EOS Canada has prepared this policy to inform you of its practices regarding the collection, use and disclosure of the personal information about identifiable individuals.
This policy applies to the operations of EOS Canada and its subsidiaries across Canada and across all business units.
Personal information means any information, recorded in any form, about an identifiable individual. Personal information does not include anonymous or aggregated information. Anonymous or aggregated information is information that cannot be associated with or traced back to an identifiable individual.
EOS Canada is a national collection agency specializing in providing its customers with various debt collection services. EOS Canada’s clients include major financial institutions, retailers, governments and their agencies, telecommunication firms, utilities and other firms that are in the practice of granting credit to their customers.
EOS Canada owes a duty of care to our clients and by extension to their customers. EOS Canada is granted access to the personal information of many of our clients’ customers. This personal information is of a highly confidential nature, as is the information that is acquired during the execution of its business activities. EOS Canada has developed and applied privacy and confidentiality policies in order to manage and safeguard this information.
PIPEDA Fair Information Principles at EOS Canada
The Personal Information Protection and Electronic Documents Act (PIPEDA) ten fair information principles form the ground rules for the collection, use, and disclosure of personal information in Canada, as well as providing access to this personal information to consumers. These ten principles describe how an organization should approach personal information use and protection and form the basis of how EOS Canada approaches privacy compliance.
Principle 1 - Accountability
EOS Canada is responsible for personal information under its control and will appoint a designated Privacy Officer who is accountable for the protection of personal information and organizational compliance with these privacy principles. The name and contact information for the Privacy Officer will be made available to the public on the company website.
The EOS Canada Privacy Officer will be responsible for the implementation and maintenance of a privacy management system. This program will ensure that:
- Company policies align with the privacy principles to protect personal information
- All staff are trained on the organizational policies
- Policies are regularly reviewed to ensure continued compliance.
Principle 2 - Identifying Purposes
EOS Canada will identify the purposes for which the personal information is being collected at or before the time the personal information is collected.
- Personal information will be obtained from both clients and customers and used to ensure that our organization is only disclosing financial information to the correct individual.
- For example, we may request a consumer to provide their name and date of birth so that we can match this information to the information on our system, so that we can confirm that we are speaking with the correct person.
- Information will be used to apply payments to the correct individuals’ accounts
- Information will be used to report accounts correctly to the credit bureau.
- Updated address, telephone, and email information may be requested from consumers to ensure that continued communication is possible.
- Financial information may be requested from consumers to determine their ability to pay an account and determine best course-of-action for account resolution.
- When our organization requests new personal information from an individual, the reasons for the request will be clearly articulated.
Principle 3 - Consent
EOS Canada will make a reasonable effort to ensure that individuals are advised of the purposes for which their information will be used.
In many cases, consent for the use of personal information was provided to our clients at the start of the client-consumer relationship. The continued use of the personal information is based in this existing contract and relationship and the consent for EOS Canada to utilize personal information is as a supplier of our client and is captured as part of that relationship.
If our organization seeks to use information in a new way outside the scope of these existing agreements, then we will seek to obtain express consent directly from the consumer prior to the use or disclosure of the information. This consent may be obtained verbally, or in writing, depending on the circumstance and proposed use. This consent will be recorded and retained to demonstrate continual compliance with this principle.
We may monitor and/or record your telephone discussions with our staff for our mutual protection, to enhance service, and to provide oversight and audit the interactions of our staff with consumers.
Principle 4 - Limiting Collection
EOS Canada will collect personal information by fair and lawful means and will only collect information that is required to fulfill the identified purposes.
Personal information used by our organization may include:
- Date of Birth – To identify and authenticate consumers
- Social Insurance Number – To identify and authenticate consumers
- Contact information (address, phone numbers, email addresses) – To contact and communicate with consumers
- Financial information – To assess consumer ability to resolve their account, best course of action, and eligibility for offers of settlement
Personal information that is not required by our organization will not be requested from consumers. For example, if a client does not require consumer identify authentication by social insurance number, then staff will be trained to avoid asking for this information. Staff will be trained to limit the collection of personal information to only what is required.
Principle 5 - Limiting Use, Disclosure, and Retention
Unless an individual provides consent, or where it is required by law, personal information will not be used by EOS Canada for purposes other than the reasons for which it was collected and will not willfully disclose this personal information to unauthorized third parties. Personal information will be retained to fulfill this purpose and as required by law, and then will be securely destroyed or deleted.
EOS Canada organizational policies ensure that those employees who require access to personal information will be granted that access.
EOS Canada may be required to release information to ensure compliance with a search warrant, court order, or other demand which we believe to be valid. This may include requests from regulators who are responsible for ensuring that we are in compliance with applicable regulations (e.g. provincial ministries governing consumer affairs).
