Tangerine

Mutual Funds Privacy Code

Add Comment

Investment Funds Privacy Code <ul> <li> Privacy </li> <li> Digital Privacy and Interest-Based Advertising </li> <li> Investment Funds Privacy Code </li> <li> Privacy Code </li> <li> Statement Regarding Biometrics and Your Privacy </li> <li> AdChoices </li> <li> Data Ethics Commitment </li> </ul> <ul> <li> Privacy </li> <li> Digital Privacy and Interest-Based Advertising </li> <li> Investment Funds Privacy Code </li> <li> Privacy Code </li> <li> Statement Regarding Biometrics and Your Privacy </li> <li> AdChoices </li> <li> Data Ethics Commitment </li> </ul> Investment Funds Privacy Code A word about your privacy We respect your privacy. Not only do we respect it, but we also protect it. The private information you share with us stays with us. We do, however, provide or collect your information as is required by legislation to those to whom you have authorized us to release information. They include the financial institutions you’ve asked us to deal with, and specialized service providers (like the people who print our Account statements). All of the above must meet our rigorous privacy standards. We’ve provided this booklet for your interest and information. This policy does have a legal tone that reflects both the importance of the issue and it is consistent with federal and provincial legislation. If you want more information regarding our privacy principles, please read on. If you have privacy questions or concerns, please contact one of our Investment Funds Associates at 1-877-464-5678. You can also contact our Privacy Office by mail to Tangerine Investment Funds Limited, 3389 Steeles Ave E, Toronto, Ontario M2H 0A1. Introduction Tangerine Investment Funds Limited (TIFL) is committed to keeping personal information of our Clients and prospective Clients (“you” or “your” personal information) accurate, confidential, and secure. The Tangerine Investment Funds Privacy Code reflects this commitment. This Privacy Code is based on the Personal Information Protection and Electronic Documents Act (PIPEDA). It describes how Tangerine Investment Funds Limited subscribes to the principles of the above laws and codes. A copy of the PIPEDA is available at priv.gc.ca. Copies of the CBA and CSA Model Codes are available on request from the Canadian Bankers Association at 1-800-263-0231. The Scope of this Privacy Code This Privacy Code describes the principles TIFL will use to protect the privacy of personal information in its possession or control. Changes to this Privacy Code In order to ensure that this Privacy Code is kept up-to-date, we will change it from time to time. Notice of changes to the Privacy Code may be distributed by email, through TIFL statements, letters, posted on the TIFL website, through your online Inbox or any other electronic method used by TIFL to communicate with you. Definition of Terms used in this Privacy Code Direct Marketing Promotions targeted to individuals whose personal information indicates that a certain product may be of interest to them. This includes mail, email and telemarketing initiatives. This does not include statements, statement inserts, through Investment Funds Associates or Client relationship management. Investment Funds Associates The Client Services representatives at TIFL to whom the public is encouraged to address their initial questions and concerns about a Tangerine product or service. They may be reached by telephone at 1-877-464-5678 or email at tangerineinvestmentfunds@tangerine.ca. Personal Information Information about an identifiable individual, not including the name, title or business address or business telephone number of an employee of an organization. Privacy Office The department at TIFL that is responsible for ensuring the protection of individuals’ personal information. The Global Privacy Officer may be contacted by mail at: Global Privacy Office Tangerine Investment Funds Limited 3389 Steeles Ave E Toronto, Ontario M2H 0A1 The Ten Principles of Privacy in Summary These ten principles of privacy are interrelated and must be read in conjunction with the accompanying commentary. 1. TIFL’s Accountability TIFL is accountable for all personal information in its possession or control, including any personal information transferred to third parties for processing. TIFL has established policies and procedures to comply with this Privacy Code, and has designated one or more persons accountable for compliance. 2. Identifying the Purposes of Collecting Personal Information TIFL will inform individuals of the purpose for which personal information will be used before or when they consent to its collection. 