Privacy Policy

Home

Customer Information

Smart Meters

News & Announcements

Power Conservation Programs

Ontario Power Authority Conservation Programs

Energy Saving Tips

Developer, Consultant and Contractor Information

St. Thomas Energy Inc.

Click here to download a copy of this Privacy Policy [PDF format, 1797kb]

Privacy Policy
Adopted June 21, 2004
St. Thomas Energy Inc. Privacy Policy

Page Contents (hide)

Introduction
Summary of Principles:
Definitions
The St. Thomas Energy Inc. Privacy Policy

Introduction

St. Thomas Energy Inc. is committed to maintaining the accuracy, confidentiality, security and privacy of customer personal information.

In March 1996, the new Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the �CSA Code�), was published as a National Standard of Canada. St. Thomas Energy Inc. subscribes to the principles of the CSA Code. Furthermore, in light of the requirements of the Personal Information Protection and Electronic Documents Act and any other applicable provincial legislation (collectively the �Privacy
Legislation�), St. Thomas Energy Inc. has created certain documents and procedures, including this Policy, as may be updated from time to time.

This St. Thomas Energy Inc. Privacy Policy is a formal statement of principles and guidelines concerning the requirements for the protection of personal information that we collect, use and disclose with respect to our customers. This Policy not only informs individuals about their rights but also sets out St. Thomas Energy Inc.�s privacy perations and goals to implement these rights.

Summary of Principles:

10 internationally accepted principles lie at the core of organizational responsibilities for safeguarding personal information. These are:

1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization�s compliance with privacy principles.

2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

3. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.

6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

9. Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization�s compliance.

Definitions

Collection � the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.
Consent � voluntary agreement of an individual to the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or through an authorized representative of the individual. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require any inference on the part of St. Thomas Energy Inc. Implied consent is consent that can reasonably be inferred from an individual�s action or inaction.
Customer � an individual who uses or applies to use the services of St. Thomas Energy Inc.
Disclosure � making personal information available to a third party.
Personal Information � information about an identifiable individual. For a customer, personal information includes a customer�s credit information, billing records, service and equipment, and any recorded complaints.
Third party � an individual other than the customer or his agent, or an organization other than St. Thomas Energy Inc.
Use � the treatment, handling, and management of personal information by St. Thomas Energy Inc. Distinctions among Privacy, Security and Confidentiality: Privacy relates to people, process and accountability. It gives individuals control over their personal information and allows them to grant permission to an organization for the collection, use, disclosure and retention of that information. Security is the essential component for preventing the inadvertent release of personal information. Security also relates to the availability and integrity of personal information. Confidentiality addresses the disclosure of personal information.

The St. Thomas Energy Inc. Privacy Policy

Principle 1 � Accountability

St. Thomas Energy Inc. is accountable for all personal information in its possession or control and shall designate one or more persons who will be responsible for the companies� compliance with the following principles:

1.1 The Chief Executive Officer/President (CEO) of ST. THOMAS ENERGY INC. has ultimate responsibility for the protection of personal information of customers. The CEO may delegate the day-to-day operational privacy responsibilities to another individual. All staff share responsibility for adhering to the St. Thomas Energy Inc.�s privacy policies and procedures.

1.2 ST. THOMAS ENERGY INC. has designated a Corporate Privacy Officer to oversee compliance with the ST. THOMAS ENERGY INC. Privacy Policy. ST. THOMAS ENERGY INC. shall provide, upon request, the name and contact information of the Corporate Privacy Officer.

1.3 ST. THOMAS ENERGY INC. is responsible for personal information in their possession or control, including any personal information that has been transferred to a third party for processing. ST. THOMAS ENERGY INC. will use contractual or other means to provide a comparable level of protection of personal information while such information is being processed by a third party.

1.4 ST. THOMAS ENERGY INC. shall implement policies and procedures to give effect to the ST. THOMAS ENERGY INC. Privacy Policy including:

a) implementing procedures to protect personal information and to oversee the company�s compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA);

b) establishing procedures to receive and respond to inquiries or complaints with respect to an individual�s personal information; and

c) training staff and communicating to staff about the company�s privacy policies and practices.

Principle 2 � Identifying Purposes

2.1 Identifying the purposes for which personal information is collected at or before the time of collection allows ST. THOMAS ENERGY INC. to determine the information needed to fulfill these purposes. ST. THOMAS ENERGY INC. collects personal information only for the following purposes:

a) to establish and maintain responsible commercial relationships with customers and to provide ongoing service; and

b) to meet all of its legal and regulatory requirements.

2.2 ST. THOMAS ENERGY INC. shall specify, either orally, in writing or electronically, all identified purposes for the collection, use and disclosure of personal information to the customer at the time such personal information is collected.

2.3 Those responsible for collecting personal information should be able to explain to individuals the purposes for which the information is being collected. In certain circumstances, the customer may be referred to a designated person within ST. THOMAS ENERGY INC. who can explain those purposes in greater detail.

