Berezan Hospitality Group (the “Company”) is committed to safeguarding the Personal Information of our employees, customers and other stakeholders (the “Users”). Collection, use, disclosure and retention of information must comply with provisions of the FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT and the PERSONAL INFORMATION PROTECTION ACT. Collected personal information will only be used by those authorized to fulfill the purpose for which it was originally collected or for a use consistent with that purpose. We do not disclose information to other public bodies or individuals except as authorized by law. We keep the information only for the length of time necessary to fulfill the purpose(s) for which it was collected.
The Company’s websites may contain links to third-party websites, applications and services. The information practices or the content of such other websites are governed by the privacy statements and policies of those websites. The Company encourages you to review the privacy statements and policies of those websites to understand their information practices.
Your privacy matters to the Company. Please take the time to get to know our practices, and if you have any questions, contact our Privacy Officer at email@example.com.
What Is Personal Information or Personal Data?
Personal Information or Personal Data refers to any information about an identified or identifiable individual.
The term “personal information” has the same meaning as set out in the Personal Information Protection Act (PIPA), which means any information about an identifiable individual including contact information, name, address, phone number, email address, gender, date of birth, and any other data about yourself that you choose to provide electronically through the Website or otherwise.
Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered personal information or personal health information. This type of anonymized information may be used for research purposes.
How Do We Obtain Your Consent to Collect Your Personal Information?
We will seek your consent at the time we collect your personal information except where we are legally authorized or required by law to do so without your consent. Your consent may be implied, deemed (using an opt-out mechanism) or express. Implied consent can be reasonably inferred from your action (e.g. giving an email address to sign up for rewards programs) or inaction. Express consent can be given orally, electronically or in writing.
In cases where personal information is held by a third party, we will obtain your consent before seeking this information. In some cases, consent may be implied by your actions. Where we obtain your personal information directly from a third party, we will take reasonable steps to ensure that the third party has represented to us that it has the right to disclose your personal information to us.
Employee personal information may be collected, used or disclosed without consent if it is reasonable for the purposes of establishing, managing, or terminating an employment relationship between our organization and the individual.
You may withdraw your consent at any time in writing unless withdrawing consent would frustrate our performance of a legal obligation. Please contact our Privacy Officer at firstname.lastname@example.org to find out how to withdraw your consent and the possible consequences of such withdrawal.
What Personal Information Do We Collect?
The Company only collects what is necessary for the purpose of collection. What follows is the type of Personal Information that we may collect, depending on your relationship with the Company and how you use our services.
Personal information of employees
The following list includes, but is not limited to, the Personal Information that may be collected by the Company respecting employees:
- Contact information, including name, home address, telephone number, email address;
- Criminal background check(s);
- Employment information, including resume (which may include educational background, work history, and references), reference information and interview notes, letters of offer and acceptance of employment, policy acknowledgment forms, background verification information, workplace performance evaluations, emergency contacts, performance reviews, disciplinary and coaching notes.
- Benefits information, including forms relating to applications or changes to health and insurance benefits including medical and dental care, life insurance, short and long- term disability; and
- Financial information, including pay cheque deposit information and tax-related information, and Social Insurance Number or other required government-issued identification.
- Serving it Right number
- Employee photos and video surveillance
- Required Training
Personal information of customers
The following list includes the type of Personal Information that may be collected by the company respecting customers:
- Name, date of birth, gender, home address, telephone number, email address;
- Information in connection with the products or services you inquire about or purchase from us;
- Video Surveillance at all locations;
- Customer photographs
- Government issued identification; (visual verification only)
- Other information as necessary to maintain our business relationship with you, such as information related to your preferences, feedback and information requested or provided by you.
- Credit card or other financial information;
- Usage data respecting use of the Company’s website(s) through the website(s) (or through third-party services employed by the website(s)) which can include the IP addresses or domain names of the computers utilized by the User; the URI addresses; the time of the request; the method utilized to submit the request to the server; the size of the file received in response; the numerical code indicating the status of the server’s answer (successful outcome, error, etc.); the country of origin; the features of the browser and the operating system utilized by the User; the various time details per visit (e.g., the time spent on each page within the website(s)); and the details about the path followed within the website(s) with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment
Unless specified otherwise, all Personal Information requested by the Company is mandatory in order for the Company to provide its services to the User. As such, failure to provide this Personal Information may affect the ability of a User to utilize the Company’s services. In cases where we have stated that the Personal Information is not mandatory to utilize the service, Users are free to not communicate this Personal Information without any impact on the User’s ability to use the Company’s services. Any questions respecting what information is mandatory can be directed to our Privacy Officer at email@example.com.
