Privacy Policy

At Common Collection Agency Inc. (CCA), we respect the privacy of the debtors we deal with on behalf of our clients. Your personal information, that is, any information that identifies you, is only collected, used and disclosed by CCA in accordance with this Privacy Policy. This policy is based on the Canadian Standards Association Model Code for adherence to Canada’s Personal Information Protection and Electronic Documents Act (PIPED). CCA commits to all of the principles contained in the Model Code.
This policy also governs the behaviour of our employees and agents acting on our behalf. All of our employees who have access to debtors’ personal information have been thoroughly trained on the handling of such information. Likewise, new employees receive training on privacy as a fundamental part of their initial orientation. All employees are required to sign this policy and commit to following it when handling a debtor’s personal information. Why do we Collect, Use and Disclose Your Personal Information?
Personal information to which this policy applies may include but is not limited to the debtor’s:
• Contact details: home and business phone numbers and addresses.
• Assets, bank accounts and any other details about the debtor’s financial situation.
• Relatives, neighbours, friends and their contact details.
• Living arrangements and property ownership.
• Credit scores and credit history.
• Employment history.


How is your Personal Information kept Safe?

CCA has a number of measures in place to ensure that your information is kept secure, whether it is stored electronically or in paper format. We are also constantly taking steps to enhance these safeguards. Organizational security measures include, but are not limited to, the following:
• Visitors to CCA’s premises are required to sign in and out. All visitors are informed of the sensitive and confidential nature of our records and undertake not to attempt to view or obtain any such records without explicit authorization. Cleaning staff and maintenance workers are asked to sign similar undertakings.
• CCA has a Clean Desk Policy in place whereby employees are required to put all files and records containing personal information about debtors into locked desks or filing cabinets at the end of every day. When a desk is left unattended, employees also know not to leave such documents in plain view.
• Documents containing personal information are stored in locked shredding bins and shredded weekly on the building premises by a reliable third party.
Physical security measures include, but are not limited to, the following:
• CCA’s premises are alarm-monitored.
• All offices, the server room, employee desks and filing cabinets are locked after hours. Stringent controls are in place to ensure that keys are not widely distributed.
• Daily back-up tapes are stored in a secure off-site location.
Technological security measures include the following:
• CCA has made a substantial investment in reliable servers, database, backup and security technologies, as well as industry standard firewalls to protect your information.
• CCA’s secure server is password-protected and employees are provided with Guidelines for the Selection of Secure Passwords.
• In order to avoid unauthorized access, employees are asked to log out of the system when it is not in use. If an employee has not logged out, a ten minute system time-out results in the employee being automatically logged out.
• Only managers can obtain port-to-port secure remote access to the system. Records containing personal information cannot be remotely downloaded or printed.


How Accurate is Your Personal Information?

If the personal information we have about you is going to help us recover a debt, we need to keep this information as accurate as possible. However, we are relying on the information we receive from our clients, third parties and yourself. Upon cross-checking our sources, if we find any information is out-of-date, incomplete or false, we will immediately correct this information on our records. We attempt to verify the personal information we possess prior to using it or disclosing it for debt collection purposes.
How Long do we Retain your Personal Information?
Personal information that is in electronic format is maintained in our data base for a period of seven years from the date an account is assigned or the date of last financial activity or acknowledgement of the debt. Should the file have been litigated and judgment obtained, electronic information is retained for twenty years. Data is made anonymous on November 1st of year following the expiration of the limitation statutes / requirements. Personal information that is no longer necessary or relevant for debt collection purposes or required to be retained by law shall be erased or made anonymous. Where personal information has been used to take legal action against a debtor, CCA will retain the information for as long as required by limitation statutes for appeal purposes. Paper records containing personal information (for example, correspondence from the debtor) are kept in locked filing cabinets for a maximum of 6 years before they are shredded. Note that when we delete personal information from the system, residual information may remain in back-up files temporarily.


Do Third Party Information Suppliers Respect your Privacy?

We share this Privacy Policy with all of our clients and third party information suppliers. When we reveal your personal information in order to identify you to third party suppliers, we expect that information to be protected. We urge third parties to review and pay heed to this policy, not to further disclose the personal information they have received from us, to keep that information secure and to destroy it once they have provided CCA with the information we require. We impose these obligations through contracts with third party information suppliers whenever possible.


Can you have Access to Your Personal Information?

You have the right to access any personal information that we have about you, as well as to find out about the uses and disclosures of this information. You can also challenge the accuracy and completeness of the information and have it amended as appropriate. In order to safeguard personal information, a debtor may be required to provide sufficient identification to permit CCA to account for the existence, use and disclosure of personal information and to authorize access to the debtor’s file. Note that in certain situations, CCA may not be able to provide access to all of the personal information it holds about a debtor. Exceptions may include information that contains references to other individuals that cannot be adequately severed so as to protect someone else’s privacy; information that cannot be disclosed for legal, security or commercial proprietary reasons; or information that is subject to solicitor-client or litigation privilege. CCA shall provide the reasons for denying access upon request. Who is Accountable?
CCA takes full responsibility for the management and protection of the personal information it collects. We have a dedicated Privacy Officer who is accountable for compliance with this policy. If you feel that CCA is not abiding by this Privacy Policy or have any concerns about CCA’s information-handling practices, please contact:

Privacy Officer
Common Collection Agency Inc.
11 Progress Avenue, Suite 202
Scarborough, Ontario
M1P 4S7

PrivacyOfficer@commoncollections.com  <mailto:PrivacyOfficer@commoncollections.com>

CCA shall investigate all complaints concerning compliance with the policy. If a complaint is found to be justified, CCA shall take appropriate measures to resolve the complaint including, if necessary, reprimanding employees or amending its policies and procedures.
By providing you with this Privacy Policy, CCA is pledging our continued commitment to protecting debtors’ personal information handled by the company. We make all of our policies and practices relating to the management of personal information readily available. We have a Privacy Team in place that regularly reviews and assists in implementing improvements to our information-handling practices. The Privacy Team reports to the Privacy Officer who may make changes to this policy from time to time to reflect current practices.
Home | Executive Summary | Executive Bios | Contact | Legal Disclaimer | Privacy Policy | AODA | Payment Information
Home | Executive Summary | Executive Bios | Contact | Legal Disclaimer | Privacy Policy | AODA | Payment Information