Red Cloud Securities Inc. is subject to privacy legislation, including the Freedom of Information (FOIP), the Personal Information and Protection of Electronic Documents Act (PIPEDA), and Canada’s Anti-Spam Legislation (CASL).
All organizations in Canada who collect, use or disclose “personal information” in the course of its business activities are required to comply with PIPEDA, except in those provinces which have enacted legislation that is substantially similar to PIPEDA. For the purposes of compliance, Red Cloud Securities Inc. has established rules and procedures in accordance with PIPEDA.
Part 1: Purpose and Policy
- Business contact information means an individual’s name, position name or title, business telephone number, business address, business e-mail, business facsimile number and other similar business information.
- Commissioner means the Information and Privacy Commissioner appointed under the Freedom of Information and Protection of Privacy Act.
- Employee means an individual employed by an organization and includes an individual who performs a service for or in relation to or in connection with an organization such as: an apprentice, volunteer, participant or student; or an individual under contract or in an agency relationship with the organization.
- Personal Employee Information means personal information reasonably required by an organization that is collected, used or disclosed solely for the purposes of establishing, managing or terminating an employment relationship.
- Personal Information means information about an identifiable individual but does not include business contact information.
- Record means a record of information in any form or in any medium, whether in written, printed, photographic or electronic form or any other form, but does not include a computer program or other mechanism that can produce a record.
The purpose of this Policy is to document Red Cloud Securities Inc.’s commitment to the protection of personal information in accordance with federal and provincial legislation, and to outline safeguards and procedures we have implemented in this regard.
This Policy sets out the principles Red Cloud Securities Inc. has adopted to deal with the collection, use and disclosure of personal information as well as access to information and quality issues.
Part 2: Collection & Protection of Personal Information
Under the PIPEDA, personal information collected about an individual:
- Is deemed to have been collected pursuant to consent given by that individual; and
- May be used and disclosed by the organization for the purposes for which the information was collected.
Limitations on Collection
Red Cloud Securities Inc. will not collect personal information unless the information is necessary for one or more of its business activities or in order for the organization to comply with regulatory or legal requirements. The two primary reasons we collect personal information are as follows.
- As a brokerage firm, we are regulated by a number of provincial Securities Commissions and the Investment Industry Regulatory Organization of Canada. These organizations require that we obtain certain personal information from our clients before we are able to open and maintain a trading account on their behalf, also known as “Know Your Client” or “KYC” requirements. They also require that we obtain personal information from those employees seeking registration.
- We are required to obtain certain information regarding our clients in accordance with Canada Revenue Agency reporting requirements.
Notification Required for Collection
Where personal information is to be collected directly from an individual, reasonable steps will be taken to ensure the individual is aware of the purpose of collection. When personal information is to be obtained from third parties (such as a financial institution or a credit bureau), such information will be limited to that required for the identified purpose and will be collected by lawful and fair means for purposes directly related to Red Cloud Securities Inc.’s activities. An individual may give his or her consent in writing or verbally. At the time of account opening, clients will be asked to sign a document consenting to the collection, use and disclosure of their personal information.
Withdrawal of Consent
Clients will be given a reasonable opportunity to decline or object to the proposed collection, use or disclosure of their personal information. Such withdrawal of consent must be provided to Red Cloud Securities Inc. in writing. In some cases, Red Cloud Securities Inc. may be unable to open or continue to maintain an account on a client’s behalf given the regulatory and legal requirements Red Cloud Securities Inc. is subject to.
Limitations on Use or Disclosure
Red Cloud Securities Inc. will only use or disclose information regarding our clients or employees for the purpose for which it was collected or where a lawful exception applies.
Employees, agents or contractors of the firm are only authorized to access or use personal information in the legitimate performance of their duties, as outlined in the Containment of Information Policy.
Disclosure of Personal Information
As noted previously, Red Cloud Securities Inc. is regulated by a number of organizations. From time to time these bodies may demand that we produce, or make available for inspection, documents and information that clients have provided us for the following regulatory purposes:
- Surveillance of trading-related activity,
- Sales and financial compliance, trade desk review and other regulatory audits,
- Investigation of potential regulatory and statutory violations,
- Enforcement or disciplinary proceedings,
- Reporting to securities regulators, and
- Information sharing with securities regulatory authorities, regulated marketplaces, and law enforcement agencies in any jurisdiction in connection with any of the foregoing.
We also have relationships with other non-regulatory organizations that require us to share and/or have access to, information regarding our clients and/or their accounts. This includes entities such as our clearing broker and our external Auditors.
Use or Disclosure without Consent
Red Cloud Securities Inc. may use or disclose personal information about an individual without consent under the following circumstances:
- A reasonable person would consider that the use or disclosure of the information is clearly in the interests of the individual and consent of the individual cannot be obtained in a timely way or the individual would not reasonably be expected to withhold consent;
- The use or disclosure of the information is pursuant to a statute or regulation of Ontario or Canada that authorizes or requires the use;
- The use or disclosure of the information is for the purpose of complying with a subpoena, warrant or order issued or made by a court, person or body having jurisdiction to compel the production of information or with a rule of court that relates to the production of information;
- The information is publicly available;
- The use or disclosure of the information is necessary to respond to an emergency that threatens the life, health or security of an individual or the public;
- The use or disclosure of the information is necessary in order to collect a debt owed to the organization or for the organization to repay to the individual money owed by the organization; or
- The disclosure of the information is for the purposes of protecting against or for the prevention, detection or suppression of fraud and the organization disclosing the information is permitted or otherwise empowered under an enactment of Ontario or Canada to carry out those purposes.
