Nordion values and protects your right to privacy. Protecting your Personal Information under Nordion’s custody and control is consistent with our core values of mutual trust, genuine concern and respect for people, integrity and commitment to excellence. Nordion recognizes that effective systems and measures to protect Personal Information are important to safeguarding the interests of individuals who share their Personal Information with Nordion.
All Nordion staff and employees are committed to maintaining and protecting the confidentiality of your personal information in accordance with the federal Personal Information and Protection of Electronic Documents Act (PIPEDA), and other applicable privacy laws.
This Policy applies to Personal Information that is collected, used, or disclosed by Nordion, whether in oral, electronic or written form. Unless permitted or required by law, or with your consent, Nordion will treat your Personal Information in a manner consistent with this Policy.
By providing your personal information to Nordion, you agree and consent that we may collect, use and disclose your personal information in accordance with this Policy. In addition, where appropriate, specific authorizations or consents may be obtained from time to time.
What is Personal Information?
“Personal Information” is information, recorded in any form, about an identified individual or an individual whose identity may be inferred or determined from such information. “Personal Information” does not include business contact information, which is any information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession including name, position, title, work address, work telephone number, work fax number or work electronic address (email).This Policy does not cover aggregated data from which the identity of an individual cannot be determined. Nordion reserves the right to use aggregated data in any way that it determines appropriate.
Why and How We May Collect and Use Personal Information
Nordion will limit the Collection of Personal Information to that which is necessary for the purposes for which it was collected. Such Personal Information will be collected by fair and lawful means. Nordion may collect your personal information when you:
1. Visit Nordion facilities: We may collect your Personal Information (including name, contact information and security video surveillance images) for the purposes of administering the physical security of Nordion facilities; administrative purposes; and communication purposes.
2. Visit the Nordion website: We may collect your Personal Information for the purposes of administering specific functions of the websites for which the Personal Information was collected. For example, if you make a product or service inquiry, Nordion may obtain your personal email address or name and home address in order to mail you the information you requested. When you submit an application for employment using our website, your Personal Information is treated in accordance with Nordion’s policies relating to the protection of employee information. The information you provide to us generally will be used for the purpose of contacting references, determining and establishing qualifications and conducting background checks. Additional information is available on request.
3. When you contact Nordion: We may collect your Personal Information (including name, contact information and financial or payment information), as required, for the purposes of:
- establishing and maintaining a commercial relationship with you or your organization as a customer and/or supplier;
- providing ongoing products and services, including to administer accounts and to fulfill contractual obligations;
- understanding and responding to your needs and those of your organization, including to contact you to conduct surveys and promotions;
- developing, enhancing, marketing, selling or otherwise providing Nordion products and services, or the products and services of third parties, including Nordion entities, with whom Nordion has a commercial relationship;
- managing and developing Nordion’s business and operations; and engaging in business transactions.
4. Other: We may also collect your Personal Information for the purposes of detecting and protecting Nordion and other third parties against error, theft, fraud and other illegal activity, and complying with Nordion’s audit requirements and compliance; complying with any legal or regulatory requirements and laws; managing our due diligence processes; and for any other purpose to which you consent.
Personal Information will not be used, disclosed, shared or retained for purposes other than the purposes for which it was collected, except with your consent or as otherwise permitted or required by law.
By providing your Personal Information to Nordion or its agents, you agree that Nordion and its agents may collect, use and disclose such personal information for the purposes identified in this Policy, and as permitted or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent at any time by contacting our Privacy Officer. However, if you refuse or withdraw your consent, Nordion may not be able to, or may have the right not to (where permitted by applicable law) provide or continue to provide you with certain products, services, employment or information which may be of value to you.
Who May Have Access to Your Personal Information
We maintain strict controls over access to the Personal Information you share with Nordion. Within Nordion, access to your Personal Information is granted only to authorized employees and agents of Nordion who require access to fulfill their job requirements, or on a “need to know” basis. Nordion takes steps to ensure that its employees are aware of their obligations to maintain the confidentiality of Personal Information.
Nordion protects Personal Information that is disclosed or transferred to persons and entities that are not related to Nordion by entering into contractual agreements stipulating the confidentiality of the Personal Information, the purposes for which such Personal Information may be used and disclosed, and the means sufficient to provide a level of protection comparable to that provided by Nordion.