3. Obtaining Consent TIFL will obtain consent before or when it collects, uses or discloses personal information about an individual. An individual can provide consent to the collection, use and disclosure of personal information about them expressly, implicitly, or through an authorized representative. An individual can withdraw consent at any time, with certain exceptions. TIFL will collect, use or disclose personal information without an individual’s consent only in limited circumstances as permitted by law. 4. Limits for Collecting Personal Information TIFL limits the amount and type of personal information it collects. TIFL will collect personal information only for the identified purposes or as otherwise permitted by law. 5. Limits for Using, Disclosing and Keeping Personal Information TIFL will use or disclose personal information only for the reasons it was collected, unless an individual gives consent to use or disclose it for another reason. Under certain circumstances, TIFL may have a legal duty or right to disclose personal information without consent. TIFL will keep personal information only as long as necessary for the identified purposes. 6. Keeping Personal Information Accurate TIFL will keep the personal information in its possession or control accurate, complete, current and relevant, based on the most recent information available to TIFL. Individuals may challenge the accuracy and completeness of personal information about them and have it amended as appropriate. 7. Safeguarding Personal Information TIFL protects personal information with safeguards appropriate to the sensitivity of the information. 8. Making Information about Policies and Procedures Available TIFL will be open about the procedures used to manage personal information. Individuals will have access to information about these procedures through this Privacy Code, by contacting our Investment Fund Associates or by contacting the Privacy Office. The information will be available in a format that is easy to understand. 9. Providing Access to Personal Information When an individual requests it, when possible, TIFL will advise the individual what personal information TIFL has in its possession or control about the individual, what it is being used for, and to whom it has been disclosed. When an individual requests it, TIFL will give an individual access to personal information about them which is in the possession or control of TIFL. In certain situations, however, TIFL may not be able to give individuals access to all of their personal information. 10. Handling Complaints and Questions Individuals may challenge TIFL’s compliance with this Privacy Code. Complaints and inquiries should be directed to our Investment Fund Associates or sent to the Privacy Office. Principle 1 TIFL’s Accountability TIFL is accountable for all personal information in its possession or control, including any personal information transferred to third parties for processing. TIFL has established procedures to comply with this Privacy Code, and has designated one or more persons to be accountable for compliance. 1.1 Senior management of TIFL will have ultimate accountability for protecting personal information. Senior management has delegated the day-to-day management of procedures involving personal information protection to one or more persons. 1.2 TIFL’s Privacy Office is responsible for overall personal information protection and TIFL’s compliance with this Privacy Code. In addition, Investment Fund Associates are able to respond to most inquiries about the protection of personal information. 1.3 Tangerine Investment Funds Limited will allow the following categories of employees of TIFL’s parent, Tangerine Bank, to access individuals’ personal information in TIFL’s control: <ul> <li>Sales and Service Personnel;</li> <li>Marketing Personnel;</li> <li>Audit Personnel;</li> <li>Security Personnel;</li> <li>IT Personnel;</li> <li>Operations Personnel;</li> <li>Legal Compliance Personnel;</li> <li>Risk Management Personnel. and</li> <li>Credit and Lending Personnel.</li> </ul> 1.4 TIFL is also accountable for personal information that has been transferred to a third party for processing. TIFL’s policy for safeguarding personal information transferred to third parties is set out in Section 7.4 of this Privacy Code. 1.5 To practice the principles of this Privacy Code, TIFL: <ul> <li> 1.5.1 has established procedures to protect the privacy of personal information; </li> <li> 1.5.2 has established procedures to receive and respond to questions and complaints; </li> <li> 1.5.3 gives the public access to this Privacy Code. and </li> <li> 1.5.4 has trained TIFL staff to understand and follow TIFL’s procedures. </li> </ul> TIFL also oversees compliance with this Privacy Code through regular audits and other compliance procedures. Senior management reports to a committee of its Board of Directors regarding compliance with this Privacy Code. Principle 2 Identifying the Purposes of Collecting Personal Information TIFL will identify the purposes of collecting personal information, before or when consent is provided. 