Accountability

We have designated a privacy officer who is responsible for our compliance with this Notice.  You may contact our privacy ‎‎officer as described below.‎

Scope

In this notice, we provide additional information to Canada residents about how we handle their personal information. This Notice is intended to satisfy ghSMART’s applicable privacy obligations under applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (Canada) (and any successor legislation), the Quebec Act respecting the protection of personal information in the private sector, and other provincial equivalents.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

What isn’t covered by this Notice? This Notice does not address or apply to our collection of personal ‎information that is not subject to applicable Canadian privacy laws, such as business contact information ‎and certain publicly available data or the personal information that we collect about residents of countries ‎other than Canada. In addition, the personal information we collect from employees, officers, and ‎directors who are not residents of Canada is subject to other notices and not this one.‎

Your Personal Information

Categories of Personal Information Collected and Disclosed.  While our processing of personal information varies based upon our relationship and interactions with you, the section below identifies, generally, the categories of personal information that we have collected about Canada residents, as well as the categories of third parties to whom we may disclose this information.

• Identifiers: Includes direct identifiers, such as name, email address, phone number, address, other contact information
  • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

• Customer Records: Includes personal information, such as name, contact information, education and employment information, SSN and government identifiers that individuals provide us in order to purchase or obtain our products and services.  For example, this may include information collected when an individual requests a proposal or our products and services, or enters into an agreement with us related to our products and services
  • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

• Audio, visual and other electronic data: Includes interview recordings, transcriptions and other audio recordings (e.g., recorded interview sessions)
  • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

• Professional Information: Includes professional and employment-related information such as current and former employer(s) and position(s), business contact information and professional memberships
  • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

• Sensitive Personal Information: In limited circumstances, we may collect Social Insurance, driver’s license, state identification card, or passport number
  • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

Sources of Personal information. In general, we may collect personal information from the following categories of sources:

• Directly from the individual
• Government entities

Purposes of Collection, Use and Disclosure.

In this section we outline the purposes for which we may collect and process your personal information.

I. For the Purpose of Marketing, Business Development or Distributing Publications

More specifically, we use your personal information described above for the following purposes:

To engage with potential clients where we may provide services and products

• Maintaining contact information for current and prospective clients;
• Meeting arrangement/travel/scheduling;
• Providing information about our products, services, research and events to prospective clients;
• Creating a proposal or a proposed agreement to provide services.

To comply with record keeping obligations under laws applicable to ghSMART

• To comply with record keeping obligations for external financial statement audits to substantiate our business transactions;
• To comply with record keeping obligations for tax records to support our tax returns.

To comply with applicable laws

• To comply with legal obligations and act in accordance with legal authorizations, including to comply with our legal and regulatory requirements.

II. For the Purpose of Supplier Evaluation and Supplier Management

More specifically, we use your personal information described above for the following purposes:

To engage with potential suppliers that may provide services and products

• Maintaining contact information for current and prospective suppliers;
• Meeting arrangement/travel/scheduling;
• Providing information about our products, services and events to current and prospective suppliers;
• Creating a proposal or a proposed agreement for supplier services.

Change of purpose

We will only use your personal information for the purposes for which we collected it as described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the reasons, and we will seek your consent where required by law. Please note that we may collect and process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cross-border transfers of personal information

We may transfer the personal information we collect about you to jurisdictions outside of your jurisdiction of residence, including to other Canadian jurisdictions and jurisdictions outside of ‎Canada, namely, the United States, Australia, European Economic Area and the United Kingdom, where ghSMART ‎has administrative services, subcontractors, service providers, client consultants and client leadership. You ‎acknowledge that the governments, courts or law enforcement or regulatory agencies in those ‎jurisdictions may be ‎able ‎to obtain disclosure of that personal information through the laws of the foreign ‎jurisdiction‎.‎

Other Disclosures

In addition to the purposes described above, we may disclose your personal information to a third party without your consent if permitted or required ‎by applicable law. We may also disclose your personal information, in accordance with applicable law, in ‎connection with ‎a corporate re-organization, a merger or amalgamation with another entity, or a sale of ‎all or a ‎substantial portion of our assets, provided that the disclosed information continues to be used ‎solely for ‎the purposes permitted by this notice by the entity acquiring the information.‎

The period for which data is stored 

The information we collect during the ghSMART service process will form part of our records and as such will be retained as required by legal, accounting, reporting standards as reflected in the ghSMART corporate records retention policy applicable to our business. ghSMART may also be required to retain this information based on statute of limitations or applicable prescription periods for specific Jurisdictions, as well as government record retention requirements for tax purposes. ghSMART reviews the data to determine that the policy for data storage is in line with our stated purposes for which we may process your data. In some circumstances, and where permitted by applicable law, we may deidentify or aggregate your personal information so that it can no longer be associated with you, in which case we may continue to use such information without further notice to you.

Security

We protect the personal information in our custody or control using reasonable physical, ‎‎organizational and electronic security arrangements.  We ‎regularly review our practices to ensure they align with reasonable industry practices appropriate to ‎‎the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, ‎‎alteration or disclosure.‎

However, no method of transmission over the Internet, or method of electronic storage, is completely ‎secure. As ‎such, despite our safeguards and protocols, we cannot fully guarantee the security of your ‎personal ‎information and you should always exercise caution when disclosing personal information ‎over the ‎Internet (including by email).‎

Accuracy

We will make a reasonable effort to ensure that personal information we are using or disclosing is ‎‎accurate and complete.  ‎With respect to personal information that we collect directly from you, we rely on you to provide complete and accurate information. You may request corrections to your personal information as described below.

Privacy Rights

You have the right to be informed of the source of the personal information we hold on ‎you. You also have the right to access the personal information we hold on you, obtain a copy of this ‎information and, if this information is not accurate, to have it corrected.‎

If you are a resident of the province of Québec, in addition to the rights stated above, you have the right to ‎request a copy of your personal information in a commonly used technological format and to have such ‎information communicated to a third party you designate (data portability). You also have the right to ‎request, in certain circumstances, that we cease disseminating your personal information or that we de-‎index any hyperlink attached to your name (right to be forgotten).‎

How to Exercise Available Rights. If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection rights under applicable data protection laws, please contact dataprotection@ghsmart.com or call +1 877 294 3368.

We will take steps to verify your request by matching the information provided by you with the information we have in our records. This may include your first and last name, email address, physical address, telephone number, and information about your relationship with us or other information needed to verify your identity. You must provide us with this information via the above phone number or email address to verify your request.  We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. We may need to request additional specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another security measure designed to ensure that personal information is not disclosed to any person who has no right to receive it. If we are unable to adequately verify a request, we will notify the requestor.  Authorized agents may initiate a request on behalf of another individual; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

If a challenge regarding the accuracy of personal information is not resolved to your satisfaction, we ‎‎will annotate the personal information under our control with a note that the correction was requested ‎but ‎not made.‎

In some situations, we may not be able to provide access to certain personal information (for example, if ‎‎disclosure would reveal personal information about another individual, or the personal information is ‎‎protected by solicitor/client privilege).  We may also be prevented by law from providing access to certain personal ‎‎information.‎

Changes to this privacy notice

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

Contact details 

If you have any questions about this privacy notice or how we handle your personal information, please contact: dataprotection@ghsmart.com or +1 877 294 3368.

Mail address:

G. H. Smart & Company, LLC
203 North LaSalle Street
Suite 2100
Chicago, IL 60601
The United States of America

G. H. Smart & Company Canada, ULC
885 West Georgia Street
Suite 1480
Vancouver
British Columbia
V6c 3e8
Canada