PRIVACY POLICY
Privacy Policy
Your privacy is important to us, as is your confidence in partnering with PEO Canada Ltd. (PEO) for payroll administration and other Human Resources (HR) outsourcing services. We have developed policies and procedures to protect the personal and confidential information of all parties interacting with our services.
This external policy addresses our Clients’ employees and/or prospective employees, our Clients, and our prospective clients – collectively known as our Customers. The very nature of our business means that PEO requires the collection, use, storage, and disclosure of a vast amount of both personal and confidential information (private information).
- Personal information is any data that allows for identification or contact of an individual, whether recorded or not, factual or subjective.
- Confidential information is any data that allows for identification of, or in relation to, a business, whether recorded or not, factual or subjective.
The Privacy Policy, as outlined below, explains the management of your private information in relation to the agreed upon services between PEO and our Customers. PEO’s Privacy Policy and practices are directly related to the requested services and direction provided to PEO by our Customers.
In addition to this policy, we have internal processes, technology, and controls in place to ensure your information is collected, used, and retained in accordance with the purposes as stated below. We diligently review and research changing legislative requirements, as well as trends in cyber security. In order to remain compliant, this policy and our internal safeguards may be updated periodically without notice. The policy will contain an Effective Date which will serve to also indicate the most recent reviewed date. Changes will be effective on dates determined by PEO Canada Ltd. and you may not rely on policies that have been superseded.
Decisions on PEO’s protocols and policies regarding the collection, use, storage, disclosure, retention, and disposal of data are shared by the Management Team and the Privacy Officer. The Privacy Officer is also responsible for addressing any complaints or concerns regarding privacy issues.
Please note that this policy does not apply to the practices of companies which are not owned or controlled by PEO.
Collection of Private Information
Private information is collected minimally, only as required in order to provide the services requested by our Customers Your information is collected through fair and lawful means, and is subject to our Privacy Policy. PEO’s collection and use of private information is completed per the direction of our Customers.
We may collect private information without explicit consent or knowledge of:
- If it is in the interest of the individual and consent is not obtainable in a timely manner;
- If it would compromise information availability or accuracy;
- If it is reasonable to investigate contravention of laws; or
- If it is publicly available and specified in the regulations.
Private information is provided to PEO through various lines of communication. The majority of which is digital: email messages, email attachments, secure file upload, or data provided through our encrypted HRIS system. On occasion, we receive information via phone call, or paperwork that has been mailed, faxed, or dropped off in-person at PEO’s office.
At times, miscellaneous information, that is not requested, may be received while PEO. This information would not be saved to the Client or employee file, but may be archived within our records, backups, or email communications.
Below is a comprehensive list of the types of private information that may be collected, along with examples for each category. This has been broken down per division, as each of the divisions within PEO provide a unique service – i.e., outsourcing administrative services for payroll, benefits, human resources (HR) management, workers’ compensation, and recruitment. The specific types of information collected will vary based on the services requested by each unique Client of PEO, as well as unique employment needs of our Customers.
Payroll
For the purpose of providing Payroll Administration services, employees (both current and former) must be onboarded into PEO’s internal HRIS database. PEO initially collects private information from our Client (the employer of record), then collecting information from their employees directly to ensure their information on file is up-to-date and accurate.
The information collected and utilized for payroll services includes:
-
- Name, address, phone numbers, email addresses, employee identification numbers, federal and provincial tax claim information, signature, periods of employment, position, name of employer, Social Insurance Number (SIN), gender, birthdate, banking information, hours of work, overtime hours, wage and overtime rates, vacation, leave time granted, taxable benefits, deductions made (e.g., RSP contributions), nature of expenses/claims, and work-eligibility documentation such work permits or study permits, emergency contact information, year-to-date values, correspondence.
- Additional for Garnishees: documentation of garnishment, garnishee amounts/percentages, requirements, maximums, number of dependents.