Our organization does provide a limited amount of information, as required, to our suppliers and agents. For example, we provide information to the credit bureaus as required to properly updated consumer credit files. As another example, we may provide limited information to a supplier in order to generate a written letter. These suppliers may disclose this information in response to valid demands or requests from governments, regulators, or courts in their jurisdiction.
Organizational policies are maintained which govern the retention of personal information. These policies establish rules and limitations for the maximum retention of this information.
Organizational policies are maintained which govern the secure destruction of all personal information once the maximum retention periods are reached.
All staff will be trained on the proper use of personal information and their roles and responsibilities in protecting personal information from unauthorized disclosure.
Principle 6 - Accuracy
EOS Canada will ensure that personal information is as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Our employees are trained to communicate with consumers about the importance of keeping contact information up-to-date and will request that consumers keep us informed of any changes in this information.
Principle 7 - Safeguards
EOS Canada will secure all personal information in its care with appropriate electronic and physical safeguards to protect this information from loss, theft, unauthorized access, or unauthorized use. Personal information will be protected by appropriate security relative to the sensitivity of the information.
The security safeguards in place at EOS Canada include:
- Physical security measures – locked doors, security cameras, security guards, alarm systems.
- Technological security measures – multiple levels of passwords, encryption, network firewalls, security patches
- Organizational controls – employee security clearances, data access controls, staff security training, confidentiality agreements
All consumers are required to confirm their identity prior to the disclosure of any personal information by EOS staff. This confirmation is required at the beginning of any consumer interaction and will typically require the consumer to provide certain personal details to the EOS staff who will then match it against the information on our system. For example, a consumer may be required to provide their full name, date of birth, and/or address. If a consumer is unwilling or unable to provide this information, then the EOS staff member will not provide any further personal information to this individual.
All EOS Canada staff receive regular training on privacy regulations and security awareness as part of the safeguarding of personal information by our organization.
Security safeguards are regularly reviewed to sure they are up-to-date, and to resolve any vulnerabilities with the policies and systems in place.
Principle 8 - Openness
EOS Canada will make available the name and contact information of our Privacy Officer to any individual making an inquiry, as well as specific information regarding our policies and procedures relating to management of personal information.
Principle 9 - Individual Access
Upon request by an authorized individual, EOS Canada will verify the existence of, use, and disclosure of their personal information and the individual will be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Any individual may contact our Privacy Officer and request access to their personal information. Where necessary, the Privacy Officer will assist the consumer with the proper completion of this request. The Privacy Officer will respond to the consumer request within 30 days and at minimal or no cost to the individual.
There may be certain situations where we cannot provide information as requested. For example, if records contain information relating to other persons, is subject to legal privilege, contains confidential information proprietary to EOS Canada or our clients, or cannot be disclosed for other legal reasons.
Where an individual successfully demonstrates the inaccuracy or incompleteness of personal information in our possession, EOS Canada will amend the information as required by correction, deletion, or addition of new information. If we relied upon information from a third party, such as a credit bureau, then we will provide contact information for this third party.
Principle 10 - Challenging Compliance
Any individual may challenge EOS Canada’s compliance with the above principles. This challenge should be addressed in writing to EOS Canada’s Privacy Officer by mail, or by email. Our staff will be trained to direct all privacy complaints to our Privacy Officer.
EOS Canada Employee Responsibilities
All EOS Canada employees are responsible for maintaining the confidentiality of all personal information to which he/she has access. EOS Canada employees, when hired, receive training about their duties as they relate to privacy and the protection of personal information, and are required to sign a confidentiality agreement binding them to these responsibilities. In addition, all employees are required to review and acknowledge an understanding of the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable Provincial Privacy Legislation as well as other regulatory guidelines.
EOS Canada continually coaches and trains our employees with respect to ongoing compliance as well as understanding developing issues in the realm of privacy and confidentiality. EOS Canada employees are also required, as a condition of employment, to conform to these policies and procedures.
EOS Canada has appointed a Privacy Officer who oversees privacy governance including policy, dispute resolution, education, communications and escalation. EOS Canada’s Privacy Officer reports to the chief officers within the corporation.
The Privacy Officer can be contacted as follows:
Attention: Privacy Officer
EOS Canada Inc.
325 Milner Avenue, Suite # 1111
Toronto, Ontario M1B 5N1
EOS Canada considers privacy and the protection of confidential information to be a cornerstone of its business practices. EOS Canada will continue to develop review and monitor its policies and procedures to ensure compliance with all applicable legislation, customer requirements and general common sense and commits to treating the individuals, whose information has been entrusted to EOS Canada with care and dignity.