Vianet and its subsidiaries and affiliates (collectively "Vianet Companies", and each individually "Vianet Company") provide a broad range of telecommunications services to customers, including internet access, television, and local and long distance services in Canada.

The Vianet Companies (as defined in Part IV below) are committed to maintaining the privacy, confidentiality, security and accuracy of customer and employee personal information.

In 1996, the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the "CSA Code"), was published as a National Standard of Canada. Subsequently, the CSA Code was largely incorporated into the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5, as amended ("PIPEDA").

The Vianet Privacy Policy ("Privacy Policy") is a formal statement of principles and guidelines concerning the minimum requirements for the protection of personal information provided by the Vianet Companies to their customers and employees. The objective of the Privacy Policy is responsible and transparent practices in the management of personal information, in accordance with the CSA Code and federal legislation.

The Vianet Companies will continue to review the Privacy Policy at least every five years to make sure it is relevant and remains current with changing technologies and laws and the evolving needs of the Vianet Companies, our customers and employees.

Principle 1 - Accountability

The Vianet Companies are responsible for personal information under their control and shall designate one or more persons who are accountable for compliance with the following principles.

 

Principle 2 - Identifying Purposes for Collection of Personal Information

The Vianet Companies shall identify the purposes for which personal information is collected at or before the time the information is collected.

 

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and consent of a customer or employee is required for the collection, use or disclosure of personal information, except where inappropriate.

 

Principle 4 - Limiting Collection of Personal Information

The Vianet Companies shall limit the collection of personal information to that which is necessary for the purposes identified. The Vianet Companies shall collect personal information by fair and lawful means.

 

Principle 5 - Limiting Use, Disclosure and Retention of Personal Information

The Vianet Companies shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. The Vianet Companies shall retain personal information only as long as necessary for the fulfillment of those purposes.

 

Principle 6 - Accuracy of Personal Information

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

 

Principle 7 - Security Safeguards

The Vianet Companies shall protect personal information by security safeguards appropriate to the sensitivity of the information.

 

Principle 8 - Openness Concerning Policies and Practices

The Vianet Companies shall make readily available to customers and employees specific information about their policies and practices relating to the management of personal information.

 

Principle 9 – Customer and Employee Access to Personal Information

The Vianet Companies shall inform a customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate.

 

Principle 10 - Challenging Compliance

A customer or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for the Vianet Companies' compliance with the Privacy Policy.

The ten principles that form the basis of the Privacy Policy are interrelated and the Vianet Companies shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. As permitted by PIPEDA, the commentary in the Privacy Policy has been tailored to reflect personal information issues specific to the Vianet Companies.

 

The scope and application of the Privacy Policy are as follows:

 

The Privacy Policy applies to personal information about customers and employees of the Vianet Companies that is collected, used or disclosed by the Vianet Companies.

The Privacy Policy applies to the management of personal information in any form whether oral, electronic or written.

The Privacy Policy does not impose any limits on the collection, use or disclosure of the following information by the Vianet Companies:

 

(i) information that is publicly available; or

 

(ii) the name, title or business address or telephone number of an employee of an organization.

 

The application of the Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, tariffs or agreements, or the order or determination of any court or other lawful authority, including any applicable regulations, orders or determinations of the Canadian Radio-television and Telecommunications Commission.

Collection - the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.

 

Consent - voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require any inference on the part of the Vianet Companies. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.

 

Customer - an individual who uses, or applies to use, a Vianet Company's products or services or otherwise provides personal information to a Vianet Company in the course of a Vianet Company's commercial activities.

 

Disclosure - making personal information available to a third party.

 

Employee - an employee of a Vianet Company.

 

Personal information - information about an identifiable individual, but not aggregated information that cannot be associated with a specific individual. For a customer, such information includes a customer's credit information, billing records, service and equipment, and any recorded complaints. For an employee, such information includes information found in personal employment files, performance appraisals and medical and benefits information.

 

Third party - an individual other than the customer or his agent or an organization other than the Vianet Companies.

 

Use - the treatment, handling, and management of personal information by the Vianet Companies.

Principle 1 - Accountability

The Vianet Companies are responsible for personal information under their control and shall designate one or more persons who are accountable for compliance with the following principles.

 

1.1 Responsibility for ensuring compliance with the provisions of the Privacy Policy rests with the senior management of the Vianet Companies, which shall designate one or more persons to be accountable for compliance with the Privacy Policy. Other individuals within Vianet Companies may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.

 

1.2 The Vianet Companies shall make known, upon request, the title of the person or persons designated to oversee the Vianet Companies' compliance with the Privacy Policy.

 

The Vianet Companies have designated the Privacy Ombudsman to oversee compliance with the Privacy Policy. The Privacy Ombudsman can be contacted at:

 

 

Privacy Ombudsman

Vianet

128 Larch St., Suite 201

Sudbury, Ontario P3E 5J8

Fax: (705) 675-0404

Email: privacy@vianet.ca

 

 

1.3 The Vianet Companies are responsible for personal information in their possession or control, including information that has been transferred to a third party for processing. The Vianet Companies shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).

 

1.4 The Vianet Companies have implemented policies and procedures to give effect to the Privacy Policy, including:

 

a) implementing procedures to protect personal information and to oversee the Vianet Companies' compliance with the Privacy Policy;

 

b) establishing procedures to receive and respond to inquiries or complaints;

 

c) training and communicating to staff about the Vianet Companies' policies and practices; and

 

d) developing public information to explain the Vianet Companies' policies and practices.

 

Principle 2 - Identifying Purposes for Collection of Personal Information

The Vianet Companies shall identify the purposes for which personal information is collected at or before the time the information is collected.

 

2.1 The Vianet Companies collect personal information only for the following purposes:

 

a) To establish and maintain responsible commercial relations with customers and to provide ongoing service;

 

b) To understand customer needs;

 

c) To develop, enhance, market or provide products and services;

 

d) To manage and develop their business and operations, including personnel and employment matters; and

 

e) To meet legal and regulatory requirements.

 

Further references to "identified purposes" mean the purposes identified in this Principle 2.1.

 

2.2 The Vianet Companies shall specify orally, electronically or in writing the identified purposes to the customer or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within the Vianet Companies who shall explain the purposes.

 

2.3 Unless required by law, the Vianet Companies shall not use or disclose, for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer or employee.

 

2.4 As members of the public browse the website Vianet.ca or other websites of the Vianet Companies (“Sites"), analytics cookies will be placed on the users’ computers so that the Vianet Companies can understand consumer interests and website use. “Cookies" are small information packets that a website creates which are stored on the hard drive of a user’s computer by the user’s browser software. The Vianet Companies use cookies to track and collect information relating to use of the Sites by the public, and to assist in personalization and support tasks.

 

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and consent of a customer or employee is required for the collection, use or disclosure of personal information, except where inappropriate.

 

3.1 In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, the Vianet Companies may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated.

The Vianet Companies may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law.

The Vianet Companies may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

The Vianet Companies may disclose personal information without knowledge or consent to a lawyer representing the Vianet Companies, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required by law.

 

3.2 In obtaining consent, the Vianet Companies shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.

 

3.3 Generally, the Vianet Companies shall seek consent to use and disclose personal information at the same time they collect the information. However, the Vianet Companies may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.

 

3.4 The Vianet Companies will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.

 

3.5 In determining the appropriate form of consent, the Vianet Companies shall take into account the sensitivity of the personal information and the reasonable expectations of their customers and employees.

 

3.6 In general, the use of products and services by a customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for the Vianet Companies to collect, use and disclose personal information for all identified purposes.

 

3.7 A customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and employees may contact the Vianet Companies for more information regarding the implications of withdrawing consent.

