Rally Enterprises & Communications Corp.
Privacy Policy

Current as of November, 2022

 

APPLICATION 

This Privacy Policy applies to personal information that Rally collects, uses, or discloses in respect of any of its individual customers or employees in the course of its commercial activities and to all visitors to rally.ca.  

It does not, however, apply to the collection, use or disclosure of the following information: information that is publicly available, such as an individual’s name, address, telephone number and electronic address, when listed in a directory or made available through directory assistance; the name, title, business address or telephone number of an employee of an organization; information about a company, whether incorporated or not, or about government or not for profit organizations.  The application of this Privacy Policy is subject to the requirements or provisions of any applicable legislation.  

 

DEFINITIONS 

Rally – means Rally Enterprises and Communications Corp. and its subsidiaries and affiliates. 

Customer – means an identifiable individual who uses, or applies to use, the products, or services of Rally or who visits rally.ca. 

Personal information – means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, colour, age, gender, marital status, religion, education, medical information, performance reviews, benefits information, employment and financial history, income, home address or home telephone number, personal email address, numerical identifiers such as Social Insurance Number, and personal opinions. Personal information also includes information about an identifiable individual’s product and service purchases and usage, credit information, billing records, service, and any recorded complaints and, in the case of an employee, includes information found in personal employment files. Publicly available information, such as a public directory listing of names, addresses, telephone numbers and electronic addresses, however, is not considered personal information. 

Privacy legislation – means The Personal Information Protection and Electronic Documents Act (PIPEDA) and/or substantially similar provincial legislation. 

 

PRIVACY PRINCIPLES 

This Privacy Policy has been developed in accordance with the standards set out in PIPEDA and is modeled after the Canadian Standards Association Model Code for the Protection of Personal Information.  

 

Accountability 

Rally is responsible for the personal information under its control and will designate one or more individuals accountable for the company’s compliance with this Privacy Policy.  Accountability for compliance by Rally with this Privacy Policy rests with the individual who is designated as the Chief Information Security Officer (CISO) for the company. The name and contact information of the CISO shall be made available on the Rally website. 

Each Rally department will be responsible for the personal information in its possession, including information that has been transferred to a third party for processing.  

Rally has implemented policies and practices including: 

  • Implementing procedures to protect personal information including technological security measures. 
  • Establishing procedures to receive and respond to complaints and inquiries. 
  • Training and communicating to employees about privacy policies and practices. 

 

Identifying Purpose 

Rally will identify the purpose for which personal information is collected at or before the time the information is collected. Depending upon the way in which the information is collected, this may be done orally or in writing. The purposes for which information is collected must be those that a reasonable person would consider are appropriate in the circumstances. 

When Rally proposes to use personal information that has been collected for a purpose not previously identified, it will identify the new purpose before using such personal information. Unless the new purpose is required by law, or consent is otherwise not required pursuant to privacy legislation, the consent of the individual shall be obtained before the personal information is used for the new purpose. 

The purposes for which the personal information of employees is collected may include but are not limited to administering payroll and employee benefit programs; conducting performance evaluations and discipline; effecting employee training; conducting internal reviews, investigations, and complaint resolution processes; facilitating transactional due diligence reviews; complying with legal and regulatory obligations. 

The purposes for which the personal information of customers is collected may include, but are not limited to: processing commercial transactions; communicating with customers; establishing and maintaining commercial relations; developing, marketing or providing products and services; recommending particular products and services; conducting market research and surveys; managing and developing business opportunities; conducting investigations and complaint resolution processes; facilitating transactional due diligence reviews; complying with legal and regulatory obligations. 

Anonymous or “non-personal” information gathered by Rally through its web site may be used for technical, research and analytical purposes. Information collected through surveys, existing files and public archives may be used by Rally to analyze its markets and to develop or enhance service offerings. 

 

Consent 

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where consent is not required by privacy legislation. 

Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Generally, Rally will seek consent for the use or disclosure of the information at the time of collection. In obtaining consent, Rally will use reasonable efforts to ensure that an employee or customer is advised of the identified purposes for which personal information will be used or disclosed.  

In certain circumstances personal information may be collected, used, or disclosed without the knowledge and consent of the individual. For example, Rally may collect or use personal information without the knowledge or consent of its employees and/or customers if the collection or use of personal information is clearly in the interests of the individual and consent cannot be obtained in a timely way.  Personal information may also be used or disclosed without the knowledge or consent of the individual in the case of an emergency where the life, health or security of an individual is threatened. Rally may disclose personal information without knowledge or consent to a lawyer representing the company, to collect a debt, to comply with any court order, or as may be required by law. 

