Customer satisfaction is important to us. We welcome your comments. Please email our customer service team at email@example.com
CUSTOMER PERSONAL INFORMATION PROTECTION POLICY 1.
1.1 This policy is divided into eleven chapters:
3.Identifying Purposes Principle;
4.Customer's Consent Principle;
5.Limiting Collection Use, Retention & Disclosure Principle;
7.Safeguarding Personal Information Principle;
9.Customer Access Principle;
10.Challenging Compliance Principle; and
11.Related Procedures, Policies, and Practices
"outsourcer" means a third party who is contracted by Sunrise Records for the purposes of processing the personal information, assisting Sunrise Records in protecting personal information, and assisting Sunrise Records in conducting Sunrise Records' direct marketing campaigns.
"personal information" means information about an identifiable individual but not aggregated information that cannot be associated with a specific individual. Personal information will cease to be personal information, where the information is destroyed, erased, or made anonymous.
1.3 Sunrise Records is committed to the protection and fair use of personal information provided by its customers. Sunrise Records will adhere to the nine principles as outlined in this policy.
1.4 Sunrise Records' practices with regard to collection, use, retention and disclosure of personal information will comply with this policy and any federal or provincial laws regarding the collection, use, retention or disclosure of personal information.
1.5 Sunrise Records will not sell, loan, or otherwise transfer a customer's personal information to a third party without the consent of the customer, except for personal information sent to an outsourcer. Such consent is deemed implied.
1.6 Sunrise Records will require that personal information provided to an outsourcer or a third party for the purposes of processing personal information on behalf of Sunrise Records be treated in accordance with this policy.
2.1 Sunrise Records is responsible for personal information in its possession or custody, including information that has been transferred to an outsourcer. Sunrise Records will use appropriate means to provide a comparable level of protection information for personal information that is being transferred to an outsourcer.
2.2 Sunrise Records has designated a Customer Personal Information Compliance Officer ("Compliance Officer") to ensure compliance with this policy, the Personal Information Protection and Electronic Documents Act, and any provincial legislation concerning personal information protection.
2.3 Sunrise Records will make known, upon request, the name and title of the person designated to serve as compliance officer (please refer to 11.5.4 for the Compliance Officer's contact information).
2.4 The Compliance Officer will have supervisory authority over all individuals delegated to assist the Compliance Officer or delegated to control the day-to-day collection and processing of personal information.
2.5 The Compliance Officer will document any future purpose for which the personal information is collected (also in compliance with #3 Identifying Purposes, #8 Openness Principle, and #10 Customer Access Principal).
2.6 The Compliance Officer will be responsible to review the safeguards employed to protect the collection, use, retention or disclosure of personal information. Such review includes safeguards against loss, theft, unauthorized access, unauthorized disclosure, unauthorized copying or modification, or improper use. Reviews will be conducted as stipulated in 11.5.2 below.
3. IDENTIFYING PURPOSES
3.1 Sunrise Records will limit the collection of personal information to a customer's contact information, including his/her name, address, and e-mail address (see 4.2 for exceptions).
3.2 Sunrise Records will only collect the information in 3.1 for the purposes of Sunrise Records' direct marketing campaigns and to tailor Sunrise Records special offers to the customer's needs.
3.3 Sunrise Records will use reasonable efforts to inform customers of its purpose at the point the personal information is collected.
3.4 Where it appears that a customer was not informed and did not provide consent with respect to the collection, use, retention of their personal information, Sunrise Records will not use the personal information, and will seek the customer's meaningful consent for its use (also in compliance with #4 Customer's Consent), unless 4.2 or 4.3 below applies.
3.5 If Sunrise Records intends to use a customer's personal information for any other purpose than stipulated in 3.1 above, Sunrise Records will seek the meaningful consent of the customer.
4. CUSTOMER'S CONSENT
4.1 Sunrise Records will not collect, use, retain or disclose the customer's personal information without the meaningful consent of the customer, unless 4.2 or 4.3 below applies.
4.2 Sunrise Records may collect, use, retain or disclose personal information without the meaningful consent of the customer, where consent may be impossible or inappropriate, such as when the customer is a minor, seriously ill or mentally incapacitated. In such circumstances, Sunrise Records will only collect, use, retain, or disclose personal information in these circumstances if it is clearly in the customer's interest and where proper consent cannot be obtained in a timely way.
