| 1. | INTRODUCTION |
| Wajax is committed to protecting the privacy, security and accuracy of personal information collected from our customers, vendors, employment applicants and website users (collectively, “External Stakeholders”). To this end, Wajax has developed policies and procedures regarding the handling of personal information. All Wajax personnel are responsible for complying with this policy (the “Policy”) and with all applicable privacy laws. References to “Wajax” in this Policy refer collectively to Wajax Corporation and its subsidiaries. Questions or concerns regarding this Policy may be directed to Wajax’s Privacy Officer, whose contact information is provided below. | |
| 2. | PURPOSE |
| This Policy outlines Wajax’s commitment to protecting the personal information of External Stakeholders, and describes how such information will be collected, used and disclosed. | |
| 3. | SCOPE |
| All Wajax employees, including full-time, part-time, union and contract employees, must comply with this Policy. | |
| 4. | PRIVACY OFFICER |
| The General Counsel of Wajax Corporation has been designated as Wajax’s Privacy Officer and is responsible for ensuring compliance with Wajax’s privacy policies and procedures, and all applicable privacy laws. | |
| You can contact Wajax’s Privacy Officer via e-mail at privacy@wajax.com or by mail at 10 Diesel Drive, Toronto, Ontario, M8W 2T8, Attention: Privacy Officer. | |
| 5. | DEFINITIONS |
|
Cookies: Cookies are small pieces of information that may be placed on a user’s device by Wajax’s website to facilitate or enhance the user’s interaction with the site. De-index: Means to remove content from an index or system of indexing. In the online context, de-indexing refers to the process by which a webpage, image or other online resource is removed from the results returned by a search engine when an person’s name or other identifying information is used as a search term. Personal Information: Refers to information about an identifiable individual, whether factual or subjective, recorded or unrecorded. Examples include: name, address, telephone number, e-mail address, income information, ethnic origin, age, opinions, evaluations and financial information. Stated another way, it is any information that describes an individual and could reasonably be connected to them, either on its own or when combined with other available information. |
|
| 6. | COLLECTION AND USE OF PERSONAL INFORMATION |
| 6.1 | Purpose of Collecting Personal Information |
| Wajax collects, uses and discloses Personal Information in the commercial and hiring context for the following purposes: | |
| for customers: – processing warranty claims; – billing and after sales follow-up; – granting credit approval; – advising on or providing, products and services; – collecting overdue accounts, and processing credit card and other payments; for employment applicants: – assessing suitability for a role; – carrying on Wajax’s business operations; – facilitating basic communications; – conducting data analytics and marketing activities; – to prevent fraud and other illegal activities; – complying with applicable laws; – and as described elsewhere in this Policy. |
|
| By providing Personal Information to Wajax, External Stakeholders consent to these purposes and to the other provisions set out in this Policy, including the disclosure of their Personal Information to third parties for the purposes set out in this section. | |
| 6.2 | Methods of Collecting Personal Information |
| Wajax may collect Personal Information in the commercial and hiring context in a variety of ways, including, but not limited to: | |
| – credit applications and credit checks; – purchase, rental, service, distribution and other business agreements; – Wajax’s website, through information entered by users and through Cookies, as described in the next section of this Policy; – business cards, surveys, market research and other business-intelligence sources such as credit agencies; – verbal and written communications; – activities conducted in the ordinary course of business; – employment applications and interviews; – and through other methods, with your consent provided at the time of collection. |
|
| 6.3 | Cookies and Other Tracking Technologies |
| Wajax uses Cookies, web beacons (including pixels and tags), and similar technologies on its website which collect certain information about website users by automated means. Below is a description of the types of Cookies used by Wajax: | |
|
– Necessary Cookies. These Cookies are essential for enabling website users to navigate the site and use its features. Without these Cookies, certain services cannot be provided. – Analytics Cookies. These Cookies allow Wajax to perform data analytics to measure and improve the performance of its website and provide more relevant content. The data collected helps Wajax understand the number of visitors to its website, which pages are most and least popular and how visitors move through the site. – Performance Cookies. These Cookies are generally provided by third-party vendors that work with Wajax or on Wajax’s behalf. They collect information about a user’s visit to the Wajax website, such the pages visited most often and whether any errors were encountered. These Cookies help improve the functionality and performance of the website. Third party vendors may have access to this data and may use it to enhance their own