Computershare Trust Company of Canada
Computershare Investor Services Inc.
Computershare Entity Solutions
Georgeson Shareholder Communications Canada Inc.
Syncbase Inc.
COMPUTERSHARE CANADA
PRIVACY CODE
Computershare's Commitment to Privacy
At Computershare, we take privacy seriously. In the course of providing services to our corporate clients and other customers, and in meeting the service needs of their investors, we receive personal information about individuals, perhaps including yourself. Protecting your privacy and the confidentiality of your personal information is important to us, and is a fundamental part of our day-to-day business operations.
What is Personal Information?
Personal information (or “PI”) is any piece of information, either factual or subjective, about an identifiable individual. But personal information does not include business contact information if it is being used for the purpose of communicating with an individual in relation to their employment, business or profession*.
Computershare may receive personal information about you from you directly but we may also receive information about you from a third party authorized by you, such as the issuing company, your broker, a class action defendant or another intermediary acting on your behalf. As another example, we will obtain information about you if you participate in an employee stock ownership plan, dividend reinvestment plan, or retirement savings plan that we administer. Depending on the type of plan or service we administer, we may receive this information from enrollment forms you complete, through transactions we perform for you, from your employer (if it is sponsoring the plan) and through other communications. This personal information could include your name, contact details (such as residential address, correspondence address, email address), financial information (including account details, securities holdings and transactions), a copy of a government issued photo ID (such as passport, driver’s license) and related facial recognition (biometric) data, date of birth, identification details/numbers (including SINs, SSNs), survey responses.
* Business contact information is not excluded from the definition of Personal data of individuals normally resident in the European Union (“EU”) or the European Economic Area (“EEA”) (“Data Subjects”) who are subject to the General Data Protection Regulation (“GDPR”).
Our Approach to Privacy
Computershare collects, uses or discloses personal information for many purposes: to administer your account, to undertake transactions you direct, to mail you dividend cheques or Annual Reports, to conduct tax or other reporting required by law, for other lawful purposes relating to the services we are providing and to better serve your and our clients’ needs. To us, that includes treating your personal information with appropriate safeguards and with respect. Each Computershare employee and representative is familiar with the procedures that must be adhered to in order to keep your information secure and must abide by our commitment to privacy.
Applicability of Computershare's Privacy Code
This Privacy Code informs you of our commitment to fair information practices respecting your personal information, and tells you the ways we ensure that your privacy and the confidentiality of your personal information are protected.
In this Privacy Code, "we", "us", "our" and “Computershare” means Computershare Trust Company of Canada (“CTCC”) and/or Computershare Investor Services Inc. (“CISI”) and/or Computershare Governance Services and/or Georgeson Shareholder Communications Canada Inc. and/or Syncbase Inc.. "You" and "your" means individuals whose personal information we may receive, use or disclose in the course of our business activities.
Computershare does not permit third party collection of your personal information on our websites. Our websites may contain links to other websites that are provided and maintained exclusively by third parties. Websites provided and maintained by third parties are not subject to this Privacy Code. Computershare is not responsible for any personal information you may choose to submit to a third party website accessed from our websites. Please review the privacy policies on those third party websites to determine their information handling practices.
The Ten Principles of Privacy
Our Privacy Code includes the following ten key principles:
- Accountability
At Computershare, we accept responsibility for personal information under our control, and for complying with the principles set out in this Privacy Code. Each of our employees is responsible for the personal information under his or her control. They are informed about the importance of privacy and receive training to update them about our privacy policies and procedures.
We have appointed a Chief Privacy Officer, who is responsible for assessing all personal information handling practices at Computershare and for ensuring that our privacy practices conform to this Privacy Code. We have also designated a representative in the EU to act as our point of contact for requests by Data Subjects and/or the supervisory authorities in the EU/EAA.
Under the GDPR, an organization, like Computershare, may be a Controller or a Processor depending on the services provided and the type of processing performed. A Controller determines why and how personal information is processed. They control the information, meaning that they are responsible for how it’s used, stored and deleted. A Processor processes personal information on behalf of and at the direction of the Controller. Both have accountabilities under the GDPR. Where Computershare is a Processor, we will assist our Controller-clients, to the extent possible, with the fulfillment of their obligations to respond to your requests.
