Confidentiality Policy

Scope

Metric Asset Management ("Metric") attaches great importance to the confidentiality and security of the personal information provided by its clients and employees. This policy attests to this concern and our commitment to protect such information. The related procedures specify how it shall be applied.

The policy is established in accordance with the Personal Information Protection and Electronic Documents Act (federal "PIPEDA") and the Act Respecting the Protection of Personal Information in the Private Sector (Quebec).

Substantially, Metric adheres to the principles set forth in the Canadian Privacy Code drawn up by the Canadian Standards Association, which served as a cornerstone for the PIPEDA.
The two major issues are:

  • the way companies gather, hold, use, communicate and protect personal information; and
  • the right of individuals to refer to such information and to have it amended if necessary.

The policy applies to the personal information in all its forms – verbal, electronic, written or other – that a person gathers, holds, uses or communicates to third parties in connection with a company's business activities. It is defined as any information about a natural person and helps to identify him or her. Information of a public nature is not subject thereto.

It may occur that our files contain both personal information and confidential information not coming under the definition of personal information. Furthermore, the regulations only concern individuals, i.e. clients and employees, as well as client companies that conduct their business as individual companies. Under all circumstances, it is understood that Metric shall protect the confidentiality of any information it is entrusted with.

This policy and the related procedures shall be periodically reviewed to ascertain their conformity and effectiveness.

Principles Governing the Protection of Personal Information

Accountability

Metric is responsible for the personal information it handles and shall designate a person responsible for ensuring compliance with the principles set forth below.

Metric has extensive personal information that represents a high-risk informational capital. Any leaking or misuse of such information is liable to compromise the integrity and confidentiality thereof while also potentially harming the person concerned. To counter this contingency, it is necessary to implement a policy and appropriate protection measures that can be adapted as needed.

It is incumbent on the company's senior management to see to the compliance with the regulatory provisions and to appoint a person responsible for that undertaking. Metric shall disclose the title of the designated person on request. The role of the person responsible covers the following:

  • ensuring that the company complies with the legislation respecting the handling and protection of personal information;
  • ensuring that the company has implemented the measures required to protect the confidentiality of the personal information held;
  • receiving requests for information, access to the file and complaints, and processing them in a diligent and satisfactory manner;
  • ensuring that all personnel is sensitized to the protection of personal information, including training and the transmission of information about Metric Asset Management's policies and procedures; and
  • drafting explanatory documents about such policies and procedures.

Other Metric employees may be delegated to act on behalf of the designated person and to look after the daily gathering and processing of personal information.

Furthermore, the protection of personal and confidential information is incumbent on all employees at Metric. To that effect, every employee shall sign a confidentiality agreement that is included in the code of conduct, and this agreement shall be renewed every year. Temporary employees and consultants shall also sign a confidentiality agreement.

Finally, Metric is responsible for the personal information it entrusts to third parties for processing. It shall therefore provide a comparable degree of protection in regard to the information handled by a third party.

Identifying Purposes

The purpose for which personal information is gathered shall be determined prior to or at the time of the gathering thereof.

Metric shall document the purpose to comply with the principles of openness (4.8) and individual access (4.9). Identifying the purpose of gathering the information subsequently ensures optimal application of the policy with a focus on the following:

  • delimiting the type and quantity of the personal information to only gather the information need for the purpose mentioned;
  • informing the person concerned of the reasons for gathering such information;
  • determining the frequency of the updating of information;
  • limiting its use; and
  • setting the time of its destruction.

The purposes for which Metric gathers personal information include:

  • establishing and maintaining a discretionary portfolio management mandate;
  • concluding a hiring agreement; and
  • satisfying regulatory requirements.

Such purposes shall be specified to the client or the employees prior to or at the time of gathering the personal information. Except where required by law, Metric shall not use or communicate already gathered personal information for a new purpose before first defining the new purpose and obtaining the consent of the client or the employee.

Consent

A person shall be informed of and consent to any gathering, use or communication of personal information about him or her, unless it is not appropriate to do so.

The consent of the individual concerned shall be explicit and without any deduction on the part of Metric. It shall meet the following criteria:

  • clear: attested to by an electronic or paper document;
  • free: expressed without conditions, constraints or promises;
  • informed: given with awareness of its scope;
  • specific: allowing personal information to be communicated for a given purpose; and
  • limited in time: valid for the period needed for the purpose for which it is requested or for the period prescribed by law (whichever is longer).

Personal information gathered from third parties such as an authorized agent, or professional or personal references, shall be done with the permission of the individual concerned and the source of the information shall be recorded in his or her file.

The only time in which Metric shall gather or communicate personal information without the consent of the person concerned shall be under circumstances required by law.

Limiting Collection

Metric shall only gather the personal information needed for a specific purpose and proceed in an honest and lawful manner.

Metric only gathers the type and amount of protected information absolutely needed to conduct its business and for the purpose disclosed at the time of the gathering thereof. In cases where Metric uses numeric identifiers, it shall be authorized to do so pursuant to legal provisions.

For Clients

Personal information gathered from clients shall only be used for opening the account at Metric. The requested information is required pursuant to:

  • the applicable securities legislation for opening an account;
  • the applicable legislation respecting money laundering, and more specifically respecting the identity of account holders and legitimacy of the asset base;
  • the administration of the account by the trustee; and
  • the eventual transfer of the assets from another financial institution.

For Employees

The personal information gathered shall be used for the employment contract between Metric and the employee.

Metric undertakes to proceed honestly and lawfully when gathering such information, i.e. the company shall not deceive the person concerned or mislead him or her about the reasons for which the information is gathered. Nor shall it attempt to obtain permission to gather such information by fraudulent means.