2.1. Except as noted below, when an individual applies for a product or service, TIFL will make the individual aware of the purposes for which TIFL is requesting the personal information. If TIFL identifies other purposes for which the personal information may be used, TIFL will seek the individual’s consent prior to starting these uses. TIFL will explain that it is the individual’s right to refuse permission for TIFL to use personal information for any such other purposes. In some cases TIFL will not explain those purposes or obtain the individual’s consent. (See Section 3.4 and Section 5.1 for details.) 2.2. TIFL will clearly identify the purposes for which it is collecting personal information in writing, verbally (either in person or over the telephone), or by any other means it communicates with individuals. 2.3. Individuals can ask for information about the purposes for which TIFL collects personal information when they phone or write to the Privacy Office. 2.4. Unless additional purposes are identified to an individual before or at the time of collection, TIFL will collect personal information (which may include credit, employment and other financially related information) for the following purposes: <ul> <li> to help identify new Clients; </li> <li> to determine the suitability of products or services for an individual or the eligibility of an individual for products and services; </li> <li> to set up and manage TIFL’s products and services offered by approved distributors that meet an individual’s needs; </li> <li> to offer products and services to meet those needs; </li> <li> to provide ongoing service. and </li> <li> to meet legal and regulatory requirements, such as requirements under the Income Tax Act and credit reporting requirements. </li> </ul> 2.5. TIFL takes care to explain purposes which are not as obvious as others. The purposes for collecting a name or address are obvious and do not need to be explained, but the purposes for collecting other information may not be as self-evident. TIFL may collect, disclose and use personal information for some or all of the following purposes: <ul> <li> references are used to verify information on an application; </li> <li> your date of birth (DOB) and other identifying information may be collected and used to verify your identity and to protect you and TIFL from error or fraud. TIFL may also collect and use personal information obtained from credit bureaus, credit reporting agencies and other financial institutions in order to help verify your identity; </li> <li> a Social Insurance Number (SIN) is collected and used because the Income Tax Act requires it for an individual’s income tax reporting. In addition, a SIN may be used to match credit bureau information to help verify the identity of a Client; </li> <li> personal information is exchanged with credit bureaus, credit reporting agencies, credit insurers, and other financial institutions to determine eligibility for financial products. The credit reporting agencies that provide your credit information to us are Equifax Canada Inc. (Equifax.ca) and TransUnion Canada Inc. (transunion.ca). You can contact them to access, rectify or obtain a copy of your credit report; </li> <li> personal information is used by TIFL to determine initial and ongoing eligibility for financial products and to notify Clients of such products by mail, email or phone; </li> <li> personal information may be collected, used and disclosed to investigate Client complaints; </li> <li> personal information may be collected and used to ensure that any of your instructions can be properly verified; </li> <li> personal information is shared, to the extent permitted by law, with Tangerine Bank for the purposes of serving you better. For example, we include in your Account statements, a statement for each of your Accounts held at TIFL and Tangerine Bank; </li> <li> personal information may be collected, used and disclosed to investigate specific transactions or patterns of transactions for the purpose of detecting unauthorized or illegal activities; </li> <li> if you open an Account to be operated on behalf of a third party, personal information of that third party will be collected from you in accordance with Anti-Money Laundering legislation. and </li> <li> personal information may be used by TIFL and disclosed to TIFL’s affiliates to satisfy regulatory reporting requirements and international banking standards for financial institutions. </li> </ul> 2.6. The way we analyze your personal information may involve automated decisions. This involves processing your personal information using software that can evaluate your personal circumstances and other factors to address risks or outcomes. We may use this method to make decisions about you relating to credit checks, identity and address checks, monitoring your Account(s) for fraud or other financial crime, or for other reasons that we’ll disclose to you. We may use automated decision making if it’s necessary for us to provide you with a particular product (for example, we may use it to decide on the types of services that are suitable for you), to prevent fraud or financial crime, or if it’s reasonable to ensure that we’re treating our Clients fairly. Principle 3 Obtaining Consent TIFL will obtain consent before or when it