2.4 Unless required by law, ST. THOMAS ENERGY INC. shall not use or disclose, for any new purpose, personal information that has already been collected without first identifying and documenting the new purpose and obtaining the consent of the customer.

Principle 3 � Consent

The knowledge and consent of a customer are required for the collection, use or disclosure of personal information, except where inappropriate.

3.1 In certain circumstances, personal information may be collected, used or disclosed without the knowledge and consent of the individual. For example, some legal, medical or security reasons may make it impossible or impractical to seek consent. ST. THOMAS ENERGY INC. may collect, use or disclose personal information without an individual�s knowledge or consent only in limited circumstances as permitted by law. ST. THOMAS ENERGY INC. may use or disclose personal information without the individual�s knowledge or consent if it is clearly in the individual�s best interests to do so and consent cannot be sought in a timely manner. An example of such circumstances is in the case of an emergency where the life, health or security of an individual is threatened.

3.2 This principle requires �knowledge and consent� of an individual for the collection, use or disclosure of their personal information. In obtaining consent, ST. THOMAS ENERGY INC. shall use reasonable efforts to ensure that a customer is advised of all the identified purposes for which personal information will be used or disclosed. These purposes shall be stated in a manner that can be reasonably understood by the customer.

3.3 Generally, ST. THOMAS ENERGY INC. shall seek an individual�s consent for use and disclosure of personal information before or when it collects, uses or discloses personal information. In certain circumstances, ST. THOMAS ENERGY INC. may seek an individual�s consent to use and disclose personal information after it has been collected but before it is used or disclosed for a purpose not previously identified.

3.4 ST. THOMAS ENERGY INC. may require customers to consent to the collection, use or disclosure of certain personal information in order to provide the individual with electricity services.

3.5 In determining an appropriate form of consent, ST. THOMAS ENERGY INC. shall take into account the sensitivity of the personal information and also the reasonable expectations of its customers with respect to the protection, collection, use and disclosure of their personal information.

3.6 A customer may refuse or withdraw consent at any time, subject to legal or contractual restrictions, and reasonable notice. Customers may contact ST. THOMAS ENERGY INC. for more information regarding the withdrawal of consent and any implications of such withdrawal.

Principle 4 - Limiting Collection

ST. THOMAS ENERGY INC. shall limit the amount and type of personal information it collects to that which is necessary for the purposes identified by the company. St. Thomas Energy Inc. shall collect personal information using procedures which are fair and lawful.

4.1 ST. THOMAS ENERGY INC. shall collect only the amount and type of information needed for the purposes documented by St. Thomas Energy Inc. and identified to the individual.

4.2 The requirement that personal information be collected through fair and lawful means is intended to prevent ST. THOMAS ENERGY INC. from collecting information by misleading or deceiving individuals about the purposes for which the information is being collected.

Principle 5 � Limiting Use, Disclosure and Retention

ST. THOMAS ENERGY INC. shall not use or disclose personal information for purposes other than those for which it was collected, unless consent is given by the individual to use or disclose it for another purpose or as required by law. ST. THOMAS ENERGY INC. shall retain personal information only as long as necessary for the identified purposes.

5.1 If ST. THOMAS ENERGY INC. uses personal information for a new purpose, it will document this purpose.

5.2 With the consent of the customer, ST. THOMAS ENERGY INC. may disclose a customer�s personal information to the following:

a) an agent retained by ST. THOMAS ENERGY INC. in connection with the collection of the customer�s account;

b) credit grantors and reporting agencies;

c) a person who, in the reasonable judgment of ST. THOMAS ENERGY INC., is seeking the information as an agent of the customer; and

d) any other third party or parties, where the customer as provided consent to such disclosure or disclosure as required by law.

5.3 ST. THOMAS ENERGY INC. shall maintain reasonable and systematic controls, schedules and practices for the protection of personal information. Record retention, which shall include minimum and maximum retention periods, and destruction shall apply to personal information. Information that is no longer necessary or relevant for the identified purposes for which it was collected or required by law to be retained shall be destroyed.

5.4 St. Thomas Energy Inc. will keep personal information only as long as necessary for the identified purposes.

5.5 Personal information that is no longer required to fulfil the identified purposes will be destroyed, erased or made anonymous. ST. THOMAS ENERGY INC. will develop guidelines and implement procedures to govern the destruction of personal information.

5.6 Only those employees of ST. THOMAS ENERGY INC. who require access for business reasons or whose duties reasonably so require, are granted access to personal information about customers.

Principle 6 � Accuracy

St. Thomas Energy Inc. will keep the Personal information in its possession or control accurate, complete current and relevant based on the most recent information provided to St. Thomas Energy Inc.

6.1 Personal information used by St. Thomas Energy Inc. shall be sufficiently accurate, complete, current and relevant to minimize the possibility that inappropriate information may be used to make a decision about a customer.

6.2 ST. THOMAS ENERGY INC. shall update personal information about customers only if it is necessary for the purposes for which it was collected or upon notification by the individual requesting that their personal information be updated or amended.