Benefits
For the purpose of providing Benefits plan enrollment and administration, private information is required for the participating individual, their eligible dependents (if applicable), and their chosen beneficiaries. PEO collects this information directly from our Customers, in partnership with the relevant third-party benefits provider.
The information collected and utilized for benefits administration includes:
- Name, address, email address, birthdate, gender, marital status, signature, employee identification numbers, banking information, position title, wage/salary, name of employer, periods of employment, confirmation of provincial healthcare, residency status, leave of absence details, return to work plans, correspondence.
- Dependents: Name, birthdate, gender, student status (if 21-24 years of age), disability status (if 21+ years of age), spousal benefits plan coverage details (in order to coordinate benefits).
- Beneficiaries: Name, age, relationship to the insured individual.
- Trustee of Beneficiaries: Name, relationship to the insured individual.
Retirement Savings Plan (RSP)
For the purpose of providing RSP enrollment and administration, private information is required for the participating individual and their chosen beneficiaries. PEO collects this information directly from our Customers, in partnership with the relevant third-party investment provider.
The information collected and utilized for RSP administration includes:
- Name, address, email address, birthdate, SIN, signature, banking information, contribution information, investment selection, correspondence.
- Beneficiaries: Name, birthdate, relationship to the insured individual.
- Trustee of Beneficiaries: Name, relationship to the insured individual.
Human Resources (HR)
For the purpose of providing our Clients with employer-specific HR services such as employment paperwork, advisement on performance management, or the facilitation of background checks or other pre-employment testing.
The following information may be required:
- Employment Details: name, employee identification numbers, signature, periods of employment, position, hours of work, overtime hours, wage and overtime rates, tax credits, vacation, leave time granted, taxable benefits, signed Employee Handbook, correspondence.
- Performance Management: evaluations, promotion letters, disciplinary letters/issues, termination letters, training & development, opinions and views of, or about, individuals.
- Background Checks & Pre-employment Testing: full name, address, phone number, date of birth, employment history, education history, credit history, driver’s license, photo identification, correspondence.
Workers’ Compensation (WCB)
For the purpose of providing WCB administration, private information will be required if an incident/accident occurs. PEO collects this information from our Clients directly.
The information collected and utilized for WCB administration of claims management includes:
- Accident Report: name, address, SIN, personal health number, phone number, email address, birthdate, gender, position, hire date, employer name, employer contact details, accident date and time, accident summary of details, accident location, injury details, return to work details, modified duties provided, employment details (FT/PT, seasonal/temporary/permanent, start date, end date, volunteer/commission/sub-contractor/etc.), wage/salary, regular hours worked, name and contact detail of treating hospital or healthcare professional
- Job description
In order for PEO to assist with setting up a modified duty offer and next appointment/treatment dates for follow ups, we may require information on medical restrictions.
In order to manage a Client’s account with the relevant provincial boards, the following information is required:
- Signed WCB authorization form for each province employees are located in, list of directors and associated documentation (e.g., in Quebec, the authorized contact’s name, phone number, and email is required).
- Details on business operations: what you do/make/sell, how you store and distribute your goods if applicable, employee work location(s) (i.e., physical location, work from home, travelling between provinces and/or countries).
- Contractor/Sub-contractor/Volunteer/Unpaid workers information, when the contractor does not have their own account: names (personal or business), addresses, contract labour amounts, and services provided.
Recruitment
For the purpose of providing our Clients with Recruitment services, private information is required to be collected from the relevant Customers. Documents such as resumes and cover letters are collected in order to review and narrow down the candidate pool. Candidates moving forward in the process may require a reference check, background check, and / or further pre-employment testing.
The information collected and utilized for recruitment services includes:
-
- Name, address, email address, phone number, skills, education, previous work experience, correspondence.