- Identifying Purposes: Why We Collect Personal Information
We identify and document the purposes for which we collect information about you. We want you to understand these purposes, and we take various measures to communicate these to you. Depending upon the service being provided, this can be done in different ways, orally or in writing. For example, an enrollment form or our websites might explain the relevant purposes. Many times, these purposes are self-evident; for example, when you ask us to enter into a service contract with you, you understand that the information we receive through the contract is used to perform our duties. Similarly, if you arrange for us, as a company’s registrar and transfer agent, to transfer shares into your name, you understand that your information will be used to record your ownership and to send you any dividends and corporate mailings that such company routinely sends to its investors.
On occasion, some of your personal information might also be used to keep our information about you accurate and up-to-date, taking into account your interests. For example, if we or our client are holding unclaimed monies or assets to your credit and your address is out-of-date, we may use your name, SIN or other information in order to locate you, correct our records and contact you with respect to these assets. Also, we might ask you to reconfirm some pieces of your personal information as an identification-security measure when you phone or write to request service on your account.
To help ensure the ongoing quality of our services, we might send you a note to ask you how we’ve done. Obviously, you are free not to respond and we will also provide you with a means to tell us if you would prefer not to receive such communications in the future.
Computershare will not use your information for any purpose for which you would reasonably expect us not to use it. The personal information we have custody of and what we use it for will depend on whether you are an investor in one of our corporate clients or participate in an investment plan that we administer, and/or on the nature of the other services you receive from or dealings you have with Computershare. Under no circumstances do we sell investor lists or other personal information to third parties. Computershare's policy is to use or share personal information only to the extent necessary or appropriate to the fulfillment of our service obligations to you and our corporate clients, or to meet other legal or regulatory obligations.
- Consent
With limited exceptions, we require your consent to our collection, use and disclosure of your personal information. We will endeavor to ensure you understand the purposes for which we use the information and will employ clear, understandable language when we obtain your consent. Depending on the situation and the sensitivity of the information, we may obtain your consent in different ways.
Consent may be express or implied. Consent must also be valid and meaningful, meaning that you understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which you are consenting. It may be provided in writing, orally, electronically or through someone acting on your behalf, such as an agent or attorney. Express consent is generally provided when you complete and sign an agreement, application, consent form, claim form or enrollment form and deliver it to us, physically or through the Internet. Implied consent arises where we can reasonably infer your consent from an action you’ve taken or not taken, or from the circumstances. Implied consent may occur where you choose to receive a Computershare service, including use of our websites. When Computershare receives instructions to register or transfer securities into your name and such instructions come from the issuer of the securities or from an investment dealer, broker or other intermediary, we may assume you have consented to our collecting and using that information for the routine purposes associated with your being a registered securityholder.
In very limited circumstances, such as in the case of the detection and prevention of fraud or for law enforcement or under specified exemptions in the privacy legislations, as applicable, personal information may be collected, used, or disclosed without the knowledge and consent of the individual.
Before deciding what form of consent is appropriate, Computershare will consider the type of personal information, the reason for its use and the type of contact, if any, that we have with you. For example, if we have no direct contact with you we will consider if your consent can be inferred from the circumstances or as per applicable law.
The choice to provide us with personal information is yours. Upon request, we will explain your options of refusing or withdrawing consent to the collection, use and disclosure of your information, and we will respect your choices. However, your decision to withhold consent may limit the services we are able to offer or perform for you. In addition, your ability to withdraw consent may be limited by legal or contractual restrictions and reasonable notice. Please note that withdrawing your consent in certain situations may also mean that we may not be able to provide you with the products or services you have or requested.
- Limiting Collection
Computershare does not collect your information except as required to fulfill the purposes we have identified, such as to service your account and act on your transaction instructions. We collect information only by fair and lawful means.
When you visit our websites, information is not collected that could identify you personally unless you choose to provide it. You are welcome to browse these sites at any time anonymously, without revealing any personal information about yourself.
In order to improve the quality of our websites and services, we may from time to time send you what is known as a "cookie". A cookie is a piece of text, which a website transfers to your computer's hard drive but it does not access your hard drive. A cookie assists in identifying, for example, whether you have visited our websites on a previous occasion. Only the site that posted the cookie can read it. At Computershare, we do not use cookies to collect personal information - we only use them to store country/language preference, or to “remember” a device and browser that was used to access our websites so that we do not have to ask additional security questions again in the future.
If you access an online service maintained by Computershare (for example, Investor Centre), we may use a tool called “Google Analytics” which transmits website traffic data to Google servers in the United States of America in order to help us understand website traffic and webpage usage. We do not combine the information collected through the use of Google Analytics with personal information. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.
