Corporate Privacy Policy

This Privacy Policy serves as a formal statement of our principles and guidelines, ensuring that the personal data of our stakeholders and employees is collected, used, and disclosed strictly in accordance with applicable privacy laws.

Introduction

Neptune Bulk Terminals (Canada) Ltd. (“Neptune” or the “Company”) recognizes the importance of privacy and the sensitivity of personal information. This Privacy Policy is published as part of the Company’s long-standing commitment to maintaining the accuracy, confidentiality and security of our stakeholders’ and employees’ personal information. It is Neptune’s policy to protect the privacy of stakeholders and employees in all of its business operations by ensuring that their personal information is collected, used, and disclosed only in accordance with applicable privacy legislation and other applicable laws.

Policy

This Privacy Policy is a formal statement of principles and guidelines concerning the minimum requirements for the protection of stakeholder and employee personal information by Neptune. The objective of this Privacy Policy is to promote responsible and transparent practices in the management of personal information, in accordance with the provisions of applicable privacy legislation. Neptune will continually review this Privacy Policy in its discretion to ensure it is relevant and remains current with changing technologies and laws. Most importantly, Neptune wants to ensure it continues to meet the evolving needs of its stakeholders and employees.

Employees are expected to comply with this Privacy Policy at all times. In particular, employees must comply with this Privacy Policy when handling the personal information of third parties in the course of their employment with Neptune. Any breach of this Privacy Policy may be grounds for discipline, up to and including termination of employment and nothing in this Privacy Policy is intended to prevent Neptune from taking any other or additional actions it deems necessary to address the breach.

Neptune will make available any updated version of this Privacy Policy.

Summary of Principles

Principle 1 - Accountability

Neptune is accountable and responsible for personal information under its control and has designated a Privacy Officer who is accountable for the Company's compliance with the principles set out in this Privacy Policy.

Principle 2 - Identifying Purposes for Collection of Personal Information

Neptune shall identify the purposes for which personal information is collected at or before the time the information is collected. 

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and informed consent of a stakeholder or employee is required for the collection, use, or disclosure of personal information, except where inappropriate or not required by law.

Principle 4 - Limiting Collection of Personal Information

Neptune shall take reasonable steps to limit the collection of personal information to that which is necessary for the purposes identified by the Company. Neptune shall collect personal information by fair and lawful means.

Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information

Neptune shall not use or disclose personal information for purposes other than those for which it was collected, except with the informed consent of the individual or as required or permitted by law. Neptune shall retain personal information only as long as necessary for the fulfillment of those purposes or to the extent permitted by law.

Principle 6 - Accuracy of Personal Information

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Principle 7 - Security Safeguards

Neptune shall protect personal information by security safeguards appropriate to the sensitivity of the information.

Principle 8 - Openness Concerning Policies and Practices

Neptune shall make readily available to stakeholders and employees specific information about its policies and practices relating to the management of personal information through this Privacy Policy.

Principle 9 - Stakeholder and Employee Access to Personal Information

Neptune shall inform a stakeholder or employee of the existence, use, and disclosure of their personal information upon written request and shall give the individual access to that information except where not required or permitted by law. A stakeholder or employee shall be able to challenge the accuracy and completeness of the information and request to have it amended as appropriate and required by law.

Principle 10 - Challenging Compliance

A stakeholder or employee shall be able to address a challenge concerning compliance with the above principles to the Privacy Officer or other persons accountable for Neptune’s compliance with this Privacy Policy.

Scope & Application

The ten principles which form the basis of this Privacy Policy are interrelated and Neptune shall adhere to the ten principles as a whole. Where there is also a Note following a principle (see principles 3 and 9), the Note forms an integral part of the principle.

Each principle must be read in conjunction with the accompanying commentary. As permitted by the provisions of the applicable privacy legislation, the commentary in this Privacy Policy has been tailored to reflect personal information issues specific to Neptune.

The scope and application of this Privacy Policy are as follows:

• This Privacy Policy applies to personal information about Neptune’s stakeholders and employees that is collected, used, or disclosed by Neptune.
• This Privacy Policy applies to the management of personal information in any form whether oral, electronic or written.
• This Privacy Policy does not impose any limits on the use or disclosure of the following information by Neptune:
  • a stakeholder's name and business contact information including business address, business telephone number or fax number and e-mail address;
  • an employee's name and business contact information including position with Neptune, title, business address, business telephone or fax number and e-mail address; or
  • other information about the stakeholder or employee that is excluded by applicable privacy legislation.
• This Privacy Policy does not apply to information regarding Neptune’s corporate stakeholders; however, such information is protected by other Neptune policies and through contractual arrangements subject to the requirements or provisions of any applicable legislation, regulations or agreements, such as collective agreements, order of any court, or other lawful authority.
• The application of this Privacy Policy is subject to the requirements and provisions of applicable privacy legislation and any other applicable laws. 

