top of page

Privacy Policy
of
Digital Media Mill

Digital Media Mill Logo

1) INTRODUCTION

a. This privacy policy is revised as of: October 30, 2023.

b. The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA) governs how organizations collect, use, and disclose personal information of individuals in the course of business.

c. This privacy policy is intended to provide information on the way in which Digital Media Mill uses, collects, and discloses the personal information of its clients and customers.

d. Only the information that Digital Media Mill requires in order to carry out its services to clients and customers will be documented and stored in a secure manner. Our business to our clients and customers includes the following and is the reason for which we require personal information:

The name and brief description of the initiative, what personal information we're collecting, such as name, phone number, etc. Your legal authority to collect, use, and share the personal information how we're collecting personal information, such as by paper, video, audio, etc. An analysis of how personal information will be handled, who will have access to it and how it will be shared. Where the personal information will be stored, for how long and how it will be deleted.


A completed Risk Area Identification and Categorization (Appendix C- Core PIA)
a summary analysis of the risk(s) and recommendations for their mitigations

e. Digital Media Mill always ensures to protect the personal information of its clients while in the course of business.

f. The Office of the Privacy Commissioner (Commissioner) oversees PIPEDA and addresses complaints by individuals.


2) COLLECTION AND CONSENT

a. Collection of personal information is classified as an individual's name, age, income, heritage, credit records, medical records, Social Insurance Number, marital status, education level, and more.

b. Consent can be either express or implied.

c. Consent to use, collect and disclose your personal information may be implied by your conduct with Digital Media Mill. This may include correspondence and communications with us about retaining our services. By engaging Digital Media Mill, consent to the collection, use and disclosure of our clients' and customers' personal information is implied by such engagement. Throughout the duration of our engagement, Digital Media Mill will continue to obtain necessary personal information in order to accurately represent its' clients and customers, and such, in accordance with PIPEDA.

d. Digital Media Mill makes attempts to collect information directly from our clients and customers, but may need to collect information indirectly from other sources when necessary, all of which is completed in a legal manner consistent with PIPEDA.

e. Legal exceptions to having to obtain consent include as follows:

* if asking for express consent has the effect of compromising the accuracy of the information;

* collection of information is in the best interests of our client or customer;

* information is in a witness statement and the collection is needed to settle an insurance claim;

* to comply with the law, including warrants, subpoenas, and investigations.

f. Clients and customers may withdraw their consent. This withdrawal may be subject to certain restrictions depending on the circumstances. If that's the case, reasonable notice may be required.


3) PURPOSE OF COLLECTION

a. Digital Media Mill needs to collect personal information from its clients or customers in order to properly and accurately represent its clients and customers, and such, in accordance with PIPEDA. Information also needs to be collected for the following purposes:

When collecting an individual's personal information Digital Media Mill will need legal authority to collect and use it
whether the information will be shared with any other parties
the consequences of not providing information. It is an individual's right to access and correct any personal information that is provided
the relevant Personal Information Bank number they can use to exercise that right the individual's right to file a complaint with the Office of the Privacy Commissioner if they aren't satisfied with the way their information is handled

b. The information that we collect may also include information of other entities with whom our clients or customers conduct business. This may be needed in order to facilitate our services to our clients and customers.

c. Any changes in the use of the information that we collected shall be done with the express consent of our clients and customers. This means that if we collected client information for a certain purpose and later needed to conduct a separate, unrelated matter for the same client, we will obtain the client's consent prior to using the information for the separate, unrelated matter.


4) USE AND DISCLOSURE OF INFORMATION

a. Personal information provided to Digital Media Mill by its clients and customers may need to be disclosed to third parties in order for us to properly represent and act in our clients' and customers' best interests. Only the information required by a third party is disclosed in order to complete the tasks for which the information was needed. This may include, for example, having to disclose personal information to a government authority in order to register our client or customer with a regulatory government body.

b. Information may need to be disclosed in the narrowest of circumstances to facilitate our engagement.

c. When information is provided to us, whether upon our request or not, the delivery of such information is deemed to be done with consent, and Digital Media Mill may collect, use, and disclose that information.

d. Notwithstanding the foregoing, our clients' and customers' personal information shall be treated with the strictest confidence, and thus, any personal information shall not be disclosed without consent, unless otherwise required by law. 


5) SECURITY AND RETENTION OF INFORMATION

a. When it is reasonable and legal to do so, Digital Media Mill shall discard all of our clients' and customers' personal information, whether digitally stored or otherwise, and shall comply with applicable law in doing so.

b. During the destruction process, all information that Digital Media Mill holds shall be kept confidential.


6) SAFEGUARDING INFORMATION

a. Employees of Digital Media Mill shall only have access to relevant records if they are delegated tasks for which access to those records is necessary. Access to records is on a need-to-know basis.

b. Digital Media Mill is a paperless office and will protect electronic records by:

All devices with clients information is protected and entrypted.

c. Digital Media Mill ensures that all of the hardware is password-protected.

d. Digital Media Mill uses two-factor authentication on their hardware in order to promote security of records.

e. Workplace policies are in place which prohibit Digital Media Mill from clicking on any form of spam mail, suspicious messages, or access to malicious websites.

f. Personal devices and hardware of employees and staff at Digital Media Mill is prohibited unless specific authorization is requested and subsequently granted.

g. Where applicable, Digital Media Mill will utilize public and private clouds to store and secure client and customer data across all of their devices. Public cloud use is through one or more of Google, Microsoft, Dropbox, and more. Private cloud use is done with the storage of files and records on secure servers using a private cloud network with, typically, more than one harddrive working in tandem through usage of a NAS (Network Attached Storage) and specific configurations.

h. Cyberattacks are taken very seriously and we ensure to maintain strong firewalls and applications to prevent malicious cyber threats that may compromise the confidential nature of the sensitive information we keep on file.


7) REQUEST FOR ACCESS TO INFORMATION

a. Individuals have the right to submit a written request to have their information removed from the records of Digital Media Mill, and to access and verify their information. Where permitted by law, we will respond to any request in the timeframe provided for under PIPEDA.

b. Access may not be granted in certain circumstances, including the following:

I. Information protected by solicitor-client privilege;
II. Information that could be reasonably expected to reveal confidential commercial information;
III. Information disclosed to law enforcement;
IV. Information produced in a formal dispute; and
V. All other exceptions under PIPEDA.

c. Information that clients or customers have with Digital Media Mill may be corrected and amended upon written request. Notice must be provided with the updated information so that our records can be duly updated to reflect the changes. Once the changes are made, we shall also provide notice to relevant third parties and keep them informed.

d. Personal information maintained is kept accurate, up-to-date, and complete. Individuals may challenge any information that is incorrect or incomplete by giving notice to Digital Media Mill. However, only information that is necessary for purposes related to the collection of the information in the first place shall be changed by Digital Media Mill.

e. The Office of the Privacy Commissioner can be contacted for any complaints.

​

For more information on  Personal Information Protection and Electronic Documents Act (PIPEDA) by the Office of the Privacy Commissioner of Canada click the link  PIPEDA fair information principles

​

bottom of page