Hillsdale defines “non-public personal information” as personally identifiable information that a client provides both when they open an account through Know Your Client (“KYC”) disclosure and in the regular course of having their account managed. Specifically, this includes:
- An individual’s address, age, financial information, social insurance number, personal email address and telephone numbers;
- Personal investment portfolio data and transactions;
- The fact that an individual is or has been a client of Hillsdale.
What is PIPEDA?
PIPEDA is the privacy legislation of the Canadian federal government which covers virtually all commercial activity in Canada, effective January 1, 2004. Under this Act no business may collect, use or disclose personal information about an identifiable individual without first clearly defining the purpose of such collection, use or disclosure and obtaining the individual’s informed consent. The collection, use or disclosure is limited to purposes that a reasonable person would consider appropriate in the circumstances. The privacy law also regulates the protection, retention and destruction of personal information and provides individuals with the right to access and challenge information and establishes complaint procedures and avenues for redress.
What is Regulation S-P?
Regulation S-P controls the privacy obligations of financial institutions that are subject to the federal jurisdiction of the SEC. The rules include the treatment of non-public personal information about consumers by financial institutions, including Hillsdale as an investment adviser registered under the Investment Advisers Act of 1940 (“Advisers Act”). Regulation S-P became effective November 13, 2000 under section 504 of the Gramm-Leach-Bliley Act. This rule requires an investment adviser to provide notice to customers about its privacy policies and practices, describes the conditions under which an investment adviser may disclose “non-public personal information” about consumers to non-affiliated third parties and provides a method for consumers to prevent an investment adviser from disclosing that information to most nonaffiliated third parties by “opting out” of that disclosure, subject to certain exceptions.
Hillsdale acknowledges the importance and necessity of safeguarding non-public private information belonging to clients. Hillsdale has appointed a Chief Privacy Officer to ensure compliance with privacy legislation and to inform all Hillsdale staff of the need to use the utmost discretion when dealing with client information. Hillsdale's Chief Privacy Officer has the responsibility to carefully analyze and alter collection procedures to assure maximum privacy protection.
Non-public personal information is collected in order to determine a client’s identity, establish a client’s eligibility for a product or service, to protect all parties against errors or fraud (e.g. money laundering), to comply with legal requirements (e.g. anti-terrorism legislation) and to communicate with the client (e.g. sending annual financial statements of the funds managed by Hillsdale). Hillsdale commits to using non-public personal information solely for the purposes identified at the time of its collection.
Hillsdale will not disclose any non-public personal information, except as required by law, without first asking for a clients’ informed consent. In most cases, consent is obtained via the subscription agreement process for client investments in funds managed by Hillsdale. If information is required for any use not described at the time of collection, Hillsdale will take the necessary steps to seek additional consent. Consent may be expressed in writing, orally or may be implied directly by the client or the client’s authorized representative.
Consent to use non-public personal information may be withdrawn at any time by contacting Hillsdale’s Chief Privacy Officer. Note however that legal or other requirements may prevent clients from withholding consent and a decision to withhold personal information may limit the services or products that Hillsdale can provide to the client.
Hillsdale will only collect non-public personal information for specific purposes. Hillsdale will do its best to explain in a clear and informative fashion why the collection of personal information is necessary.
Hillsdale does not collect any non-public personal information from visitors browsing its website, although disclosure of some personal information may be required if a visitor chooses to send Hillsdale an email message.
Limiting Use, Disclosure and Retention
Hillsdale may be required to share non-public personal information with other parties as required by law (e.g. for tax reporting purposes to the government) and with third parties who provide services to Hillsdale (e.g. unitholder registration, administrative services, technological services, client statement preparation and mailing). Hillsdale has agreements with these third-party service providers to ensure the proper handling and protection of personal information. Hillsdale may also be required to provide client information when responding to a search warrant, court order or other legally valid request.
Hillsdale will only retain non-public client information for as long as it is needed in order to satisfy the stated purposes at the time of collection. When the information is no longer required, we will take the necessary measures to destroy, dispose of, or erase the information, subject to any other legal or regulatory requirements. If a client decides to terminate their relationship with Hillsdale, we will continue to adhere to the privacy policies and practices outlined in this Policy.
Hillsdale strives to ensure that client information is always accurate. Clients are requested to monitor any information provided to them for errors and advise the Hillsdale Chief Privacy Officer or their Hillsdale representative for prompt correction.
Individuals have the right to verify the accuracy and completeness of their personal information and may request that it be amended. When requested, and supported by appropriate identity information, Hillsdale will provide clients with their non-public information maintained in its files. Under certain circumstances, Hillsdale may not be able to provide clients with access to specific pieces of information, if, for example (i) the information contains references to other persons, (ii) the information contains proprietary information confidential to Hillsdale, (iii) the information has been destroyed or (iv) the information is too costly to retrieve.
Safeguards and Reporting of Breaches
Hillsdale has established policies, procedures, guidelines and security measures in order to ensure that non-public personal information is protected against unauthorized access, theft or improper disclosure. Security measures include controlled access to Hillsdale’s office and records within the office, password requirements to access Hillsdale’s networks and systems and restricted access to information stored in Hillsdale systems. All Hillsdale staff are subject to privacy procedures when dealing with non-public personal information and are responsible for ensuring the confidentiality of any information that is accessed.
As required by law, Hillsdale will record any breach of security safeguards involving non-public personal information under its control and will report such a breach to the appropriate regulatory body and/or applicable organization if there is a real risk of significant harm to any affected individual. Hillsdale will also notify affected individuals if the circumstances are such that it is reasonable to believe that the breach creates a real risk of significant harm to the individual. The notification to an individual will contain sufficient information to allow them to understand the significance of the breach and to take steps to reduce the risk of harm that could result from it. The notification will also contain any other information as prescribed by regulation or law.
Questions and Concerns
Questions about this policy or concerns about potential misuse of non-public personal information should be addressed to Hillsdale’s Chief Privacy Officer and will be dealt with in a timely fashion. If an individual is not satisfied with Hillsdale’s actions, a complaint can be made to the attention of the Canadian federal Privacy Commissioner, a US state supervisory authority or the US Federal Trade Commission.
Hillsdale Chief Privacy Officer
Email: firstname.lastname@example.org – Attention Chief Privacy Officer
1 First Canadian Place
100 King Street West, Suite 5900
P.O. Box 477
Toronto ON M5X 1E4
Canada – The Personal Information Protection and Electronic Document Act (PIPEDA) and related regulations can be found on the Department of Justice website at: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/index.html
US - Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information (Part 248 of the Code of Federal Regulations) can be found on the U.S. Securities and Exchange Commission website at: https://www.sec.gov/spotlight/regulation-s-p.htm.
Adopted March 2004, Updated October 2018, November 2018