Customer satisfaction is important to us. We welcome your comments . Please email our customer service team at customerservice@sunriserecords.com

CUSTOMER PERSONAL INFORMATION PROTECTION POLICY

1. OVERVIEW

1.1 This policy is divided into eleven chapters:
1.Overview;
2.Accountability Principle;
3.Identifying Purposes Principle;
4.Customer's Consent Principle;
5.Limiting Collection Use, Retention & Disclosure Principle;
6.Accuracy Principle;
7.Safeguarding Personal Information Principle;
8.Openness Principle;
9.Customer Access Principle;
10.Challenging Compliance Principle; and
11.Related Procedures, Policies, and Practices

1.2 Definitions:

"Sunrise Records" is a subsidiary of MRP Retail Inc., 4069 Gordon Baker Rd., Scarborough, Ontario, M1W 2P3, Canada.

"outsourcer" means a third party who is contracted by Sunrise Records for the purposes of processing the personal information, assisting Sunrise Records in protecting personal information, and assisting Sunrise Records in conducting Sunrise Records' direct marketing campaigns.

"personal information" means information about an identifiable individual but not aggregated information that cannot be associated with a specific individual. Personal information will cease to be personal information, where the information is destroyed, erased, or made anonymous.

1.3 Sunrise Records is committed to the protection and fair use of personal information provided by its customers. Sunrise Records will adhere to the nine principles as outlined in this policy.

1.4 Sunrise Records' practices with regard to collection, use, retention and disclosure of personal information will comply with this policy and any federal or provincial laws regarding the collection, use, retention or disclosure of personal information.

1.5 Sunrise Records will not sell, loan, or otherwise transfer a customer's personal information to a third party without the consent of the customer, except for personal information sent to an outsourcer. Such consent is deemed implied.

1.6 Sunrise Records will require that personal information provided to an outsourcer or a third party for the purposes of processing personal information on behalf of Sunrise Records be treated in accordance with this policy.

2. ACCOUNTABILITY

2.1 Sunrise Records is responsible for personal information in its possession or custody, including information that has been transferred to an outsourcer. Sunrise Records will use appropriate means to provide a comparable level of protection information for personal information that is being transferred to an outsourcer.

2.2 Sunrise Records has designated a Customer Personal Information Compliance Officer ("Compliance Officer") to ensure compliance with this policy, the Personal Information Protection and Electronic Documents Act, and any provincial legislation concerning personal information protection.

2.3 Sunrise Records will make known, upon request, the name and title of the person designated to serve as compliance officer (please refer to 11.5.4 for the Compliance Officer's contact information).

2.4 The Compliance Officer will have supervisory authority over all individuals delegated to assist the Compliance Officer or delegated to control the day-to-day collection and processing of personal information.

2.5 The Compliance Officer will document any future purpose for which the personal information is collected (also in compliance with #3 Identifying Purposes, #8 Openness Principle, and #10 Customer Access Principal).

2.6 The Compliance Officer will be responsible to review the safeguards employed to protect the collection, use, retention or disclosure of personal information. Such review includes safeguards against loss, theft, unauthorized access, unauthorized disclosure, unauthorized copying or modification, or improper use. Reviews will be conducted as stipulated in 11.5.2 below.

3. IDENTIFYING PURPOSES

3.1 Sunrise Records will limit the collection of personal information to a customer's contact information, including his/her name, address, and e-mail address (see 4.2 for exceptions).

3.2 Sunrise Records will only collect the information in 3.1 for the purposes of Sunrise Records' direct marketing campaigns and to tailor Sunrise Records special offers to the customer's needs.

3.3 Sunrise Records will use reasonable efforts to inform customers of its purpose at the point the personal information is collected.

3.4 Where it appears that a customer was not informed and did not provide consent with respect to the collection, use, retention of their personal information, Sunrise Records will not use the personal information, and will seek the customer's meaningful consent for its use (also in compliance with #4 Customer's Consent), unless 4.2 or 4.3 below applies.

