Summary of Principles
Principle 1 - Accountability
PMDI is responsible for personal information under its control and shall designate one or more persons who are accountable for the company's compliance with the following principles.
Principle 2 - Identifying Purposes for Collection of Personal Information
PMDI shall identify the purposes for which personal information is collected at or before the time the information is collected.
Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a customer or employee are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 - Limiting Collection of Personal Information
PMDI shall limit the collection of personal information to that which is necessary for the purposes identified by the company. PMDI shall collect personal information by fair and lawful means.
Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information
PMDI shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. PMDI shall retain personal information only as long as necessary for the fulfillment of those purposes.
Principle 6 - Accuracy of Personal Information
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 - Security Safeguards
PMDI shall protect personal information by security safeguards appropriate to the sensitivity of the information.
Principle 8 - Openness Concerning Policies and Practices
PMDI shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.
Principle 9 - Customer and Employee Access to Personal Information
PMDI shall inform a customer or employee of the existence, use, and disclosure of his or her personal information upon written request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 - Challenging Compliance
Scope and Application
The Policy applies to personal information about PMDI's customers and employees that is collected, used, or disclosed by PMDI.
The Policy applies to the management of personal information under its control.
The Policy does not impose any limits on the collection, use or disclosure of the following information by PMDI:
a) an employee's name, title, business address or business telephone number; or
b) other information about the customer or employee that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act.
The Policy does not apply to information regarding PMDI corporate customers; however, such information is protected by other PMDI policies and practices and through contractual arrangements.
agent - an authorized representative or service provider acting on behalf of PMDI.
collection - the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent - voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual, by his or her legal guardian or by a person having power of attorney for the individual. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of PMDI. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.
customer - an individual who (a) uses, or applies to use, the products or services of PMDI; or (b) corresponds with PMDI.
disclosure - making personal information available to a third party.
employee - a current or former employee or pensioner of PMDI.
personal information - information about an identifiable customer or an employee, but does not include aggregate information that cannot be associated with a specific individual.
For a customer, such information includes a customer's credit information, billing records, service and equipment, and any recorded complaints.
For an employee, such information includes information found in personal employment files, performance appraisals, and benefits information, but does not include the employee's name, title, business address (including e-mail address) or business telephone or fax numbers.
third party - an individual other than the subject customer, employee or his or her respective agent or an organization other than PMDI.
use - the treatment, handling, and management of personal information by and within PMDI.