Introduction
Niagara-on-the-Lake Hydro (NOTL Hydro) is committed to protecting the privacy of our customers. Our goal is to meet both the rules contained in, and the spirit of, the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
We have put rules in place across NOTL Hydro to make sure the personal information of our customers is kept secure, confidential and accurate.
Personal information means any information that would identify a customer: for example, name and address and phone number; financial or credit information; or information about a customer’s electricity use. Personal information does not include information that has been anonymized or combined with other details in such a way that it is impossible to identify any individual.
Further details about how we protect our customers’ privacy can be found below. We have developed our privacy policy based on MFIPPA’s privacy rules. We have also based our approach on international privacy standards and the Canadian Standards Association’s 10 Principles for the Protection of Personal Information.
If you have any questions about how we protect personal information at NOTL Hydro, or questions or comments about how your own personal information was collected, used or shared, please contact NOTL Hydro’s Privacy Officer:
Niagara-on-the-Lake Hydro
8 Henegan Road, PO Box 460
Virgil, ON L0S 1T0
Attention: Privacy Officer
For email, please visit our Contact Page
PURPOSE
This Privacy Policy describes how NOTL Hydro protects the personal information of its customers. The policy explains why we collect certain kinds of personal information, how we use this information and how this information is protected. This policy also explains customers’ rights of access to their own information and/or its correction.
In this Privacy Policy, “NOTL Hydro”, “we”, “us” or “our” means NOTL Hydro Inc. “Customer”, “you”, and “your” mean the individual who is a customer or prospective customer.
However, this Privacy Policy does not apply to information about business customers who carry on business as corporations, partnerships or other forms of association. NOTL Hydro does, however, protect the confidentiality of such information in accordance with the law, regulatory codes of conduct issued by the Ontario Energy Board, contractual arrangements and our own policies.
By accepting service from us, using our website, or otherwise providing us with your personal information, you are accepting the practices described in this Privacy Policy, as they may be changed by us from time to time. Since we may change the terms in this Privacy Policy occasionally, we recommend you review it periodically.
Canadian Standards Association: Personal Information Protection Principles
Personal Information Protection Principles
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with privacy principles.
- Identifying Purposes: An organization shall identify the purposes for which personal information is collected at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
POLICY
Accountability
At NOTL Hydro, the President has ultimate responsibility for protecting the privacy of our customers. The President has delegated the day-to-day responsibilities to NOTL Hydro’s Privacy Officer. However, all employees must meet NOTL Hydro’s privacy rules.
NOTL Hydro’s Privacy Officer is the person who makes sure the privacy rules are followed across the organization. (S) he is responsible for keeping NOTL Hydro’s privacy rules current and up-to-date. (S) he is also the person who should receive any privacy complaints or inquiries about privacy at NOTL Hydro. If you have questions or concerns, please contact by e-mail at our contact page or by telephone at 905-468-4235.
NOTL Hydro is responsible for protecting the personal information that it holds about its customers, or that it discloses to third parties (i.e. service providers, banks, credit unions) about those customers for various reasons. NOTL Hydro has a number of contracts and agreements with third parties. Those contracts hold the third party to the same level of privacy protection as NOTL Hydro provides.
We have trained our staff so they understand the privacy rules and their obligations to protect customer information. There are also policies and procedures in place across the organization to make sure all staff comply with MFIPPA’s privacy rules.
Identifying Purposes
When we ask you for any personal information, we will explain the reason for the request: why we are collecting personal information and what we will do with it. We will do this when we ask for the information. For example, when you open an account with us and apply for service, the application form explains why we are asking for certain pieces of information and what we will do with them.
After that point, if we need to use a customer’s personal information for any other reason, we will explain the new use and ask for consent before we use it. A customer may refuse to allow us to use their personal information for this new purpose, unless the new purpose is required by law or our regulatory authorities. However, if you refuse we may not be able to provide you with some services since we need certain kinds of personal information in order to provide electricity to you.
Generally, we will use your personal information for the following reasons:
- to contact you, to answer questions about your account and to give you information about NOTL Hydro’s programs and services;
- to provide you with electricity services;
- to bill you for the electricity you use;
- to establish your credit worthiness;
- to enroll you for pre-authorized payment plans;
- for legal, regulatory and electricity market operation requirements;
- to help prevent or investigate fraud, theft of power or other illegal activities; and
- to ask you to take part in contests, surveys or research.
We may monitor customers’ telephone conversations with staff for quality assurance purposes and may use surveillance cameras on our property. We will give notice (i.e. signs on our buildings regarding video surveillance; recorded messages when you call our offices) so customers and visitors are aware of these activities.
If an NOTL Hydro employee asks a customer for personal information, that employee should be able to explain how the information will be used. In some cases, privacy questions may be referred to our Privacy Officer, who can provide additional information and answer customers’ questions.
Consent
NOTL Hydro will ask for your consent for the collection, use and/or disclosure of your personal information when we collect it from you. In most cases, your consent will be express. For example, when you complete and sign an Application for Service you are providing express consent for NOTL Hydro to use your personal information to provide you with electricity and bill you for it.
Sometimes your consent will be implied. For example, if NOTL Hydro contracts repair work to another company, in the event of a power outage some of your personal information (your name and address) would be disclosed to allow that company to restore service to your home.
You may give your consent directly to NOTL Hydro or you may give it through a third party who has your consent. For example, if you sign a separate contract with a retailer, the retailer may give your personal information to NOTL Hydro. We might also give your billing and energy use to that retailer. Someone acting for you, such as a legal guardian or person with power of attorney, may also give consent on your behalf.