- References: specific information related to work experience, qualifications, character, skills, personality views, and opinions of and about an individual
- Background Checks & Pre-employment Testing: name, address, phone number, date of birth, employment history, education history, credit history, driver’s license, photo identification
Client Accounts
For the purpose of providing our Clients with all agreed upon services, corporate information is required to be collected and held on file.
- Company: business name(s), address, contact details, correspondence, business number, list of directors, vendor information for credit references, corporate entity information, as well as,
- Accounting Information: credit checks, applications, corporate bank account details (for the purpose of payment), government remittance information.
- Organizational hierarchy for the purpose of utilizing our time management solutions.
- Contacts: name, information pertaining to contact status, phone number, email address, position, correspondence.
Prospective Clients
For the purpose of gaining a mutual understanding of Prospective Clients’ needs and how those needs translate to a partnership with PEO, some corporate information is required to be collected and held on file.
- Company: business name(s), address, contact details, correspondence.
- Contacts: name, information pertaining to contact status, phone number, email address, position, correspondence.
Data Security
For the purpose of providing data security to all Customers, we may collect your device name and IP address, when requested by the user, for system login. IP addresses may also be collected when Secure File Transfer Protocol is required.
Use & Access of Private Information
All internal employees of PEO, authorized contractors, and associated companies are responsible for the lawful and proper collection, use, storage, and disclosure of private information as required to perform their duties related to the requested services of our Customers. It is also the responsibility of all internal PEO staff to protect the privacy of our Customers. We limit access to private information to the following parties:
- PEO employees or persons authorized by PEO who require it to perform their duties;
- Persons to whom our Customers have granted authorization for access; and
- Persons or agencies authorized by law.
PEO provides each of our Clients with access to their employee files held within our internal systems. As the employer of record, they are privy to: employee paperwork provided to PEO, email correspondence with PEO, historical payroll/employment data housed within PEO’s HRIS system, copies of pay statements, tax slips, or Record of Employment issued by PEO.
Information regarding our Customers is used only to provide the requested and agreed upon services. We do not sell or share information with any outside agency unless approval is granted by the relevant party beforehand. Information is shared with an outside agency (third party service vendor) only if additional outsourcing services have been requested by our Customers.
All contact points external to PEO Canada, be it our Customers or third-party providers, are responsible for establishing and maintaining their own data security and upholding confidentiality within their systems.
Disclosure of Private Information
PEO Canada may disclose private information, as reasonably necessary for the purposes set out in this policy, or may disclose by direction of our Customers.
PEO may release private information to a third party under the following circumstances:
- For the purpose for which the information was collected or compiled, or for a use consistent with that purpose (i.e., benefits plan enrollment and administration, RSP plan enrollment and administration, background checks, and pre-employment testing);
- Consent has been provided, in writing;
- Disclosure is necessary to comply with a federal or provincial law, including disclosure to governmental entities or agencies;
- For the purpose of complying with a subpoena, warrant, or order issues made by a court, person, or body having jurisdiction to complete the production of information or with a rule of court that relates to the production of information;
- Collecting a fine or debt owing by an individual to PEO or to the provincial or federal government;
- For the purpose of determining or verifying an individual’s suitability or eligibility for a program or benefit;
- To the Auditor General or any other prescribed person or body for audit purposes;
- To a member of the Legislative Assembly who has been requested by the individual the information is about to assist in resolving a problem;
- To a public body or a law enforcement agency in Canada to assist in an investigation undertaken with a view to a law enforcement proceeding, or from which a law enforcement proceeding is likely to result;
- So that the spouse, relative, or friend of an injured, ill, or deceased individual may be contacted;
- For research or statistical purposes required by legislation to an agency such as Statistics Canada;
- To the Director of Maintenance Enforcement for the purpose of enforcing a maintenance order under the Maintenance Enforcement Act, RSA 2000;
- To a relative of a deceased individual, if, in the opinion of PEO, the disclosure is not an unreasonable invasion of the deceased’s personal privacy; or
- If PEO believes, on reasonable grounds, that the disclosure will avert or minimize an imminent danger to the health or safety of any person.