We may share the information we collect via cookies and Google Analytics with our related entities within the Computershare Group including entities located outside of your province within Canada or in countries outside of Canada who assist us in supplying our services including through data storage solutions, back-up services and IT support. These entities are generally located in Australia, New Zealand, the United Kingdom and the United States of America.
Please note that any websites to which our websites may be linked may also make use of their own cookies to collect information from you. Most browsers will automatically accept a cookie, but it may be possible to set your browser to notify you prior to it being sent at which point you can accept or reject it.
Currently, Computershare does not respond to “Do Not Track” signals from browsers.
- Limiting Use, Disclosure and Retention
We will generally not use or disclose your information other than for the identified purposes unless we have your consent or if required by law. However, if you are a securityholder or plan participant, your information will be available to the issuer, or the manager or sponsor of the plan. Also, Computershare may from time to time pursue the acquisition or sale of parts of its business or a merger, financing or other business transaction. In the course of such a transaction, we may, without separate consent, receive from the other party and use, or transfer to the other party, your personal information for the purpose of evaluating and completing the transaction, provided that required safeguards are put in place for your benefit. Once the business transaction is completed, one of the parties will notify you that the transaction has been completed and that your personal information has been disclosed.
We maintain policies with respect to the retention and destruction of our records. These policies provide for the archiving and eventual destruction of records that may include individuals’ personal information. However, due to the nature of Computershare's business lines (including financial record-keeping, processing financial transactions and trust and fiduciary services) and the statutory requirements of our clients, and in order to be able to respond to any issue that may arise at a later date, including meeting certain legislative and regulatory requirements, many of our records may be kept for extended lengths of time, or in limited cases, indefinitely. Backup copies of personal information will be retained for a period of two years from the date of the backup. These backup copies are encrypted and access (physical and logical) is restricted. See item 7 below for further information.
- Accuracy
Computershare takes various measures to ensure the accuracy of your personal information. But we also rely on you to inform us of relevant changes to your information. For example, there may be problems mailing you dividend cheques or other important communications if you have moved and you have not advised us (or our client company) of your new address. We will make reasonable efforts to keep your information accurate and up-to-date, based upon satisfactory evidence being provided by you and to the extent updated information is relevant to the purpose for which it was originally collected. Corrections to your personal information can, subject to security requirements, be delivered to us by phone, fax, mail, email, or through our websites.
- Safeguards: Protecting Your Information
Computershare maintains physical, organizational and technological safeguards to protect your personal information from unauthorized access, disclosure, copying, use or modification, and against loss or theft.
Our computer systems, including portions of Computershare’s websites, are password- secured and constructed in such a way that only authorized individuals can access secure systems and databases. To safeguard against unauthorized access to your personal information via the Internet, you are required to "sign on" to certain secure areas of the websites using an individual, confidential password. In addition, you may have to provide proof of identification before we will release certain personal information to you. Wherever it is possible, information you provide to us through Computershare’s websites will be encrypted and held on secure servers. If you send us an email message that includes personal information, we may use that information to respond to your inquiry, but please note that email and other Internet communications are not necessarily secure against interception. If your communication is very sensitive, or includes information such as your bank account number, you should not send it electronically unless your browser indicates that the access to our websites is secure. We undertake periodic reviews of our security policies and procedures to ensure that our systems are secure and protected, including both internal and external audits.
Computershare maintains personal information in a combination of paper and electronic files. Recent paper records are stored in files kept in our various offices, and physical access to those areas where information is gathered, processed or stored is restricted to authorized employees. Older records may be stored at offsite storage facilities maintained by reputable companies that specialize in such services. These companies are obliged to safeguard your personal information in a way that is consistent with our own privacy principles, and as required by law.
In the ordinary course of fulfilling our obligations and conducting our business, your information may be transferred to our affiliates or other companies outside of your province within Canada or in countries outside of Canada that provide data processing, storage, marketing or other support services (including CTCC, CISI, Computershare Technology Services, Inc. and other U.S. affiliates) and our advisors, auditors, bankers, mailing agents and other suppliers, service providers or agents in locations such as Australia, New Zealand, the United Kingdom, India, Philippines, and the United States of America, who facilitate our services to you. We will not provide more information than is reasonably necessary for them to perform the services for which they are engaged, and will require that they not store, analyze or use that information for purposes other than to carry out those services and we do not authorize them to use or disclose Personal Information for their own purposes. We remain responsible for personal information in our custody even if it has been transferred for processing or storage and we take measures to ensure its confidentiality is respected, including by obtaining contractual covenants from the service provider. Should the data or information that we transfer to the data processors, service providers or other parties described above be transferred outside of your province within Canada or in countries outside of Canada, it could be available to a foreign government or its agencies under the laws of that country. Our Chief Privacy Officer is available to respond to any questions.