When We May Disclose or Transfer Your Personal Information
We do not disclose any of your Personal Information without your informed consent, unless we are required or permitted to by law (including in order to comply with a court order, federal or provincial regulations, or a legally permitted inquiry by a government agency). Where obligated or permitted to disclose information without consent, we will not disclose more information than required.
We may disclose your Personal Information to Nordion-related entities (i.e. Nordion’s parent company and affiliates) for purposes of addressing investor information requests, and may transfer your Personal Information to Nordion-related entities for administrative processing purposes. We may also transfer your Personal Information to non-Nordion-related third party service providers retained to provide services to Nordion or on Nordion’s behalf, such as for example, to provide administrative, human resources, accounting, audit and technology services or to provide professional advice. All third party service providers will be subject to contractual agreements stipulating the confidentiality and safeguard requirements with respect to the handling of your Personal Information.
We may disclose your Personal Information to Nordion insurance carriers or agents for purposes of supporting an insurance claim, and to other Nordion entities for the purpose of addressing investor information requests.
Accuracy and Retention of Personal Information
Nordion will keep the Personal Information as accurate, complete, and up-to-date as is necessary for the purposes for which the information was collected. If you inform us that your Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use our best efforts to inform third parties which were provided with inaccurate information so that those third parties may also correct their records.
We keep your Personal Information only as long as it is required for the reasons it was collected. The length of time we retain information varies, depending on the purpose for which it was collected and the nature of the information. This period may extend beyond the end of your relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date. When your Personal Information is no longer required for Nordion’s purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form.
If you would like to access or correct Nordion’s records of your Personal Information, you may contact our Privacy Officer. Your right to access or correct your Personal Information is subject to applicable legal restrictions.
Protection of Personal Information
Nordion will adopt physical, electronic or procedural security safeguards appropriate to the sensitivity of the Personal Information to protect such Personal Information. This may include safeguards to protect against loss or theft, unauthorized access, disclosure, copying, use or modification. This also applies to our disposal or destruction of Personal Information.
In case of a breach of security safeguards, such as the loss of, unauthorized access to or unauthorized disclosure of Personal Information under Nordion’s control, and if the breach poses a real risk of significant harm to you, we will notify you and the Privacy Commissioner of Canada or the appropriate provincial commissioner, as well as any other organization that may reduce the risk or mitigate the harm from the breach.
Cross Border Transfer of Information
Nordion’s legal entities, management and organizational structures, business processes and technical systems cross international borders. Accordingly, Nordion will collect, transfer and disclose Personal Information across borders and between legal entities within Nordion, including with its parent company, Sterigenics, for the purposes defined in this Policy, or for other purposes where appropriate consent has been obtained or as permitted by law.
Personal Information is stored in physical files in secured locations, and in electronic databases on servers, located at Nordion’s facilities or at the facilities of Nordion related entities, and on the servers of our third party technology service providers and records storage providers. Nordion may transfer to and store your Personal Information with Nordion related entities, its agents and third party service providers located outside of Canada, for the purposes of assisting Nordion with the management and storage of its information files and for the provision of services to Nordion, generally. While the information resides outside of the territory of Canada, it may be accessible to the local courts, law enforcement and national security authorities in the foreign jurisdiction.
Resolving Your Privacy Concerns
In the event of questions about: (i) access to your personal information; (ii) our collection, use, management or disclosure of personal information; or (iii) this Policy, you may contact Nordion’s Privacy Officer by calling (613) 592-3400 ext. 2383 or writing to the following address:
Attention: Privacy Officer -including Canadian Operations Nordion (Canada) Inc. and Sterigenics EO Canada Inc.
Sotera Health LLC
9100 South Hills Blvd. Suite 300
Broadview Heights, Ohio, 44147
Nordion will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue. If we are unable to resolve your concerns to your satisfaction you may contact the Privacy Commissioner of Canada by writing to:
The Privacy Commissioner of Canada
Place de Ville
Tower B, 3rd Floor
112 Kent Street
Ottawa, Ontario K1A 1H3
This Policy may be revised from time to time. If we intend to use or disclose Personal Information for purposes not described in this Policy, we will make reasonable efforts to notify affected individuals in advance, as required by law. If you are concerned about how your Personal Information is used, you should contact us as described above or check back at our website periodically to obtain a current copy of this Policy.