There are only limited circumstances when we might collect, use or disclose your personal information without your knowledge or consent. These circumstances are permitted or required by law or by our regulatory authorities.
You can refuse or withdraw your consent to the collection, use or disclosure of your personal information at any time. However, NOTL Hydro may require you to give notice of your intent, or may advise that your refusal or withdrawal of consent is not possible for certain reasons. You need to be aware that your refusal to consent, or your withdrawal of consent, may mean that NOTL Hydro cannot provide you with some services. In such circumstances, we will explain the effects of your withdrawal or refusal to provide consent.
Limiting Collection
NOTL Hydro will not ask for any more of your personal information than we need for the reason(s) we have explained.
The kind of information we usually ask for includes:
- your name and address (mailing and service address) and other contact information (i.e. home and work telephone numbers and e-mail addresses);
- facts about past and current electricity use at your home or business;
- your account history with a previous hydro utility if you are opening an account with us (i.e. account number, account balances, payment history, and account activity);
- credit information (i.e. credit card number, credit and reference information) and employment information;
- identifying information (i.e. date of birth, driver’s licence number);
- medical information which we will use to ensure you continue to receive service if we are planning a power outage;
- bank information for pre-authorized payments (i.e. name and address of bank, your account type and number); and
- information related to a letter, e-mail or phone call from you.
Limiting Use, Disclosure and Retention
Because of the structure of the electricity sector in Ontario, we may have to share your billing and consumption information with third party billing and settlement agencies; for example, if you have signed a separate contract with an energy retailer.
We may also share your personal information with other agencies or organizations as required or permitted by law or regulatory authorities. For example, our billing, settlement and regulatory relationships with third parties are governed by our licence and regulatory codes. These are established by the Ontario Energy Board.
NOTL Hydro will not disclose any personal information to any of its affiliates without your written consent except where such a disclosure is required. This might include:
- for billing or market operation purposes;
- for law enforcement purposes;
- to comply with a legal requirement; or
- to process a customer’s past due account which is now with a third party for collection.
Under other certain circumstances, NOTL Hydro may have a legal duty or right to collect, use or disclose your personal information without your knowledge or consent.
We will keep your personal information only as long we need it for the reasons we gave you when we collected it in the first place and to meet legal and contractual obligations. We will not trade, rent or sell your personal information to anyone for any reason.
We will protect your personal information while we have it. We will apply our records retention policies and schedules to your personal information. Once we no longer need to keep your information, we will destroy it in a secure manner so it cannot be reassembled and used by anyone else.
The only employees at NOTL Hydro who will see your personal information are those whose jobs require access to customers’ personal information.
Accuracy
We make every effort to keep your personal information as accurate and up-to-date as possible. From time to time, we may ask you for additional information about your account or your hydro use, particularly if you are signing up for a new program or service. For example, if you join our electronic billing service – CustomerConnect – we will ask you for your email address and a password.
However, we also rely on our customers to make us aware of any change that might be important to maintaining a good working relationship. This includes: changes to contact information such as phone or email; changes to financial information such as a new bank account or credit card number; and obvious changes such as a move to a new address. We only use this personal information for the reasons we explained when we asked for it in the first place (please see Limiting Collection above) and it is important that we keep your information accurate.
If you feel we may be using information about you that is out-of-date or incorrect, you may ask to see the information we have on file about you and ask for a correction, if that is required. Further details about that process are included in the Individual Access section below.
Safeguards
While we have your personal information, we take great care to protect it from loss or theft or any unauthorized access. This means we have rules in place to make sure your information is not copied or changed in any way, or used or disclosed in a way that is not consistent with the consent you gave us.
The way we protect your personal information depends on the format in which we hold it. Paper files are held in locked filing cabinets and only accessible to employees who need the information to do their jobs.
Electronic files are protected behind firewalls and are password-protected. Only NOTL Hydro employees have password access. Personal information that must be disclosed to third parties for billing purposes is encrypted.
All employees at NOTL Hydro are aware of their responsibility to protect personal information.
Openness
We have policies and procedures in place to protect the personal information we hold about customers. And we have prepared this Privacy Policy to ensure you understand what we do with the personal information we hold.
Individual Access
Anyone can request to see their personal information and request a correction if that information is wrong or out-of-date. There may be some situations where we may not be able to provide access to all the personal information we hold about someone. These exceptions are limited and specific. They include situations where one individual’s personal information contains references to other people, where the information was supplied in confidence, or it is information that cannot be disclosed for legal, security or proprietary commercial reasons.
In making a request to see your own personal information, you will be asked to provide identifying information so that we can confirm your identity. This identifying information will only be used to confirm your right of access to your own information.
If a correction or amendment is required, we will correct your personal information as quickly as possible. If there is a difference of opinion as to the need for a correction, a statement of disagreement will be attached to your file. In either event, we will share the correction or the statement of disagreement with any third parties who have used the personal information within the past year.
Challenging Compliance
Anyone who wishes to question our compliance with either the privacy rules found in MFIPPA, or the privacy principles explained on this website can do so by contacting our Privacy Officer:
- Telephone: 905-468-4235
- Mail: Niagara-on-the-Lake Hydro
8 Henegan Road, PO Box 460
Virgil, ON L0S 1T0
Attention: Privacy Officer - Online: please visit our Contact Page
Updated Nov 15, 2018