We have thorough security standards to protect our systems and your information against unauthorized access and use. We audit our procedures and security measures regularly to ensure that they are being properly administered and that they remain effective and appropriate.
- Openness: Keeping You Informed
Computershare has prepared this Privacy Code to inform you of our commitment and approach to managing and protecting your personal information. It is available to the public in paper form from the address set out below, and in electronic form over the Internet at www.computershare.com.
If you have any additional questions or concerns about privacy, we invite you to contact us by phone, fax, mail, email, or our websites, and we will address your concerns to the best of our ability.
- Providing Individual Access
We will give you access to the information we hold about you within a reasonable time upon your written request, satisfactory identification and proof of entitlement. We will also tell you how your information is used and to whom it may have been disclosed. We may impose a small fee to respond to your request but, if so, we will first give you notice of the amount and obtain your direction to proceed.
If you find any errors in your information, we urge you to contact us as soon as possible (by phone, fax, mail, email, or our websites), and we will make the appropriate corrections immediately, based on the receipt of satisfactory evidence.
In some cases we might not provide access to personal information within our possession or control. This could occur when, for example, the personal information is protected by solicitor-client privilege. If we deny your request for access to your personal information we will tell you why, unless prohibited by law, and you may then challenge our decision.
- Providing Recourse: Respecting and Responding to Your Privacy Concerns
Computershare encourages you to contact us with any questions or concerns you might have. We will investigate and respond to questions about any aspect of our handling of your information. Usually, a concern can be cleared up just by discussing it with us.
- For general inquires:
Email: service@computershare.com. - For shareholder related inquiries and requests:
Call: 1-800-564-6253 or fax 1-888-453-0330 - For employee plans related inquiries and requests:
Call: 1-800-736-1755
You can also visit us at www.computershare.com to obtain other contact/address information.
If, after contacting us, you feel that your privacy question or concern has not been addressed satisfactorily, you may escalate the concern by:
- Mail:
Computershare – Attention: Chief Privacy Officer
100 University Avenue, 8th Floor
Toronto, Ontario M5J 2Y1 - Email: PrivacyOfficer@computershare.com;
Please be sure to include your name, address, preferred method of communication, the nature of your question and relevant details, including your past communications with us.
If you feel you have a service related complaint, please refer to our website at www.computershare.com under "Help", "Resolve an Issue".
Please Note
This Privacy Code is only a summary of our privacy policies and practices, which are also designed to help ensure Computershare meets its obligations under applicable privacy legislation. This legislation provides for certain exceptions to matters included in this Privacy Code. At times, these exceptions will affect our privacy practices. For example, Computershare may collect, use or disclose your personal information in certain of the following situations:
- if the collection is clearly in your interests and consent cannot be obtained in a timely way
- if the information is deemed “publicly available” under the legislation
- if disclosure is made to government institutions under anti-money laundering and terrorist financing legislation
- when performing tax reporting to governmental taxation authorities, or other disclosures required by law
As much of the personal information Computershare holds may relate to your securities holdings in publicly traded companies and your transactions involving these holdings, some of these exceptions can often apply. Should you have particular inquiries relating to these exceptions, please feel free to contact our Chief Privacy Officer.
Additional Information for EU/EEA Data Subjects
In addition to the information provided above, if you are a current resident of an EU/EEA country, you may have certain Data Subject rights regarding your personal information under the GDPR. These may include, depending on the circumstance, the right to access your personal information; rectify the personal information we hold about you; erase your personal information; restrict our use of your personal information; object to our use of your personal information; receive your personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability); lodge a complaint with your local data protection authority; and withdraw any consent you have given to the uses of your personal information. If you would like to discuss or exercise any of the rights you may have, you may contact us via email or mail as described in Section 10 above.
Conclusion
Computershare is entrusted with your confidential personal and financial information and we take that trust very seriously.
Important changes to our privacy policies and practices will be reflected in this Privacy Code in a timely manner. We may add, modify or remove portions of this Privacy Code when we feel it is appropriate to do so.
Version: September 2023