Limiting use, disclosure and retention Personal information shall not be used or communicated for the purpose other than that for which it was gathered, unless the person concerned consents thereto or where required by law. Personal information shall not be preserved for longer than needed for an established purpose.

Use

Personal information shall be used solely by persons who need such information in the exercise of their duties relating to a portfolio management mandate and personnel management. Under no circumstances shall it be used for purposes not relevant to such functions.

Disclosure

Metric shall not communicate confidential information to any external parties except those needed to conduct its business. In particular, Metric shall not sell personal information or its client list to any party whatsoever.

Examples of third parties to whom Metric discloses confidential information to fulfill its mandate include:

  • for clients: regulatory authorities and service providers such as trustees, printers, portfolio management systems, market intermediaries, archive services; and
  • for employees: payroll and benefits management.

When Metric uses such external parties, it shall ensure that the protection of personal information meets confidentiality requirements.

Metric shall not use or communicate any personal information for reasons not previously specified except where required or permitted by law.

Retention

Metric shall not preserve any personal information it holds beyond the period prescribed for preservation requirements, no matter what medium is used.

The preservation period shall not exceed the longer of the following:

  • the period needed for the authorized purposes, or
  • the period prescribed by these legal requirements.

The preservation period shall take into account the requests for access that a person might invoke subsequent to decisions made about him or her. However, it shall be limited to the strict interval of time needed for the personal information to fulfill the role for which it is intended.

The terms and conditions of preservation are set forth in the procedures connected with this policy.

Accuracy

Personal information shall be as accurate, complete and up-to-date as required for the purpose for which it is used.
The personal information used by Metric shall be sufficiently accurate, complete and in order to reduce to a minimum the possibility that erroneous information be used to make a decision about a client or an employee.

Notably, some personal information about the financial position of clients can have an impact on the management of their assets. The persons concerned are therefore invited to inform Metric about any changes to their files.

Metric shall update this information when needed for a set purpose, or on notification to this effect by the person concerned if any information is erroneous or no longer valid.

Safeguards

Personal information shall be protected by security measures commensurate with its degree of sensitivity.

The necessary measures are implemented on the material, administrative and technological levels to prevent the loss, theft, consultation, communication, copying, use, change, destruction or any other unauthorized use.

In all cases, the information shall be kept in a safe place, protected against unauthorized access and preserved only for the time needed. Such measures apply no matter what form it is kept in.

All personal and confidential information shall be protected with the same care, no matter what its degree of sensitivity.

Metric has also implemented a computer network usage policy which all employees shall adhere to annually as part of the code of conduct.

Personal information communicated to third parties under the terms of contractual agreements shall specify the confidential nature of such information and the purpose for which it is intended.

Every Metric employee who has access to personal information is required, as a condition of employment, to respect the confidential nature of such information.

Metric recommends that its clients avoid transmitting any personal information by Internet or e-mail unless it is encoded. The Internet is a public network and the information circulating on it can be intercepted. Metric shall only use the Internet to transmit personal information outside the company if the client requests that means of communication.

Openness

Metric shall make the information about its personal information handling policies and practices easily available to any person.

A copy of this policy is available on Metric's website at www.metricasset.com.

It shall also be supplied to any person upon request.

The interested party may refer to other sites of interest such as:

The coordinates of the person responsible for the protection of personal information are provided in the "Challenging compliance" section below.

Individual Access

Metric shall inform any person who requests it of the existence of personal information about him or her, its use and the fact it has been communicated to third parties, and allow him or her to consult it. It shall also be possible to contest the content of the information and to ensure the appropriate corrections are made.

A person may refer to his or her file by applying in writing to the person responsible for the protection of personal information. To ensure personal information is protected, a client or an employee must be able to supply sufficient information for Metric to provide access to the file in complete security.

Metric shall provide the requested personal information within a reasonable timeframe (maximum of 30 days). The information shall be provided in a comprehensible and complete manner. This right to access and amendment covers:

  • the right to consult the file free of charge;
  • the right to have inaccurate information corrected free of charge;
  • the right to obtain a copy of the file for a reasonable fee covering the costs incurred in this regard, about which the person concerned shall be notified beforehand; and
  • the right to obtain the list of the third parties to whom Metric has communicated or could communicate personal information in conducting its business.

Metric may not be able to supply the requested information under some circumstances provided for by law. The reasons shall be given to the applicant.

The person responsible for the protection of personal information is also at your disposal if you have any questions or comments about Metric's practices.

Challenging Compliance

A person shall be able to complain about the non-compliance with these principles by communicating with the individual responsible for the compliance therewith.

Concerned persons wishing to file a complaint about the exercise of the rights arising from this policy or any situation related to the protection of personal information may do so by contacting either their portfolio manager or the person responsible designated by Metric:

  • by telephone at (416) 640-4961;
  • by e-mail at info@metricasset.com;
  • by mail:

    Person Responsible for Protection of Personal Information
    Metric Asset Management
    20 Eglinton Ave West
    Suite 1505 - PO Box 2037
    Toronto, Ontario
    Canada M5C 2V9

Any complaint shall be carefully examined to ensure it is properly handled. If the complaint is justified, Metric shall take the appropriate measures, including amending its policies and procedures if need be.

The client or the employee shall be informed of the result of the investigation into his or her complaint. The situation shall be corrected at the earliest convenience and Metric shall adjust its policies and procedures accordingly,

In the event of disagreement with Metric in the exercise of the rights set forth herein, the person concerned may address the organization in charge of their application, i.e.: