Privacy CODE

Odyssey Trust Company

Privacy Statement 

This code applies to Odyssey Trust Company and Odyssey Transfer and Trust Company (“Odyssey”).

Odyssey recognizes how important your personal privacy is to you. We are required to collect, use and disclose personal information for purposes that are reasonable and to do so in a manner that recognizes your right to the protection of that information. When we refer to personal information, we mean any information that identifies you as an individual and includes information with respect to your name, address, social insurance number or tax identification number, securities/asset ownership information and other financial information. Odyssey may receive personal information about you from you directly, but often we receive information about you from a third party authorized by you, such as our clients (public and private issuers of securities), your employer if we are administering their plan, or a brokerage firm or other intermediary that is requesting a transfer of securities.

Odyssey is committed to the protection of personal information entrusted to us and as such our employees are regularly trained on the policies and procedures we use to keep your information secure. We have adopted the following standards and practices.

Collection and Consent

Odyssey has identified the purpose(s) for which we collect personal information and will only do so when it is necessary and reasonable to collect this information for its identified purpose. 

We collect personal information directly from you, the individual, unless the applicable legislation or the individual authorized the collection from another source. We will inform you, either verbally or in writing, before or at the time of collection, why the personal information is needed and how it will be used in a clear and reasonably understood manner. 

Odyssey will obtain your consent for the collection and use of your personal information verbally, in writing or electronically on our website. Implied consent may be used when personal information is supplied to us on a request to transfer or issue securities. 

When using your personal information that has previously been collected for a new purpose not previously identified, Odyssey will inform you of the new purpose and obtain consent prior to its use. There are limited circumstances where Odyssey is not required to collect consent to disclose private information. This includes cases of detection of fraud, for law enforcement or under specified exemptions in the privacy laws. 

Our website uses a tool called “Google Analytics” which transmits website traffic data to Google servers outside of Canada in order to help us understand website traffic and webpage usage. We do not combine the information collected through the use of Google Analytics with personal information. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. 

Odyssey’s website may contain links to third-party websites that are not subject to this Privacy Statement. Odyssey is not responsible for any personal information you may submit to a third-party website accessed from Odyssey’s website. Please refer to the privacy policies/statements on any third-party website to determine their personal information standards and practices. Please also note that any websites to which our website may be linked may also make use of their own cookies to collect information from you. Most browsers will automatically accept a cookie, but it may be possible to set your browser to notify you prior to it being sent at which point you can accept or reject it.

Use, Disclosure and Retention

Odyssey will use personal information only for the reasonable purpose(s) for which it was collected. For example, a registered securityholder’s name and address will be maintained in order to deliver continuous disclosure documents such as proxy materials for a securityholder meeting on behalf of the issuer, offering materials, and dividends and/or interest cheques. A registered securityholder’s last known name and address may also be used as a means of locating him or her if we are holding unclaimed property that requires us to complete a legislated search for the owner. A securityholder’s social insurance number or taxpayer identification number will be used only for tax reporting purposes on tax slips and to the CRA or IRS when taxable disbursements have been made.

With respect to both current and former securityholders, Odyssey does not share non-public personal information with any non-affiliated third party except as necessary to process a transaction, service your account or as permitted by law. Our affiliates and outside service providers with whom we share information are legally bound not to disclose the information in any manner unless permitted by law or other governmental processes.

We will keep personal information only for as long as it is necessary to fulfill the business or legal purpose(s) for which it was collected, in coordination with the minimum retention period required by applicable legislation. While certain privacy legislation affords you the right to request that your information be deleted from our systems, if this information is needed to perform the services that we carry out on behalf of issuers whose securities you hold or have held as a registered owner, we are unable to delete your data if requested.

Safeguards and Accuracy

We strive to restrict access to your personal information to those employees who need to know the information to provide our services to you and the issuer(s) in which you hold securities. We maintain physical, procedural and technological safeguards to protect your personal information.

If we receive an email message from you that includes personal information, we may use that information to reply or provide the requested service, but please note that email and other Internet communications are not necessarily secure against interception. If your communication includes sensitive information including things like your social insurance number or banking information, you should not send it electronically unless your browser indicates that the access to our website is secure. We undertake periodic reviews of our security policies and procedures and technological safeguards to ensure that our systems are secure and protected, including by internal and external audits.

To conduct our business and to meet regulatory requirements, your information may be transferred to other companies in or outside of Canada that provide data processing, storage, or other services (including auditors, bankers, mailing houses and regulatory screening services). We will not provide more information than is reasonably necessary for them to perform the services for which they are engaged, and we contractually require that they not store, analyze, or use that information for purposes other than to carry out the intended services. Should the data or information that we transfer to the data processors, service providers or other parties described above be transferred outside of Canada, it could be available to a foreign government or its agencies under the laws of that country.

Odyssey will minimize the possibility of using incorrect or incomplete information when making a decision that affects an individual or when disclosing an individual’s information to another organization. This is achieved by making reasonable efforts to ensure that the personal information we collect is accurate and complete.

Openness and Accountability

Odyssey is providing this Privacy Statement to be open about our privacy practices and has developed the referenced internal policies and procedures and safeguards to remain accountable to every individual whose personal information we collect or receive. Each of our employees is responsible for the personal information under his or her control and through ongoing training, employees remain informed of the importance of compliance with our policies and procedures.

We have appointed a Chief Privacy Officer who is responsible for Odyssey’s compliance program and for responding to privacy-related inquiries and may be contacted at Privacy@odysseytrust.com or in writing to Odyssey Trust Company, 350 – 409 Granville St, Vancouver, BC V6C 1T2.

Access and Recourse

As part of our policies and procedures, we have implemented a process to handle complaints about our personal information practices. Odyssey will provide you, within 30 business days of receipt of a written complaint (subject to extension in limited circumstances) with access to your personal information, an explanation of how your information is or has been used and a list of any individuals or organizations to which your personal information has been disclosed. If all or part of the requested information is refused, Odyssey will provide an applicant with a response that includes the reasons and the provision of the applicable privacy laws on which a refusal is based. To request a copy of the personal information we have on file, the service providers with whom we have shared this information and/or to make a complaint, please direct your request in writing to the attention of the Chief Privacy Officer, Odyssey Trust Company, 350 – 409 Granville St, Vancouver, BC V6C 1T2 or by email to Privacy@odysseytrust.com. If you would like to request a correction to your personal information, please provide details of the changes required in writing to the address or email address provided above or use the applicable form(s) available on our FAQ page. We will review your request and make the update(s) requested in all places where the information is stored or request additional details if necessary.