The Company may also collect Personal Information for the purpose of evaluating market trends and other activities relating to our business. To provide you with timely, valuable information, we may also ask you to provide us with information regarding your professional interests and experiences with our products or services. Providing us with this information is optional.
How Do We Use Your Personal Information?
We collect your Personal Information to operate, maintain, enhance and provide all features of the Company’s services, to send you marketing communications, to respond to comments and questions, to provide support to Users of the Company’s services. We use information collected from cookies and other technologies to improve your experience and the overall quality of our services and website.
How Do We Collect Your Personal Information?
We collect information in the following ways:
Information you give us
Some of our services require you to sign up for an account. When you do, we will ask for Personal Information, including your name, birth date, email address, phone number and other applicable information to create your account. Some of our services will also require you to provide us with your Personal Information in order to obtain a product or receive information from us, such as newsletters or other email messages containing information of a commercial or promotional nature.
Cookies and similar technologies
Google Analytics is a web analysis service provided by Google Inc. (“Google”) that is used on the Company’s website(s). Google utilizes the data collected to track and examine the use of the Company’s website(s), to prepare reports on the Company’s website(s) activities and to provide the Company with other services related to website and Internet use. Google may use the data collected to contextualize and personalize the advertisements of its own advertising network.
Who Has Access to Your Personal Information Within the Company?
Only those employees and contracted individuals of the Company who require access for business reasons or whose duties reasonably so require shall be granted access to Personal Information about Users.
Disclosure of Your Personal Information Outside of the Company
The Company shall not otherwise disclose Personal Information to third parties for commercial or other reasons, except as may be specifically required to comply with applicable laws or where you have provided your consent. The Company may disclose your Personal Information with third-party companies, organizations and individuals outside of the Company if:
You have provided your consent
The Company will share Personal Information with companies, organizations or individuals outside of the Company when it has your consent to do so.
For external data processing
For purposes of contracts
The Company may disclose Personal Information for executing a contract to which a User is part or to take steps at the request of the User prior to entering into a contract.
For legal purposes
The Company may disclose Personal Information if required to do so pursuant to any applicable law, regulation, legal process or enforceable governmental request. For example, it may be necessary for the Company to disclose Personal Information to law enforcement officials, regulatory bodies, or government agencies for the purposes of investigating or preventing fraud, or other offences as may be required or permitted by applicable laws. Additionally, under the Legislation and other applicable laws, the Company may be required to disclose some of a User’s Personal Information to government officials, law enforcement personnel, or competent authorities of foreign governments. The Company may also disclose Personal Information to establish or exercise our legal rights or defend against legal claims or in connection with an emergency that warrants use or disclosure of the information.
Non-personally identifiable Information
The Company may share non-personally identifiable (anonymized) information publicly and with our partners. For example, The Company may share anonymized information publicly to show trends about the general use of our services.
How Is Your Personal Information Safeguarded?
The Company is committed to protecting the confidentiality and security of all Personal Information against loss and unauthorized access, disclosure, modification or destruction, and therefore has security safeguards appropriate to the sensitivity level of the information in place. Note that confidentiality and security may not be assured with electronic communication via e-mail or wireless communication.
The Company will ensure that all employees and third-party service providers with access to information of individuals shall be required as a condition of employment or provision of services to respect the confidentiality of such information and that all employees and third-party service providers are aware of the importance of maintaining the confidentiality of such information as part of training requirements.
- Access is restricted to authorized personnel who need the information to perform their duties.
- The Company’s work processes ensure that personal information is not disclosed to unauthorized parties.
- Electronic data in the Company’s computer systems are protected against unauthorized access and the data is transmitted over secured networks.
- Physical safeguards:
- Locking file cabinets and areas where files are stored when no one is there.
- Restricting employee access to storage areas or filing cabinets.
- Clearing files and documents containing personal information off the work desk at the end of the day.
- Shredding papers or placing them in secure disposal units containing personal information rather than just placing them in a garbage can or recycling bin.