3.5 If Sunrise Records intends to use a customer's personal information for any other purpose than stipulated in 3.1 above, Sunrise Records will seek the meaningful consent of the customer.

4. CUSTOMER'S CONSENT

4.1 Sunrise Records will not collect, use, retain or disclose the customer's personal information without the meaningful consent of the customer, unless 4.2 or 4.3 below applies.

4.2 Sunrise Records may collect, use, retain or disclose personal information without the meaningful consent of the customer, where consent may be impossible or inappropriate, such as when the customer is a minor, seriously ill or mentally incapacitated. In such circumstances, Sunrise Records will only collect, use, retain, or disclose personal information in these circumstances if it is clearly in the customer's interest and where proper consent cannot be obtained in a timely way.

4.3 Sunrise Records may use and disclose personal information without knowledge and consent of the customer to a lawyer representing Sunrise Records to collect a debt, comply with a subpoena, warrant, court order, or as may be otherwise required by law.

4.4 Sunrise Records will not require a customer to consent to the collection, use, retention or disclosure of personal information as a condition to purchase services or wares from Sunrise Records. Sunrise Records will only require a customer to consent to the collection, use, retention and disclosure of the customer's personal information for the purpose of inclusion in Sunrise Records direct marketing campaigns.

4.5 The methods by which Sunrise Records seeks consent may vary, depending on the circumstances and the type of information collected. Sunrise Records will make reasonable efforts to obtain express consent when the information is likely to be considered sensitive.

4.6 A customer may withdraw consent at any time, subject to any legal or contractual restrictions and reasonable notice. Sunrise Records will inform the customer of the implications of such withdrawal.

5. LIMITING COLLECTION, USE, RETENTION AND DISCLOSURE

5.1 Personal information collected by Sunrise Records may be made available to an outsourcer. Marketing strategies will be conducted by Sunrise Records or its outsourcer.

5.2 Sunrise Records will limit the collection of personal information to that which is necessary for the purposes identified in this policy (see #3 Identifying Purposes).

5.3 Sunrise Records will limit the use, retention and disclosure as required by its policies and practices.

5.4 Sunrise Records will only apply fair and lawful means to collect personal information.

5.5 Sunrise Records will not collect personal information indiscriminately.

5.6 Sunrise Records will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

5.7 Sunrise Records will only retain the personal information as long as necessary for the purposes for which it was collected. Sunrise Records will purge information as provided for in 11.2 Information-Handling Sub-Policies and Practices below.

5.8 Personal information will be deemed purged or removed where it cease to be personal information (where the information is destroyed, erased, or made anonymous - please refer to the definition of personal information above).

6. CUSTOMER ACCURACY

6.1 Sunrise Records is committed to keeping the personal information accurate, complete, and up-to-date as is necessary for the purposes of its collection.

6.2 Sunrise Records may request the customer update her or his personal information where it is necessary to fulfil the purposes for which the information was collected.

7. SAFEGUARDING PERSONAL INFORMATION

7.1 Sunrise Records will protect customer's personal information by providing security safeguards appropriate to the sensitivity of the information.

7.2 Sunrise Records will employ care in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

8. OPENNESS

8.1 Sunrise Records will make readily available to customers information about its policies and practices relating to the management of personal information.

8.2 Sunrise Records will also make available to customers: (a) the name or title, and the address, of the compliance officer who is accountable for the Sunrise Records' policies and practices and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by Sunrise Records;
(c) a description of the type of personal information held by Sunrise Records, including a general account of its use;
(d) a copy of any brochures or other information that explain Sunrise Records' policies, standards, or codes; and
(e) third parties for processing. Please refer to 11.5.4 for the Compliance Officer's contact information.

9. CUSTOMER ACCESS

9.1 Upon request, Sunrise Records will inform a customer of the existence, use, and disclosure of his or her personal information and Sunrise Records will give the customer access to that information.

9.2 Sunrise Records is committed to providing the customer the opportunity to challenge the accuracy and completeness of that customer's personal information and have it amended as appropriate.

