BIMM’s relationships with its Clients and the services we provide have obligated us to develop a document that outlines our accountabilities in relation to PIPEDA
As such, it is the intent of this document to outline our responsibilities and our commitment to our Clients to protect their privacy concerns and their commitments to their customers.

BIMM is responsible for personal information in its possession or control. BIMM will use all contractual or any other legal means to ensure a level of protection, comparable to the processes used by our clients, while information is being processed by BIMM or by a third party.

BIMM has in place policies that specifically address each of the ten (10) principals of the Act. This document will outline our obligations to Privacy and deal with operational procedures currently in place to protect our Client’s data.

BIMM implements policies and procedures to give effect to the BIMM Privacy Policy, including: implementing procedures to protect personal information and to oversee the BIMM’s compliance with the BIMM Privacy Policy;

• implementing procedures to receive and respond to complaints or inquiries;
• training employees to understand and follow BIMM’s policies and procedures;
• developing information materials to explain BIMM’s policies and procedures; and
• reviewing on a regular basis the effectiveness of the policies and procedures to facilitate compliance with the BIMM Privacy Policy and consideration of any revisions as deemed appropriate.

BIMM collects personal information on behalf of its clients only for the following purposes:

• to identify individuals;
• to establish, maintain, communicate and renew engagement within a marketing campaign on behalf of a client;
• to advertise, develop, enhance and provide marketing services and products;
• to manage and develop BIMM’s business operations, including personnel and employment matters;

While BIMM does on occasion collect personal information, it is done so at the request of our clients and is securely transferred to our clients for management. BIMM respects and honors the intent and underlying spirit of the Act and the need to protect the personal information of individuals. Therefore, BIMM is committed to complying with the Privacy Act, Personal Information Protection and Electronic Documents Act and Canadian Anti-Spam Legislation along with any applicable provincial privacy laws. BIMM will ensure at all times the adequate protection of personal information entrusted to us by our Clients.

For the purposes of this document, Personal Information is as defined Personal Information Protection and Electronic Documents Act (referred to as “the Act”) to be: Personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
This includes information in any form, such as:

• age, name, ID numbers, income, ethnic origin, or blood type;
• opinions, evaluation, comments, social status, or disciplinary actions; and
• employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs.)”
• “personal information” means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.

When working with our Clients, we will collect information on their behalf and transfer this information to them. This information will not be aggregated with other information collected outside of the scope of any contracts we have with our Clients and will be removed from our servers when requested by our client. Therefore, while BIMM’s direct obligation lies in Accountability and Safeguards, we protect the interest of our clients by being mindful of the source information we receive and its compliance with “the Act.”

BIMM is responsible for protecting personal information under its control.

1.1
BIMM’s Account Management, Production and Data Management teams are accountable for implementing the company’s compliance with its Privacy Policy.

1.2
BIMM’s management oversees the company’s compliance with its Privacy Policy.

1.3
The management of BIMM has established procedures to implement the Privacy Policy.

1.4
BIMM will seek from its Clients their policy on Privacy law implementation to ensure compliance prior to receiving any data that is construed as personal information under the Act.

Protecting Consumer Privacy Means:

• BIMM keeps customer information in strict confidence and secures it using leading technologies
• Private information is not sold
• We respect the privacy of consumers when we market on BIMM’s behalf or on behalf of others

2.1
Under “the Act” to identify; the purpose of the data collection, lies with our Clients. BIMM councils its Clients to, whenever possible, identify the purposes for which personal information is collected at or before the time the information is collected.

BIMM is a provider of technology and services for permission-based marketing. This includes electronic mail (email), sweepstakes (contests) and direct mail. We oppose SPAM (unsolicited commercial email or “UCE”). We only deliver permission-based (opt-in) email and mail permission-based direct mail (using CMA Do Not Contact service) and request that our clients engage in only permission-based marketing practices in areas where they interact with our organization. Our clients must certify that they will only use our technology (software) and services to communicate with customers and prospects that have directly consented to receive messages and direct mail from them. These clients must be able to prove that “opt-in” permission has been acquired. They are forbidden to transmit unsolicited commercial email (spam) via our system.

2.2
BIMM will document the purposes for which personal information is collected prior to the information being collected

2.3
BIMM will make reasonable efforts to ensure that BIMM’s internal data handling services and Third Party data handling services are covered under the Client’s Privacy Policy.

3.1
While BIMM’s Clients identify the circumstance where data is to be collected, BIMM provides council to help our Client organization understand the importance of securing consumer consent for obtained for collecting data, use and distribution of personal information.

3.2
In obtaining consent, BIMM will use reasonable efforts to ensure alignment with our Clients’ privacy policy to ensure clarity is used whenever identifying the purpose for data collection, and that the purpose will be stated in a manner that can be reasonably understood by the individual.