services. – Functionality Cookies. These Cookies enable core features that help website users use Wajax’s website more effectively. For example, they support functions such as remembering user selections, maintaining filter or search settings while navigating between pages and ensuring certain tools work properly. These Cookies do not track browsing activity across other websites and are used solely to support the functionality of the Wajax website. – Advertising Cookies. These Cookies are used to deliver advertisements that are more relevant to website users and their interests, measure the effectiveness of advertisements, re-target to the Wajax website and understand user behaviour after viewing an advertisement. Wajax shares this information with third parties for these purposes. Website users may still see Wajax advertisements even if they disable advertising Cookies; such advertisements are part of broader campaigns not linked to a user’s interaction with the Wajax website. | |
| Wajax may also use web beacons and similar technologies for the purposes described in this Policy. These may be included on the Wajax website, in marketing emails, or in newsletters, to determine whether a user has opened messages or clicked on links. Web beacons do not place information on a user’s device, but they may work in conjunction with Cookies to monitor website activity. The information provided above about Cookies also applies to web beacons and similar technologies. | |
| 6.4 | Use of Cookies |
| Wajax’s website uses Cookies for the following purposes: | |
| – understanding how website users use and engage with the site, including whether it is the user’s first visit or whether the user is a returning visitor; | |
| – ensuring that the website functions properly; | |
| – analyzing and improving Wajax’s services and website experience (e.g., some Cookies remember a website user’s language or preferences, so these selections do not need to be re-entered on subsequent visits); and | |
| – advertising products and services, as permitted by applicable laws. | |
| 6.5 | Opting Out of Cookies |
| Website users can opt out of Cookies, except those that are necessary to provide Wajax’s services. A user’s browser may provide options to be notified when certain types of Cookies are received, or to restrict or disable specific Cookies. However, without Cookies, some features of Wajax’s website may not function properly. | |
| For mobile devices, users can manage how their device and browser share certain data by adjusting the privacy and security settings on the device. | |
| 7. | HANDLING AND DISCLOSURE OF PERSONAL INFORMATION |
| 7.1 | Limited Collection, Use and Disclosure |
| Wajax will collect, use and disclose only the Personal Information that is required for authorized purposes, as described in this Policy. | |
| 7.2 | Consent Requirements |
| Where consent to the collection of Personal Information is required by applicable laws, it will be obtained in accordance with the applicable legislation. Consent can be explicit or implied and can be obtained either verbally or in writing, depending on the nature of the Personal Information. | |
| 7.3 | Use and Disclosure on a Need-to-Know Basis |
| Personal Information will be used and disclosed consistent with the purposes for which it was collected and only on a need-to-know basis. Unless required for the purposes stated in this Policy, or required by applicable law, Personal Information about an External Stakeholder will not be disclosed to third parties unrelated to Wajax without the External Stakeholder’s consent. | |
| 7.4 | Withdrawal of Consent and Related Rights |
| If consent is required to collect, use or disclose Personal Information, External Stakeholders have the right to withdraw their consent at any time. However, withdrawal of consent may have consequences. If an External Stakeholder withdraws his or her consent, Wajax will inform the External Stakeholder of the likely consequences of such action. In certain cases, Wajax may be required or permitted by law to retain Personal Information even after consent is withdrawn. | |
| An External Stakeholder may also request that Wajax stop disseminating their Personal Information or De-index any hyperlink attached to their name that provides access to their Personal Information on Wajax’s public or internal platforms if such dissemination contravenes applicable law, a court order or causes serious harm to the External Stakeholder’s reputation or privacy. | |
| 7.5 | Right to Request Purpose |
| An External Stakeholder may request an explanation of the specific purpose for which his or her Personal Information is collected, used or disclosed. | |
| 7.6 | Disclosure to Third Parties |
| In certain circumstances, Wajax may disclose Personal Information to third parties for legitimate purposes subject to this Policy. Such circumstances may include disclosures: | |
| – to service providers who perform services on Wajax’s behalf, such as IT management or cloud storage); | |
| – with Wajax affiliates or otherwise within the Wajax corporate group; | |
| – in connection with a business transaction, including a merger, acquisition or bankruptcy; | |
| – to comply with applicable legal obligations, including to respond to subpoenas, search warrants and similar requests; | |
| – to enforce contracts, service agreements, warranties or other applicable terms or policies; | |
