RIOCAN REAL ESTATE INVESTMENT TRUST
PRIVACY PROTECTION POLICY
At RioCan Real Estate Investment Trust and RioCan Property Services (“RioCan”), the privacy of your personal information has always been an important aspect of the way we operate. We have developed this Privacy Protection Policy to advise you of our continuing commitment to the protection of your personal information.
What is Personal Information?
Personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
• age, name, ID numbers, personal e-mail address, home address, income, or ethnic origin;
• opinions, evaluations, comments or disciplinary action; and
• employee files, credit records, loan records, existence of a dispute between a customer and a merchant, intentions (e.g. to acquire goods, services or to change jobs)
Personal information does not include information normally found on a business card, such as name, title, company, business address, and business telephone or fax number. It also does not include information that is publicly available.
Who is responsible for administering our Privacy Protection Policy?
Our Director of Human Resources is also our Chief Privacy Officer. The Chief Privacy Officer, along with managers in each functional area/department, is responsible for ensuring compliance with federal privacy legislation and with this Privacy Protection Policy.
Why do we collect and use your personal information?
We are committed to providing employees, tenants, customers, suppliers and unitholders with quality resources, management services, and reporting. As a real estate and property management company, we interact with and provide a variety of services to all of the groups listed above. In order to meet these goals, we may collect, use and disclose personal information, when applicable, for the following purposes:
• processing of employment documentation, including all payroll-related functions;
• processing of payments to/from tenants and suppliers;
• provision of investor relations services to our unitholders;
• administration of marketing/public relations initiatives such as draws and raffles located at our properties; and
• provision of property management services as outlined in our leases and related documentation
• internal or external audit of human resources processes and policies
This is not a comprehensive list of the purposes for which we collect personal information. It is an overview of the activities that our different departments engage in when they collect, use or disclose your personal information and the reasons why they do so.
Prior to collection or use of your personal information, we will inform you of the reasons we are collecting your information and our intended actions in respect of the same.
How do you consent to our collection, use and disclosure of your personal information?
Before collecting any of your personal information for any purpose, we must obtain your informed consent. You may provide us with your informed consent either expressly or impliedly.
Express consent – You may provide us with your explicit consent to our collection, use and disclosure of your personal information for the purposes we identify for you by communicating your consent in a straightforward, clear and explicit manner, either orally or in writing.
Implied consent – You may also provide us with your implied consent by way of your action or inaction. For example, by providing us with your resume or other documentation, you are impliedly consenting to our review of your resume or such other documentation.
Should you choose not to consent to a general or particular use of your personal information, you may provide us with either a verbal or written statement to this effect for our records and so that we may ensure that we do not use your personal information in this manner. If a verbal statement is provided, it will be noted in writing by our Chief Privacy Officer for our records. Choosing to do so may affect our ability to provide you with certain products or services.
There may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example, in emergency situations.
You may withdraw your consent to any of our uses of your personal information by giving our Chief Privacy Officer reasonable prior written notice of the same.
Again, withdrawing your consent to certain uses of your personal information may affect our ability to provide you with certain products or continued services.
How much personal information do we collect, use or disclose?
We collect, use and disclose your personal information only to the extent required to fulfill the purposes for which we collected it.
In order to better service you and fulfill our stated purposes, we may disclose your personal information to third parties (for example, third-party benefits providers) who are legally obligated to keep such information private. We do not share your personal information with any other third parties without your consent.
How long do we retain your personal information?
We retain your personal information only for as long as is required to fulfill the purposes for which we collected it, and to meet all of our legal and regulatory requirements. Once your personal information is no longer required, we take proper measures to destroy, erase, or anonymize it in a manner that continues to maintain your privacy.
Legislative requirements may vary between provinces with respect to the information we must keep on file, but we are committed that all personal information that is retained is done so in a secure, confidential manner.
How do we protect your personal information and keep it up-to-date?
While security and privacy risks can never be eliminated entirely, we take all measures we believe to be reasonably appropriate to safeguard your personal information against unauthorized access, disclosure, copying, modification or misuse.
Methods we use to protect your personal information include passwords to protect databases, firewalls in the computer system, restricted access to offices and locked filing cabinets. All personal information is kept secure from alteration, either intentional or accidental. Destruction of personal information is performed in a secure manner; all personal information is destroyed via shredder. Access to your personal information is restricted to those of our employees who need to know the information to fulfill the purposes for which we collected it.
All employee-related personal information is kept in locked, fireproof cabinets in the locked Human Resources file room. Only Human Resources personnel have access to these files. Individual managers keep no duplicate files.
Any independent contractors who work for RioCan are required to agree in writing to adhere to our Privacy Protection Policy as well as to our Confidentiality of Information policy.
We rely on our personal information sources for the accuracy of the information they provide, and we do our best to ensure that the personal information we use on an ongoing basis is accurate, complete and up-to-date. Should you find that the personal information we have about you is out of date or inaccurate, please contact our Chief Privacy Officer.
How can you access personal information we have about you?
You have a right to access personal information we have about you and to know how we have used it, subject to certain legal exceptions. To submit a request to access your personal information, please contact our Chief Privacy Officer.
If you require assistance in preparing your request, please contact us and we would be pleased to assist you.
As e-mail is a less secure medium of communication, please minimize the amount of any personal information you include in any e-mail correspondence to us.
Questions and concerns about our personal information practices?
If you have any questions, concerns, comments or suggestions regarding our Privacy Protection Policy and our personal information practices, please contact our Chief Privacy Officer in writing.
Chief Privacy Officer
RioCan Real Estate Investment Trust
P.O. Box 378, Exchange Tower
130 King Street West
Toronto, Ontario
M5X 1E2
E-mail: privinfo@riocan.com
If our Chief Privacy Officer is unable to resolve any concerns you may have regarding the same, you may contact the Privacy Commissioner of Canada at www.privcom.gc.ca or at:
112 Kent Street
Ottawa, Ontario
K1A 1H3
Telephone; (613) 995-8210
Toll-free: 1-800-282-1376
Fax: (613) 947-6850
E-mail: info@privcom.gc.ca