We recognize that you may be concerned about our use and disclosure of your personal information. Your privacy is very important to us, and the following will inform you of the information that we may collect from you, and how it is used. By using our Web site, you are accepting the practices described in this policy.
1. PRIVACY POLICY
SKYLINE AND ITS GROUP OF COMPANIES (COLLECTIVELY, "SKYLINE")
Introduction
In 2000, the federal government of Canada enacted the Personal Information Protection and Electronic Documents Act (“PIPEDA”). Effective January 1, 2004, all organizations that collect, use or disclose personal information in the course of their commercial activities became subject to PIPEDA. In addition, some provinces have their own privacy legislation which may supersede a portion or all of PIPEDA. PIPEDA and any applicable provincial privacy legislation is collectively referred to herein as “privacy legislation”. The purpose of privacy legislation is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information, and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Briefly stated, privacy legislation requires that the consent of an individual be obtained for the collection and use of his or her personal information, that steps be taken to protect personal information, that personal information be disposed of appropriately when no longer required, and that one or more individuals within an organization be appointed to monitor compliance with the provisions of applicable privacy legislation.
The term “personal information” means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, colour, age, gender, marital status, religion, education, medical information, criminal information, performance reviews, trade union membership, employment and financial history, income, home address and telephone number, e-mail address, numerical identifiers such as social insurance number or driver's license, and views and personal opinions. With respect to residents of Skyline properties ("Residents"), personal information also includes rental payment history, credit information, billing records and any recorded complaints. For investors in Skyline Apartment REIT ("Investors"), personal information also includes investing history, and financial and credit information. For employees of Skyline ("Employees"), personal information includes information found in personnel files, employment history, performance reviews and medical and benefits information. Personal information does not include the name, title, business address or business telephone number of an employee of an organization. Publicly available information, such as a public directory listings of names, addresses, telephone numbers and electronic addresses, however, is not considered personal information.
Application
This Privacy Policy applies to personal information which Skyline collects, uses or discloses, including in respect of any of its Investors, Residents or Employees, in the course of its commercial activities. The application of this Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, or agreements (such as collective agreements), or the order of any court or other lawful authority. Various legal criteria independent of this Privacy Policy will determine whether federal or provincial privacy legislation applies to the personal information that Skyline collects, uses, discloses or disposes of in the course of its commercial activities. This Privacy Policy does not replace those criteria and nothing in this Privacy Policy should be construed as indicating which privacy legislation, if any, applies to the collection, use, protection, disclosure and disposal of personal information by Skyline.
The Ten Privacy Principles
This Privacy Policy has been developed in accordance with the standards set out in PIPEDA and is modeled after the Canadian Standards Association Model Code for the Protection of Personal Information (the “CSA Code”) Accordingly, the ten principles of fair information practices, as identified by the CSA, have been adopted by Skyline and represent a formal statement of the minimum requirements to be adhered to in the collection, use, protection, disclosure and disposal of personal information, including personal information collected from Investors, Residents and Employees.
Principle 1. Accountability
Skyline is responsible for the personal information under its control and will designate one or more individuals who will be accountable for Skyline's compliance with the procedures and principles set out in this Privacy Policy.
1.1 Accountability for Skyline's compliance with the principles set out in this Privacy Policy rests with the Chief Compliance Officer, even though other individuals may be responsible for the day-to-day collection and processing of personal information. The Chief Compliance Officer may from time to time designate one or more individuals within Skyline to act on his or her behalf. Skyline Enterprises Management Inc., Skyline Asset Management Inc., and Skyline Management Incorporated will assign Privacy Officer duties to one individual each. All complaints concerning each of these three entities will be reviewed and responded to by their respective Privacy Officers, who will report in to the Chief Executive Officer. All complaints relating to Skyline Wealth Management Inc. will be forwarded to and responded to by the Chief Compliance Officer directly. Separate Complaints Logs will be maintained for each entity.
1.2 The name and contact information of the Chief Compliance Officer will be made available upon request.
1.3 Skyline is responsible for the protection of personal information in its possession or custody, including personal information that has been transferred by it to a third party for processing. Skyline will use contractual or other appropriate means to ensure that a comparable level of protection is provided by third parties to whom Skyline transmits personal information.