9.3 Where Sunrise Records cannot provide access to all the personal information it holds about a customer and that customer inquires as to the reasons, Sunrise Records will provide that customer with reasons for denying access. Such circumstances may include where the personal information is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Sunrise Records will take reasonable efforts to overcome such obstacles.

9.4 Sunrise Records may request additional personal information to confirm the identity of the customer wishing to access her or his personal information. The information collected will only be used to verify the identity of the customer and that information will only be retained as a record of verification. That information will not be used for any other unrelated purpose.

9.5 Sunrise Records will respond to a customer's request within a reasonable time at no cost, or a minimal fee if warranted (for example, reasonable photocopying charges will be requested if the photocopying is extensive). The requested information will be provided or made available in a form that is generally understandable.

9.6 When a customer demonstrates the inaccuracy or incompleteness of her or his personal information, Sunrise Records will amend the information as required. This amendment may involve the correction, deletion, or addition of information, as required.

9.7 When a challenge is not resolved to the satisfaction of the customer, the substance of the unresolved challenge will be recorded by Sunrise Records. When appropriate, the existence of the unresolved challenge will be transmitted to outsourcers having access to the information in question.

10. CHALLENGING COMPLIANCE

10.1 Sunrise Records has instituted, and will maintain, procedures where an individual may address a challenge to Sunrise Records' Compliance Officer concerning compliance with the principles in this policy.

10.2 Sunrise Records has instituted, and will maintain, procedures to receive and respond to complaints or inquiries about Sunrise Records' policies and practices relating to the handling of personal information.

10.3 Sunrise Records will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures.

10.4 Sunrise Records will investigate all complaints. If a complaint is found to be justified, Sunrise Records will take appropriate measures, including, if necessary, amending its policies and practices.

11. RELATED PROCEDURES, SUB-POLICIES AND PRACTICES

11.1 Related Procedures, Sub-Policies and Practices in this section are divided into:

(11.2) Information-Handling Sub-Policies and Practices; (11.3) Related Staff Sub-Policies and Practices;
(11.4) Public Dissemination Procedures;
(11.5) Procedures to Oversee Jean Machine Compliance; and
(11.6) Procedures to Receive and Respond to Inquiries or Complaints.

11.2 Information-Handling Sub-Policies and Practices

11.2.1 These procedures relate to the collection, use, retention and disclosure of personal information.

11.2.2 Sunrise Records will only collect a customer's contact information, including the client's name, address, and e-mail address (see 4.2 or 4.3 above for exceptions).

11.2.3 Sunrise Records will identify personal information of a customer to be removed after five (5) years of a customer's personal information being dormant. Personal information will be deemed dormant where a client does not respond to Sunrise Records direct marketing campaign, or communicate with Sunrise Records in another way for a period of five years.

11.2.4 Once a customer's personal information is identified for removal, Sunrise Records will remove the information as soon as practicable, and no longer than thirty (30) days after the customer's personal information has been identified for removal.

11.2.5 Sunrise Records will identify a customer's personal information for removal where the customer indicates she or he wishes to opt out or where the customer requests the personal information be removed, unless federal or provincial legislation provides otherwise.

11.2.6 Sunrise Records will limit access to a customer's personal information to Sunrise Records employees who require access in order to carry out their tasks.

11.2.7 Sunrise Records will not provide individual property management with personal information, irrespective whether the information was collected at that participating property.

11.2.8 Sunrise Records will limit third party disclosure to Sunrise Records' outsourcer, except for those occasions where this limit contravenes federal or provincial law.

11.3 Related Staff Policies and Practices

11.3.1 These procedures involve the training and communicating this policy to Sunrise Records employees.

11.3.2 Each Sunrise Records employee will be provided a copy of this policy at the beginning of her or his employment.

11.3.3 Each independent contractor or outsourcer, who will be involved in the collection, use, retention or disclosure of personal information ("related contactors") will be provided a copy of this policy at the beginning of their contract.

