1. Introduction

Protecting the privacy and the confidentiality of personal information – over the Internet, on the telephone, or through our offices – has always been fundamental to the way Regional Tourism Organization 4 Inc. (the “Organization”) conducts its affairs. The Organization operates on the basis of a Privacy Policy and related procedures that guide the handling of the personal information collected. This privacy statement has been created to demonstrate the Organization’s firm commitment to protecting the privacy of its members, partners and potential Web site visitors. This policy and related procedures are consistent with the Canadian Standards Organization Model Code for the Protection of Personal Information (herein “CSA Model Code”) and applicable privacy legislation.

2. Privacy Statement

This policy deals only with personal information handled by the Organization. Personal information is information about an identifiable individual, excluding business contact information. The following explains how the Organization handles personal information. The Organization reserves the right to change this policy and it may be updated periodically. These changes may affect the use of personal information. Accordingly, please check for changes regularly.

3. Accountability

(1) The Organization is accountable for all personal information under its control. The Organization’s Privacy Officer is the Assistant Project Manager who is designated as responsible for the Organization privacy policy. The Privacy Officer can be reached by:

E-mail: privacy@rto4.ca

Telephone: 1-519-271-7000

Fax: 1-519-271-1706

Mail, at the Organization: RTO4 Inc., 6-1020 Ontario St., Stratford, ON. N5A 6Z3

(2) Any questions about the Organization’s handling of personal information should be directed to the Privacy Officer. In cases where the question concerns an access request, individuals must follow the request process described under “Accuracy of and Access to Personal Information Collected”.

4. Purposes for Collection, Use and Disclosure of Personal Information

(1) The purpose for which the Organization collects personal information will be identified at or before the time the information is collected. Personal information may be collected for such purposes as:

(a)     Administering Organization membership and providing member services;

(b)     Registering for Organization events, for example the Annual General Meeting;

(c)     Verifying and administering information related to travel requirements and contesting.

(d)     Purchasing various products or services including, but not limited to carnet, document certification, or publications; and

(e)     Processing and administering the above or other purposes as necessary.

(2) The Organization will not use personal information for any other purpose than identified at or before the time of collection.

5. Member Services

(1) The Organization may collect employee contact information from its members in order to:

(a)     Send out newsletters and other relevant information;

(b)     Inform members of upcoming Organization events; or

(c)     Send out invoices and otherwise administer Organization membership.

(2) This contact information is voluntarily provided by Organization members. Members may, at any time, be taken off of Organization mailing lists at their request.

(3) Through external merchants, the Organization offers various services to its members through programs such as: training and informational updates

(4) Members who chose to participate in these programs should refer directly to the privacy policies of the sponsoring companies. The Organization does not collect, use or retain any personal information from these programs.

6. Consent

(1) The Organization seeks consent for all personal information it collects uses and discloses through information provided to individuals prior to collection, or at the time of collection.

(2) If information is voluntarily provided, this is interpreted as consent to the collection, use and disclosure of personally identifiable information as described in this Privacy Policy. As required by the CSA Model Code, the Organization will not use personal information for any purpose other than that for which consent has been provided. Should the Organization require use of personal information for a new purpose, consent will be sought for that new use.

7. Limits for Collecting, Using, Disclosing and Keeping Personal Information

(1) The Organization does not collect, use or disclose personal information of individuals except when individuals give consent and provide the information on a voluntary basis. There may be occasions where more specific personal information is necessary for the Organization to precede with a request for information, or provide a product or service; for example in cases of membership, carnet, or feedback forms. In such cases, the Organization will describe the information required. In all such cases, the Organization limits the amount and type of information collected to only the personal information that is required to provide the individual with the requested information, product, or service. The Organization collects only information that is voluntarily provided by the individual and undertakes that such information will be kept strictly confidential.

(2) The Organization may disclose personal information collected by it without the knowledge or consent of the individual, for example to its lawyers, for purposes relating to an investigation under, the enforcement of or the administration of a law or where required by law to disclose the information. The Organization will not use or disclose personal information without the knowledge or consent of the individual except as authorized by applicable law.

(3) The Organization retains personal information for as long as is necessary to provide the individual with the requested product, service or information, or similar services in the future. In some cases, however, legal reporting or retention requirements necessitate that the Organization retains information for a specific amount of time. In general, the Organization retains personal information for period not longer than [seven] years, in secure storage.

(4) The Organization does not sell or trade any personal information with third parties. Information may be transferred to third parties where information processing is outsourced by the Organization in the course of its activities or administrative procedures in specific cases. Where personal information is transferred to a service provider for processing, the Organization requires service providers to respect this Privacy Policy. Service providers are restricted from using or disclosing personal information transferred to them for any purpose other than the provision of services to the Organization.

(5) Any personal information that the Organization retains is kept in such a manner as to ensure its security and confidentiality at all times.

