RicePoint's Commitment to Privacy
At RicePoint, we take privacy seriously. In the course of providing services to our clients and customers, we receive personal information about individuals, perhaps including yourself. Protecting your privacy and the confidentiality of your personal information is important to us, and is a fundamental part of our day-to-day business operations.
What is Personal Information?
Personal information is any piece of information, either factual or subjective, about an identifiable individual. But personal information does not include business contact information if it is being used for the purpose of communicating with an individual in relation to their employment, business, or profession.*
RicePoint may receive personal information about you from you directly, but we may also receive information about you from a third party authorized by you, such as a class action defendant or another intermediary acting on your behalf. As another example, we will obtain information about you if you participate in a class action settlement that we administer. Depending on the type of service we administer, we may receive this information from claim forms, from parties to a litigation, and through other communications. This personal information could include your name, contact details (such as residential address, correspondence address, email address), a copy of a government issued photo ID (such as passport, driver’s license), date of birth, social insurance number (“SIN”), survey responses, securities or other asset ownership information and other financial information.
*Business contact information is not excluded from the definition of Personal data of individuals normally resident in the European Union (“EU”) or the European Economic Area (“EEA”) (“Data Subjects”) who are subject to the General Data Protection Regulation (“GDPR”).
Our Approach to Privacy
RicePoint collects, uses, or discloses personal information pursuant to services agreements we have in place with our clients who have retained us to provide a variety of services on their behalf. The personal information that you or our clients provide to us is used to perform the various services that are described in each service agreement. To us, that includes treating your personal information with appropriate safeguards and with respect. Each RicePoint employee and representative is familiar with the procedures that must be adhered to in order to keep your information secure and must abide by our commitment to privacy.
Applicability of RicePoint’s Privacy Code
This Privacy Code informs you of our commitment to fair information practices respecting your personal information, and tells you the ways we ensure that your privacy and the confidentiality of your personal information are protected.
In this Privacy Code, "we", "us", "our" and “RicePoint” means RicePoint Administration Inc. and its affiliates. "You" and "your" means individuals whose personal information we may receive, use or disclose in the course of our business activities. RicePoint does not permit third party collection of your personal information on our websites. Our websites may contain links to other websites that are provided and maintained exclusively by third parties. Websites provided and maintained by third parties are not subject to this Privacy Code. RicePoint is not responsible for any personal information you may choose to submit to a third party website accessed from our websites. Please review the privacy policies on those third party websites to determine their information handling practices.
The Ten Principles of Privacy
Our Privacy Code includes the following ten key principles:
At RicePoint, we accept responsibility for personal information under our control, and for complying with the principles set out in this Privacy Code. Each of our employees is responsible for the personal information under his or her control. They are informed about the importance of privacy and receive training to update them about our privacy policies and procedures.
We have a Privacy Team who is responsible for assessing all personal information handling practices at RicePoint and for ensuring that our privacy practices conform to this Privacy Code.
Under the GDPR, an organization, like RicePoint, may be a Controller or a Processor depending on the services provided and the type of processing performed. A Controller determines why and how personal information is processed. They control the information, meaning that they are responsible for how it’s used, stored and deleted. A Processor processes personal information on behalf of and at the direction of the Controller. Both have accountabilities under the GDPR. Where RicePoint is a Processor, we will assist our Controller-clients, to the extent possible, with the fulfillment of their obligations to respond to your requests.
- Identifying Purposes:
Why We Collect Personal Information We identify and document the purposes for which we collect information about you. We want you to understand these purposes, and we take various measures to communicate these to you. Depending upon the service being provided, this can be done in different ways – orally or in writing.
On occasion, some of your personal information might also be used to keep our information about you accurate and up-to-date, taking into account your interests. For example, we might ask you to reconfirm some pieces of your personal information as an identification-security measure when you phone or write to request service on your account.
RicePoint will not use your information for any purpose for which you would reasonably expect us not to use it. The personal information we have custody of and what we use it for will depend on the nature of the services RicePoint provides. Under no circumstances do we sell lists or other personal information to third parties. RicePoint’s policy is to use or share personal information only to the extent necessary or appropriate to the fulfillment of our service obligations to you and our clients, or to meet other legal or regulatory obligations.
With limited exceptions, we require your consent to our collection, use and disclosure of your personal information. We will endeavor to ensure you understand the purposes for which we use the information and will employ clear, understandable language when we obtain your consent.