- Destroying computer hard drives that contain personal information before you discard them
Your Rights Respecting Your Personal Information
Users may exercise certain rights regarding their Personal Information processed by the Company. In particular, Users have a right to:
Withdraw your consent at any time
Users have the right to withdraw consent where they have previously given their consent to the collection, use, disclosure or other processing of their Personal Information. Users may withdraw their consent by contacting our Privacy Officer at firstname.lastname@example.org.
Access your personal information
Users are entitled, with certain legal restrictions, to access and review their Personal Information held by the Company. The information provided by The Company will include a general description of the personal information held, how the information was and will be used, and who the information has been disclosed to.
The Company reserves the right to refuse to provide access to Personal Information in circumstances during which the Company is permitted by law to refuse access, including where providing access would reveal Personal Information about a third party, if the release of the Personal Information could affect the security of an individual, or if the Personal Information is subject to privilege. Any refusal to provide information to The User will be in writing, detailing reasoning and any further available steps.
Requests for access to Personal Information should be made in writing to our Privacy Officer at email@example.com. Information will be released within 30 days of the date of request. Users may be required to provide proof of identity before the information is released, and there may be a minimal fee for providing the information which The Company will provide estimate in advance.
Accuracy of personal information
Accurate Personal Information is required for the efficient and effective delivery of products and services. The Company will make reasonable efforts to ensure the accuracy of personal information collected used in decisions that affect individuals or are disclosed to other organizations.
Individuals may contact our Privacy Officer at firstname.lastname@example.org to modify or correct any Personal Information. Corrections will be made within a reasonable timeframe. In the event the correction is not deemed reasonable by The Company, the correction will be noted, but no correction will be completed.
Object to processing of your personal information
Users have the right to object to the processing of their Personal Information or Personal Data in certain circumstances where Personal Information is being processed on a basis other than consent. In particular, Users can object to the processing of their Personal Information for purposes of direct marketing at any time.
Restrict the processing of your personal information
Users have the right, under certain circumstances, to restrict the collection, use, disclosure or other processing of their Personal Information, meaning Users can limit how the Company uses their Personal Information or Personal Data.
Have their personal information deleted or otherwise removed
Users have the right, under certain circumstances, to obtain the erasure of their Personal Information or Personal Data from the Company. If required to erase Personal Information or Personal Data, the Company will do so without delay.
Lodge a complaint
Users have the right to bring a claim before the Commissioner appointed under the Freedom of Information and Protection of Privacy Act.
Obtain assistance from the Office of the Information and Privacy Commissioner (OIPC)
Users who have reasonable grounds to believe that the organization has contravened or is about to contravene a provision of PIPA may report directly to the OIPC.
Toll-free in B.C. 1.800.663.7867
Users will not face punitive actions from The Company for reporting such breaches. Additionally, If any of these situations arise, the User, or “whistleblower,” is protected from any punitive action taken by an organization against him or her, such as suspension or dismissal per (PIPA section 54). If The User or any other person reports a contravention or a possible contravention to the OIPC, the OIPC may keep the name of the “whistleblower” confidential.
How Can You Contact Us?
Do We Transfer the Data Internationally?
How Long Is Your Personal Data Retained?
Personal Information and Personal Data shall be stored for as long as required by the purpose for which it has been collected, used or disclosed. We are required to keep personal information for a minimum of one year after any decision that directly affects an individual.
Personal Information or Personal Data which the Company no longer needs to retain shall be destroyed, erased or made anonymous in a secure manner in accordance with the Company’s policies respecting the destruction of records. The Company shall use care in the disposal or destruction of information so as to prevent unauthorized parties from gaining access to the information. The right to access, the right to erasure, the right to rectification and the right to portability cannot be enforced after the information has been destroyed.
Please contact the Privacy Office at email@example.com for more information.
What happens if there is a privacy breach?
A privacy breach is the unauthorized access to personal information or the unauthorized collection, use, disclosure, or disposal of personal information.
Employees are required to report all breaches to their supervisor, including suspected breaches. The Supervisor will report the breach to the Privacy Officer. If the Privacy Officer is unavailable, the Supervisor will assume the role of Privacy Officer for the purposes of managing the breach. If the Supervisor is unavailable, the employee should report directly to the Privacy Officer.
The Company has protocols in the event of a breach which must be followed by the privacy office or acting privacy officer. The protocols contain steps on containment, risk evaluation, notification, and security safeguard evaluation.