1. INTRODUCTION

Wajax is committed to protecting the privacy, security and accuracy of personal information collected from our customers, vendors, employment applicants and website users (collectively, “External Stakeholders”). To this end, Wajax has developed policies and procedures regarding the handling of personal information.

All Wajax personnel are responsible for complying with this policy (the “Policy”) and with all applicable privacy laws. References to “Wajax” in this Policy refer collectively to Wajax Corporation and its subsidiaries. Questions or concerns regarding this Policy may be directed to Wajax’s Privacy Officer, whose contact information is provided below.

2. PURPOSE

This Policy outlines Wajax’s commitment to protecting the personal information of External Stakeholders, and describes how such information will be collected, used and disclosed.

3. SCOPE

All Wajax employees, including full-time, part-time, union and contract employees, must comply with this Policy.

4. PRIVACY OFFICER

The General Counsel of Wajax Corporation has been designated as Wajax’s Privacy Officer and is responsible for ensuring compliance with Wajax’s privacy policies and procedures, and all applicable privacy laws.

You can contact Wajax’s Privacy Officer via e-mail at privacy@wajax.com or by mail at 10 Diesel Drive, Toronto, Ontario, M8W 2T8, Attention: Privacy Officer.

5. DEFINITIONS

Cookies
Cookies are small pieces of information that may be placed on a user’s device by Wajax’s website to facilitate or enhance the user’s interaction with the site.

De-index
Means to remove content from an index or system of indexing. In the online context, de-indexing refers to the process by which a webpage, image or other online resource is removed from the results returned by a search engine when an person’s name or other identifying information is used as a search term.

Personal Information
Refers to information about an identifiable individual, whether factual or subjective, recorded or unrecorded. Examples include: name, address, telephone number, e-mail address, income information, ethnic origin, age, opinions, evaluations and financial information. Stated another way, it is any information that describes an individual and could reasonably be connected to them, either on its own or when combined with other available information.

6. COLLECTION AND USE OF PERSONAL INFORMATION

6.1) Purpose of Collecting Personal Information

Wajax collects, uses and discloses Personal Information in the commercial and hiring context for the following purposes:

• for customers: processing warranty claims; billing and after sales follow-up; granting credit approval; advising on or providing, products and services; collecting overdue accounts, and processing credit card and other payments;
• for employment applicants: assessing suitability for a role;
• carrying on Wajax’s business operations;
• facilitating basic communications;
• conducting data analytics and marketing activities;
• to prevent fraud and other illegal activities;
• complying with applicable laws;
• and as described elsewhere in this Policy.

By providing Personal Information to Wajax, External Stakeholders consent to these purposes and to the other provisions set out in this Policy, including the disclosure of their Personal Information to third parties for the purposes set out in this section.

6.2) Methods of Collecting Personal Information

Wajax may collect Personal Information in the commercial and hiring context in a variety of ways, including, but not limited to:

• credit applications and credit checks;
• purchase, rental, service, distribution and other business agreements;
• Wajax’s website, through information entered by users and through Cookies, as described in the next section of this Policy;
• business cards, surveys, market research and other business-intelligence sources such as credit agencies;
• verbal and written communications;
• activities conducted in the ordinary course of business;
• employment applications and interviews;
• and through other methods, with your consent provided at the time of collection.

6.3) Cookies and Other Tracking Technologies

Wajax uses Cookies, web beacons (including pixels and tags), and similar technologies on its website which collect certain information about website users by automated means. Below is a description of the types of Cookies used by Wajax:

• Necessary Cookies. These Cookies are essential for enabling website users to navigate the site and use its features. Without these Cookies, certain services cannot be provided.
• Analytics Cookies. These Cookies allow Wajax to perform data analytics to measure and improve the performance of its website and provide more relevant content. The data collected helps Wajax understand the number of visitors to its website, which pages are most and least popular and how visitors move through the site.
• Performance Cookies. These Cookies are generally provided by third-party vendors that work with Wajax or on Wajax’s behalf. They collect information about a user’s visit to the Wajax website, such the pages visited most often and whether any errors were encountered. These Cookies help improve the functionality and performance of the website. Third party vendors may have access to this data and may use it to enhance their own services.
• Functionality Cookies. These Cookies enable core features that help website users use Wajax’s website more effectively. For example, they support functions such as remembering user selections, maintaining filter or search settings while navigating between pages and ensuring certain tools work properly. These Cookies do not track browsing activity across other websites and are used solely to support the functionality of the Wajax website.
• Advertising Cookies. These Cookies are used to deliver advertisements that are more relevant to website users and their interests, measure the effectiveness of advertisements, re-target to the Wajax website and understand user behaviour after viewing an advertisement. Wajax shares this information with third parties for these purposes. Website users may still see Wajax advertisements even if they disable advertising Cookies; such advertisements are part of broader campaigns not linked to a user’s interaction with the Wajax website. 