1.4 All personal information collected by Skyline or by persons or entities on its behalf, will be protected through physical or electronic measures in order to reduce the risk of its unauthorized collection, use, disclosure, or destruction. Such protections will be appropriate to the sensitivity of the personal information and may include, by way of example:
(a) passwords;
(b) locked cabinets;
(c) restricted access; and
(d) file write-protection.
1.5 All complaints or inquiries should be directed to:
Skyline Asset Management Inc.
5 Douglas Street, Suite 301
Guelph, ON N1H 2S8
ATTENTION: Privacy Officer: Mike Bonneveld, Director of Acquisitions
Fax No. (519) 766-8474
Email: mbonneveld@skylineonline.ca
Skyline Wealth Management Inc.
5 Douglas Street, Suite 301
Guelph, ON N1H 2S8
ATTENTION: Chief Compliance Officer: Jeff Teeter, VP Investor Relations
Fax No. (519) 766-8474
Email: compliance@skylineonline.ca
Skyline Enterprises Management Inc.
5 Douglas Street, Suite 301
Guelph, ON N1H 2S8
ATTENTION: Privacy Officer: Martin Castellan, Co-founder & Chief Development Officer
Fax No. (519) 836-2320
Email: mcastellan@skylineonline.ca
Skyline Management Incorporated
5 Douglas Street, Suite 301
Guelph, ON N1H 2S8
ATTENTION: Privacy Officer: Matt Organ, President, SMI
Fax No. (519) 836-2320
Email: morgan@skylineonline.ca
The relevant party as above, will respond in a timely manner to the individual making the complaint or inquiry in compliance with all applicable privacy legislation.
1.6 Skyline will incorporate materials outlining and explaining this Policy and its related procedures into its Employee training, communications, and resource programs. Such materials may include but will not be limited to:
(a) provision of this Policy to Employees at time of hire;
(b) review of this Policy by Human Resources and Compliance once every year and any changes will be communicated to staff;
(c) posting of this Policy on Skyline websites;
(d) invitation of ongoing Employee comment and review of this Policy; and
(e) applicable signage in Employee common areas.
Principle 2. Identifying Purposes
Skyline will identify the purposes for which personal information is collected at or before the time the personal information is collected from the individual disclosing same. The purposes for which personal information is collected, used or disclosed by Skyline must be those that a reasonable person would consider are appropriate in the circumstances.
2.1 Skyline will document the purposes for which personal information is collected in order to comply with the Openness and Individual Access Principles (Principles 8 and 9, respectively).
2.2 Identifying the purposes for which personal information is collected at or before the time of collection allows Skyline to determine the personal information it needs to collect to fulfill these purposes. The Limiting Collection Principle (Principle 4) requires that Skyline collect only that personal information necessary for the purposes identified.
2.3 Skyline will identify the purposes at or before the time of collection to the individual from whom the personal information is collected. Skyline may identify purposes in writing. In certain circumstances, identification may be provided orally. For example, forms may provide information on purposes in writing. Collection of personal information through personal interviews or surveys may be better suited to identifying purposes orally.
2.4 When personal information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use of such personal information for the new purpose. Unless the new purpose is required by law, the consent of the individual is required before personal information can be used for that new purpose. For an elaboration on consent, please refer to the Consent Principle (Principle 3).
2.5 Employees collecting personal information from Investors, Residents, other Employees or others, will accurately explain to such individuals the purposes for which the personal information is being collected, including any purposes that may not be immediately obvious to the individual.
2.6 The purposes for which the personal information of Employees is collected may include, but is not limited to:
(a) administering payroll and Employee benefit programs;
(b) conducting performance evaluations and discipline;
(c) effecting Employee training;
(d) conducting internal reviews, investigations and complaint resolution processes;
(e) participating in union negotiations and labour arbitrations; and
(f) complying with legal and regulatory obligations.
2.7 The purposes for which the personal information of Investors is collected may include, but is not limited to:
(a) processing financial transactions;
(b) communicating with Investors and stakeholders;
(c) establishing and maintaining relations;
(d) developing, marketing or providing products and services;
(e) recommending particular products and services;
(f) conducting market research and surveys;
(g) managing and developing business opportunities;
(h) conducting investigations and complaint resolution processes;
(i) facilitating transactional due diligence reviews; and
(j) complying with legal and regulatory obligations.
