Privacy Policy

The privacy and security of our client’s personal information is one of the most important aspects of our service to our clients. Effective January 1, 2004, Sora Group and its registered representatives, employees and agents were subject to new laws and regulation which specifies obligations and limitations relating to our collection, use and disclosure of personal information and subjects Sora Group to certain remedies for our failure to adhere to such new laws and regulation. Sora Group has adopted a formal privacy policy that informs the public of our commitment to privacy, and informs our clients about the ways we ensure that their privacy and the confidentiality of their personal information are protected. All employees, agents and representatives of Sora Group should read this policy in its entirety.

As used herein, any reference to “personal information” or “information” means any information that identifies a client or person as an individual and includes information with respect to a client’s name, address, age, gender, income, marital status, finances, employment, trading history and web site use information, together with a client’s personal references and identification numbers (such as a social insurance number), or any similar information provided by a client with respect to a client’s spouse, partner or other family member.

Protecting the privacy and the confidentiality of the personal information we collect is fundamental to the way we do business, whether over the telephone, through the mail, at any branches or offices of Sora Group or over the Internet. No registered representative, employee or agent of Sora Group, except as required in the course of his or her employment with Sora Group and as otherwise provided herein, shall disclose to any person or company any personal information collected or obtained by such person in the course of or pursuant to his or her employment with Sora Group and shall keep all such information confidential and shall not use or attempt to use any such information in any manner contrary to the principles outlined below.

The ten principles described in the Articles below set out how Sora Group and its representatives, are to give effect to our commitment to protecting the privacy and the confidentiality of the personal information we collect and the commitments, obligations and procedures set out in the Privacy Policy. The principles outlined below must be adhered to at all times when dealing with personal information we obtain or have obtained from the public and, in particular, our clients.

Article 1: Accountability

Sora Group is responsible for personal information under its control, possession or custody, including information that has been transferred to a third party for processing and is required to designate an individual accountable for Sora Group’s compliance. In that regard, Sora Group has designated the following individual as Sora Group’s Privacy Officer.

Antonia Laginha
Chief Compliance Officer
590-1333 West Broadway
Vancouver, British Columbia
V6H 4C1

Telephone: (604) 738-7377
Facsimile: (604) 738-7215
Toll free: 1-866-721-7377
E-Mail: alaginha@soragroup.com

The identity and contact information of Sora Group’s Privacy Officer should be disclosed to any person upon request.

Accountability for Sora Group’s compliance with our Privacy Policy and the laws and regulations on which it is based rests with the designated Privacy Officer, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of the designated Privacy Officer. Our Privacy Officer must receive written notice of all enquiries or complaints relating to Sora Group’s Privacy Policy or the collection, use and disclosure of personal information by Sora Group. In the absence of the availability of our Privacy Officer, matters should be referred to senior personnel in Sora Group’s President & CEO, Robert J. Isaac.

Article 2: Identifying Purposes

At the time of or prior to collecting any personal information, the purposes for which such personal information is collected must be identified and documented. Identifying the purposes for which personal information is collected at or before the time of collection also allows Sora Group to determine the information needed to collect to fulfil these purposes. While it is recognized that most of the personal information Sora Group collects is required pursuant to securities (for example, “know you client” obligations), proceeds of crime/money laundering or income tax rules and regulations, we must be mindful of any collection of personal information outside these requirements (for example, for marketing or administration purposes).

The identified purposes should be specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing provided, however, that if notice of the purposes is given orally a memo should be immediately made confirming the same and inserted in the appropriate file for future reference.

When personal information that has been collected is to be used for a purpose not previously identified, the new purpose must be identified to the individual from whom the personal information was originally collected prior to use. Unless the new purpose is required by law, the consent of that individual is required before information can be used for that new purpose. Persons collecting personal information should be able to explain to individuals the purposes for which the information is being collected.

Article 3: Consent

Consent of the individual is required for the collection of personal information and the subsequent use or disclosure of this information. Such consent for the use or disclosure of the information should be obtained at the time of collection but in certain circumstances consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when such information is to be used for a purpose not previously identified). Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney).

This principle requires “knowledge and consent”. Advisors & Employees of Sora Group must make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed. It is also inappropriate for Sora Group, as a condition of the supply of a product or service, to require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified, and legitimate purposes. Consent must not be obtained through deception.

In obtaining consent, the reasonable expectations of the individual are also relevant. For example, an individual providing information with respect to a new account should reasonably expect that our firm, in addition to using the individual’s name and address for mailing purposes, may also contact the person to obtain or confirm trading instructions. In this case, we can assume that the individual’s account opening request constitutes consent for specific purposes related to the maintenance of the account. On the other hand, an individual would not reasonably expect that personal information given to our firm would be given to another company providing financial management products, unless consent were obtained.