Wajax may also use web beacons and similar technologies for the purposes described in this Policy. These may be included on the Wajax website, in marketing emails, or in newsletters, to determine whether a user has opened messages or clicked on links. Web beacons do not place information on a user’s device, but they may work in conjunction with Cookies to monitor website activity. The information provided above about Cookies also applies to web beacons and similar technologies.

6.4) Use of Cookies

Wajax’s website uses Cookies for the following purposes:

• understanding how website users use and engage with the site, including whether it is the user’s first visit or whether the user is a returning visitor;
• ensuring that the website functions properly;
• analyzing and improving Wajax’s services and website experience (e.g., some Cookies remember a website user’s language or preferences, so these selections do not need to be re-entered on subsequent visits);
• and advertising products and services, as permitted by applicable laws.

6.5) Opting Out of Cookies

Website users can opt out of Cookies, except those that are necessary to provide Wajax’s services. A user’s browser may provide options to be notified when certain types of Cookies are received, or to restrict or disable specific Cookies. However, without Cookies, some features of Wajax’s website may not function properly.

For mobile devices, users can manage how their device and browser share certain data by adjusting the privacy and security settings on the device.

7. HANDLING AND DISCLOSURE OF PERSONAL INFORMATION

7.1) Limited Collection, Use and Disclosure

Wajax will collect, use and disclose only the Personal Information that is required for authorized purposes, as described in this Policy.

7.2) Consent Requirements

Where consent to the collection of Personal Information is required by applicable laws, it will be obtained in accordance with the applicable legislation. Consent can be explicit or implied and can be obtained either verbally or in writing, depending on the nature of the Personal Information.

7.3) Use and Disclosure on a Need-to-Know Basis

Personal Information will be used and disclosed consistent with the purposes for which it was collected and only on a need-to-know basis. Unless required for the purposes stated in this Policy, or required by applicable law, Personal Information about an External Stakeholder will not be disclosed to third parties unrelated to Wajax without the External Stakeholder’s consent.

7.4) Withdrawal of Consent and Related Rights

If consent is required to collect, use or disclose Personal Information, External Stakeholders have the right to withdraw their consent at any time. However, withdrawal of consent may have consequences. If an External Stakeholder withdraws his or her consent, Wajax will inform the External Stakeholder of the likely consequences of such action. In certain cases, Wajax may be required or permitted by law to retain Personal Information even after consent is withdrawn.

An External Stakeholder may also request that Wajax stop disseminating their Personal Information or De-index any hyperlink attached to their name that provides access to their Personal Information on Wajax’s public or internal platforms if such dissemination contravenes applicable law, a court order or causes serious harm to the External Stakeholder’s reputation or privacy.

7.5) Right to Request Purpose

An External Stakeholder may request an explanation of the specific purpose for which his or her Personal Information is collected, used or disclosed.

7.6) Disclosure to Third Parties

In certain circumstances, Wajax may disclose Personal Information to third parties for legitimate purposes subject to this Policy. Such circumstances may include disclosures:

• to service providers who perform services on Wajax’s behalf, such as IT management or cloud storage);
• with Wajax affiliates or otherwise within the Wajax corporate group;
• in connection with a business transaction, including a merger, acquisition or bankruptcy;
• to comply with applicable legal obligations, including to respond to subpoenas, search warrants and similar requests;
• to enforce contracts, service agreements, warranties or other applicable terms or policies;
• and to protect or defend our rights and the rights of our customers and others.

8. PROTECTION OF PERSONAL INFORMATION

8.1) Security Safeguards

Wajax is committed to protecting Personal Information of External Stakeholders against loss, theft and unauthorized access, disclosure, use or modification by instituting security safeguards consistent with the sensitivity, amount, format, nature and storage of such information.

8.2) Electronic Information Security

Personal Information provided to Wajax in electronic form is stored in secure computer servers with limited access and located in controlled facilities.

8.3) Physical Information Security

Paper files are maintained in secure locations with various levels of restricted access based on the sensitivity of the information. Files with sensitive information are kept in locked file cabinets and behind locked doors.