Principle 7 � Safeguards

St. Thomas Energy Inc. shall protect personal information with security safeguards appropriate to the sensitivity of the information.

7.1 ST. THOMAS ENERGY INC. shall protect personal information from loss or theft, unauthorized access, disclosure, copying, use, modification or destruction through appropriate security measures. ST. THOMAS ENERGY INC. shall protect all personal information regardless of the format in which it is held.

7.2 The nature of the safeguards will vary depending on the sensitivity of the information, amount, distribution, format and the method of storage of the personal information. St. Thomas Energy Inc. will give the highest level of protection to the most sensitive personal information.

7.3 The methods of protection should include:

Physical security, such as locked filing cabinets and restricted access to offices;
Organizational security, such as security clearances and limiting access on a �need to know� basis; and
Technological security, such as, the use of passwords and encryption.

7.4 ST. THOMAS ENERGY INC. will make all of its employees aware of the importance of maintaining the confidentiality of personal information.

Principle 8 � Openness

ST. THOMAS ENERGY INC. shall make readily available to customers specific information about its policies and practices relating to the management of personal information.

8.1 ST. THOMAS ENERGY INC. will be open about the policies and practices used to manage personal information. Individuals will have access to information about these policies and procedures. This information will be available in a format that is easy to understand.

8.2 ST. THOMAS ENERGY INC. shall make the following information about its privacy policies and practices available:

the name, title and address of the Corporate Privacy Officer (or persons) accountable for the ST. THOMAS ENERGY INC.�s privacy policies and practices and to whom inquiries or complaints can be forwarded;
how to gain access to personal information held by ST. THOMAS ENERGY INC.;
a description of the type of personal information held by ST. THOMAS ENERGY INC. including a general account of its use; and
a copy of any brochure or other information that explains ST. THOMAS ENERGY INC.�s privacy policies, standards or codes.

8.3 ST. THOMAS ENERGY INC. may make information on its privacy policies and practices available in a variety of ways, including brochures at its place of business, online access, a mailing to customers or through a toll free telephone number.

Principle 9 � Individual Access

Upon request, an individual shall be informed of the existence, use, disclosure of his or her personal information in St. Thomas Energy Inc.�s possession and shall be given access to that information.

A customer shall be able to challenge the accuracy and completeness of the information and have it amended where necessary.

In certain situations, ST. THOMAS ENERGY INC. may not be able to provide access to all the personal information it holds about an individual. However, such exceptions to the access requirement is limited and specific. Exceptions may include information that is prohibitively expensive to provide, information that contains references to other individuals and information that cannot be disclosed for legal, security or commercial proprietary reasons.

9.1 Upon request, ST. THOMAS ENERGY INC. shall inform an individual of the personal information that ST. THOMAS ENERGY INC. has in its possession or control about that individual.

9.2 Upon request, ST. THOMAS ENERGY INC. shall provide an account of the use and disclosure of such personal information and, where reasonable and possible, shall state the source of the information.

9.3 In order to safeguard personal information, a customer may be required to provide sufficient information to properly identify themselves to assure ST. THOMAS ENERGY INC. that they are providing information with respect to the existence, use and disclosure of personal information and authorizing access to an individual�s file to the right individual. Any information provided for identification purposes shall only be used for such purpose.

9.4 In providing a list of third parties that St. Thomas Energy Inc. has disclosed personal information about a customer to, ST. THOMAS ENERGY INC. will provide as much information as possible to the customer. When it is not possible to provide a list of third parties to which it has actually disclosed information to about an individual, ST. THOMAS ENERGY INC. shall provide a list of third parties to which it may have disclosed information to about the individual.

9.5 ST. THOMAS ENERGY INC. shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual�s file. Where appropriate, ST. THOMAS ENERGY INC. may disclose or share with third parties who have access to such personal information any amended information and identify the existence of any unresolved differences.

Principle 10 � Challenging Compliance

A customer shall be able to challenge St. Thomas Energy Inc.�s compliance with the above principles to the designated person or persons accountable for the compliance of the ST. THOMAS ENERGY INC. Privacy Policy.

10.1 ST. THOMAS ENERGY INC. shall maintain procedures for receiving, addressing and responding to all inquiries or complaints from its customers relating to its handling of personal information.

10.2 ST. THOMAS ENERGY INC. shall inform its customers about the existence of these procedures as well as the existence of complaint mechanisms.

10.3 The person or persons accountable for compliance with the ST. THOMAS ENERGY INC. Privacy Policy may seek external advice, where appropriate, before providing a final response to individual complaints.

10.4 ST. THOMAS ENERGY INC. shall investigate all complaints concerning compliance with the ST. THOMAS ENERGY INC. Privacy Policy. If a complaint is found to be justified, the company shall take appropriate measures to resolve the complaint including, if necessary, amending its privacy policies and procedures. A customer shall be informed of the outcome of the investigation regarding his or her complaint in a timely manner.

10.5 If individuals are not satisfied with the way St. Thomas Energy Inc. has responded to their complaint, they can contact the Privacy Commissioner of Canada at (613) 995-8210.