2.8 The purposes for which the personal information of Residents is collected may include, but is not limited to:
(a) processing residential & commercial transactions;
(b) communicating with Residents and stakeholders;
(c) establishing and maintaining commercial and residential relations;
(d) developing, marketing or providing products and services;
(e) recommending particular products and services;
(f) conducting market research and surveys;
(g) managing and developing business opportunities;
(h) conducting investigations and complaint resolution processes;
(i) facilitating transactional due diligence reviews; and
(j) complying with legal and regulatory obligations.
2.9 Anonymous or “non-personal” information gathered by Skyline through its websites may be used for technical, research and analytical purposes. Information collected through surveys, existing files and public archives may be used by Skyline to analyze its markets and to develop or enhance service offerings.
Principle 3. Consent
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where consent is not required by privacy legislation.
3.1 Consent, which in certain circumstances may be implicit, is required for the collection of personal information and the subsequent use or disclosure of this information. Generally, Skyline will seek consent for the use or disclosure of the personal information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the personal information has been collected but before use (for example, when Skyline wants to use personal information for a purpose not previously identified).
3.2 The Consent Principle requires “knowledge and consent”. Skyline will make a reasonable effort to ensure that the individual is advised of the purposes for which the personal information will be used. To make the consent meaningful, the purposes will be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
3.3 In certain circumstances, personal information may be collected, used or disclosed without the knowledge and consent of the individual. For example, Skyline may collect or use personal information without the knowledge or consent of its Employees and/or Investors and/or Residents if the collection or use of same is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is a minor, seriously ill or mentally incapacitated, or if seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law. Personal information may also be used or disclosed without the knowledge or consent of the individual in the case of an emergency where the life, health or security of an individual is threatened. Skyline may disclose personal information without knowledge or consent to a lawyer representing Skyline, to collect a debt, to comply with a subpoena, warrant or other court order, or as may otherwise be required or permitted by law.
3.4 Skyline will not, as a condition of the supply of a product or service, require that an individual consent to the collection, use, or disclosure of personal information beyond that required to fulfill explicitly specified and legitimate purposes.
3.5 In obtaining consent, Skyline will take into account the sensitivity of the personal information and the reasonable expectations of the person disclosing same. Consent will not be obtained through deception. For example, an individual filing an application for employment with Skyline would reasonably expect that his or her age and marital status would be used for the purpose of administering benefit plans. As a further example, an individual requesting to join a Skyline mailing list should reasonably expect that Skyline, in addition to using the individual’s name and address for a single mailing, would also use that information to send subsequent mailings to the person. In this case, Skyline can assume that the individual’s request constitutes consent for the specific purposes of sending out a series of mailings (implied consent). On the other hand, an individual would not reasonably expect that personal information given to Skyline for a mailing list would be used for any other, non-related purpose, such as given to a third party for the purpose of selling merchandise or services to that individual. In such circumstances, further consent would have to be obtained by Skyline.
3.6 The manner in which Skyline seeks consent may vary, depending on the circumstances and the type of personal information collected. Skyline will generally seek express written consent when the personal information is likely to be considered sensitive. Implied consent would generally be appropriate when the personal information is less sensitive, or in the case where collection and use of the personal information is directly related to a transaction or exchange of personal information in which the individual is directly participating. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
3.7 Individuals can give consent in many ways. For example:
(a) An application form may be used to seek consent, collect information, and inform the individual of the use that will be made of the personal information. By completing and signing the form, the individual is giving consent to the collection and the specified uses.
(b) A check box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to a transfer of their personal information to third parties.
(c) Consent may be given orally when personal information is collected over the telephone.
(d) Consent may be given at the time that individuals use a product or service.
3.8 Generally, the use of products and services by Investors and/or Residents, or the acceptance of employment or benefits by an Employee, constitutes implied consent for Skyline to collect, use and disclose personal information for all identified purposes.
3.9 An individual may withdraw consent at any time, subject to legal or contractual restrictions and with reasonable notice. At the time that an individual requests withdrawal, Skyline will inform the individual of the implications of such withdrawal.
Principle 4. Limiting Collection
Skyline will limit the collection of personal information to that which is necessary for the purposes identified by Skyline. Personal information will be collected by fair and lawful means.
4.1 Skyline will not collect personal information indiscriminately. Both the amount and the type of information collected will be limited to that which is necessary to fulfill the purposes identified. Skyline will specify the type of information collected as part of its information-handling policies and practices, in accordance with the Openness Principle (Principle 8).
4.2 Skyline will collect personal information only by fair and lawful means and will not collect information by misleading or deceiving individuals about the purposes for which information is being collected.
