The Protection of Personal Information
Metrics collects, uses and discloses personal information in accordance with the following 10 principles, which reflect the principles articulated in the Personal Information Protection and Electronic Documents Act (Canada).
Personal information (def’n): information about an identifiable individual, recorded in any form and includes, but is not limited to, such things as race, ethnic origin, age, marital status, religion, education, medical, criminal, employment or financial information, address and telephone number or numerical identifiers such as a Social Insurance Number. It does not include the name, title, business address or business telephone number of an employee of an organization.
10 Privacy Principles
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Individual Access
- Challenge Compliance
Principle 1 – Accountability
Principle 2 – Identifying purposes
Metrics will inform you why we are collecting your personal information when the information is collected.
In most instances, Metrics will collect, use or disclose personal information about clients only for the purpose of providing professional services. Each Engagement Letter includes an explanation of why Metrics requires the information, what use will be made of it and with whom it may be shared in order to provide professional services.
Client personal information may also be disclosed internally for the purpose of determining compliance with applicable professional standards, Metrics’ internal policies, or in the performance of quality reviews.
Metrics will also collect and use personal information about clients, prospective clients and alumni, for the purpose of sending news and information updates or invitations to events hosted or sponsored by Metrics.
Personal Information may also be shared internally in order to allow us to offer services or products that may be of interest to clients.
Metrics collects personal information about our partners and employees in order to pay them, comply with laws, provide them with benefits, administer performance management tools such as “KIN/Humi”, to improve on and manage programs, policies and employee relations and generally to establish, manage or terminate the employment or partnership relationship. In certain cases, Metrics may also aggregate partner and employee personal information to provide business metrics and evaluate the effectiveness of our HR programs, but this aggregated information will not allow the identification of any individual.
We may also use or disclose partner and employee information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.
We also collect personal information from individuals seeking employment with Metrics.
When Metrics collects personal information, we will inform you of the reasons why we require such information, what use will be made of it and with whom it may be shared. Collection may occur without knowledge or consent as permitted by law, including collection in the course of an investigation.
Personal data collected by Metrics may be transferred or disclosed to third party contractors, subcontractors, subsidiaries or affiliates and Metrics Labs Inc for the purposes for which the visitor has submitted the information and for the administration of our system or site and/or other internal, administrative purposes. Personal data may also be transferred to third party service providers of, website hosting and management, data analysis, data backup, security and storage services. As a result, personal data may be transferred outside the country. By submitting data on Metrics’ website, the visitor is providing explicit consent to the transfer of such data for the fulfillment of his or her voluntary requests or otherwise as set out in Principal 5 ‘Use of Data’ section. By submitting data to Metrics’ email, the sender is providing explicit consent to the transfer of such data for the fulfillment of his or her voluntary requests or otherwise as set out in Principal 5 ‘Use of Data’ section. By submitting data to Metrics’ shared Google Drive, the sender is providing explicit consent to the transfer of such data for the fulfillment of his or her voluntary requests or otherwise as set out in Principal 5 ‘Use of Data’ section.
Principle 3 – Consent
Metrics will obtain consent to collect, use or disclose your personal information.
Client Personal Information
The Terms and Conditions of every Metrics professional services engagement are documented in each Engagement Letter. These Terms and Conditions include a discussion about how Metrics may use and disclose your personal information. By signing the Engagement Letter, the client will be providing its consent to the collection, use and disclosure described in the Terms and Conditions.
The form and manner of obtaining consent may vary from express written consent to implied consent, depending upon the circumstances and the type of information. In determining the form and manner of consent, Metrics will take into account the sensitivity of the information and the reasonable expectations of the individual.
We will collect, use or disclose personal information without consent only where permitted or required by law. For example, when information is being collected for the detection and prevention of fraud, seeking the consent of the individual might defeat the purpose of collecting the information.
Individuals may withdraw their consent at any time, subject to legal or contractual restrictions, by providing reasonable written notice to Metrics. Metrics will inform the individual of the implications, if any, of such withdrawal.
Partner and Employee Information
Forms and applications used to provide human resources-related services to partners and employees will describe the purposes for which their personal information is required and with whom it will be shared.
Principle 4 – Limiting Collection
Metrics limits the amount and type of personal information we collect.
Metrics will limit the collection of personal information to that which is reasonably required to provide our services or operate our business.
Principle 5 – Limiting Use, Disclosure, and Retention
Metrics will use and disclose your personal information only for the purposes for which we have your consent.
Metrics will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Metrics will only use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Metrics generally uses personal information about clients for fair and legitimate purposes relating to the provision of professional services, including obtaining and carrying out client instructions, reporting and communicating with clients, billing and accounting and protecting against fraud, illegal activities and error. To carry out these fair and legitimate purposes we may, from time to time, disclose our client’s personal information to government or regulatory agencies and other third parties to perform services on behalf of Metrics for the purposes explained in this section.
Metrics shall retain personal information for the period of time necessary to fulfil the purposes for which the personal information was collected. We observe the rules of professional conduct which govern the practice of public accounting and any applicable legal or regulatory requirements. Personal information no longer required to fulfil its identified purposes will be destroyed, erased or made anonymous in a secure manner.
Metrics may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, or as otherwise permitted by law including for purposes of an investigation. We may also disclose personal information without consent as permitted or required by applicable federal and provincial privacy laws, including:
- to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies
- to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law
- to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.
Metrics retains personal information about current and past partners and employees in accordance with employment laws and standards. We will destroy human resources and other files containing partner and employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes.
Principle 6 – Accuracy
Metrics will endeavor to keep accurate the personal information in our possession or control.
In order to provide clients with a professional level of service and partners and employees with appropriate benefits, the personal information that we collect must be accurate, complete and current. From time to time, clients, partners and employees may be asked to update their personal information. Individuals are encouraged to advise us of any changes to their personal information that may be relevant to the services we are providing.
Clients are encouraged to contact their engagement partner to update their personal information.
Employees and candidates should contact the HR Team should they need to update their personal information.
Principle 7 – Safeguarding Information
Metrics protects your personal information with safeguards appropriate to the sensitivity of the information.
Metrics will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked filing cabinets and drawers). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.
In some circumstances, personal information may be processed and stored outside of Canada by Metrics or a third party processor, and such personal information may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is processed or stored. These laws may not provide the same level of protection as Canadian privacy laws.
Third Party Links
Principle 8 – Metrics will be open about the procedures used to manage your personal information
Principle 9 – Individual access
At their request, Metrics will advise individuals of what personal information we have in our possession or control about them, what it is being used for, and to whom and why it has been disclosed.
Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their engagement partner.
Partners and employees have the right to review and obtain copies of their personal information on record by contacting their HR Manager.
In most instances, individuals will receive a response to their access request within 30 days. If an individual has any concerns about the access that is provided, they are encouraged to contact our privacy team at firstname.lastname@example.org.
Principle 10 – Challenging Compliance
Metrics will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.
To challenge compliance with this Policy, individuals should forward their concerns in writing to email@example.com. Our team will ensure that a complete investigation of all complaints has been undertaken and will report their findings to the individual in most instances within 30 days.
We know that protecting the privacy of our clients, partners and employees is important. If you have any questions or concerns about your privacy and our role in protecting it, please contact us at firstname.lastname@example.org or at 1-250-896-8808.