 

Principle 4 - Limiting Collection of Personal Information

The Vianet Companies shall limit the collection of personal information to that which is necessary for the purposes identified. The Vianet Companies shall collect personal information by fair and lawful means.

 

4.1 The Vianet Companies collect personal information primarily from their customers or employees.

 

4.2 The Vianet Companies may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties that represent that they have the right to disclose the information.

 

Principle 5 - Limiting Use, Disclosure and Retention of Personal Information

The Vianet Companies shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. The Vianet Companies shall retain personal information only as long as necessary for the fulfillment of those purposes.

 

5.1 In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. (See Principle 3.1)

 

5.2 In addition, the Vianet Companies may disclose a customer's personal information to:

 

a) another telecommunications services provider for the efficient and effective provision of telecommunications services;

 

b) an entity involved in supplying the customer with communications or communications directory related services;

 

c) another entity for the development, enhancement, marketing or provision of any of the products or services of the Vianet Companies;

 

d) an agent retained by the Vianet Companies in connection with the collection of the customer's account;

 

e) credit grantors and reporting agencies;

 

f) a person who, in the reasonable judgment of the Vianet Companies, is seeking the information as an agent of the customer; and

 

g) a third party or parties, where the customer consents to such disclosure or disclosure is required by law.

 

5.3 The Vianet Companies may disclose personal information about their employees:

 

a) for normal personnel and benefits administration;

 

b) in the context of providing references regarding current or former employees in response to requests from prospective employers, to the extent that such references are granted at all; or

 

c) where disclosure is required by law.

 

5.4 Only those employees of the Vianet Companies who require access for business reasons, or whose duties reasonably so require, are granted access to personal information about customers and employees.

 

5.5 The Vianet Companies shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or employee, the Vianet Companies shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or employee, either the actual information or the rationale for making the decision.

 

5.6 The Vianet Companies shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

 

Principle 6 - Accuracy of Personal Information

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

 

6.1 Personal information used by the Vianet Companies shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.

 

6.2 The Vianet Companies shall update personal information about customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.

 

Principle 7 - Security Safeguards

The Vianet Companies shall protect personal information by security safeguards appropriate to the sensitivity of the information.

 

7.1 The Vianet Companies shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. The Vianet Companies shall protect the information regardless of the format in which it is held.

 

7.2 The Vianet Companies shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.

 

7.3 All employees of the Vianet Companies with access to personal information shall be required as a condition of employment to respect the confidentiality of personal information.

 

Principle 8 - Openness Concerning Policies and Practices

 

The Vianet Companies shall make readily available to customers and employees specific information about their policies and practices relating to the management of personal information.

 

8.1 The Vianet Companies shall make information about their policies and practices easy to understand, including:

 

a) The title and address of the person or persons accountable for the Vianet Companies' compliance with the Privacy Policy and to whom inquiries or complaints can be forwarded;

 

b) The means of gaining access to personal information held by the Vianet Companies; and

 

c) A description of the type of personal information held by the Vianet Companies, including a general account of its use.

 

8.2 The Vianet Companies shall make available information to help customers and employees exercise choices regarding the use of their personal information and the privacy-enhancing services available from the Vianet Companies.

 

Principle 9 - Customer and Employee Access to Personal Information

The Vianet Companies shall inform a customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate.

 

9.1 Upon request, the Vianet Companies shall afford to a customer or an employee a reasonable opportunity to review the personal information in the individual's file. Personal information shall be provided in understandable form within a reasonable time and at minimal or no cost to the individual.

 

9.2 In certain situations, the Vianet Companies may not be able to provide access to all of the personal information that they hold about a customer or employee. For example, the Vianet Companies may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, the Vianet Companies may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, the Vianet Companies shall provide the reasons for denying access upon request.

 

9.3 Upon request, the Vianet Companies shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, the Vianet Companies shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.

