BARKSDALE CAPITAL CORP.
Principle 1 – Accountability
Principle 2 – Identifying Purposes
The Company collects personal information for the following purposes: establishing and maintaining communication with individuals; offering and providing information to meet individual investors’ needs; compiling statistics; and complying with the law. For greater certainty, information collected may also be used to: create usage and website activity summary statistics; direct development and customization of general and online investor services and communications; and assist and develop marketing material and information circulars. The purposes for which personal information is collected shall be identified before or at the time that the information is collected. The purpose of the information collected, used or disclosed by the Company must be apparent and the Company is held accountable to a standard of what a reasonable person would consider appropriate in the circumstances. The Company will make reasonable efforts to identify the purposes for which personal information is collected to an individual from whom the personal information is collected at or before the time of collection. Depending upon the way in which the information is collected, the Company will identify these purposes on its website, as well as verbally or in writing. The Company recognizes that collection of personal information is an evolving process and for personal information that has been collected for a purpose not previously identified, it will identify and obtain consent to the new purpose prior to use, except as permitted or required by law.
To the extent necessary, employees or consultants of the Company collecting personal information from an individual will explain to such individual the purpose for which the information is being collected, including any other purpose that may not be immediately obvious to the individual.
Principle 3 – Consent
The knowledge and consent of an individual is required for the collection, use or disclosure of personal information, except where consent is not required under the Act. In order to fully comply, the Company will make reasonable efforts to ensure that the individual is advised of the purposes for which his or her personal information will be used or disclosed in a manner that is reasonably understood by the individual.
The form of consent sought may vary depending upon the circumstances and the type of information collected. In determining the form of consent to seek, the Company will take into account the sensitivity of the information. Although some information (for example medical records and income records of employees) is almost always considered sensitive, any information can be sensitive depending on the circumstances. In seeking consent the Company will take into account the reasonable expectations of the individual in the particular circumstances.
Generally, the Company will seek consent for the collection, use or disclosure of personal information at the time of the collection. In certain circumstances consent with respect to use or disclosure, as applicable, may be sought after the information is collected but before use (for example, when the Company wants to use the information for a purpose not previously identified).
Principle 4 – Limiting Collection
The Company collects only the personal information necessary for the purposes identified. Information shall be collected by fair and lawful means. The Company will not collect personal information indiscriminately.
Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes. If using personal information for a new purpose, the Company will document this purpose. Personal information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous. The Company will develop guidelines and implement procedures to govern the destruction of personal information.
Principle 6 – Ensuring Accuracy of Personal Information
Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. The extent to which personal information will be accurate, complete, and up to date will depend upon the use of the information, taking into account the interests of the individual. Personal information shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
The Company will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected. Personal information that is used on an ongoing basis, including information that may possibly be disclosed to third parties, will generally be accurate and up to date, unless limits to the requirement for accuracy are clearly set out.
Principle 7 – Ensuring Safeguards for Personal Information
The Company will ensure that security safeguards appropriate to the sensitivity of the information will be implemented to protect personal information. The security safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Company will protect personal information regardless of the format in which it is held. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. A higher level of protection will safeguard more sensitive information, such as medical and health records of employees, as appropriate. The methods of protection will include: (i) physical measures, for example, locked filing cabinets and restricted access to offices; (ii) organizational measures, for example, limiting access on a “need-to-know” basis; and (iii) technological measures, for example, the use of passwords, encryption, and audits. The Company will make its employees and consultants aware of the importance of maintaining the confidentiality of personal information and care will be used in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
Principle 8 – Openness About Personal Information Policies and Practices
The Company will make readily available to individuals specific information about its policies and practices relating to the management of personal information. The Company will be open about its policies and practices with respect to the management of personal information and an individual will be able to acquire information about the Company’s policies and practices without unreasonable effort. This information will be made available in a form that is generally understandable. The information made available will include:
In addition, the Company may make information on its policies and practices available in a variety of ways including, but not limited to, making brochures available in its place of business, mailing information to its clients, posting signs in its offices, or providing online access.
Principle 9 – Individual Access to Their Own Personal Information
Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate. In certain situations, the Company may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific. The reasons for denying access will be provided to the individual upon request.
Upon request, the Company will inform an individual whether or not it holds personal information about the individual. The Company will seek to indicate the source of this information and will allow the individual reasonable access to this information. In addition, upon request, the Company will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed, as appropriate.
An individual will be required to provide sufficient information to permit the Company to provide an account of the existence, use, and disclosure of personal information. The information provided will only be used for this purpose.
The Company will respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is generally understandable.
If an individual demonstrates the inaccuracy or incompleteness of certain personal information, the Company will amend the information as required. Depending upon the nature of the information challenged, amendment may involve the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the personal information in question. When a challenge is not resolved to the satisfaction of the individual, the Company will record the substance of the unresolved challenge.
Principle 10 – Challenging Compliance with the Company’s Privacy Policies and Practices
Currency of this Policy
This policy was adopted by the Board of Directors on January 4, 2019.