Definitions

Collection:  the act of gathering, acquiring, recording, or obtaining personal information from any source including third parties, by any means.

Consent:  informed voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of Neptune. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.

Customer:  an individual who uses, or applies to use, Neptune’s services, where such individual is a corporate customer or an individual carrying on business alone as a sole proprietorship or in partnership with other individuals.

Disclosure:  making personal information available to a third party.

Employee:  an employee or pensioner of Neptune.

Personal Information:  information about an identifiable individual, as defined or limited under applicable privacy legislation. Personal Information does not include anonymous or de-identified information that cannot be associated with a specific individual. Personal Information also excludes business contact details and job title. 

For a stakeholder, such information includes a stakeholder’s credit information, billing records, service and equipment, and any recorded complaints.

For an employee, personal information includes information that is collected, used and disclosed for the purposes reasonably required to establish, manage and discontinue the employment relationship between Neptune and the employee. Personal information does not include work product information.

Personal information includes, but is not restricted to:

• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
• Gender, date of birth and age, and marital status;
• Medical, educational, financial, employment and criminal history;
• Insurance enrollment, beneficiary and emergency contact information;
• Government identification numbers such as social insurance or other national insurance number, driver’s license number or other identification card number;
• Personal financial information including bank account details, payroll information, wage and benefit information;
• Photographs containing personally identifiable information;
• Personal correspondence with Neptune that is implicitly of a private nature;
• The views and opinions of others about the individual;
• The name of an individual related to an employee, where disclosure of the name itself would reveal information about the individual;
• Employment start date, employment location, education and training information;
• In some cases, trade union membership information; and
• Employment records including performance and disciplinary records.

Stakeholder(s):  individuals who are customers, potential customers, suppliers, agents, or contractors of Neptune.

Neptune:  including all divisions, current or future, and any successor company or companies of Neptune that arise as the result of corporate reorganization(s) or restructuring(s).

Third Party:  an individual or organization outside Neptune. 

Use:  the treatment, handling, and management of personal information by and within Neptune.

Neptune's Corporate Privacy Policy in Detail

Principle 1 - Accountability

Neptune is accountable and responsible for personal information under its control and has designated a Privacy Officer who is accountable for Neptune’s compliance with the principles set out in this Privacy Policy.

1. Responsibility for ensuring compliance with the provisions of this Privacy Policy rests primarily with the Privacy Officer and senior management of Neptune. Other individuals within Neptune may be delegated to act on behalf of the Privacy Officer or to take responsibility for the day-to-day collection and processing of personal information. Employees are expected to comply with this Privacy Policy.
2. Neptune is accountable and responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. Neptune shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).
3. Neptune shall implement policies and procedures to give effect to the Neptune Privacy Policy, including:
4. implementing procedures to protect personal information and to oversee Neptune’s compliance with this Privacy Policy;
   1. establishing procedures to receive and respond to inquiries or complaints;
   2. training and communicating to staff about Neptune’s policies and practices; and
   3. developing public information to explain Neptune’s policies and practices.

Principle 2 - Identifying Purposes for Collection of Personal Information

Neptune shall identify the purposes for which personal information is collected at or before the time the information is collected.

1. Neptune collects personal information for the following purposes:
   to establish, manage and discontinue employment relationships, including:
   1. employee administration (including payroll and benefits administration);
   2. processing employee work-related claims (including insurance and workers’ compensation claims);
   3. conducting performance reviews and determining performance requirements;
   4. assessing qualifications for a particular job or task;
   5. gathering evidence for disciplinary action or termination;
   6. education, training, and development;
   7. complying with health and safety obligations;
   8. deducting and remitting trade union membership dues, as applicable; and
   9. to maintain complete and accurate employee files.
2. to establish and maintain responsible commercial relations with stakeholders and to provide ongoing service;
3. to understand stakeholder needs;
4. to develop, enhance, market or provide services;
5. to manage and develop Neptune’s business, operations and internal functioning of Neptune, including accounting and auditing;
6. to meet legal and regulatory requirements;
7. to comply with lawful requests from government agencies (e.g. Revenue Canada); and
8. such additional purposes as are identified to an individual.
9. Further references to "identified purposes" mean the purposes identified in this Principle 2.
10. Neptune shall specify orally, electronically or in writing the identified purposes to the stakeholder or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to the Privacy Officer who shall explain the purposes.
11. Unless required or permitted by law, Neptune shall not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the stakeholder or employee.

Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information

1. Neptune will generally provide notice and obtain consent from stakeholders and employees for the collection, use, or disclosure of personal information, except where inappropriate or as required or otherwise permitted by law.
   
   NOTE: In certain circumstances personal information can be collected, used, and or disclosed without the knowledge and/or consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. Employers are permitted to collect, use and disclose personal information necessary to establish, manage or terminate an employment relationship upon notice.
    
2. In obtaining consent, Neptune shall use reasonable efforts to ensure that a stakeholder or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the stakeholder or employee.
3. Generally, Neptune shall seek consent to use and disclose personal information at the same time it collects the information. However, Neptune may seek consent to use and disclose personal information after it has been collected, but before it is used and disclosed (including for a new purpose).
4. Neptune will require stakeholders to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.
5. In determining the appropriate form of consent, Neptune shall take into account the sensitivity of the personal information and the reasonable expectations of its stakeholders and employees.
6. In general, the use of products and services by a stakeholder, or the acceptance of employment or benefits by an employee, constitutes implied consent for Neptune to collect, use and disclose personal information for all identified purposes.
7. Neptune may disclose personal information without consent to a lawyer representing Neptune to comply with a subpoena, warrant or other court order, or as may otherwise be required or authorized by law.
8. Neptune will provide notice to employees of the collection, use and disclosure of personal information necessary to establish, manage or terminate an employment relationship. Neptune shall obtain consent as required by law with respect to information that is not employee information.
9. In some circumstances, Neptune may collect, use and/or disclose employees’ personal information without notice or consent. Non-exhaustive examples include if it is clearly in the individual’s best interest to collect the information and notice cannot be given in a timely manner and use or disclosure is for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual (but Neptune will inform the employee about the disclosure without delay in writing), it was produced by the employee in the course of their employment and collection, use and disclosure is consistent with the purposes for which the information was produced, the collection, use and disclosure is for the purpose of making a disclosure that is required by law, or where it is necessary for medical treatment of an individual.
10. Where a stakeholder or employee has provided consent to the collection, use and disclosure of their personal information, they may have the legal right to withdraw their consent under certain circumstances. To withdraw your consent, if applicable, and for more information regarding the implications of doing so, contact Neptune’s Privacy Officer. 

Principle 4 - Limiting Collection of Personal Information

Neptune shall take reasonable steps to limit the collection of personal information to that which is necessary for the purposes identified by Neptune.

Neptune shall collect personal information by fair and lawful means and only for the purposes identified to the individual at or before the collection of such information, except as otherwise required or permitted by law.

1. Neptune collects personal information primarily from its stakeholders or employees.
2. Neptune may also collect personal information from other sources including credit bureaus, previous employers or personal references, or other third parties who represent that they have the right to disclose the information.

Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information

Neptune shall not use or disclose personal information for purposes other than those for which it was collected, except with the informed consent of the individual, or as required or permitted by law. Under some circumstances, Neptune may have a legal obligation or right to disclose personal information without an individual’s consent.

Neptune shall retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected, except as otherwise required or permitted by law.

1. Neptune may disclose a stakeholder's personal information to:
   1. another company for the efficient and effective provision of Neptune’s services;
   2. a company involved in supplying the stakeholder with goods or services;
   3. another person for the development, enhancement, marketing or provision of any of Neptune’s products or services;
   4. an agent retained by Neptune in connection with the collection of the stakeholder's account;
   5. credit grantors and reporting agencies;
   6. a person who, in the reasonable judgment of Neptune, is seeking the information as an agent of the stakeholder; and
   7. a third party or parties, where the stakeholder consents to such disclosure or disclosure is required by law.
2. Neptune may disclose personal information about its employees:
   1. for normal personnel and benefits administration;
   2. in the context of providing references regarding current or former employees in response to requests from prospective employers; and
   3. where disclosure is required by law.
3. Only Neptune employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about stakeholders and employees.
4. Depending on the circumstances, where personal information has been used to make a decision about a stakeholder or employee, Neptune shall retain, for a period of time that is reasonably sufficient to allow for access by the stakeholder or employee, either the actual information or the rationale for making the decision.
5. Neptune shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction, which apply to personal information that is no longer necessary or relevant for the identified purposes or required or permitted by law to be retained. Such information shall be destroyed, erased or made anonymous.