 

9.4 In order to safeguard personal information, a customer or employee may be required to provide sufficient identification information to permit the Vianet Companies to account for the existence, use and disclosure of personal information and to authorize access to the individual's file. Any such information shall be used only for this purpose.

 

9.5 The Vianet Companies shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual's file. Where appropriate, the Vianet Companies shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

 

9.6 A customer can obtain information or seek access to his or her individual file by contacting a customer service representative at 1-800-788-0363.

 

9.7 An employee can obtain information or seek access to his or her individual file by contacting his or her immediate supervisor within the applicable Vianet Company.

 

Principle 10 - Challenging Compliance

A customer or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for the Vianet Companies' compliance with the Privacy Policy.

 

10.1 The Vianet Companies shall maintain procedures for addressing and responding to all inquiries or complaints from their customers and employees about the Vianet Companies' handling of personal information.

 

10.2 The Vianet Companies shall inform their customers and employees about the existence of these procedures as well as the availability of complaint procedures.

 

10.3 The person or persons accountable for compliance with the Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints.

 

10.4 The Vianet Companies shall investigate all complaints concerning compliance with the Privacy Policy. If a complaint is found to be justified, Vianet shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.

 

For inquiries, complaints or more information contact:

 

 

Privacy Ombudsman

Vianet

128 Larch St., Suite 201

Sudbury, Ontario P3E 5J8

Fax: (705) 675-0404

Email: privacy@vianet.ca

Q. Why does Vianet have a Privacy Policy?

A. Our Privacy Policy ensures that our commitment to your privacy is upheld. The Privacy Policy reflects our most recent policies setting out your rights and our obligations respecting the treatment of your personal information by the Vianet Companies. The Privacy Policy complies with the requirements of the Personal Information Protection and Electronic Documents Act as well as the Canadian Standards Association Model Code for the Protection of Personal Information. (A summary of the principles underlying the Privacy Policy is included in Section II above.)

 

Q. How do the Vianet Companies ensure that their employees and agents adhere to the Privacy Policy when handling personal information?

A. Employees and agents acting on our behalf are required to adhere to the Privacy Policy. All of our employees who have access to personal information are trained in the handling of such information, and new employees receive training on privacy as a fundamental part of their initial company training. All of our employees must review and commit to the Privacy Policy annually.

 

Q. What is personal information?

A. Personal information is information about an identifiable individual. This includes information about your product and service subscriptions and usage.

 

Q. Why does Vianet collect information?

A. Collecting information helps us serve you better. The Vianet Companies collect personal information only for the following purposes:

 

to establish and maintain responsible commercial relations with you and provide you with ongoing service;

to understand your needs and eligibility for products and services;

to recommend particular products and services to meet your needs;

to develop, enhance, market or provide products and services;

to manage and develop the business and operations of the Vianet Companies, including personnel and employment matters; and

to meet legal and regulatory requirements.

 

Your personal information will not be used for any other purpose without your consent.

 

Q. Why do we share information among the Vianet Companies?

A. Sharing information among the Vianet Companies helps us understand your full needs and serve you better. Such sharing helps us identify your information, communication, and entertainment needs, and provide you with relevant information, advice, products and services. In some cases, certain products and service are available only from some of the Vianet Companies and not others. Therefore, in such cases, the sharing of information may also be necessary for the provision of certain bundles of products and/or services. Should you identify incorrect or outdated information to us, we will make the necessary changes promptly.

 

Q. Can I withdraw my consent to the sharing of information among the Vianet Companies when such sharing is for the purpose of promoting products and services?

A. You may decide that you prefer us not to share your personal information among the Vianet Companies to promote products and services. If this is the case, you may advise us by calling us at 1-800-788-0363.