4.3 Sunrise Records may use and disclose personal information without knowledge and consent of the customer to a lawyer representing Sunrise Records to collect a debt, comply with a subpoena, warrant, court order, or as may be otherwise required by law.
4.4 Sunrise Records will not require a customer to consent to the collection, use, retention or disclosure of personal information as a condition to purchase services or wares from Sunrise Records. Sunrise Records will only require a customer to consent to the collection, use, retention and disclosure of the customer's personal information for the purpose of inclusion in Sunrise Records direct marketing campaigns.
4.5 The methods by which Sunrise Records seeks consent may vary, depending on the circumstances and the type of information collected. Sunrise Records will make reasonable efforts to obtain express consent when the information is likely to be considered sensitive.
4.6 A customer may withdraw consent at any time, subject to any legal or contractual restrictions and reasonable notice. Sunrise Records will inform the customer of the implications of such withdrawal.
5. LIMITING COLLECTION, USE, RETENTION AND DISCLOSURE
5.1 Personal information collected by Sunrise Records may be made available to an outsourcer. Marketing strategies will be conducted by Sunrise Records or its outsourcer.
5.2 Sunrise Records will limit the collection of personal information to that which is necessary for the purposes identified in this policy (see #3 Identifying Purposes).
5.3 Sunrise Records will limit the use, retention and disclosure as required by its policies and practices.
5.4 Sunrise Records will only apply fair and lawful means to collect personal information.
5.5 Sunrise Records will not collect personal information indiscriminately.
5.6 Sunrise Records will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
5.7 Sunrise Records will only retain the personal information as long as necessary for the purposes for which it was collected. Sunrise Records will purge information as provided for in 11.2 Information-Handling Sub-Policies and Practices below.
5.8 Personal information will be deemed purged or removed where it cease to be personal information (where the information is destroyed, erased, or made anonymous - please refer to the definition of personal information above).
6. CUSTOMER ACCURACY
6.1 Sunrise Records is committed to keeping the personal information accurate, complete, and up-to-date as is necessary for the purposes of its collection.
6.2 Sunrise Records may request the customer update her or his personal information where it is necessary to fulfil the purposes for which the information was collected.
7. SAFEGUARDING PERSONAL INFORMATION
7.1 Sunrise Records will protect customer's personal information by providing security safeguards appropriate to the sensitivity of the information.
7.2 Sunrise Records will employ care in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.
8.1 Sunrise Records will make readily available to customers information about its policies and practices relating to the management of personal information.
8.2 Sunrise Records will also make available to customers: (a) the name or title, and the address, of the compliance officer who is accountable for the Sunrise Records' policies and practices and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by Sunrise Records;
(c) a description of the type of personal information held by Sunrise Records, including a general account of its use;
(d) a copy of any brochures or other information that explain Sunrise Records' policies, standards, or codes; and
(e) third parties for processing. Please refer to 11.5.4 for the Compliance Officer's contact information.
9. CUSTOMER ACCESS
9.1 Upon request, Sunrise Records will inform a customer of the existence, use, and disclosure of his or her personal information and Sunrise Records will give the customer access to that information.
9.2 Sunrise Records is committed to providing the customer the opportunity to challenge the accuracy and completeness of that customer's personal information and have it amended as appropriate.
9.3 Where Sunrise Records cannot provide access to all the personal information it holds about a customer and that customer inquiries as to the reasons, Sunrise Records will provide that customer with reasons for denying access. Such circumstances may include where the personal information is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Sunrise Records will take reasonable efforts to overcome such obstacles.
9.4 Sunrise Records may request additional personal information to confirm the identity of the customer wishing to access her or his personal information. The information collected will only be used to verify the identity of the customer and that information will only be retained as a record of verification. That information will not be used for any other unrelated purpose.
9.5 Sunrise Records will respond to a customer's request within a reasonable time at no cost, or a minimal fee if warranted (for example, reasonable photocopying charges will be requested if the photocopying is extensive). The requested information will be provided or made available in a form that is generally understandable.
9.6 When a customer demonstrates the inaccuracy or incompleteness of her or his personal information, Sunrise Records will amend the information as required. This amendment may involve the correction, deletion, or addition of information, as required.