collects, uses or discloses personal information about an individual. An individual can provide consent to the collection, use and disclosure of personal information about them expressly, implicitly or through an authorized representative. TIFL will collect, use or disclose personal information without an individual’s consent only in limited circumstances as permitted by law. Subject to certain legal and contractual restrictions and reasonable notice, an individual can refuse or withdraw their consent to the collection, use or disclosure of personal information about them at any time. 3.1. TIFL will obtain consent before or when it collects, uses or discloses personal information. Generally, TIFL will seek consent to use and disclose personal information at the same time it collects the information. In some circumstances, TIFL may identify a new purpose and seek consent to use and disclose personal information after it has been collected. 3.2. TIFL will explain to individuals in plain language how personal information will be used or disclosed before they give their consent. 3.3. Consent to the collection, use and disclosure of personal information can be expressed, implied, or given through an authorized representative of the individual. <ul> <li> individuals can express consent verbally, such as when information is collected over the telephone, in writing, such as when completing and signing an application or electronically, such as when applying through a computer. </li> <li> individuals can imply their consent, for example, by using a TIFL product or service. In such a case, TIFL may assume that the individual consents to the use of the personal information. </li> <li> individuals can also give consent through an authorized representative, such as a legal guardian or a person with Power of Attorney. This may be necessary, for example, if TIFL cannot obtain express consent from an individual who is a minor, seriously ill, or mentally incapacitated. </li> </ul> 3.4. TIFL may collect, use or disclose personal information without the individual’s knowledge and consent only in limited circumstances as permitted by law. <ul> <li> TIFL may collect, use and disclose personal information without the individual’s knowledge or consent if it is clearly in the individual’s best interests to do so and consent cannot be sought in a timely manner. An example of such a circumstance is when an individual is seriously ill. </li> <li> TIFL may collect, use and disclose personal information without individuals’ knowledge or consent in certain circumstances where the information is publicly available. An example would be the name, address and phone number of a subscriber to a telephone directory that is available to the public where the subscriber can refuse to have their personal information appear in the telephone directory. </li> </ul> 3.5. Subject to certain legal or contractual restrictions and reasonable notice, an individual may refuse or withdraw consent at any time. <ul> <li> TIFL will inform individuals of the consequences of refusing or withdrawing consent when individuals seek to do so. Refusing or withdrawing consent for TIFL to collect, use or disclose personal information could mean that TIFL cannot provide the individual with a product, service or information of value to the individual. For example, if an individual does not allow TIFL to share certain personal information with a mutual fund company, TIFL may be unable to provide the individual with the products offered by that mutual fund company. </li> <li> TIFL, however, will not unreasonably withhold products, services or information from individuals who refuse to give consent or who withdraw consent. </li> <li> TIFL is required by law to collect certain types of personal information in order to verify the identity of its Clients. If an individual does not allow TIFL to collect and use this information, or if the Client later attempts to withdraw their consent, TIFL may not be able to open an Account or maintain the Account on behalf of that Client. </li> </ul> Principle 4 Limits on the Collection of Personal Information TIFL limits the amount and type of personal information it collects. TIFL will collect personal information only for purposes it has already identified to the individual or as permitted by law. TIFL will collect personal information using procedures which are fair and lawful. 4.1. TIFL will collect only the amount and type of information needed for the purposes documented by TIFL and identified to the individual. 4.2. TIFL will collect personal information about an individual primarily from that individual. Except as permitted by law, TIFL will only collect personal information from external sources if individuals have consented to such collection. 