Care of Personal Information – Accuracy of Information
Red Cloud Securities Inc. will use its best efforts to ensure that personal information is relevant, accurate, complete and up-to-date for the purpose for which it is to be used. Where personal information is collected directly from an individual, it will be presumed to be accurate and complete at the time of collection, unless there is other information which suggests it is not. Personal information will be updated as required by the regulatory authorities.
Protection of Information
Red Cloud Securities Inc. will take reasonable steps to protect the personal information it holds from misuse or loss and from unauthorized access, modification or disclosure.
Red Cloud Securities Inc. will document security, storage and disposal requirements for all personal information for which it is responsible. In documenting these requirements Red Cloud Securities Inc. will take into consideration the sensitivity of the information, its form and volume, its frequency of use and retention period, the circumstances of its use and storage, and any legal or regulatory requirements. When personal information is no longer required to be kept, such information will be destroyed or made anonymous in a controlled and secure manner in order to prevent any unauthorized persons having access to that information. Personal information which is the subject of a complaint, inquiry or legal process will not be destroyed until the resolution of that process.
Retention and Disposal of Information
As noted previously, Red Cloud Securities Inc. will document retention and disposal requirements for all personal information for which it is responsible, taking into consideration the sensitivity of the information, its form, the circumstances of its use and any legal or regulatory requirements.
Part 3: Access to Information
1. Access to and Correction of Information
Accessing Personal Information
Individuals are entitled to inquire whether Red Cloud Securities Inc. holds personal information concerning them and, if so, to be advised of its use and disclosure. Individuals are also entitled to obtain a copy of the information we have on file.
How to Request a Copy of Personal Information
To obtain a copy of their information, clients must submit a written request to the Privacy Officer for our firm. The Chief Compliance Officer will serve as the firm’s Privacy Officer. Requests may be sent by mail to:
Red Cloud Securities Inc.
Attention: Privacy Officer
105 King Street East, 2nd Floor
Toronto, ON M5C 1G6
Time Limit for Responding
Red Cloud Securities Inc. will respond to a written request for access, acknowledging the request within 14 business days.
If a request is straightforward, Red Cloud Securities Inc. will provide a copy of the information on file within 14 business days or, if the request is more complicated, within 30 business days. There may be circumstances under which we may not be able to provide clients with certain information. For example, the information may have been destroyed or, in our opinion, it is too costly, or we are unable to retrieve the information.
Red Cloud Securities Inc. will not charge individuals a fee for access to personal information concerning them, unless requests are considered unnecessarily frequent or extensive.
Correction of Information on File
Any individual may challenge the completeness or accuracy of personal information concerning them and request that the information be corrected. To amend any information we have on file, clients must submit a written request detailing the changes to be made. The Privacy Officer will acknowledge the request and provide written confirmation that the changes or amendments have been made.
Part 4: Reviews and Complaints
Filing a Complaint with Red Cloud Securities Inc.
Right to Initiate a Complaint
An individual who believes his or her privacy may have been interfered with or compromised by Red Cloud Securities Inc. may initiate a complaint requesting a review of the matter.
How to Initiate a Complaint
Individuals will be required to submit a written complaint to our Privacy Officer who will consider the complaint and attempt to resolve it. Our Privacy Officer will reply to the individual within 45 working days. If the complaint is not resolved in a manner acceptable to the individual, the firm will advise of:
- the general reasons for that outcome, where appropriate; and
- information on the further action that the individual can take under the Personal Information Protection Act, including his or her right to take the complaint to the Privacy Commissioner should he or she remain dissatisfied with the firm’s handling and/or outcome of the complaint.
Appeal to the Privacy Commissioner
Right to a Review or to Initiate a Complaint
As noted above, an individual who is not satisfied with Red Cloud Securities Inc.’s handling of his or her privacy complaint may ask the Privacy Commissioner to review any decision, act or failure of Red Cloud Securities Inc. The Privacy Commissioner has powers to investigate and make a determination on the complaint.
How to Request a Review or Initiate a Complaint
To ask for a review or to initiate a complaint an individual must submit a written request to the Commissioner within 30 days from the day he or she was notified of the firm’s decision. Please note that a longer period may be allowed by the Commissioner.
Notifying Others of a Review
Upon receipt of such a request, the Commissioner must give a copy of the written request to the organization concerned.
Inquiry by the Privacy Commissioner
If a matter under review or relating to a complaint is not referred to mediation, settled pursuant to mediation or resolved, then the Commissioner may conduct an inquiry and decide all questions of fact and law arising in the course of the inquiry. The individual making the complaint and the organization concerned will be given an opportunity to make representations to the Commissioner and be represented by a lawyer at the proceedings.