9.7 When a challenge is not resolved to the satisfaction of the customer, the substance of the unresolved challenge will be recorded by Sunrise Records. When appropriate, the existence of the unresolved challenge will be transmitted to outsourcers having access to the information in question.
10. CHALLENGING COMPLIANCE
10.1 Sunrise Records has instituted, and will maintain, procedures where an individual may address a challenge to Sunrise Records' Compliance Officer concerning compliance with the principles in this policy.
10.2 Sunrise Records has instituted, and will maintain, procedures to receive and respond to complaints or inquiries about Sunrise Records' policies and practices relating to the handling of personal information.
10.3 Sunrise Records will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures.
10.4 Sunrise Records will investigate all complaints. If a complaint is found to be justified, Sunrise Records will take appropriate measures, including, if necessary, amending its policies and practices.
11. RELATED PROCEDURES, SUB-POLICIES AND PRACTICES
11.1 Related Procedures, Sub-Policies and Practices in this section are divided into:
(11.2) Information-Handling Sub-Policies and Practices; (11.3) Related Staff Sub-Policies and Practices;
(11.4) Public Dissemination Procedures;
(11.5) Procedures to Oversee Jean Machine Compliance; and
(11.6) Procedures to Receive and Respond to Inquiries or Complaints.
11.2 Information-Handling Sub-Policies and Practices
11.2.1 These procedures relate to the collection, use, retention and disclosure of personal information.
11.2.2 Sunrise Records will only collect a customer's contact information, including the client's name, address, and e-mail address (see 4.2 or 4.3 above for exceptions).
11.2.3 Sunrise Records will identify personal information of a customer to be removed after five (5) years of a customer's personal information being dormant. Personal information will be deemed dormant where a client does not respond to Sunrise Records direct marketing campaign, or communicate with Sunrise Records in another way for a period of five years.
11.2.4 Once a customer's personal information is identified for removal, Sunrise Records will remove the information as soon as practicable, and no longer than thirty (30) days after the customer's personal information has been identified for removal.
11.2.5 Sunrise Records will identify a customer's personal information for removal where the customer indicates she or he wishes to opt out or where the customer requests the personal information be removed, unless federal or provincial legislation provides otherwise.
11.2.6 Sunrise Records will limit access to a customer's personal information to Sunrise Records employees who require access in order to carry out their tasks.
11.2.7 Sunrise Records will not provide individual property management with personal information, irrespective whether the information was collected at that participating property.
11.2.8 Sunrise Records will limit third party disclosure to Sunrise Records' outsourcer, except for those occasions where this limit contravenes federal or provincial law.
11.3 Related Staff Policies and Practices
11.3.1 These procedures involve the training and communicating this policy to Sunrise Records employees.
11.3.2 Each Sunrise Records employee will be provided a copy of this policy at the beginning of her or his employment.
11.3.3 Each independent contractor or outsourcer, who will be involved in the collection, use, retention or disclosure of personal information ("related contactors") will be provided a copy of this policy at the beginning of their contract.
11.3.4 Changes in policy will be communicated to employees and related contractors in a means selected by the Compliance Officer.
11.3.5 Staff at participating Sunrise Records locations will be informed of the purposes of Sunrise Records' collection, use, retention and disclosure of personal information.
11.4 Public Dissemination Procedures
11.4.1 These procedures relate to the dissemination of public information to explain these policy and practices.
11.4.2 Sunrise Records will provide its policies and practices on its Web site ("online access"). Sunrise Records' online access will not require subscription access.
11.5 Procedures to Oversee Sunrise Records' Compliance
11.5.1 Sunrise Records will designate an individual as a Compliance Officer to oversee the compliance of this policy and applicable federal or provincial legislation.
11.5.2 The Compliance Officer is responsible for the following internal duties:
(a) To oversee the policies, practices and procedures as they relate to Sunrise Records;
(b) to oversee the dissemination of this policy to Sunrise Records employees;
(c) to make Sunrise Records employees aware of the importance of maintaining the confidentiality of personal information;
(d) to respond to Sunrise Records employees' inquiries with respect to the protection of personal information;
(e) to maintain a publicly-available list of Sunrise Records outsourcers.