In obtaining consent, Rally will consider the sensitivity of the personal information and the reasonable expectations of customers and employees.  

Rally will generally seek expressed consent when the information is likely to be considered sensitive. It will rely on implied consent only where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating.  

Generally, the use of products and services by a customer, or the acceptance of employment or benefits by a staff member, constitutes implied consent for Rally to collect, use and disclose personal information for all identified purposes. 

An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Rally will inform individuals of the implications of withdrawing consent. 

 

Limiting Collection 

Rally will limit the collection of personal information to that which is necessary for the purposes identified by the company.  Rally will not collect personal information indiscriminately.   

 

Limiting Use, Disclosure and Retention 

Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of the purposes for which it was collected. 

Rally may disclose the personal information of its employees: to human resources, payroll, benefits, information management personnel; to third party service providers for the purposes of administering payroll and benefits programs; to internal or external legal counsel and auditors; to the Chief Privacy Officer; to management personnel in the context of providing references regarding current or former employees in response to requests from prospective employers and/or financial institutions; to prospective parties in the context of a transactional due diligence review; and where disclosure is required by law. 

Rally may disclose the personal information of its customers: to third party service providers, including suppliers, distributors, sub-contractors and manufacturers; to legal counsel and auditors; to the Chief Privacy Officer of Rally; to the management personnel of Rally; to third parties for the development, enhancement or marketing of Rally’s products or services; to an agent retained by Rally in connection with the collection of the customer’s account; to credit grantors and reporting agencies; to a third party or parties, where the customer consents to such disclosure; to prospective parties in the context of a transactional due diligence review; and where disclosure is required by law. 

Except as required or permitted by law, when disclosure is made to a party other than a third-party provider of personal information processing services, the consent of the individual shall be obtained, and reasonable steps shall be taken to ensure that any such third party has personal information privacy procedures and policies in place that are at least comparable to those implemented by Rally. 

Unless otherwise expressly authorized, Rally will not sell, lease, or trade the personal information of its employees or customers to other parties. 

Personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained, shall be destroyed, erased, or made anonymous. 

 

Accuracy 

Personal information shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.  Rally will not, however, routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected.  

 

Safeguards 

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.  Rally will implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.  Personal information disclosed to third parties shall be protected by contractual agreement stipulating the confidentiality of the information and the purposes for which it is to be used. 

 

Openness and Access 

Rally shall be open about its policies and practices and make readily available to its customers and employees specific information relating to the management of personal information. 

Such information shall be made available through the Rally web site and shall include: the name or title, and the address, of the Chief Privacy Officer and the means of gaining access to personal information held by the Company. 

Upon request, an individual shall be informed of his or her personal information and shall be given access to that information except where Rally is permitted or required by law not to disclose personal information to the individual customer or employee. An individual customer or employee shall be able to challenge the accuracy and completeness of the information.   

In certain situations, Rally may not be able to provide access to all the personal information that they hold about a customer or employee. For example, Rally is not required to provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Similarly, Rally may not be required to provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated during a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law.  

 

Challenging Compliance 

An individual customer or staff member will be able to address a challenge concerning compliance with the principles in this Privacy Policy.  Rally shall maintain procedures for addressing and responding to all inquiries or complaints from its customers and employees about the company’s handling of personal information.  Rally shall investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be justified, Rally shall take appropriate measures to resolve the complaint.  

 

If an individual is not satisfied with the response from the Chief Privacy Officer, they may have recourse to additional remedies under applicable privacy legislation. For further information, contact the applicable governmental agency listed below:

 

HOW TO CONTACT US 

Write to Andrew Stewart, CHRO and Chief Privacy Officer
111 Railside Road, Suite 100
Toronto, Ontario, M3A 1B2;
email:
andrew.stewart@rally.ca 

 

GOVERNMENT AGENCIES 

Federal Privacy Commissioner
112 Kent Street
Ottawa, ON K1A 1H3 

Phone: (613) 995-8210
Toll Free: (800) 282-1376
Website: https://www.priv.gc.ca/en/ 

 

ALBERTA 

Information Management, Access and Privacy Division
Alberta Government Services
16th Floor, 10155 – 102 Street
Edmonton, AB T5J 4L4 

Office Phone: (780) 422-2657
Help Desk Phone: (780) 427-5848
Website: http://www.servicealberta.gov.ab.ca/foip/ 

 

ONTARIO 

Information and Privacy Office
Office of the Corporate Chief Strategist
Management Board Secretariat
8th Floor, Ferguson Block
77 Wellesley Street West
Toronto, ON M7A 1N3 

Phone: (416) 327-2187
Website: https://www.ontario.ca/laws/statute/90f31