties.
Policy 4 – Retaining Personal Information
4.1 We will retain client, customer, and vendor personal information only as long as necessary to fulfill the identified purposes for which it was collected.
4.2 We will retain that personal information for at least two (2) years after use and/or as long as necessary to fulfill the identified purpose so the client, customer, or vendor has a reasonable opportunity to request access to it. Please refer to our retention schedule as a guideline.
Policy 5 – Ensuring Accuracy of Personal Information
5.1 We will make reasonable efforts to ensure that personal information is accurate and complete where it may be used to make a decision about the client, customer, or vendor.
5.2 Client, customer, and vendor may request a correction to their personal information to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
Policy 6 – Securing Personal Information
6.1 We are committed to protecting personal information from unauthorized access, collection, use, disclosure, or disposal.
6.2 We will use the following measures to ensure that personal information is appropriately protected: locked filing cabinets; physically securing offices where personal information is held; the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate. Contractually requiring any service providers to provide comparable security measures.
6.3 We will use appropriate security measures when destroying client, customer, and vendor’s personal information such as shredding documents through our on-site shredding equipment or through a third-party service provider and deleting electronically stored information.
6.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing security.
6.5 All of our employees receive annual information privacy training.
Policy 7 – Providing Client, Customer, and Vendor Access to Personal Information
7.1 Clients, customers, and vendors have a right to access their personal information, subject to limited exceptions such as information that is subject to solicitor-client or litigation privilege, information that is prohibitively costly to provide, information that contains references to another individuals, information that cannot be disclosed for security, or commercial proprietary reasons.
7.2 A request to access personal information must be made in writing with sufficient detail to identify the personal information being sought.
7.3 Upon request, we will also tell a client, customer, or vendor how we use their personal information and to whom it has been disclosed if applicable.
7.4 We will make the requested information available within two (2) years after use or seek extension where additional time is required to fulfill the request.
7.5 A minimal fee may be charged for providing access to personal information, in which case we will inform the client, customer, and vendor of the cost and request further direction whether or not to proceed with their request.
7.6 If a request is refused in full or in part, we will notify the client, customer, or vendor in writing, providing the reasons for refusal and the recourse available to them.
Policy 8 – Questions and Complaints
8.1 Client, customer, and vendor should direct any complaints, concerns, or questions to the Privacy Officer at info@rockdiversity.ca.
8.2 If the Privacy Officer is unable to resolve the concern, the client, customer, or vendor may also write to the Office of the Privacy Commissioner of Canada. 30 Victoria Street, Gatineau, Quebec K1A 1H3.
Dated : November 15, 2021