3.3
BIMM’s data handling procedures include validation that our Clients have a Privacy Policy which includes coverage for the usage of our services.

Acquisition of personal information can be collected only to the extent that it is necessary for the purpose identified by the organization. The information must be collected using fair and lawful means and are compliant with Privacy Act, PIPEDA and the Canadian Anti-Spam Legislation. BIMM ensures that data required for the purposes of completion of the marketing communication will be captured.

4.1
Collecting information on behalf of our clients:
BIMM’s web properties use security measures to protect against the loss, misuse, and alteration of any information under our control. We store the information in a database in a secure environment at our data/hosting centre. BIMM ensures that private consumer data collected is not shared between Client teams or aggregated with any other data collected BIMM on behalf of its Clients.

BIMM does not disclose Personal Information as it is not part of its business to collect or disclose any personal information and BIMM retains Client data only as long as it is necessary or reasonable. We will not share, sell, or rent individual personal information without explicit permission or unless ordered by a court of law. Information submitted to us is only available to employees managing this information for purposes of administration of programs or permission-based marketing.

5.1
BIMM has guidelines and implements procedures to govern the destruction of personal information that is no longer required to fulfill the identified purposes. In most cases, original data will be deleted in 3 months from receipt of data. BIMM does house email specific data such as subscriber, opens and clicks for analytic and marketing automation purposes. Any marketing data that has been in our possession for more than 2 years will be deleted from BIMM databases/archives and, if requested, returned to the Client. However, before deleting the data, BIMM will obtain direction from the Client whether to delete it or extend the duration of retention.

BIMM collects consumer Personal information based on behalf of our Clients or have been provided Personal information from our Clients. The information collected or provided is accepted as is with the understanding it is as accurate and up-to-date as possible.

For Direct Mail, BIMM does not directly collect consumer Personal Information and therefore cannot endeavor to ensure the accuracy or completeness of personal information received from any Client.

BIMM protects Personal Information with security safeguards appropriate to the sensitivity of the Personal Information. BIMM will not disclose the information an individual provides when registering unless they consent, or unless such a disclosure is in accordance with subsection 8(2) of the Privacy Act, which is reserved for limited situations. Information submitted to us is only available to employees managing this information for purposes of contacting an individual or sending them emails based on their requests for information.

7.1
BIMM protects all information including Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information. BIMM protects all information including Personal Information regardless of the format in which it is held.

7.2
The methods of protection for all information including Personal Information:

• Physical measures, for example, locked filing cabinets and restricted access to offices, pass-card restricted access to the office after hours.
• BIMM ensures that private consumer data collected is not shared between Client teams or aggregated with any other data collected by BIMM on behalf of its Clients.
• Organizational measures, for example, employee confidentiality agreement, vendor confidentiality agreements and limiting access to a “need-to-know” basis;
• Technological measures, for example the use of passwords and file encryption
• Transportation of Personal information leverages a secure distribution channel via sFTP.
• 24 hrs. video surveillance cameras recording all entries to the office.

7.3
Our website is hosted on servers owned and managed by a third party, [Internet Service Provider]. Any personal information collected on our behalf by [Internet Service Provider], such as server log data, is managed in accordance with the BIMM Privacy Policy, and is protected by applicable law.

7.3
Client Information entrusted to BIMM may be stored in secure and confidential databases at an off-site data storage facility in Toronto. Strict confidentiality and date handling agreements are in force.

8.1
BIMM is open about its policies and practices with respect to the management of Personal Information.

8.2
BIMM makes information about its privacy policy and practice readily available to individuals and its Clients through written materials.

It is BIMM‘s policy to redirect any information requests from individuals to the appropriate Client organization. BIMM does not provide individuals with access to personal information stored by BIMM, nor does it provide any information about the nature of use.

Since Data is provided by the Client, the Client is accountable to the Act and it is, therefore, their responsibility to provide individuals with the opportunity to challenge compliance.

10.1 We Monitor Our Compliance with Our Privacy Policy
We have procedures in place to assist our employees in the practice of our privacy policy. We monitor and audit the practice of these policies on a regular basis and report the findings to our President.

10.2 We Are Committed to Upholding our Privacy Policy
If you have any questions or complaints about our privacy policy, or about how we are living up to them, let us know right away by contacting us at privacy@bimm.com.

You can also contact our Chief Privacy Officer at the above email or by writing to the CEO or Chief Privacy Officer, BIMM Direct and Digital, 36 Distillery Lane, Suite 300, Toronto, ON, M5A 3C4

1 “Gearing up for the Personal Information Protections and Electronic Documents Act,” Privacy Commission, 2004.