4.3. When you fill out forms and applications online or in our Mobile Banking app, we may save your progress as a draft for up to 30 days. Where possible, this means that if you can’t complete the form or need to switch devices, you don’t need to start over the next time you open the form. After that period, the information you entered will be deleted. Principle 5 Limits on Using, Disclosing and Keeping Personal Information TIFL will use or disclose personal information only for the reasons it was collected, unless consent is given to use or disclose it for another reason. Under certain exceptional circumstances, TIFL may have a legal duty or right to disclose personal information without the individual’s knowledge or consent. TIFL will keep personal information only as long as necessary for the identified purposes. 5.1. TIFL may disclose personal information without consent when required or permitted by law. Examples of such disclosure include: <ul> <li> subpoenas, search warrants and other court and government orders; </li> <li> debt collection or demands from other parties who have a legal right to personal information. and </li> <li> disclosure of personal information to a lawyer (or, in Quebec, a notary or an advocate) who represents TIFL. </li> </ul> 5.2. In any of the circumstances referred to in Principle 5.1, TIFL will protect the interests of its Clients by making sure that: <ul> <li> orders or demands appear to comply with the laws under which they were issued. and </li> <li> TIFL does not comply with casual requests for personal information from government or law enforcement authorities. </li> </ul> TIFL may notify individuals that an order or demand has been received, if the law does not prohibit such notification. TIFL may notify individuals by telephone, or by letter to the Client’s usual address. 5.3. TIFL may want to use personal information in its possession or control to market products and services to individuals either directly through TIFL or through its existing affiliates. TIFL will obtain the individual’s consent before using or disclosing personal information for this purpose. 5.4. When an individual applies for a product or service and provides personal information, TIFL will advise the individual that his/her personal information may be used by TIFL to market other products and services to the individual. 5.5. TIFL will collect health records only for specific purposes. Subject to anything herein, it will not disclose health records to affiliates, and vice versa. 5.6. If personal information has been used to make a decision about an individual, TIFL will keep the personal information long enough for the individual to have access to it after the decision has been made. 5.7. TIFL will destroy, erase or make anonymous any personal information no longer needed for its identified purposes or for legal requirements. Principle 6 Keeping Personal Information Accurate TIFL will keep the personal information in its possession or control accurate, complete, current and relevant, based on the most recent information available to TIFL. Individuals may challenge the accuracy and completeness of personal information about them and have it amended as appropriate. 6.1. TIFL will make reasonable efforts to minimize the possibility of using inaccurate, incomplete or outdated personal information to make a decision about the individual. 6.2. TIFL will update personal information only if it is necessary for the purposes for which it was collected. 6.3. TIFL will make reasonable efforts to keep personal information in its possession and control accurate and current if the information is used on an ongoing basis, unless limits on the need for accuracy are clearly set out by TIFL. 6.4. TIFL will also rely on individuals to keep certain personal information relating to them accurate, complete and current. If an individual demonstrates to TIFL that personal information relating to them is inaccurate, incomplete, out of date or irrelevant, TIFL will revise or delete the personal information. If necessary, TIFL will disclose the revised personal information to any third parties to whom TIFL disclosed wrong or outdated information in order to permit them to revise their records. 6.5. If TIFL does not agree to revise personal information as requested by the individual, the individual may challenge TIFL’s decision. TIFL will make a record of this challenge, and, if necessary, disclose the challenge by the individual to any third parties to whom TIFL has disclosed the personal information. Principle 7 Safeguarding Personal Information TIFL will protect personal information with safeguards appropriate to the sensitivity of the information. 7.1. TIFL will safeguard personal information in its possession or control from loss or theft and from unauthorized access, disclosure, duplication, use or modification. 7.2. The safeguards employed by TIFL to protect personal information will vary depending on the sensitivity, amount, distribution, format and storage of the personal information. TIFL stores most of your information electronically, recent paper records containing individuals’ personal information are stored in files kept onsite at our Toronto head office, and older records containing individuals’ personal information may be stored at an offsite storage facility. TIFL will give the highest level of protection to the most sensitive personal information. 