Effective date: 22nd day of August, 2024
Updated: September 10, 2025

Data Privacy Policy

Definitions

The Client
A generic representation of a client of Westbrand Group Ltd.

Client Data
Any and all data transferred by The Client to Westbrand Group Ltd.

Personal Data
Data that contains personally identifying information about real people like names, phone numbers, addresses and email addresses, banking information, or legal matters, etc.

DPA
Canada’s Digital Privacy Act

PIPEDA
The Federal Personal Information Protection and Electronic Documents Act, S.C. 2000, ch. 5

PIPA Alberta
Alberta’s Personal Information Protection Act, S.A. 2003, ch. P-6.5

Introduction

Westbrand Group Ltd. (“us”, “we”, or “our”) is a business that uses customer data to fulfill orders based on a set inventory and or manufacturing set of services. Our business practices, require us to obtain, store, handle and process large quantities of data. Both Westbrand Group Ltd. and The Client have a mutual, vested interest in ensuring this data is used responsibly and protected appropriately.

We use Client Data only for specific and discussed purposes and long term Inventory optimization. This data is never leveraged for external use, alternate projects or other business objectives outside of the direct scope of the customer requests with Westbrand Group Ltd.

By transferring data to Westbrand Group Ltd., you agree to the handling of data in accordance with this policy.

Policy Purpose and Scope

The purpose of this policy is to clearly disclose all practices employed by Westbrand Group Ltd. to ensure that the privacy of the Client is respected at all times. This policy outlines the practices by which employees of Westbrand Group Ltd. transfer, store, manipulate, share and dispose of Client Data. Accordingly, this policy also outlines Westbrand Group Ltd.’s compliance with PIPEDA, the Canadian legal standard for data privacy practices.

This policy applies to:

  • The head office of Westbrand Group Ltd.
  • All branches of Westbrand Group Ltd.
  • All staff (both full and part-time) of Westbrand Group Ltd.
  • All contractors, suppliers and other people working on behalf of Westbrand Group Ltd.

Westbrand Group Ltd.’s specific business purpose is to optimize our inventory through the data we obtain, manipulate, and analyze information transferred to us by The Client. Unlike other businesses or applications that may inadvertently obtain customer/user information, our explicit business objective is to obtain and process data to fill specific order requests and optimize our inventory for future orders. In this context, this privacy policy extends beyond just the handling of personally identifying data that PIPEDA and PIPA Alberta are concerned with and encompasses any Client Data that may include, but is not limited to:

  • personally identifying information (names, addresses, phone numbers, etc)
  • data pertaining to The Client’s business practices and record keeping
  • data pertaining to The Client’s employees
  • data pertaining to The Client’s customers
  • data pertaining to The Client’s financials

Data Protection Law

In June of 2015, the Digital Privacy Act (DPA) received Royal Assent and officially became law in Canada. The DPA modernizes the private sector privacy laws by amending the Personal Information Protection and Electronics Documents Act (PIPEDA).

PIPEDA is specifically written as a private sector privacy statute, and governs the inter-provincial and international collection, use and disclosure of personal information. PIPEDA also applies to any organization that collects, uses, and discloses personal information in the course of commercial activity which takes place within a province. However, PIPEDA is rendered obsolete when a province has enacted internal privacy legislation that has been deemed to be “substantially similar” to PIPEDA. PIPA Alberta has been classified as “substantially similar” to PIPEDA and as Westbrand Group Ltd. is based in Alberta, Canada, it is this statute that Westbrand Group Ltd. is legally bound to follow when working with clients in the province of Alberta and provinces within Canada.

Data Protection Risks

This policy helps to protect Westbrand Group Ltd. from data security risks, including but not limited to:

  • Breaches of confidentiality. The Client should be certain that their Client Data is not inappropriately accessed or released, and only handled by those authorized to do so
  • Failing to offer choice. Rest assured, Client Data is used for appropriately discussed business purposes and the scope of the data’s use is limited to inventory optimization and order fulfillment
  • Reputational damage. The Client should be certain that their Client Data is not accessed by malicious actors outside of Westbrand Group Ltd. who seek to do them potential harm

Westbrand Group Ltd. Employee Data Handling Guidelines

Data Security Levels

Westbrand Group Ltd. employees work with data, including Client Data and Personal Data, in the course of their regular duties.
Westbrand Group Ltd. shall ensure that:

  1. Access to data is strictly limited to those authorized to work on a customer’s requests
  2. All servers and computers containing data are running the latest and most secure versions of software, as well as an approved security software and firewall
  3. All machines that interact with Westbrand Group Ltd. computer networks must comply with the standards as set out in (II) before being granted access
  4. All guests connected to WiFi on Westbrand Group Ltd. company sites are relegated to a separate and severely limited “guest network” that prevents any ability to access internal networks
  5. All hardware is audited once per year to ensure compliance with the standards set here
  6. Computer screens are locked when left unattended

Data Storage

Westbrand Group Ltd. shall ensure that:

  1. Data is always protected by strong passwords that are never shared between employees or anyone but the exclusive employee working on said data
  2. If data is stored on removable media (eg. an external hard-drive), this media is kept securely locked away on the physical premises when not being used
  3. Data is only stored on securely encrypted drives and servers, and only uploaded to an approved cloud computing service if explicitly negotiated to do so with the customer
  4. Data is only stored on cloud services within Canada when possible
  5. Servers containing Personal Data are in a secure location away from general office space
  6. Data is backed up frequently, in line with Westbrand Group Ltd.’s standard backup procedures
  7. Data is never saved directly to laptops, tablets, phones or other mobile devices

Where third-party tools or service providers are engaged to support the delivery of services (e.g. cloud hosting, data backup, communications platforms, or specialized technical services), Westbrand Group Ltd. ensures that such providers are contractually bound to maintain confidentiality and security standards that are equal to or greater than those outlined in this Policy.

Data Use

Westbrand Group Ltd. shall ensure that:

  1. Customer Data is used for the explicit and exclusive purpose of the intended customer request with Westbrand Group Ltd. and never used for alternate internal or external purposes other than optimizing inventory available to clients.
  2. Customer Data is never shared through informal channels like email, messaging applications or any other un-secure channel unless required to fulfill the customer request
  3. Customer Data is never transferred to machines that exist outside of Westbrand Group Ltd.
  4. Employees and subcontractors are under confidentiality agreements

Data Minimization

Westbrand Group Ltd. shall ensure that:

  1. Collection and use of Personal Data are relevant and limited in scope
  2. Customer Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed
  3. Copies of Customer Data are kept to a practical minimum, and such copies are only created for legitimate technological purposes

Data Archiving / Removal

Westbrand Group Ltd. shall ensure that:

  1. Customer Data is kept only for as long as is necessary for The Customer’s project and is destroyed after a project’s completion.
  2. The sole exception is where The Customer provides explicit permission for continuing work with a related project that would use this data.
  3. Westbrand Group Ltd.’s Security Team can provide a review of client data and or supply the Customer with a certificate of destruction to confirm the destruction of their data upon request.

Data Breaches

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, Westbrand Group Ltd. shall promptly assess the risk to people’s rights and freedoms and take immediate action to rectify the situation. Westbrand Group Ltd. is also legally obligated to immediately report said breach and all relevant details to the Office of the Privacy Commissioner of Canada.

Consent

By engaging Westbrand Group Ltd. for services — including submitting data, requesting support, or entering into a service agreement — the Client is deemed to have reviewed and accepted the terms of Westbrand Privacy Policy

Questions?

For additional information and or questions please email privacy@westbrand.ca