- What we mean by “Personal Information” and when we collect it.
- What Personal Information we collect from you.
- The purposes for which we collect and use your Personal Information.
- The Internet technologies we may use to collect and process your Personal Information.
- With whom we may share your Personal Information, and the location in which your Personal Information may be stored.
- The ways that we protect your Personal Information and how long we retain it.
- How to access, correct or update your Personal Information.
We collect Personal Information that you voluntarily provide to us through responses to non-anonymous surveys, questionnaires, feedback, registration forms and the like. We may also ask you to provide additional information, such as your e-mail address, if you wish to obtain additional services, information or to resolve your complaints or concerns. If you decide to invest with us, we will collect additional information to open your account and as required by law.
WHAT PERSONAL INFORMATION WE COLLECT AND WHY
We collect information from you and about you, only with your consent, or as required or permitted by law. In general, we will collect Personal Information such as your name, address, telephone number(s) or other identifying information, such as your Social Insurance Number (SIN) or date of birth. The information gathered may be financial, which would include such information as you place of employment, annual income, assets and liabilities. It may be investment- or advice-related information concerning such things as your financial goals and retirement plans. Generally, we collect, use and disclose your Personal Information in order to provide you with our products and services (collectively, the “Services”), including to:
- Confirm your identity, and to protect both you and us against errors, fraud or other misrepresentations.
- Evaluate your financial needs and determine the suitability of our products and services for you.
- Determine your eligibility for products and services.
- Properly administer the products and services we provide.
- Comply with a variety of legal and regulatory requirements, including securities law requirement, tax reporting obligations under the Income Tax Act and certain terrorist financing and anti-money laundering regulations.
- To personalize the user experience and improve our services by assessing how our clients use our products and services, and the resources provided on our Sites.
- To make available, promote and offer services, products and/or special offers.
- To conduct, process and complete transactions with you.
- To develop, modify and customize services and offers that would appeal to our clientele.
As permitted by law, we may also use some of your Personal Information for purposes not directly connected to your use of the Services, as set out below. In some cases, you may choose not to participate in such activities, or to refrain from providing us with your Personal Information. In other cases, you may opt-out of the use of your Personal Information for secondary purposes by contacting us, as set out below under Contact. For completeness, we also note below a number of practices that involve only the collection and use of aggregated information.
With the permission of an online visitor, information submitted at the time of registration or submission may be used for marketing and promotional purposes by Greyspring. If a visitor objects to such use for any reason, he/she may prevent that use, either by e-mail request or by modifying the registration information provided.
From time to time, we may also engage third-party platforms to serve users of those platforms with more individually-targeted advertising, which is based both on the platform’s user data and your interactions with Greyspring outside of the platform. To do this, we provide to the platform provider a “hashed version” of your email address or other potentially connecting information, which could be matched to your profile with that platform. Hashing is a mathematical operation that applies an equation to information so as to produce an encrypted value that cannot be reversed to reveal the original data. Both Greyspring and the platform run the same one-way hash function on the same data element, such as an email address. As a result, when Greyspring provides the platform with the hashed email addresses of a selected group of individuals, the platform is able to match the hashed value against the corresponding hashed value for users of the platform, allowing the platform to target users of that platform, who are also connected with Greyspring, with relevant advertising, based on demographic factors selected by Greyspring. Greyspring provides only the hashed value and no other information about you to the platform. Further information about this process may be provided by the social media platforms that you use (see, for example, the “ads” icon in Facebook’s user Privacy Settings and Tools), and you may exercise the preferences provided by those social media platforms with respect to your viewing of advertising on those platforms. To opt-out of the use by Greyspring of the Personal Information we hold about you for such purposes, please contact us, using the information provided below under Contact.
If you do not want us to use your Personal Information for secondary purposes, or wish to manage your communication preferences, including to opt out of the receipt of any correspondence from Greyspring in the future, please contact our Privacy Officer at the addresses provided below. Note that you may opt out of the receipt of marketing and promotional email messages at any time by clicking the “unsubscribe” link in any such messages.
Greyspring, in common with many web site operators, may use standard technology called “cookies” on its Sites. Cookies are small data files that are downloaded onto your computer when you visit a particular web site. Cookies identify your browser/IP address – but not you as an individual – to our computers each time you visit our Site.
PROTECTION AND RETENTION OF PERSONAL INFORMATION
We will only keep your Personal Information in our records for as long as it is needed to fulfill the purposes for which it was collected, or as may be required or permitted by law. Personal information that is no longer required will be securely destroyed, permanently erased, or reliably de-identified, such that it can no longer be associated with you as an identifiable individual.
We have put in place physical, electronic, and managerial procedures and safeguards designed to protect your Personal Information from unauthorized access, use and disclosure. Greyspring applies security safeguards appropriate to the sensitivity of the information, such as retaining information in secure facilities and making Personal Information accessible only to a limited number of authorized Greyspring employees on a need-to-know basis. In those cases where we may engage a third party to provide Greyspring with services that assist us in providing you with services, such as customer relationship management customization or information technology support, where such a third party requires certain access to Personal Information in order to provide the service in question, we take appropriate contractual and other measures to ensure that the third party has access to only the Personal Information required to provide the service in question, and to ensure that such data is used solely to provide that service, is kept confidential and is protected by appropriate security safeguards.
While Greyspring employs these advanced techniques when interfacing with its clients, representatives and third party service providers, you should be aware that there is a residual risk in transmitting any data electronically. This risk is inherent in all Internet dealings. We assume no liability in the event of any interception, misuse or alternation of data transmitted via the Internet.
SHARING OF PERSONAL INFORMATION
Greyspring may, from time to time, share Personal Information with third parties that we engage to provide services on our behalf, such as, customer relationship management experts and our information technology consultants. We will share with such service providers only the Personal Information that is reasonably necessary for the purpose or service for which the service provider is engaged. We will also use contractual and other means to provide a comparable level of protection while the information is being processed by such service providers, including requiring that any Personal Information that we share be used solely to provide us with the specific service for which they were engaged, and for no other purpose. You can obtain more information about our policies and practices with respect to the use of Personal Information by third party service providers by contacting us as described below, under Contact.
Please note that sharing of Personal Information with such service providers may result in the storage or processing of Personal Information outside of Canada, where it may be subject to the laws of the country in which it is stored, including laws that require the disclosure of Personal Information to governmental authorities under circumstances that are different than those that apply in Canada.
Generally, the disclosure of your Personal Information will be restricted to those who have a need for, and the right to, the information. Only the following persons may be provided with access to your Personal Information:
- Our employees and representatives who need the information in the performance of their duties for us.
- Service providers, who need the information in the performance of their duties for us, and to satisfy their obligations to us.
- Any person or organization to whom you gave consent to access your Personal Information held by Greyspring.
- Anyone who is otherwise authorized by law.
ACCESSING AND AMENDING YOUR PERSONAL INFORMATION
We will make all reasonable efforts to ensure that any Personal Information we collect and keep is as accurate, complete and up-to-date as required for the identified purposes. To do so, we will rely on you to provide us with accurate information and to inform us of changes, such as changes in your contact information. Under Canadian privacy law you have the right to access and verify your Personal Information maintained in our files, and to request that any factually inaccurate Personal Information be corrected, if appropriate, subject to certain restrictions provided by law. If we receive a request to release your Personal Information, we will only do so upon satisfactory identification and proof of entitlement of the requestor, or as required or permitted by law. To access or request amendment to the Personal Information we hold about you, please make your request in writing to our Privacy Officer, at the addresses set out below.