7.3. TIFL will safeguard personal information in its possession or control through security measures. For example: <ul> <li> physical security, such as secure locks on filing cabinets and restricted access to offices; </li> <li> organizational security, such as controlled entry in data centres and limited access to relevant information. and </li> <li> electronic security, such as passwords, personal identification numbers and encryption. </li> </ul> 7.4. TIFL may transfer personal information to third parties for processing, including market research, data processing services, or for other goods and services. TIFL will require these third parties to safeguard all personal information in a way that is consistent with TIFL’s measures and/or as regulated by law. When TIFL contracts with third parties, they are given only the information necessary to perform the services as set out in the contract. The third parties are prohibited from storing, analyzing or using the personal information transferred by TIFL for any other purpose. The third parties are required to protect personal information transferred by TIFL in a manner that is consistent with privacy policies and practices established by TIFL. 7.5. TIFL will use care when disposing of or destroying personal information in order to prevent unauthorized access to the information. Principle 8 Making Information about Policies and Procedures Available to Individuals TIFL will be open about the procedures used to manage personal information. Individuals will have access to information about these procedures through TIFL’s Privacy Code, by contacting our Investment Fund Associates or by writing to the Privacy Office. The information will be available in a format that is easy to understand. 8.1. TIFL will make this Privacy Code available to the public. <ul> <li> paper copies of this Privacy Code will be mailed to all new Clients. and </li> <li> an electronic version of this Privacy Code is available on TIFL’s website at tangerine.ca/investments. </li> </ul> 8.2. Information about this Privacy Code will be available in a format that is easy to understand. <ul> <li> TIFL has produced a summary of this Privacy Code at the beginning of this document and at tangerine.ca/investments. and </li> <li> the contact information of the Investment Fund Associates and the Privacy Office are provided in the summary as in this Privacy Code, so individuals know where to address complaints and questions about TIFL’s personal information policies and procedures. </li> </ul> 8.3. TIFL may make information about its procedures available in a variety of ways, depending on the nature of the services individuals are using and the sensitivity of the personal information. <ul> <li> TIFL may make brochures available on premises, mail or email information to its Clients, establish a toll-free telephone service or provide online access. </li> </ul> 8.4. Policies &amp. procedures regarding personal information <ul> <li> We have established and implemented governance policies and procedures approved by the Global Privacy Officer to ensure the protection of personal information. These documents provide a framework for the retention and destruction of the information, define the roles and responsibilities of personnel, and provide a process for responding to inquiries regarding the protection of the information. Here is a list of the policies and procedures: <ol> <li> Privacy Risk Management Framework - Provides an overview of the key governance components for the oversight and management of Privacy Risk. Serves as an overarching framework for material elements of Privacy Risk management activities and is a source document to which all other Privacy Risk policies and procedures are aligned. </li> <li> Privacy Risk Management Policy - Provides a description of the general policies and principles applicable to Privacy Risk Management. It is part of the effective management and mitigation of Privacy Risk. </li> <li> Roles and Responsibilities Matrix of the Privacy Risk Management Program - This tool identifies roles and responsibilities associated with tasks. </li> <li> Access to Personal Information Procedures – Sets out the framework for handling access requests and requests to amend personal information pursuant to applicable laws. The Procedures are part of the Privacy Risk Management Program. </li> <li> Privacy Case Management Tool Governance Procedures – A privacy case management tool is a system used to track privacy-related incidents in a centralized location and to report that data to the relevant personnel. The governance procedures outline the structure and process for decision-making, accountability and control relating to the relevant privacy-related incidents tracked by the tool. </li> <li> Guidelines for Use of PII in Digital Initiatives – Provides an overview of the privacy implications that must be considered when devising a digital