| – and to protect or defend our rights and the rights of our customers and others. | |
| 8. | Protection of Personal Information |
| 8.1 | Security Safeguards |
| Wajax is committed to protecting Personal Information of External Stakeholders against loss, theft and unauthorized access, disclosure, use or modification by instituting security safeguards consistent with the sensitivity, amount, format, nature and storage of such information. | |
| 8.2 | Electronic Information Security |
| Personal Information provided to Wajax in electronic form is stored in secure computer servers with limited access and located in controlled facilities. | |
| 8.3 | Physical Information Security |
| Paper files are maintained in secure locations with various levels of restricted access based on the sensitivity of the information. Files with sensitive information are kept in locked file cabinets and behind locked doors. | |
| 8.4 | Authorized Access |
| Only duly authorized Wajax personnel, i.e., those who require access to Personal Information in order to perform their duties, will have access to such information. | |
| 9. | Cross-Border Transfers of Personal Information |
| 9.1 | Transfers Outside the Province or Country |
| To carry out its operations, Wajax may process Personal Information, or have it processed by third-party service providers, in a province other than the one in which the External Stakeholder resides, or outside of Canada. Privacy laws in such jurisdictions may differ from those applicable in the External Stakeholder’s home jurisdiction. | |
| 9.2 | Safeguards and Legal Requirements |
| Reasonable contractual or other measures used to protect Personal Information processed by third-party service providers outside of Canada are subject to applicable foreign legal requirements, including lawful requirements to disclose Personal Information to government authorities and law enforcement. | |
| 10. | Retention of Personal Information |
| 10.1 | Retention Periods |
| Personal Information will be retained only as long as necessary, permitted or required by applicable law to fulfill the purpose for which it was collected or a related business or legal purpose. | |
| 10.2 | Secure Destruction |
| Documents containing Personal Information that are not retained will be destroyed in a secure manner, such as through shredding, a document destruction service, or secure wiping of mobile hardware devices. | |
| 11. | Accuracy of Personal Information |
| 11.1 | Maintaining Accuracy |
| Wajax will take appropriate measures to ensure that all Personal Information it collects and holds will be accurate, complete and up to date. | |
| 11.2 | Responsibility to Update |
| To ensure that Personal Information remains accurate and complete, External Stakeholders are responsible for providing updated information to Wajax as needed. | |
| 12. | Access to and Correction of Personal Information |
| 12.1 | Right of Access and Correction |
| Except in circumstances permitted by applicable laws, External Stakeholders have the right to access or correct their Personal Information held by Wajax. | |
| 12.2 | How to Submit a Request |
| Requests must be submitted in writing to the Wajax Privacy Officer at: | |
| privacy@wajax.com | |
| or | |
| 10 Diesel Drive, Toronto, Ontario, M8W 2T8 | |
| Attention: Wajax Privacy Officer | |
| 12.3 | Information Required |
| Requests must contain sufficient information to verify the requester’s identity and to identify the Personal Information that is being requested. | |
| 12.4 | Response Timelines |
| Wajax will reply to access requests promptly and no later than 30 days after receipt, or within any timeline required by applicable legislation. | |
| 12.5 | Refusal of Requests |
| If the request to access, correct or rectify Personal Information is refused, the External Stakeholder will be informed in writing of the reasons for refusal, the legislative basis for the refusal and the contact information of a Wajax representative who can address questions. | |
| 12.6 | Escalation to Privacy Authority |
| External Stakeholders may submit a request to the applicable privacy commission to review any disagreement relating to access to Personal Information and Wajax’s compliance with privacy laws. | |
| 13. | Data portability |
| 13.1 | Portability Rights |
| An External Stakeholder has the right, where provided for by applicable laws, to receive their Personal Information in a structured and commonly used technological format. They may also request to have this information transferred directly to any person or body authorized by applicable law to collect such information. | |
| 14. | Complaints |
| 14.1 | Submitting a Complaint |
| External Stakeholders may submit a written complaint regarding Wajax’s compliance with this Policy or applicable privacy laws to Wajax’s Privacy Officer at the contact information provided above. All complaints will be investigated in a fair, impartial and confidential manner. | |
| 14.2 | Escalation to Privacy Authority |
| If an External Stakeholder is not satisfied with Wajax’s response, they may escalate the complaint to the applicable privacy commission. | |
| 14.3 | Additional Information |
| For additional information regarding this Policy, or any other Wajax privacy policies or practices, please contact Wajax’s Privacy Officer. | |
| 15. | POLICY REVIEW |
| Wajax retains the right, in its sole discretion, to amend or delete any organizational policy or procedure. |
