Privacy Policy: Hanlon Park Storage

1.0 PURPOSE

Hanlon Park Mini Storage (“HPMS”) maintains the principles of integrity and trust with respect to the privacy of personal information. As part of this commitment, HPMS will use its reasonable efforts to protect the privacy of personal information collected from: • Customers, • Suppliers, and • any other sources. HPMS will comply with the principles of the federal Personal Information Protection and Electronic Documents Act and any other personal information and data protection laws which may be applicable. The purpose of this Privacy Policy (the “Policy”) is to establish common rules to govern the collection, use and disclosure of personal information by HPMS, in a manner that balances an individual’s right to privacy with the need of HPMS to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances, in accordance with applicable privacy laws and regulations.

2.0 DEFINITIONS

“Personal Information” is information about an identifiable individual, not including the name, title or business address or telephone number of an employee of an organization, where the purpose of using that information is to contact that individual at their place of business.

3.0 COLLECTION, USE AND DISCLOSURE

HPMS will obtain the informed consent of its customers, suppliers, employees and any other individuals from whom it may collect personal information, to its collection, use or disclosure of their personal information, unless collection, use or disclosure without consent is permitted or required by law. “Informed consent” means that HPMS will: • Inform these individuals of the purposes for its collection, use and disclosure of their personal information, and • Obtain their consent to collection, use and disclosure for these purposes, prior to, or at the time of, the collection of their information. HPMS will only collect, use and disclose the information necessary for its identified purposes. If HPMS wishes to collect, use or disclose an individual’s personal information for a new purpose, HPMS will inform the individual of this new purpose and obtain his/her consent to this, except where such collection, use or disclosure without consent is permitted or required by law.

3.1 CUSTOMERS, SUPPLIERS AND OTHER INDIVIDUALS

HPMS may collect, use and disclose personal information in respect of customers, suppliers, and other individuals who are not employees, from and to the persons and for the purposes set out below: (a) For the purpose of providing storage services and satisfying contractual obligations in respect of those services; (b) To banks, trust companies, credit unions and credit card companies for the purposes of authenticating account information and processing pre-authorized payments; (c) From and to collection agencies for the purposes of skip tracing and administering debt collection; (d) For the purpose of protecting and monitoring HPMS’s assets and properties, which includes, but is not limited to, using video surveillance at the entrances and exits to HPMS’s properties; (e) Such other collections and uses of personal information from such persons and for such purposes for which HPMS may obtain consent from time to time; and (f) As otherwise required or permitted by law. HPMS may also transfer personal information of the above-named individuals to third party service providers to the extent required and for the purpose of providing administrative or technological support services to HPMS. An example of such a service provider includes (but is not limited to) website support companies.

3.2 WITHDRAWAL OF CONSENT

An individual may withdraw his/her consent at any time, on reasonable notice, subject to legal or contractual restrictions. HPMS will inform the individual of the implications of such withdrawal. For example, where an individual withdraws consent to the uses of his or her personal information as set out in the foregoing section “Customers, Suppliers and Other Individuals”, such withdrawal may result in HPMS being unable to provide its services to such individual.

4.0 SECURITY

HPMS will use reasonable and appropriate measures to ensure the confidentiality and protection of personal information against loss, theft, unauthorized access, collection, use, disclosure, copying, modification, disposal, destruction or similar risks. The methods of protection used include: • Physical measures such as locked filing cabinets, • Technological measures, such as the use of passwords and encryption. HPMS expects all of its employees to follow established guidelines in order to ensure the security of personal information in circumstances where they have access to such information. These guidelines include those set out in the Privacy Procedures and in HPMS’s Policies regarding systems security and communications technology use. Personal information of customers, suppliers, and other individuals will only be accessed by HPMS’s on-site managers and HPMS’s managerial team, on a need-to-know basis. HPMS is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. Therefore, if HPMS transfers personal information to third party contractors, it will require those contractors to covenant with it that they will provide the same security protection over the information as HPMS.

5.0 ACCURACY

HPMS will use reasonable efforts to ensure that personal information is as accurate, complete and up-to-date as is necessary for the identified purposes. This is to minimize the possibility that inaccurate information could be used to make a decision about an individual. To ensure the foregoing, HPMS requires each individual who provides HPMS with personal information to ensure that that information is accurate, complete and up-to-date. If the personal information of an individual changeswe expect that the individual or employee will make HPMS aware of those changes so that HPMS can update the personal information in question.

6.0 ACCESS

Upon written request by an individual, complete with sufficient detail of the information being requested, HPMS will, within the time limits as set out in the applicable legislation, do the following: • Inform the individual of the existence, use and disclosure of his or her personal information, (including a list of the organizations to which HPMS has, or may have, disclosed the individual’s personal information), and • Provide the individual with access to that personal information, • Except where HPMS is permitted or prohibited by law from doing so. In certain circumstances, HPMS is required by law to remove certain types of personal information from a document that contains personal information about the individual applicant, and then provide the individual access to this document. In those circumstances, HPMS will comply with this obligation. In certain circumstances, HPMS is required by law to deny access to personal information. HPMS will comply with this obligation where applicable.

7.0 CORRECTION REQUESTS

An individual may request HPMS, in writing, to correct personal information about the individual that is under HPMS’s control, if the individual believes that this information contains an error or an omission. If the information is subject to interpretation or is an opinion HPMS is not required to change the record but will annotate the record to indicate the individual’s request. HPMS will make a reasonable effort to assist access and correction applicants and to respond to them as accurately and as completely as possible.

8.0 RETENTION

HPMS will keep all personal information that has been used to make a decision about an individual long enough to allow the individual access to the information after the decision has been made or, in any case, for at least one year after such decision has been made. Where the personal information is the subject of a request from an individual, HPMS will retain the information for as long as is necessary to allow the individual to exhaust any recourse under the applicable privacy laws. HPMS will destroy or anonymize personal information when it no longer needs to retain the information for the purpose for which it was collected, and retention is no longer necessary for legal or business purposes. When destroying or anonymizing this information, HPMS will use appropriate security measures to ensure that the confidentiality of this information is maintained.

9.0 TRAINING

HPMS will train the necessary personnel with respect to their obligations regarding the privacy policy.

10.0 COMPLAINTS

An individual may direct a complaint concerning the collection, use or disclosure of his or her personal information, or about the application of the Policy, to the attention of the Privacy Officer. The complaint must be writing. Within a reasonable time of receipt of the complaint, the Privacy Officer will conduct an investigation into the complaint. The format of this investigation will vary, depending on the circumstances, and may or may not involve an interview of the complainant and/or HPMS employees. Within a reasonable time of conclusion of the investigation, the Privacy Officer will inform the complainant, either verbally or in writing, of the outcome of the complaint. If a complaint is found to be justified, HPMS will take appropriate measures necessary to rectify the complaint. Other comments and questions regarding this Policy or its administration should be forwarded to the attention of the Privacy Officer.