 

Q. Do you share personal information with any other parties, and if so, who?

A. Our general policy is not to provide personal information to any party outside of the Vianet Companies. However, there are certain limited circumstances, outlined below, in which it is necessary to do so. When we do provide personal information to third parties, we provide only that information that is required in the circumstances. Information provided to third parties is used only for the purpose stipulated and is subject to strict terms of confidentiality. Employees of the companies to whom we may provide information must adhere to our privacy standards.

 

Third parties to whom we may have to provide personal information include:

 

An agent acting on behalf any one of the Vianet Companies, such as an entity hired to perform installation or maintenance on our behalf;

Another communications service provider, in order to offer efficient and effective communications services (e.g., to provide dialup internet services while outside our coverage area for internet services);

A collection agency, for the express purpose of the collection of past due bills;

Law enforcement agencies, in emergencies, for internal security matters, or where required by court order or search warrant; and

Emergency services, in emergency situations.

 

Q. How do the Vianet Companies safeguard personal information?

A. We take all of the necessary precautions to ensure the safeguarding of your information, whether it is stored electronically or in paper format. In all cases, information is retained in secure facilities, protected from unauthorized access and kept only as long as is reasonably required. For example, our electronic files are backed up for redundancy, password protected and accessible only by authorized employees, on a need-to-know basis.

 

Q. What are "cookies" and do the Vianet Companies use them?

A. During user interaction with one of our internet sites, we may use a browser feature called a "cookie" to collect information anonymously and track user patterns on our web sites. A cookie is a small text file containing a unique identification number that identifies your browser - but not you - to our computer systems each time you visit one of our sites that uses cookies. Cookies tell us which pages of our sites are visited and by how many people. This helps us to enhance the on-line experience of visitors to our sites.

Unless you specifically advise us, we will not know who you are, even though we may assign the browser associated with your computer a cookie. We cannot use cookies, by themselves, to disclose the individual identity of any site user, and we do not combine information gathered by a cookie with personally identifiable information like your name, telephone number, or email address without your consent.

Most major web sites use cookies and most major browsers are set up to accept them. If you wish, you can set your browser either to notify you when you have received a cookie, or to refuse to accept cookies. You do not need cookies to visit the web sites of Vianet Companies. However, if you refuse to accept cookies, you may not be able to use some of the features available on our sites, such as personalization features.

 

Q. What do I do if I have further questions or concerns?

A. If you have further questions or concerns about your privacy, you can contact us at 1-800-788-0363. Our customer service representatives will assist you in this regard

 

Q. Who is responsible for overall compliance with the Privacy Policy?

A. The Vianet Privacy Ombudsman has overall responsibility for the Vianet Companies' compliance with the Privacy Policy and applicable privacy restrictions. If you still have unresolved concerns with respect to the treatment of your personal information by one of the Vianet Companies after contacting us at 1-800-788-0363, you may address these concerns, in writing, to the Privacy Ombudsman.

 

You should write to:

 

 

Privacy Ombudsman

Vianet

128 Larch St., Suite 201

Sudbury, Ontario P3E 5J8

Fax: (705) 675-0404

 

Please note that complaints to the Privacy Ombudsman must be in writing and may be delivered only by mail or fax.

 

Q. Is there a further complaint procedure?

A. If the Vianet Privacy Ombudsman does not resolve a privacy issue to your satisfaction, you may file a complaint with the Privacy Commissioner of Canada by writing to:

 

 

Privacy Commissioner of Canada

112 Kent Street

Place de Ville

Tower B, 3rd Floor

Ottawa, Ontario

K1A 1H3

For a copy of the Personal Information Protection and Electronic Documents Act, please see the Privacy Commissioner of Canada website at http://www.priv.gc.ca/.

 

For copies of the CSA Model Code for the Protection of Personal Information contact:

 

 

Canadian Standards Association

5060 Spectrum Way

Mississauga, Ontario

L4W 5N6

 

 

For more information on the CSA Model Code visit the CSA Web Site at: http://www.csagroup.org/ca/en/services/codes-and-standards.

© 2017 Vianet