11.3.4 Changes in policy will be communicated to employees and related contractors in a means selected by the Compliance Officer.

11.3.5 Staff at participating Sunrise Records locations will be informed of the purposes of Sunrise Records' collection, use, retention and disclosure of personal information.

11.4 Public Dissemination Procedures

11.4.1 These procedures relate to the dissemination of public information to explain these policy and practices.

11.4.2 Sunrise Records will provide its policies and practices on its Web site ("online access"). Sunrise Records' online access will not require subscription access.

11.5 Procedures to Oversee Sunrise Records' Compliance

11.5.1 Sunrise Records will designate an individual as a Compliance Officer to oversee the compliance of this policy and applicable federal or provincial legislation.

11.5.2 The Compliance Officer is responsible for the following internal duties:
(a) To oversee the policies, practices and procedures as they relate to Sunrise Records;
(b) to oversee the dissemination of this policy to Sunrise Records employees;
(c) to make Sunrise Records employees aware of the importance of maintaining the confidentiality of personal information;
(d) to respond to Sunrise Records employees' inquiries with respect to the protection of personal information;
(e) to maintain a publicly-available list of Sunrise Records outsourcers.
(f) to amend this policy to comply with applicable federal or provincial legislation (where an inquiry or complaint demonstrates a flaw with this policy, the Compliance Officer will have this policy amended accordingly); and
(g) to annually review the safeguards employed by Sunrise Records. The Compliance Officer will review safeguards as it relates to the (1) collection, (2) retention and storage, (3) use, and (4) disclosure of personal information. This will include a review of physical measures (such as locking filing cabinets and restricting access to rooms with data servers), technological measures (such as the control of access passwords, and the use of encryption), and organizational measures (such as limiting access of staff involvement).

11.5.3 The Compliance Officer is responsible for the following external duties:
(a) to maintain a telephone number, postal address, e-mail address dedicated to receiving and responding to inquiries or complaints concerning the collection, use, retention or disclosure of personal information (see 11.5.4 below).
(b) to timely review and respond to inquiries or complaints by the public. Timeliness will be determined by the complexity of the inquiry or the complaint and reasonableness in responding to such inquiry or complaint;
(c) to communicate, report, and liase with the Canadian Privacy Commission, where such communication is suggested or required; and
(d) to ensure that Sunrise Records' outsourcers comply with this policy, and any other Sunrise Records policy related to the protection of customers' personal information.

11.5.4 The Compliance Officer can be contacted at: Compliance Officer
Sunrise Records
4069 Gordon Baker Rd.
Scarborough Ontario
M1W 2P3
phone 416.498.6601
fax 416.494.8467

11.5.5 The Compliance Officer may delegate her or his duties as the Compliance Officer may determine. The Compliance Officer will retain supervisory control over those delegated with the Compliance Officer's responsibilities.

11.5.6 All requests to remove personal information sent to Sunrise Records will be forwarded to the Compliance Officer.

11.5.7 Irrespective of the complexity of the inquiry or complaint, the Compliance Officer will ensure that a response is sent to the inquirer or complainant within thirty (30) days of receiving the inquiry or complaint. This response may be an interim response that does not fully satisfy the inquiry or complaint, but the response will provide an explanation of the delay.

11.6 Procedures to Receive and Respond to Inquiries or Complaints

11.6.1 Sunrise Records will make reasonable efforts to confirm the identity of the customer who lodges a complaint, inquires, or makes a request with respect to her or his personal information.

11.6.2. Sunrise Records will maintain records of all inquiries or complaints by a customer where Sunrise Records' response is not to the satisfaction of the customer. Sunrise Records will also preserve the personal information, even if it has been identified as personal information to be removed. These procedures are for the customer's protection, to provide the customer an opportunity to request a review by the Canadian Privacy Commission or a related provincial regulator.

LIST OF SUNRISE RECORDS OUTSOURCERS:
ExactTarget 20 N. Meridian Suite 200 Indianapolis, IN, 46204