Consent may be express or implied. Consent must also be valid and meaningful, meaning that you understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which you are consenting. It may be provided in writing, orally, electronically or through someone acting on your behalf, such as an agent or attorney. Express consent is generally provided when you complete and sign an agreement, application, or claim form and deliver it to us, physically or through the Internet. Implied consent arises where we can reasonably infer your consent from an action you’ve taken or not taken, or from the circumstances. Implied consent may occur where you choose to receive a RicePoint service, including use of our websites.
Before deciding what form of consent is appropriate, RicePoint will consider the type of personal information, the reason for its use and the type of contact, if any, that we have with you. For example, if we have no direct contact with you we will consider if your consent can be inferred from the circumstances.
The choice to provide us with personal information is yours. Upon request, we will explain your options of refusing or withdrawing consent to the collection, use and disclosure of your information, and we will respect your choices. However, your decision to withhold consent may limit the services we are able to offer or perform for you. In addition, your ability to withdraw consent may be limited by legal or contractual restrictions and reasonable notice.
- Limiting Collection
RicePoint does not collect your information except as required to fulfill the purposes we have identified. We collect information only by fair and lawful means.
When you visit our websites, information is not collected that could identify you personally unless you choose to provide it. You are welcome to browse these sites at any time anonymously, without revealing any personal information about yourself.
We may share the information we collect via cookies and Google Analytics with our related entities including entities located outside of Canada who assist us in supplying our services including through data storage solutions, back-up services and IT support.
Please note that any websites to which our websites may be linked may also make use of their own cookies to collect information from you. Most browsers will automatically accept a cookie, but it may be possible to set your browser to notify you prior to it being sent at which point you can accept or reject it.
Currently, RicePoint does not respond to “Do Not Track” signals from browsers.
- Limiting Use, Disclosure and Retention
We will generally not use or disclose your information other than for the identified purposes unless we have your consent or if required by law.
We maintain policies with respect to the retention and destruction of our records. These policies provide for the archiving and eventual destruction of records that may include individuals’ personal information.
RicePoint takes various measures to ensure the accuracy of your personal information. But we also rely on you to inform us of relevant changes to your information. For example, there may be problems mailing you settlement checks or other important communications if you have moved and you have not advised us (or our client company) of your new address. We will make reasonable efforts to keep your information accurate and up-to-date, based upon satisfactory evidence being provided by you and to the extent updated information is relevant to the purpose for which it was originally collected. Corrections to your personal information can, subject to security requirements, be delivered to us by phone, fax, mail, or email.
- Safeguards: Protecting Your Information
RicePoint maintains physical, organizational, and technological safeguards to protect your personal information from unauthorized access, disclosure, copying, use or modification, and against loss or theft.
Our computer systems, including portions of RicePoint’s websites, are password- secured and constructed in such a way that only authorized individuals can access secure systems and databases. To safeguard against unauthorized access to your personal information via the Internet, you are required to "sign on" to certain secure areas of the websites using an individual, confidential password. In addition, you may have to provide proof of identification before we will release certain personal information to you. Wherever it is possible, information you provide to us through RicePoint’s websites will be encrypted and held on secure servers. If you send us an email message that includes personal information, we may use that information to respond to your inquiry, but please note that email and other Internet communications are not necessarily secure against interception. If your communication is very sensitive, or includes sensitive information, you should not send it electronically unless your browser indicates that the access to our websites is secure. We undertake periodic reviews of our security policies and procedures to ensure that our systems are secure and protected, including both internal and external audits.
RicePoint maintains personal information in a combination of paper and electronic files. Recent paper records are stored in files kept in various offices, and physical access to those areas where information is gathered, processed, or stored is restricted to authorized employees. Older records may be stored at offsite storage facilities maintained by reputable companies that specialize in such services. These companies are obliged to safeguard your personal information in a way that is consistent with our own privacy principles, and as required by law.
