Enersource gathers information about its customers in order to provide electricity, construction and maintenance services. The administration of our business requires this information to be used for verifying customers identity, managing any special needs of our customers, responding to customer inquiries, billing, determining customer’s credit ratings, providing electricity services, collecting overdue bills and meeting regulatory and legal requirements.
The information is protected by administrative, technical, contractual and physical practices designed to ensure that personal information is protected at all times.
While our general policy is not to provide personal information to any party outside of Enersource, there are certain limited circumstances under which it is necessary for us to do so. When we do provide personal information to third parties, we provide only that information that is required under the particular circumstances. That information is used only for the purpose stipulated and is subject to strict terms of confidentiality. Employees of companies to whom we may provide information must adhere to our privacy standards. These third parties may include:
– a contractor or service provider acting on behalf of Enersource;
– a collection agency for the purpose of collecting past due bills;
– emergency services to protect the personal safety of employees, customers or other third parties;
– domestic and international authorities to respond to valid and authorized information requests as permitted or required by law, to comply with regulations, subpoena or court order.
Personal information collected by Enersource may be stored or processed inside or outside of Canada. In either case, the information is protected by appropriate security safeguards but may be available to government agencies under applicable law.
This Policy describes the procedures that Enersource follows in order to maintain the privacy of personal data.
Personal data is any data about an identifiable individual, except business card data. Business card data concerns information about a person in that person’s role as a business person, often as an employee of a business. Business card data is the name, working address, work contact numbers and work e-mail address, company and title. All data about an individual except for business card data is personal and will only be used for the purposes for which it was collected with the person’s consent.
Some examples of personal data that must be kept private include:
– Phone number
– Account number
– Driver’s License
– Payment and invoice history
– Bank information
– Service orders
– Electricity usage
– Bills and collection notices
– Reports with customer information on them
No personal data will be provided to anyone outside Enersource without the consent of the individual, other than in the limited circumstances set forth above under the heading “Policy”. Contractors and service providers to Enersource have agreed in their contracts to protect all personal data provided to them in a manner that is consistent with our privacy policies and security practices.
Data will only be collected to the extent necessary to fulfill the business function. Within Enersource, access to personal data will be provided only when there is a business need. When data is no longer required, it will be deleted or destroyed in a secure manner.
The Privacy Officer is responsible for monitoring the compliance with this policy. The Privacy Officer is Karen Ras, Director, Corporate Relations.
Access to customer information is restricted to authorized employees who have a legitimate business purpose for accessing it and all of our employees who have access to personal information have been trained on the handling of such information.
No sensitive personal data will be left in plain view and unattended in an unsecured area. Employees shall take every reasonable security measure when transmitting or receiving confidential or personal information. The precautions taken shall be appropriate to the sensitivity of the information transmitted or received.
All employees with computer access to personal data will lock their computers whenever they leave their desks. Waste paper with personal data will be shredded on site. All sensitive personal data will be maintained in locked storage cabinets. Electronic records will be secured by application, network and server security according to our Information Security Policy.
Unauthorized access to and/or disclosure of customer information by an employee of Enersource is strictly prohibited. All employees are required to adhere to the provisions of the Privacy Act with respect to the proper handling and protection of personal information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
Individuals must consent to recording their data in the Enersource corporate records and this data will only be used for the purposes stated when their data is collected. We may obtain express consent in writing, through electronic means, or verbally. Alternatively, consent may be implied when customers continue to use a product or service after we’ve notified them of a change.
Providing personal information is always optional, however deciding to withhold particular details may limit service options.
We do the utmost to ensure the information we collect about our customers is accurate and complete. As we make decisions based on the information we have, we encourage customers to contact us at any time if they wish to verify the accuracy or update the information we have about them.
Individual’s access to their own data
While providing routine customer service, customers frequently inquire about the data on their own account, and there are routine procedures in place to provide this information. Information will only be provided to persons who have been authorized on the account.
Individuals may enquire about all the information an organization may store about them. As Enersource has many sources of personal information, and many places where it could be stored, these requests will be processed via the Privacy Officer. The request will be circulated around the organization, via the privacy representatives in the different parts of the organization, and then a coordinated response will be provided to the individual.
Retention and disposal of personal data
The length of time we keep personal information will vary depending on the nature of the information. We have retention standards that meet customer service, legal and regulatory needs. When customer information is no longer required, the information is permanently destroyed or erased in an irreversible manner that ensures that the record cannot be reconstructed in any way.
It is a serious offense to destroy personal information that is subject of an inquiry. Before information is removed from our systems, we will ensure that none of it is currently the subject of an inquiry.
Employee personal data
Employee personal data is protected in the same way that all other personal data is protected. Employee files are safeguarded in the Human Resources area and do not leave this area. Employee data is treated as highly confidential. Caution will be used in e-mailing messages containing employee data. Some employee related documents should not be e-mailed even within Enersource. These types of documents should be provided in hard copy only.
All contracts with vendors who have access to personal data include privacy clauses. In addition the standard purchase order contains a privacy clause.
If you would like any further information about our privacy policies and procedures, please contact us at firstname.lastname@example.org, or by mail: Privacy Officer, Enersource Corporation, 2185 Derry Rd. West, Mississauga, Ontario, L5N 7A6. Our customer service department will also be pleased to answer any questions that you may have. They may be contacted at 905-273-9050.
This statement was last revised Sept 17th, 2013.