Stormtech Canada Associate Handbook

PERSONAL INFORMATION PROTECTION

1. PURPOSE This policy outlines the prescribed principles and practices to protect associate personal information. Commitment to privacy includes ensuring the accuracy, confidentiality, and security of personal information and allowing associates to request access to, and correction of, their personal information. 2. SCOPE This policy applies to all Stormtech associates working in Canadian locations. 3. DEFINITIONS • Personal Information - information about an identifiable individual, and includes but is not limited to, i.e., age, home address and phone number, social insurance number, marital status, education, employment information. • Contact information - information that would enable an individual to be contacted at a place of business and includes name, title, business telephone number, business address, and business email or business fax number. Contact information is not covered by this policy, PIPA or FIPPA. • Privacy Officer - the individual designated responsibility for ensuring that Stormtech complies with this policy, PIPA and FIPPA. 4. POLICY • This policy addresses our responsibilities under the British Columbia Personal Information Protection Act (PIPA) and the Ontario Freedom of Information and Protection of Privacy Act (FIPPA). • In the course of employment, Stormtech may collect personal information through electronic means, by phone, by mail or in person. Unless the purposes are obvious and the associate voluntarily provides his or her personal information for those purposes, Stormtech will communicate the purposes for which personal information is being requested. • Stormtech will obtain consent to collect, use or disclose personal information (except where Stormtech is authorized to do so without consent). Consent can be provided orally, in writing, and/or electronically, or it can be implied where the purpose for collecting, using, or disclosing the personal information would be considered evident, or required in order for the Company to fulfill its duties, or ought to be reasonably understood and the associate voluntarily provides personal information for that purpose. • Stormtech may collect, use or disclose personal information without the associate’s knowledge or consent in the following limited circumstances: when the collection, use or disclosure of personal information is permitted or required by law, in an emergency that threatens an individual's life, health, or personal security, when the personal information is available from a public source (i.e. a telephone directory), when legal advice is required from a lawyer, for the purposes of collecting a debt, to protect the company from fraud, and to investigate an anticipated breach of an agreement or a contravention of law. • Stormtech will make every reasonable effort to ensure that personal information is accurate and complete. Associates may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information should be forwarded to People & Culture. • Stormtech will use appropriate security measures to protect the security of personal information. Appropriate security measures will be used when destroying personal information such as shredding documents and deleting electronically stored information.

20|Page