8. Safeguarding Personal Information

The Organization respects the privacy of its members, partners, potential Web site visitors and Internet users and will protect that privacy as vigorously as possible. Personal information is stored in electronic and physical files that are secure. Security measures include secure locks on filing cabinets, and using industry standard techniques such as firewalls, encryption, intrusion detection and restricted access to computers. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while the Organization strives to protect personal information, it cannot ensure or warrant the security of any information transmitted to it or received from it electronically. This is especially true for information transmitted via e-mail. The Organization has no way of protecting that information until it reaches it. Once a transmission is received, the Organization makes its best efforts to ensure its security on its servers. Internally, access to personal information is restricted to employees who need access to the information in order to do their jobs. These employees are limited in number, and are knowledgeable about and committed to our privacy policies.

9. Accuracy of and Access to Personal Information Collected

(1) The Organization makes every effort to keep personal information as accurate, complete, current and relevant as necessary for the identified purposes. The Organization does not routinely update personal information.

(2) The Organization makes readily available to individuals its Privacy Policy and related procedures for managing personal information. Customer access to the Privacy Policy and related procedures is provided on the Organization’s Web site and in written form. Any questions about the handling of personal information by the Organization can be raised with the Privacy Officer.

(3) At the written request of an individual, he or she may view or edit their personal information as collected by the Organization. The Organization will inform them of what personal information it has about the individual, what it is being used for and, in cases where it has been disclosed, to whom it has been disclosed. There may be exceptional circumstances as provided by the CSA Model Code under which the Organization may not be able to give an individual access to personal information held about them by the Organization. In this case the Organization will explain the reason for this lack of access, as provided by the CSA Model Code.

(4) To make a request, please send a letter, e-mail or fax addressed to our Privacy Officer at the address indicated above. In any written request, please include the following information:

(a)     Name;

(b)     Contact details;

(c)     Membership number or carnet number (where applicable);

(d)     Nature of the request;

(e)     View and/or edit information;

(f)     Inquire regarding use and/or disclosure; and

(g)     If an inquiry concerns a specific transaction, please indicate the date of the transaction, and provide a receipt number if applicable.

(5) The Organization will reply to requests no later than [thirty] days after receipt of the request, or if it is not able to respond within this time period, a notice of extension will be sent.

10. Questions

Any questions or comments about the Organization’s handling of personal information should be directed to the Privacy Officer.

11. Use of the Organization Web Site

(1) The Organization believes that online privacy is important to the success of the Internet and electronic commerce in general and is strongly committed to each visitor’s right to privacy. This statement sets forth Organization’s Privacy Policy for its Web site located at www.RTO4.ca and describes the practices that the Organization follows in respect to the privacy of the users of this site. By accessing and using materials from this Web site or sending or posting materials to it, you (the “user”) agree to the terms of this privacy commitment and to our practices to collect, use or disclose personal information.

(2) This Privacy Statement may be updated periodically to reflect enhancements to the Organization Web site that may affect the use of personal information. Accordingly, please check back periodically.

12. Information on this Web Site

(1) Information which includes all facts, data and other information, collectively the “Information” in the pages of this Web site is of a general nature, is intended only for informational purposes, is subject to change without notice, and is not intended to be relied on by visitors as binding legal advice on any particular matter.

(2) Individual information provided to the Organization to gain access to any feature of this Web site will not be sold or made available to any third party, except where information processing is outsourced by the Organization in the course of its regular administrative procedures.

(3) The Organization reserves the right to perform statistical analyses of aggregated user behavior and characteristics, in order to measure interest in and use of the various sections of its site so as to improve design and navigation and to gather information for marketing purposes. Only aggregated data from these analyses, not individual data, will be used for this purpose.

(4) “Cookies” are not attached to the Organization Web site. A “cookie” is a piece of data that is stored on the hard drive of a computer that contains information about use of the Web site. Other Web sites may contain “cookies” that accumulate information about Web site use, for example a record of the Web sites that an individual has visited.

13. Accuracy of the Information on this Web Site

(1) The information is believed to be accurate, complete and current when posted, but the Organization cannot guarantee that it will remain accurate or complete or that it will be current at all times.

(2) The Organization is not responsible for direct, indirect, special or consequential damages, regardless of the cause, arising out the use of this Web site.

14. Accuracy of Information on Linked Web Sites

Through the links to other sites found on the Organization’s Web site, the user may enter domains that are beyond the boundaries of the Organization and, once there, the Organization is not responsible for the privacy practices or the content of these Web sites. The Organization has no control over the accuracy, completeness or relevance of the information on these sites and provides links to these sites solely for the information and convenience of visitors to our Web site.

15. Copying Information from this Web Site

The information on the Organization Web site may be used or copied provided that it is used or copied accurately, or is used in its entirety and/or that the source of the information is clearly identified. Only a member of the Organization may use the information for commercial purposes. The Organization is not responsible for the way in which the information may be used or copied. The Organization reserves the right to change, delete or add information at any time.