(f) to amend this policy to comply with applicable federal or provincial legislation (where an inquiry or complaint demonstrates a flaw with this policy, the Compliance Officer will have this policy amended accordingly); and
(g) to annually review the safeguards employed by Sunrise Records. The Compliance Officer will review safeguards as it relates to the (1) collection, (2) retention and storage, (3) use, and (4) disclosure of personal information. This will include a review of physical
measures (such as locking filing cabinets and restricting access to rooms with data servers), technological measures (such as the control of access passwords, and the use of encryption), and organizational measures (such as limiting access of staff involvement).
11.5.3 The Compliance Officer is responsible for the following external duties:
(a) to maintain a telephone number, postal address, e-mail address dedicated to receiving and responding to inquiries or complaints concerning the collection, use, retention or disclosure of personal information (see 11.5.4 below).
(b) to timely review and respond to inquiries or complaints by the public. Timeliness will be determined by the complexity of the inquiry or the complaint and reasonableness in responding to such inquiry or complaint;
(c) to communicate, report, and liase with the Canadian Privacy Commission, where such communication is suggested or required; and
(d) to ensure that Sunrise Records' outsourcers comply with this policy, and any other Sunrise Records policy related to the protection of customers' personal information.
11.5.4 The Compliance Officer can be contacted through management.
11.5.5 The Compliance Officer may delegate her or his duties as the Compliance Officer may determine. The Compliance Officer will retain supervisory control over those delegated with the Compliance Officer's responsibilities.
11.5.6 All requests to remove personal information sent to Sunrise Records will be forwarded to the Compliance Officer.
11.5.7 Irrespective of the complexity of the inquiry or complaint, the Compliance Officer will ensure that a response is sent to the inquirer or complainant within thirty (30) days of receiving the inquiry or complaint. This response may be an interim response that does not fully satisfy the inquiry or complaint, but the response will provide an explanation of the delay.
11.6 Procedures to Receive and Respond to Inquiries or Complaints
11.6.1 Sunrise Records will make reasonable efforts to confirm the identity of the customer who lodges a complaint, inquires, or makes a request with respect to her or his personal information.
11.6.2. Sunrise Records will maintain records of all inquiries or complaints by a customer where Sunrise Records' response is not to the satisfaction of the customer. Sunrise Records will also preserve the personal information, even if it has been identified as personal information to be removed. These procedures are for the customer's protection, to provide the customer an opportunity to request a review by the Canadian Privacy Commission or a related provincial regulator.
What information do we collect?
• We collect information from you when you register on the site, place an order, enter a contest or sweepstakes, respond to a survey or communication such as e-mail, or participate in another site feature.
• When ordering or registering, we may ask you for your name, e-mail address, mailing address, phone number, credit card information or other information. You may, however, visit our site anonymously.
• We also collect information about gift recipients so that we can fulfill the gift purchase. The information we collect about gift recipients is not used for marketing purposes.
• Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them.
How do we use your information?
We may use the information we collect from you when you register, purchase products, enter a contest or promotion, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To personalize your site experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To allow us to better service you in responding to your customer service requests.
• To quickly process your transactions.
• To administer a contest, promotion, survey or other site feature.
• If you have opted-in to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the "How can you opt-out, remove or modify information you have provided to us?" section below. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Visitors who register or participate in other site features such as marketing programs and 'members-only' content will be given a choice whether they would like to be on our e-mail list and receive e-mail communications from us.
How do we protect visitor information?
We implement a variety of security measures to maintain the safety of your personal information. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. When you place orders or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases to be only accessed as stated above.
Do we use "cookies"?
We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Netscape Navigator or Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you won't have access to many features that make your site experience more efficient and some of our services will not function properly. However, you can still place orders over the telephone by contacting customer service.
Do we disclose the information we collect to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice, except as described below. The term "outside parties" does not include Sunrise Records. It also does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
How can you opt-out, remove or modify information you have provided to us?
To modify your e-mail subscriptions, please let us know by modifying your preferences in the "My Account" section. Please note that due to email production schedules you may receive any emails already in production.
To delete all of your online account information from our database, sign into the "My Account" section of our site and remove your shipping addresses, billing addresses & payment information. Please note that we may maintain information about an individual sales transaction in order to service that transaction and for record keeping.
Third party links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).
Changes to our policy
Questions and feedback
We welcome your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue.
Online Policy Only