INTRODUCTION

Keilhauer is a family-owned corporation that was started in June of 1981. From the outset, the company has had one focus – to manufacture high quality commercial seating on time. We believe that if we keep both our staff and our customers happy then we will achieve success.

To that end, the privacy of Personal Information has always been an important part of our operations. On January 1, 2004, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) came into effect for provincially regulated organizations that collect, use and disclose Personal Information in the course of their commercial activities.
Keilhauer has developed the following General Privacy Policy (the “Privacy Policy”) in respect of its collection, use and disclosure of Personal Information in the course of its commercial activities, as well as to inform individuals of our continuing commitment to the protection of their Personal Information.

DEFINITIONS IN THIS POLICY

Collection means the act of gathering, acquiring, recording or obtaining Personal
Information from any source, including third parties, by any means.

Commercial activity means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.

Consent means the voluntary agreement with the collection, use and disclosure of Personal Information for defined purposes. Consent can be either express or implied. Express consent is given explicitly, orally, electronically or in writing and will be requested when the information is sensitive. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction and will be accepted when the Personal Information is less sensitive. Generally, and with certain exceptions, an individual’s s knowledge and consent is required for the collection, use, or disclosure of Personal Information.

Disclosure means making Personal Information available to third parties outside the organization.

Individual means a natural person and includes a customer, contractor and supplier but does not include an employee of Keilhauer. Personal Information means any information about an identifiable individual. This includes: name, age, income, credit history, banking information, home address, credit card numbers, billing records, recorded complaints and personal Email addresses.

Use means the treatment, handling, and management of Personal Information within an organization.

THE TEN PRINCIPLES ADOPTED BY KEILHAUER

1. Accountability

Keilhauer is responsible for Personal Information in its possession or control and has designated a person who is accountable for Keilhauer’s compliance.

Responsibility for compliance with Keilhauer’s Privacy Policy rests with the Chief Privacy Officer. The Chief Privacy Officer may be contacted at Chief Privacy Officer c/o Keilhauer, 1450
Birchmount Road, Toronto, Ontario M1C 2E3. Other employees within Keilhauer may act on behalf of the Chief Privacy Officer regarding the day-to-day collection and processing of Personal Information.

Keilhauer will have policies and procedures in place to enforce its Privacy Policy, including the following:

(a) Procedures to protect Personal Information and to oversee the company’s compliance with the policy;

(b) Establishing procedures to receive and respond to inquiries or complaints;

(c) Training and communication to employees about Keilhauer’s policies and practices;

(d) Public information to explain Keilhauer’s policies and practices.

2. Identifying Purposes for Collection of Personal Information

Our corporate mission is the continuous improvement of satisfying our customer’s needs. To that end, you will find below some of the ways we collect Personal Information about our customers, suppliers and other individuals in the course of our commercial activities.

Keilhauer will identify the purposes for which Personal Information is collected at or before the time the information is collected.

Keilhauer has collected and collects Personal Information in person, by phone, fax, email, Internet, and by other means for the following purposes:

(a) to establish and maintain responsible commercial relations with individuals and to provide ongoing service including processing orders, answering customer complaints, administering warranty requests, processing credit applications, operating Keilhauer’s website and tracking and delivering shipments. For example, customer service will forward home addresses and telephone numbers to freight companies when arranging for delivery of a product to a home residence;

(b) to understand and respond to customer needs and preferences;

(c) to verify customer identity;

(d) to develop, enhance, market or provide products and services, including through the
website;

(e) to manage and develop its business and operations, including obtaining credit references; and

(f) to meet legal or regulatory requirements.

3. Obtaining Consent for the Collection, Use or Disclosure of Personal
Information

The knowledge and consent of an individual are required for the collection, use and disclosure of Personal Information, except as provided by PIPEDA. Keilhauer will obtain consent from individuals before or when it collects or uses the Personal Information.

However, Keilhauer may seek consent to use and disclose Personal Information after it has been collected but before it is used or disclosed for a new purpose. Keilhauer will make a reasonable effort to ensure individuals understand how Keilhauer will use their Personal Information. Keilhauer will not attempt to deceive anyone into giving consent.

A person can withdraw consent at any time, except as provided by PIPEDA. A customer’s receipt of this Privacy Policy shall constitute consent, use or disclosure of Personal Information, except where inappropriate and unless the customer advises Keilhauer in writing that they wish to withdraw consent. Regarding more sensitive information, Keilhauer may seek express consent (whether verbal, in writing, or by electronic means).

Refusing or Withdrawing Consent

Individuals may refuse or withdraw consent to Keilhauer’s collection, use or disclosure of their Personal Information by providing unless PIPEDA requires otherwise. If you wish to withdraw consent at any time, we would ask that you provide us with reasonable notice.

If an individual refuses or withdraws his or her consent, Keilhauer may not be able to provide the individual with some products and services.