In the ordinary course of fulfilling our obligations and conducting our business, your information may be transferred to other companies in or outside of Canada that provide data processing and storage or other support services (and our advisors, auditors, bankers, mailing agents and other suppliers or agents who facilitate our services to you. We will not provide more information than is reasonably necessary for them to perform the services for which they are engaged, and will require that they not store, analyze or use that information for purposes other than to carry out those services. We remain responsible for personal information in our custody even if it has been transferred for processing or storage and we take measures to ensure its confidentiality is respected, including by obtaining contractual covenants from the service provider. Should the data or information that we transfer to the data processors, service providers or other parties described above be transferred outside of Canada, it could be available to a foreign government or its agencies under the laws of that country. Our Privacy Team is available to respond to any questions.
We have thorough security standards to protect our systems and your information against unauthorized access and use. We audit our procedures and security measures regularly to ensure that they are being properly administered and that they remain effective and appropriate.
- Openness: Keeping You Informed
RicePoint has prepared this Privacy Code to inform you of our commitment and approach to managing and protecting your personal information. It is available to the public in paper form from the address set out below, and in electronic form over the Internet at https://www.ricepoint.com.
If you have any additional questions or concerns about privacy, we invite you to contact us by phone, fax, mail, email, or our websites, and we will address your concerns to the best of our ability.
- Providing Individual Access
We will give you access to the information we hold about you within a reasonable time upon your written request, satisfactory identification, and proof of entitlement. We will also tell you how your information is used and to whom it may have been disclosed. We may impose a small fee to respond to your request but, if so, we will first give you notice of the amount and obtain your direction to proceed.
If you find any errors in your information, we urge you to contact us as soon as possible (by phone, fax, mail, email, or our websites), and we will make the appropriate corrections immediately, based on the receipt of satisfactory evidence. In some cases we might not provide access to personal information within our possession or control. This could occur when, for example, the personal information is protected by attorney-client privilege. If we deny your request for access to your personal information we will tell you why, unless prohibited by law, and you may then challenge our decision.
- Providing Recourse: Respecting and Responding to Your Privacy Concerns
RicePoint encourages you to contact us with any questions or concerns you might have. We will investigate and respond to questions about any aspect of our handling of your information. Usually, a concern can be cleared up just by discussing it with us.
You may contact us at:
RicePoint Administration, Inc.
Attention: Privacy Team
1480 Richmond St., #204
London, ON N6G 0J4
Please be sure to include your name, address, preferred method of communication, the nature of your question and relevant details, including your past communications with us.
This Privacy Code is only a summary of our privacy policies and practices, which are also designed to help ensure RicePoint meets its obligations under applicable privacy legislation. This legislation provides for certain exceptions to matters included in this Privacy Code. At times, these exceptions will affect our privacy practices. For example, RicePoint may collect, use, or disclose your personal information in certain of the following situations:
- if the collection is clearly in your interests and consent cannot be obtained in a timely way
- if the information is deemed “publicly available” under the legislation
- if disclosure is made to government institutions under anti-money laundering and terrorist financing legislation
- when performing tax reporting to governmental taxation authorities, or other disclosures required by law
Should you have particular inquiries relating to these exceptions, please feel free to contact our Privacy Team.
Additional Information for EU/EEA Data Subjects
In addition to the information provided above, if you are a current resident of an EU/EEA country, you may have certain Data Subject rights regarding your personal information under the GDPR. These may include, depending on the circumstance, the right to access your personal information; rectify the personal information we hold about you; erase your personal information; restrict our use of your personal information; object to our use of your personal information; receive your personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability); lodge a complaint with your local data protection authority; and withdraw any consent you have given to the uses of your personal information. If you would like to discuss or exercise any of the rights you may have, you may contact us via email or mail as described in Section 10 above.
The services provided by a RicePoint website do not constitute the rendering of legal services, and no attorney-client relationship is formed between RicePoint and any client, or between RicePoint and any User, by virtue of such services. The information contained in RicePoint websites is not intended to constitute legal advice or to substitute for obtaining appropriate legal advice. This Privacy Statement describes RicePoint’s privacy practices only. It does not describe, and RicePoint makes no representations about, the privacy practices of any other parties, including RicePoint’s clients, who may receive personal information from RicePoint in the course of using RicePoint’s services.
RicePoint is entrusted with your confidential personal information and we take that trust very seriously.
Important changes to our privacy policies and practices will be reflected in this Privacy Code in a timely manner. We may add, modify or remove portions of this Privacy Code when we feel it is appropriate to do so. Each time you visit the website, please see the “Revised” date to determine if it has been revised since the last time you entered the site.
Version: May 2023