The Company is responsible for protecting all personal information held by it or transferred to a third party for processing. The Company has appointed a Privacy Officer who is responsible for the Company’s compliance with the Act. The Privacy Officer may be contacted by e-mail at email@example.com or by post at 210 Lesmill Road, North York, Ontario, M3B 2T5.
The Company has developed personal information policies and practices that:
- protect personal information
- require any third party contracting with the Company to guarantee the same level of protection
- train employees on privacy policies and procedures
The Company identifies the purposes for which it collects personal information before or at the time of collection. Before or when personal information is collected, the Company identifies, documents, and informs the individual why it is needed and how it will be used. The Company obtains the individual’s consent, either verbally or in writing, before using the personal information for any new purpose.
The Company collects personal information for the following purposes:
- opening an account
- verifying creditworthiness
- communicating information and offers to individuals
- understanding and analyzing sales, needs and preferences
- developing and providing services
- marketing and advertising products and services
- booking appointments
- participating in promotions and programs
- participating in research or focus groups
- processing exchanges or returns
- improving services, school, and store appearances
- responding to requests and/or complaints
- processing product orders
- scheduling enrollment in education programs
The Company makes every reasonable effort to obtain express consent for the collection, use or disclosure of personal information. However, consent will be implied by an individual giving the Company his or her personal information either in person, over the telephone, or over the internet for all of the purposes set out in section 2. The Company makes every effort to explain how it will use the personal information, that consent may be withdrawn, and any consequences arising from the withdrawal. The Company does not accept consent from a party lacking the capacity to give it.
4. LIMITING COLLECTION
The Company does not collect personal information indiscriminately and does not deceive or mislead individuals about the reasons for collecting it. The Company limits the amount and type of information gathered to what is necessary for the identified purpose. The Company obtains personal information in the following manner:
- Verbally: over the telephone or in person through interaction with our Territory Managers, Client Services Representatives, Aveda Advisors, Managers and Team Leaders.
- In Writing: through registration forms, application forms, authorizations, surveys, questionnaires, and resumes communicated by e-mail, regular mail, fax, and the internet or through exchange and refund transactions.
5. LIMIT USE DISCLOSURE AND RETENTION
The Company uses or discloses personal information only for the purposes that it was collected, unless the individual consents or the use or disclosure is authorized by the Act. The Company only keeps personal information as long as necessary to satisfy the purpose. The Company does not give or sell client/guest lists to any organization or individual other than companies contracted to implement direct mailings/marketing or to analyze data. The Company has guidelines and procedures in place for retaining and destroying personal information. Any personal information that has not been used for its identified purpose within a consecutive 48 month period or 4 years is destroyed or deleted, unless otherwise dictated by legislation.
The Company keeps personal information as accurate, complete and up-to-date as necessary, taking into account its use and the interests of the individual. The Company updates personal information from time to time as provided by the individual.
The Company protects personal information against loss or theft and safeguards it from unauthorized access, disclosure, copying, use or modification regardless of the format in which it is held.
The Company has implemented security safeguards including, but not limited to,:
- physical measures (locked filing cabinets, restricting access to offices, alarm systems)
- technological tools (passwords, encryption, firewalls, security policy)
- organizational controls (limiting access on a “need-to-know” basis and to secure areas)
The Company makes policies and practices for the management of personal information available and easily understandable. Individuals are encouraged to contact the Privacy Officer to discuss the Company’s privacy policies, how to obtain access to his or her personal information, and to make privacy related complaints, comments, or recommendations.
Upon request, the Company will provide individuals access to their personal information. All requests should be forwarded to the Privacy Officer. The Company may ask the individual to supply enough information to enable it to account for the existence, use and disclosure of the personal information, including a recent form of identification. The Company will attempt to respond to requests within thirty (30) business days. This time frame may be extended pursuant to the Act. The Company will correct or amend any personal information if its accuracy and completeness is challenged and found to be deficient. All amended information will be sent to third parties having access to it, where appropriate. In the event that access is denied, the Company will provide written reasons. The Company will also delete any personal information upon request (i.e. indiviudals may “unsubscribe” from receiving e-mail communications).
10. MARKETING AND ADVERTISING
An individual may make a complaint in writing to the Privacy Officer. The Company has a procedure in place and will investigate all complaints. The Company will notify individuals of the outcome of investigations within sixty (60) business days of receipt of a complaint. If justified, the Company will correct any inaccurate Personal Information or modify policies and procedures based on the outcome of the investigation and ensure that all relevant staff is aware of any change.