OTTOFACT Privacy Policy

Effective Date: 2018
Reviewed 2020

Policy objectives

In carrying out OTTOFACT services under both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) , we (OTTOFACT) collect personal information as defined by section 3 of the Privacy Act . We are committed to respecting the privacy rights of everyone whose personal information we have collected. Please also see our Website terms and conditions of use to see how this policy applies to our website. This Policy does not apply to our employees' personal information. That information is covered under the OTTOFACT Inc. Employee Privacy Policy.

This Policy is designed to comply with the Privacy Act and the principles of natural justice.

Why we collect personal information

We can only use your personal information for the purpose for which it was obtained or for a use consistent with that purpose, or for a purpose listed in Section 8 of the Privacy Act .

Some of our online tools, which we use to better serve our clients, involve the collection of standard personal information for our Online Motor Vehicle Brokering Agreement. For more information about how our online tools collect and use your personal information, please read our Website Terms and Conditions of Use.

What personal information do we collect?

We only collect personal information that is directly related to one of our programs or activities. The amount and the type of the information collected will be limited to that which is needed to fulfil the identified purpose (s). We only collect what we need.

We may for example, collect your name, contact information for our brokering agreement. We may also collect your IP address if you visit our website.

Who sees your personal information?

We will not disclose your personal information without your consent unless it is allowed under section 8 (2) of the Privacy Act . In this case, we will aim to disclose only the specific information that is needed under the circumstances and, wherever possible, will inform you about the disclosure.

Access to personal information within OTTOFACT will be restricted to those staff members who need the information in order to carry out their job duties. Those employees will maintain the information in the strictest of confidence and will not provide access to the information to anyone who is not authorized. The level of staff access to personal information will be granted on a need-to-know basis.

All individuals we hire under contract or other means to conduct business on our behalf will be required to respect the provisions of the Privacy Act as well as this Policy and related internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.

How we protect your personal information

We will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards.

The level of safeguards used to protect personal information will depend on the:

  • sensitivity of the personal information;
  • amount, distribution and format of the information;
  • method of storage.

Additional information about our methods of protections please read our Website Terms and Conditions of Use


We seek a person’s consent before we collect their personal information. The form of consent may vary depending on the circumstances and the type of information being requested. Consent can be express or implied and can be provided directly by the individual or by an authorized representative.

We will not use your personal information without your consent unless it is either:

  • for the same purpose for which the information was originally collected or compiled,
  • consistent with that purpose,
  • for a purpose that may be disclosed under section 8 (2) of the Privacy Act.

Retention and destruction of personal information

We will retain personal information in accordance with the maximum retention periods set out under the Library and Archives of Canada Act .

Access or corrections to personal information

Individuals do not always need to use the Privacy Act to access to or correct their personal information (e.g. informal request). However, they do have the right to formally request access or corrections to their personal information under the Privacy Act . People also have the right under the Access to Information Act to formally request access to information in our files which may contain their personal information.

Our roles and responsibilities

We are responsible for the personal information that we collect, retain, use, disclose, and destroy in the course of fulfilling our mandate.

Employees — staff that collect personal information on our behalf will be required to explain the purpose (s) for which the information is being collected. If unable to do so, they will be required to refer the individual to someone within our organization who is able to explain the purpose (s). It is every OTTOFACT employee’s duty to inform themselves of their obligations under this Policy and the Privacy Act . Employees must report any and all violations of the Policy or the Act to their manager.

Managers and Supervisors — along with the responsibilities noted above, managers and supervisors must instruct their staff to respect the Policy and the Act . They must also examine and/or make inquiries into any issues brought to their attention concerning this Policy and the Act .

Questions or complaints

Questions or concerns may be brought to the attention of any OTTOFACT employee. If they are unable to help, the employee must refer the matter to their immediate supervisor or member of management staff.

If you have any questions about this policy or about how we manage personal information, you may also contact: