Rainbow Foods is committed to Personal Information Protection and Electronic Documents Act (PIPEDA) as made law on January 1, 2004, by the Federal Government of Canada.
Rainbow is committed to maintaining privacy with all customer information. We follow the Best Practice Code created for PIPEDA. This Code has been reviewed and accepted by the Canadian Standards Association.
1. Accountability: Rainbow has a Privacy Officer to oversee all aspects of PIPEDA as it relates to Rainbow Foods.
a. Rainbow is committed to maintaining privacy and security with all customer information.
b. We regularly review our policies, practices and procedures related to the collection, use, disclosure, retentions and destruction of customer information.
c. We train those staff that handle personal information to follow our standards, policies and practices.
2. Collecting Personal Information
a. Unless the purpose of collecting personal information is obvious and the customer voluntarily provides his or her personal information for that purpose, we will communicate the purpose for which personal information is being collected, either orally or in writing, before or at the time of collection.
b. We will only collect customer information that is necessary in fulfilling purposes such as:
i. To enroll our customers in the Healthy Rewards Program
ii. To deliver requested products and services (such as special orders)
iii. To contact customers who have won prizes during promotional events
iv. To provide e-newsletters or other e-alerts
v. To identify customer preferences
vi. To understand engaging trends in our consumers buying habits
vii. To contact customers for marketing promotions
viii. To ensure a high standard of service to our customers is being met
ix. To meet any regulatory requirements
a. We will obtain the customers consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent).
b. Consent can be provided verbally, in writing, electronically and through authorized representative or it can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious and the customer voluntarily provides personal information for that purpose.
c. Consent may also be implied where a customer is given notice or notice is posted as in the case of video surveillance footage.
d. Subject to certain exceptions, (e.g. the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), customers can withhold or withdraw their consent for Rainbow to use their information in certain ways. A customers’ decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular product or service. If so, we will explain the situation to assist the customer in making the decision that is in their best interest.
4. Using and Disclosing Personal Information
a. We will only use or disclose our customers’ personal information where necessary to fulfill the purposes identified at the time of collection or where implied consent is given.
b. We will not use or disclose our customers’ personal information for any additional purpose(s) unless we obtain consent to do so.
c. Rainbow will at times use third parties to help analyze consumer trends, preferences and demographics. We will ensure our third parties will have stringent privacy standards and that they will use the information we disclose only for the express purposes we define and we will stipulate that the information is returned or destroyed once the purpose if fulfilled.
d. At no time will Rainbow sell personal information to third parties.
5. Retaining Personal Information
a. Subject to Section 4, we will retain our customer’s personal information only as long as necessary to fulfill the identified purposes or for legal or business purposes.
b When the purpose is fulfilled, the information will be destroyed or rendered anonymous.
6. Ensuring Accuracy of Personal Information
a. We will make reasonable efforts to ensure that our customers’ information is accurate and complete.
b. Customers may request correction to their personal information in order to ensure its’ accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
c. If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required.
7. Securing Personal Information
a. Rainbow is committed to ensuring the security of our customers’ personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal of similar risks.
b. The following security measures will be followed to ensure that our customers personal information is appropriately protected:
i. Passwords are required for any and all access to personal information.
ii. Other employees are restricted to accessing personal information as required (i.e. only those that need to know will have access)
iii. At no time does Rainbow sell customer lists or other personal information to Third Parties.
iv. When Rainbow hires third parties to execute specific functions, we will ensure any information provided is handled, returned and destroyed by the third parties as described in 4c.
c. We will use appropriate security measures when destroying our customers’ personal information, such as shredding documents with a professional shredding company, deleting electronically stored information and locking other information in a secured area.
a. We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
b. Customers can contact the Privacy Officer of Rainbow for questions or clarification on our privacy practices.
c. Rainbow welcomes questions, concerns, clarifications and complaints about our privacy practices. Details on challenges to compliance are described in point 10.
9. Providing Customers Access to Personal Information
a. Customers have a right to access their personal information, subject to limited exceptions, such as in a solicitor-client privilege or when disclosure would reveal personal information about another individual or for health and safety.
b. A request to access personal information must be made in writing (hand written, typed or e-mail) and signed and provide sufficient detail to identify the personal information being sought. A request to access personal information should be forwarded to the Privacy Officer—Rainbow Foods. If the information has been retained by Rainbow under more than one name (as in the case of the Health Rewards Program where customers may use one account number for all family members) and all family members are listed on the account, then all family members must make the request.
c. Rainbow will respond to the request within 30 days receipt of the request. Depending on the request (e.g. purchase history) there may be a minimal fee. Rainbow will advise of any fees and wait for consent before fulfilling the request.
d. If we are unable to complete the request within 30 business days, we will provide written notice of an extension where additional time is required to fulfill the request.
e. If we must refuse the request we will provide written notice within 30 days. We would refuse a request if it compromised another’s privacy or if there were legal grounds to do so.
10. Challenging compliance
a. Rainbow welcomes questions, concerns, clarifications or complaints about our privacy practices. Our Customer Service staff are able to answer or direct your queries to the Privacy Officer of Rainbow Foods.
b. Questions can be made in person, by phone or by e-mail. Where written detail is required we can provide forms at the Customer Service Desk or it may be sent to you by e-mail.
c. If the Privacy Officer is unable to resolve the concern, the customer may also write to the Information and Privacy Commissioner of Canada and when applicable, the Information and Privacy Officer of Ontario.
Contact information for Rainbow Foods Privacy Officers is:
Sarah Kaplan, Owner
1487 Richmond Road
Ottawa, Ontario K2B 6R9
Dorothy Wilson, Store Manager
1487 Richmond Road
Ottawa, Ontario K2B 6R9
Any changes to this Privacy Statement and/or our information handling will be updated in this document in a timely manner. We may add, remove or modify portions of this document when we feel it is appropriate to do so.