Storage and Protection of Private Information
In order to protect the privacy of our Customers, we have various levels of security in place: physical safeguards, administrative safeguards, technical safeguards, and operational safeguards. PEO follows industry best practices and our Information Technology division is diligent in ensuring our protection is fulsome. We regularly conduct audits of passwords, updates to legislative requirements, trends in cyber security, system tests, and access points.
PEO is committed to safeguarding your information; however, we cannot guarantee the security of information sent over the internet or information accessed on your personal devices. We recommend to all individuals that you do not disclose your identification or password information to anyone.
Copies of physical files are kept to a minimum and all information, where possible, are included or scanned into our database in order to maintain the most current and accurate information and to minimize paper documentation. Unless there is a specific need to keep paper copies on file, they will be shredded as soon as they have been processed and scanned into our system. All electronic information is held and processed in Canada, but outside of Quebec.
Identity validation
Monitoring trends throughout the world, there is a clear need for protections against attempted fraud. PEO will ask for reasonable and relevant information in order to validate the identity of the requestor, prior to disclosing private information on file (e.g., tax slips) and when requests are made to change private information on file (e.g., direct deposit information).
PEO’s internal employees will never provide the information on file in search of confirmation. Rather, specific questions will be asked, with the expectation that the requestor will provide answers that match our records. Our staff will ask multiple, unique verification questions to ensure identify validation before proceeding.
Retention and Disposal of Private Information
PEO retains private information for the period of a service contract, as legally required by law to fulfill service commitments, and/or per the schedule required by an insurer. Our Information Technology division is responsible for maintaining and enforcing regular deletion of outdated information.
Other payroll, garnishee, benefits, and employee information is kept on file for the period of time required by federal and provincial laws, such as:
- Income Tax Act,
- Employment Insurance Act,
- Canada Pension Plan, and
- Federal or provincial employment laws.
Customer information that is considered public domain and does not contain any private information may be kept on file for an indefinite period of time.
After being scanned into databases, physical documents are de-identified at the end of the retention stage through confidential shredding services. Electronic files (hard drives, storage, discs, and tapes) are destroyed by the Information Technology division to ensure proper deletion of data prior to the disposal of outdated discs.
How to Access or Correct Your Private Information
To access a copy of your private information on file, or to correct your private information on file, please submit your request, in writing, to the Privacy Officer. The request must specify your name and at least two personal identifiers such as employee number, SIN, date of birth, etc., in order for PEO to verify, identity, and, locate the appropriate files.
Please address your correspondence to the Privacy Officer. A response will be provided within no more than 30 days, following the receipt of a request. Where possible, all information will be provided to persons requesting their information although some information may not be provided.
We may refuse access if:
- Doing so would reveal unauthorized information about a third party;
- Doing so would reveal confidential commercial information;
- Doing so would threaten the life or security of another;
- Information was generated in course of a formal dispute resolution process;
- Information is protected by solicitor-client privilege or the professional secrecy of advocates and notaries or by litigation privilege; or
- Information was created for the purpose of making a disclosure under the Public Servants Disclosure Protection Act or in the course of an investigation into a disclosure under that Act.
Factual information will be changed where appropriate, but opinions noted on file cannot be changed.
How to Submit a Complaint Regarding Private Information
To submit a complaint, please contact the Privacy Officer, in writing. The submission must include your name, contact details, and the details of your specific complaint.
Please address your correspondence to our Privacy Officer. The Privacy Officer will investigate your complaint and respond within no more than 30 days, following the receipt of complaint.
Privacy Officer
PEO’s Privacy Officer can be contacted by email via privacy.officer@peocanada.com, or by mailed correspondence addressed to:
Privacy Officer
PEO Canada Ltd.
#100 – 805 5 Ave. SW
Calgary, Alberta T2P 0N6
Effective Date: February 20, 2024