Principle 5 Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of the purposes for which it was collected, after which it will be disposed of in the appropriate manner.
5.1 In the case where Skyline intends to use personal information for a purpose not previously identified, Skyline will obtain the consent of the individual prior to using the personal information for a new purpose.
5.2 Skyline may disclose the personal information of its Employees:
(a) to human resources, payroll, benefits, information management, medical and security personnel;
(b) to third party service providers for the purposes of administering payroll and benefits programs;
(c) to Skyline’s affiliates and/or subsidiaries;
(d) to internal or external legal counsel and auditors;
(e) to the Chief Compliance Officer;
(f) to management personnel of Skyline;
(g) in the context of providing references regarding current or former Employees in response to requests from prospective employers and/or financial institutions;
(h) to prospective parties in the context of a transactional due diligence review; and
(i) whenever disclosure is required by law.
5.3 Skyline may disclose the personal information of its Residents:
(a) to third party service providers, consultants and relevant suppliers;
(b) to Skyline’s affiliates and/or subsidiaries;
(c) to internal or external legal counsel and auditors;
(d) to the Chief Compliance Officer;
(e) to management personnel of Skyline;
(f) to third parties for the development, enhancement or marketing of Skyline products or services;
(g) to an agent retained by Skyline in connection with the collection of the individual's account;
(h) to credit grantors and reporting agencies;
(i) to prospective parties in the context of a transactional due diligence review; and
(j) where disclosure is required by law.
5.4 Skyline may disclose the personal information of its Investors:
(a) to third party service providers;
(b) to internal or external legal counsel and auditors;
(c) to the Chief Compliance Officer;
(d) to management personnel of Skyline; and
(e) where disclosure is required by law.
5.5 Except as required or permitted by law, whenever disclosure of personal information is to be made by Skyline to a third party, the consent of the individual will be obtained and Skyline will take reasonable steps to ensure that such third party has personal information privacy procedures and policies in place that are at least comparable to those implemented by Skyline.
5.6 Skyline will develop guidelines and implement procedures with respect to the retention of personal information. Personal information that has been used to make a decision about an individual will be retained long enough to allow the individual access to the information after the decision has been made. Skyline may be subject to legislative requirements with respect to retention periods with which Skyline will comply.
5.7 Personal information that is no longer relevant or required to fulfill the identified purposes will be destroyed, erased, or made anonymous as soon as reasonably possible.
Principle 6. Accuracy
Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by Skyline will be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate or inaccurate personal information may be used to make a decision about the individual. The extent to which personal information will be accurate, complete and up-to-date will depend upon the use to be made of the personal information, taking into account the interests of the individual.
6.2 Skyline will not, however, routinely update personal information, unless such a process is necessary to fulfill the purposes for which the personal information was originally collected. Personal information about Investors, Residents and Employees will be updated only as and when necessary to fulfill the identified purposes, as required by law, or upon notification by the individual.
6.3 Skyline will ensure that personal information that is used on an ongoing basis, including information that is disclosed to third parties, is generally accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.
Principle 7. Safeguards
Personal information will be protected by security safeguards appropriate to the sensitivity of the information.
7.1 Skyline has implemented and will continue to implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Skyline will protect personal information regardless of the format or storage media in which it is held.
7.2 The nature of the safeguards will vary depending on the sensitivity of the personal information that has been collected, the amount, distribution and format of the personal information, and the method of storage. More sensitive personal information will be safeguarded by a higher level of protection.
7.3 The methods of protection will include:
(a) physical measures, such as locked filing cabinets and restricted access to offices housing personal information;
(b) organizational measures, such as security clearances and limiting access on a “need-to-know” basis; and
(c) technological measures, such as the use of passwords.
7.4 Skyline will make its Employees aware of the importance of maintaining the confidentiality of personal information.
7.5 Skyline will endeavour to ensure that personal information disclosed to third parties will be protected by contractual agreement stipulating the confidentiality of the information and the purposes for which it is to be used, and Skyline will endeavour to ensure that such third parties have personal information privacy procedures and policies in place that are at least comparable to those implemented by Skyline.
7.6 Skyline will employ due care and diligence in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information. Disposal or destruction of personal information will not be undertaken by any Employee without following the Compliance Manual and written Standards of Operation, or without the prior written authorization of the Chief Compliance Officer outlining the preferred method of destruction, the specific information authorized for destruction, and date of destruction.