8.4) Authorized Access

Only duly authorized Wajax personnel, i.e., those who require access to Personal Information in order to perform their duties, will have access to such information.

9. CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

9.1) Transfers Outside the Province or Country

To carry out its operations, Wajax may process Personal Information, or have it processed by third-party service providers, in a province other than the one in which the External Stakeholder resides, or outside of Canada. Privacy laws in such jurisdictions may differ from those applicable in the External Stakeholder’s home jurisdiction.

9.2) Safeguards and Legal Requirements

Reasonable contractual or other measures used to protect Personal Information processed by third-party service providers outside of Canada are subject to applicable foreign legal requirements, including lawful requirements to disclose Personal Information to government authorities and law enforcement.

10. RETENTION OF PERSONAL INFORMATION

10.1) Retention Periods

Personal Information will be retained only as long as necessary, permitted or required by applicable law to fulfill the purpose for which it was collected or a related business or legal purpose.

10.2) Secure Destruction

Documents containing Personal Information that are not retained will be destroyed in a secure manner, such as through shredding, a document destruction service, or secure wiping of mobile hardware devices.

11. ACCURACY OF PERSONAL INFORMATION

11.1) Maintaining Accuracy

Wajax will take appropriate measures to ensure that all Personal Information it collects and holds will be accurate, complete and up to date.

11.2) Responsibility to Update

To ensure that Personal Information remains accurate and complete, External Stakeholders are responsible for providing updated information to Wajax as needed.

12. ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

12.1) Right of Access and Correction

Except in circumstances permitted by applicable laws, External Stakeholders have the right to access or correct their Personal Information held by Wajax.

12.2) How to Submit a Request

Requests must be submitted in writing to the Wajax Privacy Officer at:

privacy@wajax.com

or

10 Diesel Drive, Toronto, Ontario, M8W 2T8
Attention: Wajax Privacy Officer

12.3) Information Required

Requests must contain sufficient information to verify the requester’s identity and to identify the Personal Information that is being requested.

12.4) Response Timelines

Wajax will reply to access requests promptly and no later than 30 days after receipt, or within any timeline required by applicable legislation.

12.5) Refusal of Requests

If the request to access, correct or rectify Personal Information is refused, the External Stakeholder will be informed in writing of the reasons for refusal, the legislative basis for the refusal and the contact information of a Wajax representative who can address questions.

12.6) Escalation to Privacy Authority

External Stakeholders may submit a request to the applicable privacy commission to review any disagreement relating to access to Personal Information and Wajax’s compliance with privacy laws.

13. DATA PORTABILITY

13.1) Portability Rights

An External Stakeholder has the right, where provided for by applicable laws, to receive their Personal Information in a structured and commonly used technological format. They may also request to have this information transferred directly to any person or body authorized by applicable law to collect such information.

14. COMPLAINTS

14.1) Submitting a Complaint

External Stakeholders may submit a written complaint regarding Wajax’s compliance with this Policy or applicable privacy laws to Wajax’s Privacy Officer at the contact information provided above. All complaints will be investigated in a fair, impartial and confidential manner.

14.2) Escalation to Privacy Authority

If an External Stakeholder is not satisfied with Wajax’s response, they may escalate the complaint to the applicable privacy commission.

14.3) Additional Information

For additional information regarding this Policy, or any other Wajax privacy policies or practices, please contact Wajax’s Privacy Officer.

15. POLICY REVIEW

Wajax retains the right, in its sole discretion, to amend or delete any organizational policy or procedure.

CASL COMPLIANCE POLICY

PURPOSE:

Wajax is committed to compliance with Canada’s Anti-Spam Law (CASL). We take important steps to ensure our customers and others who receive communications from us do not encounter spam in violation of CASL. We only send commercial electronic messages (CEMs) in compliance with this CASL Compliance Policy and our related internal procedures that address CASL obligations.

WHAT IS SPAM?

Spam is unsolicited electronic messages, also known as “junk” e-mail or text messages, often, but not always, sent in bulk form. An electronic message may be spam if:

(1) The message is deceptive in that there is an attempt to hide the true sender or content of the message;

(2) The recipient’s personal identity and context are irrelevant because the message is equally applicable to any other potential recipient; or

(3) The recipient has not granted express or implied consent for the message to be sent.

WHAT IS A COMMERCIAL ELECTRONIC MESSAGE?

