The Personal Information and Electronic Documents Act (the Privacy Act) governs how organizations can collect, use and disclose the personal information of clients and employees.

Personal information includes any information about an identifiable individual other than that individual's name, and the title, business address, and business phone number of an employee of an organization. This includes information about an individual's age, address, ID number (such as S.I.N.), income, race, ethnic origin, medical history, employment history, opinions, political affiliations, bank account, credit cards, and purchasing habits.

The principles of the privacy legislation are as follows:

The Privacy Officer is responsible and accountable for compliance with the Privacy Act.

Reasons for collecting personal data are identified before it is collected. The information collected is limited to what is essential for the purpose identified. Information is only used for the purpose defined and consented to by the individual, and must be destroyed when its purpose is complete, unless its retention is mandated by law (i.e., the Income Tax Act). Safeguards ensure the confidentiality of personal information.

Without the client's express written consent, Goodreid, its employees, officers or directors, will not permit inappropriate access to, or disclosure of, a client's personal information to any person, except as may be required by legal process or statutory authority. The client's consent is obtained in writing wherever possible, and separate consent is obtained for each instance of disclosure of personal information to an outside party.