The Retirement Committee of the Canadian Entertainment Industry Retirement Plan (“CEIRP” or the “Plan“) is committed to ensuring that accurate and timely information is available and provided to Participants and Participating Locals in connection with the Plan and is responsible for maintaining the privacy of personal information related to individual Participants. Capitalized terms in this policy not defined herein have the meaning ascribed to them in the Plan Rules. This policy references relevant principles included in the Personal Information Protection and Electronic Documents (“PIPEDA“). These guiding principles ensure safeguards are in place when managing the collection, use, disclosure, retention, and ultimate disposal of Personal Information within the CEIRP’s control. “Personal Information” in the context of this policy means information about an identifiable individual.
Application
This Privacy Policy applies to the collection, use, disclosure, retention, and disposal of Personal Information by:
- The Retirement Committee and the CEIRP’s employees;
- Persons, both individuals and organizations, who perform services on behalf of the CEIRP, in respect of the CEIRP’s purpose and not their own purpose, including consultants, lawyers auditors and actuaries.
The CEIRP’s Privacy Practices
1. Accountability
The CEIRP is responsible for all Personal Information under the CEIRP’s control including such information in the custody of the CEIRP’s employees and information transferred to third parties for processing. The CEIRP obtains contractual commitments from third parties to whom the CEIRP has transferred Personal Information and who collect Personal Information on the CEIRP’s behalf, to protect that information in accordance with relevant privacy legislation and this CEIRP’s policies. The Custodian of the Plan is Canada Life. Canada Life provides administrative services to the Plan and Retirement Committee, and may gather, use, and disclose Personal Information. Canada Life has a privacy policy, which may be found at the following link: https://ssl.grsaccess.com/public/en/footer/privacy-policy.aspx
The Canada Life Privacy Policy is also accessible from the Plan’s website. The CEIRP has appointed a Privacy Officer, who can be reached at: 416-362-2665.
2. Purposes
The CEIRP collects, uses, and discloses Personal Information for the purposes of administering the Plan in accordance with the Plan Text, legislative requirements and other legal obligations.
3. Consent
Where applicable, the CEIRP obtains consent from its participants for the collection, use and disclosure of Personal Information. At the time of the collection, the individual is informed of the purpose of the collection, the means by which their Personal Information is collected, their right to access their Personal Information, their right to withdraw their consent to the use or the disclosure of their Personal Information and the identity of the categories of any third parties to whom the information may be disclosed. When Personal Information is collected, used or disclosed for a new purpose other than an already identified purpose, the CEIRP will obtain additional consent where necessary. The form of consent will suit the nature and sensitivity of the Personal Information, however, the CEIRP is not required to obtain consent in certain circumstances to disclose your information, for example, where legal, medical, or security reasons may make it impossible or impractical to obtain consent. The CEIRP is not required to obtain consent where the collection, use, or disclosure is permitted without consent under PIPEDA or other legislation.
4. Limiting Collection
The CEIRP limits the collection of Personal Information to what is necessary for the administration of the CEIRP and the provision of the group RRSP to participants. It is necessary from time to time that Plan service providers and Participating Locals transmit and gather required information, which may include Personal Information about Plan Participants, to and from Participants and Employers, as contemplated by Section 9 of the Plan Rules. It is the policy of the Retirement Committee that any Participant Personal Information gathered or used by the Plan service providers or Participating Locals will be gathered, used, retained, or transmitted in accordance with applicable privacy law.
5. Limiting Use, Disclosure and Retention
The Plan will only collect personal or other information for the purpose of administration of the Plan, and such information will only be disclosed in connection with the administration of the Plan. The CEIRP does not use Personal Information for purposes unrelated to the administration of the Plan unless consent has been provided or the CEIRP is required to do so by law. The CEIRP does not disclose Personal Information for purposes unrelated to the administration of the Plan unless permitted or required to do so by law or unless consent has been provided for such disclosure.
Only the CEIRP’s employees or Third Parties retained by the CEIRP who require the information in order to administer the Plan, or whose duties reasonably so require, are granted access to Personal Information about members. The following persons are examples of individuals who may access Personal Information in accordance with the administration of the Plan:
- The Retirement Committee;
- The CEIRP’s employees;
- Legal counsel to the Plan;
- Third Parties retained by the CEIRP, and those employees Third Parties who deal with the administration of the Plan;
- Auditors; or
- Any other Third Party to whom the CEIRP deems it necessary to release Personal Information for the purposes set out herein.
Before disclosing Personal Information to third parties, the CEIRP will conduct a risk assessment which considers the sensitivity of the information disclosed, the purpose for which it is to be used and the legal framework applicable where the third party conducts its business. An individual may request the name of the categories of third parties or employees who have access to their Personal Information. The CEIRP retains Personal Information only as long as it remains necessary or relevant for the identified purposes, or as required by law. The Plan maintains reasonable and systematic controls, schedules policies and practices for information and with respect to records retention and destruction, which apply to Personal Information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased, or made anonymous. The CEIRP will not refuse to provide services to a individual where they have refused to disclose Personal Information unless the information is necessary for the performance of the service, or it is authorized by the law.
6. Accuracy
The CEIRP will make reasonable efforts to ensure that Personal Information is accurate and complete. The CEIRP relies on its members to ensure that certain information (i.e. address and other contact information) is current, complete and accurate. Members may request a correction to their Personal Information in order to ensure its accuracy and completeness. A request to correct Personal Information must be made in writing and provide sufficient detail to identify the Personal Information and the correction being sought.
7. Security Safeguards/Breach Reporting
The CEIRP protects Personal Information by ensuring security safeguards appropriate to the sensitivity of the information are in place to prevent loss, theft, or any unauthorized access, disclosure, copying, use or modification. Those security safeguards include administrative, technical, and physical measures. The CEIRP will conduct a privacy impact assessment where it undertakes to develop or overhaul an information system involving the collection, use, disclosure or retention of Personal Information. Any and all privacy breaches are handled in accordance with Policy No. 15, Security Safeguards Policy and Procedure. The CEIRP will retain records of any and all privacy breaches for at least two years.
8. Openness
The CEIRP has developed and made available this policy on their website which describes its information management practices, contact information for its Privacy Officer, explains how to make an access request and described the type of Personal Information held by the Plan.
9. Individual Access Requests
Individuals have the right to request access to their Personal Information under the control of the Plan, and to know how the information has been used and to whom it has been disclosed. Access requests must be made in writing to the Privacy Officer. The CEIRP will respond in writing within 30 days of that request. In certain situations, in accordance with legal requirements, the Plan may not be able to provide access to certain Personal Information it holds about an individual. Examples of where it may not provide access include, but are not limited to, situations where:
- The provision may reveal Personal Information about another individual;
- The information is subject to solicitor-client privilege;
- The information was collected in relation to an investigation or a contravention of a federal or provincial law;
- The information could reasonably be assumed may harm the Plan;
- The provision could reasonably be expected to threaten the health or safety of an individual;
If access to Personal Information cannot be provided, reasons for denying access shall be provided in writing to the individual.
10. Challenging Compliance
The CEIRP receives and responds to written complaints regarding its information practices in accordance with PIPEDA. Individuals are advised to contact the Privacy Officer for more information.