A CEM is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of a profit.

Wajax only sends CEMs from our servers in compliance with this CASL Compliance Policy.

Generally, the sender of a CEM needs to obtain express or implied consent from the recipient before sending the message, as outlined in s. 1.1 of this Policy. The CEM must include information that identifies the sender, provides the sender’s contact information and enables the recipient to withdraw consent.

POLICY STATEMENTS:

1. SENDING COMMERCIAL ELECTRONIC MESSAGES

1.1 Wajax only sends CEMs in the following contexts:

· when the individual has explicitly provided their consent to receive such messages either verbally or in writing;

· when the message is in response to a request for information or an inquiry;

· when the message communicates factual information regarding a customer’s account or contractual relationship with Wajax;

· when the message facilitates, completes or confirms an agreed upon transaction;

· when the receiver of the message has voluntarily disclosed their e-mail contact or conspicuously published their e-mail contact without indicating that they do not want to receive CEMs;

· when communicating with a referral;

· to satisfy or enforce a legal obligation or right; or

· when consent to receive the message can be implied through an existing business relationship (i.e. the customer has purchased a product or service from Wajax within the past two years, or has an existing rental agreement in place with Wajax or one that expired less than two years ago).

1.2 All CEMs sent by Wajax outline a mechanism to opt out of receiving further promotional messages from Wajax or contain an unsubscribe link. When a message recipient unsubscribes from receiving further CEMs from Wajax, such a request will be processed as soon as possible, and no later than 10 business days after consent has been withdrawn.

1.3 There are limited contexts in which you cannot request that Wajax stop sending you messages, such as when we must communicate with you to enforce Wajax’s legal rights.

2. PROTECTING YOU FROM SPAM AND THE ALTERING OF TRANSMISSION DATA:

CEMs sent, or caused to be sent, from Wajax’s servers do not:

· Use or contain invalid or forged headers or non-existent domain names;

· Employ any technique to otherwise misrepresent or obscure the sender of an electronic message, the point of origin or the transmission path for the message;

· Cause delivery of a message to a destination other than, or in addition to, that specified by the sender due to the alteration of transmission data;

· Contain false or misleading information in the subject line or otherwise contain false or misleading content;

· Use a third party’s Internet domain name, or relay from or through a third party’s equipment, without permission of the third party; or

· Attempt to surprise or confuse you. Wajax makes every effort to ensure that you have either specifically asked to receive electronic messages from us, or you can reasonably expect to.

Wajax does not sell or exchange any of your information without your consent.

3. RESPONSIBILITY FOR COMPLIANCE WITH THIS POLICY

The Director of Marketing is responsible for periodically reviewing, approving and maintaining the Wajax CASL Compliance Policy and Procedures, as well as ensuring spot checks of CEM activity are conducted to ensure continued adherence to this Policy.

Directors of Sales are responsible for ensuring that this Policy and related procedures are communicated to and understood by all sales representatives. All Wajax employees are responsible for complying with Policy in their day-to-day business activities.

4. CONTACTING US WITH A SPAM COMPLAINT

If you receive an electronic message from Wajax that you believe violates this policy, please contact us as follows: E-mail: CASL@wajax.com

All Wajax staff are aware of this CASL Compliance Policy, are appropriately trained and are required to ensure that CEMs are sent in accordance with this Policy and related procedures.

EMPLOYEE PERSONAL INFORMATION

General Policy Applies

The General Policy applies equally to Employee Personal Information, except where modified by the specific policies contained in this section.

“Employee Personal Information” is personal information about an individual that relates to establishing, managing and terminating the employment relationship. It does not include personal information that is not about an individual’s employment

Employee File

Employees are advised that Wajax collects information and keeps a file on each of its employees. The objective of the employee file is to permit Wajax to efficiently manage its workforce, human resources and employee welfare programs.

An employee may have the right to access his or her employee file in accordance with the procedures described above under the heading “Right to Access and Correct your Personal Information.”

Protection of Employee Personal Information

The Wajax Human Resources Department and Payroll Departments will keep employee files in a secure area and implement security policies to ensure that information on employee files is protected from unauthorized access, collection, use, disclosure, copying, modification and disposal.

Only duly authorized individuals, that is, individuals who need to have access to such information in order to perform their duties, will have access to such information.

Retention of Personal Information

Wajax will retain Personal Information that is used to make an employment decision about an individual for at least one year after using it so that the individual has a reasonable opportunity to obtain access to the information.