4. Limiting Collection of Personal Information

Keilhauer shall limit the collection of Personal Information to that which is necessary for the purposes identified by the company. Keilhauer will only collect information by fair and lawful means. The type of information Keilhauer collects may include but is not limited to: a customer’s name, address, phone number, product ordered, credit and banking information. This Personal Information may be collected from various sources, including the individuals themselves such as by phone, website, email, fax and other means, credit bureaus, personal references and other third parties who represent that they have the legal authority to disclose the information.

The Keilhauer Website

The Keilhauer web server anonymously logs requests from individual web browsers. This logging happens whether or not individuals have Cookies enabled and is not related to any Personal Information. The information logged primarily consists of:

(a) Internet IP address

(b) Files that the individual’s browser has requested

(c) The time of the request

(d) Browser type and computer type

(e) Page from which the individual came

Keilhauer uses the above information to understand the number of visitors to its website, the type of information requested, and what problems, if any, may exist on the website. This information is used in aggregate and is not linked to any personally identifiable information. Keilhauer may share this non-identifiable information in a distilled or raw format with business partners and associates.

When someone visits a website, a cookie is placed on the individual’s machine (if the individual accepts cookies) or is read if the individual has visited the site previously. The web server does this as a matter of course and the information is not required to use the Keilhauer website. An individual may turn cookies off in his or her browser and still use all the functionality of the Keilhauer website.

As stated above, we may collect information about you when you send us an email. For example, you may send us a comment or suggestion about how we may improve our site, or you may have a question about a particular product. We collect your contact information and use it to answer the subject of your query or send you promotional information about products or services that may be of interest to you. Keilhauer will remove any information voluntarily provided within 48 hours of receiving a written request.

An individual may restrict Keilhauer’s email communication at any time, either by replying to an individual email with the words “Please remove me from your email list” or by sending an email to the email address below requesting that Keilhauer does not send information.

5. Limiting Use, Disclosure and Retention of Personal Information

Keilhauer uses and discloses Personal Information only to the extent required to fulfill the purposes stated within this policy, except with the consent of the individual or as provided by PIPEDA. If we require Personal Information for any other purpose, we will make every attempt to notify the appropriate individuals of the new purpose and request consent. We will keep Personal Information as long as necessary to fulfill the above noted purposes. For example, certain business records are kept for up to 10 years to satisfy income tax legislation requirements, internal requirements, and the terms of Keilhauer’s 10-year warranty on all of its chairs.

When Keilhauer destroys Personal Information, it will use appropriate safeguards to prevent unauthorized collection, use or disclosure.

6. Accuracy

Keilhauer will employ reasonable measures to ensure that the Personal Information we have about individuals is accurate, complete and as up-to-date as necessary for the identified purpose(s). We will amend Personal Information that is inaccurate or incomplete.

7. Appropriate Safeguards

We have in place appropriate security measures to protect against the unauthorized collection, loss, misuse or alteration of information we retain on file appropriate to the sensitivity of the information, including the following:

(a) Wherever possible, files containing individual Personal Information are separated from
corporate clients and kept in locked cabinets;

(b) Invoices, credit memos and cheques containing Personal Information are put in sealed confidential envelopes.

(c) Only authorized personnel on a “need-to-know” basis have access to individual Personal Information.

(d) Electronic data is protected by passwords and encryption and is only accessible to authorized personnel.

(e) Master user lists and rights are reviewed annually.

We will continue to enhance security procedures to safeguard and protect Personal Information. However, please remember that no security measures are entirely foolproof, especially in respect of Internet or email communications and we encourage visitors to our website to exercise care with the information that they provide through the Internet or by email.

8. Openness Concerning Policies and Practices

Keilhauer will make readily available specific information about its policies and practices relating to the management of Personal Information and will review its privacy policies on a regular basis. A copy of this privacy policy (and any future updates) can be obtained from our Web site at www.keilhauer.com.

9. Access to Personal Information

Keilhauer will inform an individual of the existence, use and disclosure of his or her Personal Information upon request and give the individual access to that information. An individual may be able to challenge the accuracy and completeness of that information and have it amended as appropriate. Individuals who have any questions about this privacy policy or the collection, use or disclosure of their Personal Information may contact Keilhauer at the address noted below. Please note that Individuals may be asked to confirm their identity and be directed to send us requests in writing.

10.Challenging Compliance

Upon receipt of a complaint or enquiry from an individual concerning the collection, use or disclosure of their Personal Information, Keilhauer will respond in a timely manner and will review all such complaints or inquiries free of charge. If the complaint is valid, Keilhauer will take appropriate measures to resolve the complaint, including, if necessary, amending its policies and procedures.

How to Contact Us

For more information, to file a complaint or to make enquiries about your Personal Information, please contact Keilhauer’s Privacy Officer at the following contact information:

Address: 1450 Birchmount Road Toronto, ON M1P 2E3

Telephone No.: 416-759-5665 (Toll-free: 1-800-724-5665)

Email Address: privacyofficer@Keilhauer.com

Website: www.keilhauer.com