Principle 8. Openness
Skyline will make readily available to its Investors, Residents and Employees, as well as any other persons who disclose or intend to disclose personal information to it, specific information about its policies and practices relating to the management of personal information.
8.1 Skyline will be open about its policies and practices with respect to the management of personal information. Individuals will be able to acquire information about Skyline’s policies and practices without unreasonable effort. This information will be made available in a form that is easily understandable.
8.2 The information made available will include:
(a) the name, title, and address of the Chief Compliance Officer who is accountable for Skyline’s policies and practices and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by Skyline;
(c) a description of the type of personal information held by Skyline, including a general account of its use; and
(d) a copy of brochures or other information that explain Skyline’s policies, standards and/or codes with respect to personal information.
8.3 Skyline will make information on its policies and practices available in a variety of ways, such as brochures, a toll-free telephone number, emails, newsletters, and information posted on Skyline’s websites.
Principle 9. Individual Access
Upon request, an individual will be informed of the existence, use and disclosure of his or her personal information and will be given access to that information except where Skyline is permitted or required by law not to disclose personal information to the individual. An Investor, Resident or Employee will be able to challenge the accuracy and completeness of the information disclosed to him or her by Skyline and have it amended as appropriate.
9.1 Upon request, Skyline will inform an individual whether or not Skyline has in its possession personal information about the individual (except where Skyline is permitted or required by law not to disclose whether it has such personal information) and will afford the individual a reasonable opportunity to review the personal information in his or her file at minimal or no cost to the individual. In addition, Skyline will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed. Where reasonably possible, Skyline will indicate the source of the personal information.
9.2 In order to safeguard personal information, an Investor, Resident or Employee or other person seeking access, may be required to provide sufficient identification information to permit Skyline to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information will be used only for this purpose.
9.3 In certain situations, Skyline may not be permitted to provide access to all of the personal information that it holds about an Investor, Resident, Employee or person. For example, Skyline is not required to provide access to personal information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Similarly, Skyline may not provide access to personal information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, Skyline will provide the reasons for denying access, upon request.
9.4 In providing an account of third parties to which it has disclosed personal information about an individual, Skyline will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed personal information about an individual, Skyline will provide a list of organizations to which it may have disclosed personal information about the individual.
9.5 Skyline will respond to an individual’s request within a reasonable time and in any event within thirty (30) days of the request. The time for responding to a request may be extended for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of Skyline, or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. Skyline may also extend the time for responding for such period of time as is necessary to be able to convert the personal information into an alternative format. Skyline will provide notice to the individual of any extension taken within thirty (30) days of the individual’s request and will advise the individual of the right to make a complaint to the Privacy Commissioner about the extension. Skyline will provide the requested information or make it available in a form that is generally understandable. For example, if abbreviations or codes are used to record information, Skyline will provide a corresponding explanation.
9.6 Upon request by an individual with sensory disabilities, Skyline will give access to personal information about the individual in an alternative format if a version of the information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of Skyline under Principle 10, or file a formal complaint pursuant to applicable privacy legislation.
9.7 When an individual informs Skyline of the inaccuracy or incompleteness of personal information, Skyline will amend the personal information as required or may delete the record of personal information in its entirety but only with the prior authorization of the Chief Compliance Officer (when applicable). Depending upon the nature of the personal information challenged, amendment may involve the correction, deletion, or addition of personal information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
9.8 Residents, Investors and others can obtain information or seek access to their individual files by contacting the Chief Compliance Officer. An Employee can obtain information or seek access to his or her individual file by contacting his or her Human Resources Manager within Skyline.
Principle 10. Challenging Compliance
An Investor, Resident, Employee or other person who has disclosed personal information to Skyline will be able to address a challenge concerning compliance with the principles in this Privacy Policy to the Chief Compliance Officer.
10.1 Skyline will maintain procedures for addressing and responding to all inquiries or complaints from Investors, Residents, Employees and others from whom it collects personal information, about Skyline's handling of personal information.
10.2 Skyline will post this Privacy Policy in an accessible manner which may include its website.
10.3 Skyline will investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be justified, Skyline will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. The Investor, Resident, Employee or person who provided the personal information will be informed of the outcome, and the changes implemented as a result of the investigation regarding his or her complaint.
Effective Date
This policy has been revised and is effective on this 10th day of January 2012, and supersedes the Skyline privacy policy of December 2, 2011.