Principle 6 - Accuracy of Personal Information

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

1. Personal information used by Neptune shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a stakeholder or employee.
2. Neptune shall update personal information about stakeholders and employees as and when necessary to fulfill the identified purpose or upon notification by the individual. Stakeholders and employees should keep Neptune informed of any personal information changes. 

Principle 7 - Security Safeguards

Neptune shall protect personal information by physical, technical and/or organizational security safeguards appropriate to the sensitivity of the information.

1. Neptune shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. Neptune shall protect the information regardless of the format in which it is held.
2. Neptune shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used. Neptune requires third parties to protect personal information in accordance with applicable laws and with the same or more stringent security and privacy standards as Neptune.
3. All of Neptune’s employees with access to personal information are required to respect the confidentiality of personal information in accordance with this Privacy Policy and Neptune’s Confidentiality Policy.
4. Neptune will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information. 

Principle 8 - Openness Concerning Policies and Practices

Neptune shall make readily available to stakeholders and employees specific information about its policies and practices relating to the management of personal information and the contact information of the Privacy Officer.

1. Neptune shall make information about its policies and practices easy to understand, including:
   1. the title and address of the Privacy Officer;
   2. the means of gaining access to personal information held by Neptune; and
   3. a description of the type of personal information held by Neptune, including a general account of its use.
2. On written request, Neptune will advise if and how an individual can access information held by it.

Principle 9 - Stakeholders and Employee Access to Personal Information

Neptune shall inform a stakeholder or employee of the existence, use, and disclosure of their personal information upon written request and shall give the individual access to that information as required or permitted by law.

A stakeholder or employee shall be able to challenge the accuracy and completeness of the information and have it amended as required or permitted by law.

NOTE: In certain situations, Neptune may not be able to provide access to all of the personal information it holds about a stakeholder or employee. Exceptions may include information that is prohibitively costly to provide, information that would likely reveal personal information about a third party, information that cannot be disclosed for legal, safety, security or commercial proprietary reasons, information that is subject to solicitor-client or litigation privilege or generated in the course of a formal dispute resolution process, or, in certain circumstances, information of a medical nature. Neptune will sever information where possible as required by applicable privacy legislation. Neptune shall provide the reasons for denying access.

1. Upon written request, Neptune shall afford stakeholders and employees a reasonable opportunity to review the personal information in the custody or control of Neptune. Personal information shall be provided in an understandable form within a reasonable time, and in any event not later than 30 days after receipt of the written request unless the time limit is extended in accordance with applicable privacy legislation, and at a minimal or no cost to the individual. Neptune will provide access in an alternative format for individuals with sensory disabilities in accordance with appliable privacy legislation.
2. Upon written request, Neptune shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, Neptune shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
3. A stakeholder or employee may be required to provide sufficient identification information to permit Neptune to account for the existence, use and disclosure of personal information and to authorize access. Any such information shall be used only for this purpose.
4. Neptune shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted. Where appropriate, Neptune shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
5. Stakeholders can obtain information or seek access to their personal information by contacting Neptune’s Privacy Officer.
6. Employees can obtain information or seek access to their personal information by contacting their immediate supervisor within Neptune or Neptune’s Privacy Officer.

Principle 10 - Challenging Compliance

A stakeholder or employee shall be able to address a challenge concerning compliance with the above principles to Neptune’s Privacy Officer, who is responsible for assuring compliance with this Privacy Policy.

1. Neptune shall maintain procedures for addressing and responding to all inquiries or complaints from its stakeholders and employees about Neptune’s handling of personal information.
2. Neptune shall inform its stakeholders and employees about the existence of these procedures as well as the availability of complaint procedures.
3. The Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints.
4. Neptune shall investigate all complaints concerning compliance with this Privacy Policy. In the event a complaint is found to be justified, Neptune shall take appropriate steps to resolve the complaint including, if necessary, amending its policies and procedures. A stakeholder or employee shall be informed of the outcome of the investigation regarding their complaint.
5. Neptune will not disadvantage a stakeholder or an employee because the individual, acting in good faith, has invoked, or may invoke the provisions of this policy, or any applicable law.

You may contact Neptune’s Privacy Officer at:

Amanda E. Sutton, General Counsel and Corporate Secretary
301-111 Forester Street
North Vancouver, BC V7H 0A6

Tel:  604-812-6133
Email:  asutton@neptuneterminals.com

Click Here to Download the Report