initiative involving personal information. These Guidelines assist employees to distinguish between permissible and impermissible uses of personal information. </li> <li> Incident &amp. Breach Management Procedures – Provides steps for handling Privacy Concerns that impact Tangerine and its Clients, employees or other individuals. </li> <li> Privacy Impact Assessment Procedures – Outlines the processes involved to complete a Privacy Impact Assessment. These Procedures are part of Tangerine’s Privacy Risk Management Program. </li> <li> Employee Privacy Policy – Sets out how Tangerine collects, uses, discloses and otherwise manages personal information of its employees while administering and managing the employment relationship. </li> <li> Enterprise Records Management Policy – Establishes foundational principles applied across Tangerine to facilitate the creation, retrieval, use, maintenance, retention and disposition of records in a manner consistent with Tangerine’s business priorities and applicable legal and regulatory requirements. </li> </ol> </li> </ul> Principle 9 Access to Personal Information When an individual requests it, TIFL will advise what personal information TIFL has in its possession or control about the individual, what it is being used for and to whom it has been disclosed. When an individual requests it, TIFL will give the individual access to personal information about them which is in the possession or control of TIFL. In certain exceptional situations TIFL may not be able to give individuals access to all of the personal information about them. 9.1. An individual has the right to know, on request, what personal information about the individual TIFL has in its possession or control, a right to access that personal information and to know to which third parties TIFL has disclosed that information. Individuals may direct their requests by telephone to the Investment Fund Associates or, in writing, to the Privacy Office. 9.2. TIFL has established procedures for responding to requests for access to personal information. Individuals must be specific about the personal information that may be in TIFL’s possession or control. In the unlikely event that TIFL determines that there will be a cost to the individual in granting such access, TIFL will inform the individual of the costs permitted by law prior to granting such access. 9.3. TIFL will identify from whom it collected the personal information, to whom it has disclosed the personal information, and how and when the information was disclosed. TIFL will take this data from its records, and will provide it to the individual in a form that is easy to understand, providing explanations for abbreviations and policies. TIFL will provide the personal information and the above data to the individual within a reasonable time. 9.4. In some cases, TIFL may not provide access to personal information that is in its possession or control. This may occur when: <ul> <li> providing access to personal information would be likely to reveal personal information about a third party; </li> <li> providing the personal information could result in a threat to the security of another individual; </li> <li> disclosing the information would reveal confidential commercial information; </li> <li> the personal information is protected by solicitor-client privilege; </li> <li> the information is the result of arbitration or other formal dispute resolution process. or </li> <li> the information has been collected for the purposes of a legal investigation </li> </ul> 9.5. TIFL will not record in individual files when personal information was disclosed to third parties for routine purposes. For example: <ul> <li> reporting to Canada Revenue Agency. and </li> <li> indicating to third parties when cheques are returned for NSF (non-sufficient funds). </li> </ul> 9.6. If TIFL denies the individual’s request for access to personal information, TIFL will advise the individual of the reason for the refusal. The individual may then challenge TIFL’s decision. Principle 10 Handling Individuals’ Complaints and Questions Individuals may challenge TIFL’s compliance with this Privacy Code. TIFL will have policies and procedures to receive, investigate, and respond to individuals’ complaints and questions. 10.1. TIFL has policies and procedures to receive, investigate, and respond to individuals’ complaints and questions relating to privacy. Individuals are advised to direct their complaints and questions by telephone to the Investment Fund Associates or in writing to the Privacy Office. 10.2. TIFL will investigate all complaints. If it finds a complaint justified, TIFL will attempt to resolve it. If necessary, TIFL will modify its policies and procedures to ensure that other individuals will not experience the same problem. 10.3. If individuals are not satisfied with the way TIFL has responded to their complaint, they can contact the Privacy Commissioner, the Ombudsman for Banking Services and Investments, or the Mutual Funds Dealers Association.