Individuals can give consent in many ways. For example:
1. a client account application form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses;
2. a check-off box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of this information to third parties;
3. consent may be given orally when information is collected over the telephone provided, however, that if such consent is given orally a memo should be immediately made confirming the same and inserted in the appropriate file for future reference; or
4. consent may be given at the time that individuals use a product or service.
The form of the consent we may require will vary, depending upon the circumstances and the type of information. In determining the form of consent to use, you should take into account the sensitivity of the information. Although some information (for example, trading, income and medical records) is almost always considered to be sensitive, any information can be sensitive, depending on the context. For example, the names and addresses of clients subscribing to a report published by Sora Group may not generally be considered sensitive information. However, the names and addresses of client’s seeking some specialized or specific information might be considered sensitive.

We should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive.

In certain limited circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example:
1. where legal, medical, or security reasons make it impossible or impractical to seek consent;
2. where the information is required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;
3. when information is being collected for the detection and prevention of fraud or for law enforcement and seeking the consent of the individual might defeat the purpose of collecting the information;
4. where information is required by legal counsel representing Sora Group;
5. when information is required for the purpose of collecting a debt owed by the individual to the Sora Group; or
6. the information is otherwise required by law (for example, “know you client” obligations, proceeds of crime/money laundering or income tax rules and regulations).
The specific circumstances when consent is not required or reliance on any of the above exemptions should be referred to Sora Group’s Privacy Officer or the Compliance Department generally.

An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The organization shall inform the individual of the implications of such withdrawal.

Article 4: Limiting Collection

We must use our best efforts to ensure that both the amount and the type of personal information collected is limited to that which is necessary for the purposes identified, that personal information is not indiscriminately collected and that such information is otherwise collected by fair and lawful means. The requirement that personal information be collected by fair and lawful means the personal information must not be collected by misleading or deceiving individuals about the purpose for which information is being collected. This requirement implies that consent with respect to collection must not be obtained through deception.

Personal Information collected in any form by or on behalf of Sora Group outside the client account application form must be cataloged and a summary of such information must be provided to Sora Group’s Compliance Department not less than once a month. The summary should indicate the date of collection, the type of information collected, the identified purpose for such information, the form and content of consent obtained, the medium or mediums on which such information is recorded (for example, paper copy and computer files) and the location of such information.

Article 5: Limiting Use, Disclosure, and Retention

As stated above, personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law, and the use of personal information for a new purpose must be documented.

Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it was collected or otherwise for such time as may be required by law. Reference should be made to Sora Group’s document retention policy with respect to the retention of information under the rules and policies of the Investment Dealers Association of Canada and applicable tax laws. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. Personal information which is the subject of legal proceedings or other administrative enquiry should be retained for so long as is necessary with respect to such proceeding or enquiry. Except as may be required with respect to the foregoing, personal information of a general nature (such as mailing lists) should only be retained for no longer than one year and all personal information should be retained for no longer than ten years.

Personal information that is no longer required to fulfill the identified purposes or any other proceeding or requirement to which Sora Group is subject, should be destroyed, erased, or made anonymous. Paper records containing personal information should be reviewed and any personal information made anonymous through manual deletion or erasure or otherwise such records should be disposed of through an approved shredding process or other secure disposal mechanism from time to time acceptable to Sora Group’s Compliance Department. Electronic records, whether stored on hard drives, diskettes, CDs of other electronic medium must be erased or rendered unusable prior to disposal.

Article 6: Accuracy

We must ensure that personal information obtained by Sora Group is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used, the extent of which will depend upon the use of the information, taking into account the interests of the individual. Personal information must be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual. Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

While we ask our client’s to confirm and take responsibility for the accuracy of the personal information we maintain on their behalf, we must be diligent in recording and using the information we have been provided, particularly when disclosing such information to third parties, and immediately correct any inaccuracies we detect.
We should not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected.

Article 7: Safeguards

Personal information must at all times be protected by security safeguards appropriate to the sensitivity of the information, regardless of the format in which it is held. Such security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.

The methods of protection should include:

1. physical measures, for example, locked filing cabinets, clearing desk tops, turning off or obscuring computer screens and restricted access to offices;
2. organizational measures, for example, limiting the amount of personal information removed from office or branch premises, security clearances and limiting access on a “need-to-know” basis; and
3. technological measures, for example, the use of passwords and encryption.

Sora Group is accountable for information it provides to third party service providers. Contractual covenants or other means shall be used to provide level of protection comparable to that adopted by Sora Group while any information is being processed or stored by a third party (for example, data processing agents, mailing agents, document storage organizations or computer service organizations. Any contract or renewal agreement with such service providers should contain prescribed covenants to ensure compliance with this principle. Samples of such covenants are available from Sora Group’s Compliance Department.

Care must be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

Article 8: Openness

We must make readily available to individuals specific information about, and all times be open with respect to, our policies and practices set out in our Privacy Policy. Individuals must be able to acquire a copy of our Privacy Policy on request, without unreasonable effort. Our Privacy Policy should be provided in brochure form when a new client receives its client account opening package. Our policy is also available in a brochure form at all of Sora Group’s branches or offices and is provided through our Web site. Enquiries regarding our policy can be made to any office manager, Sora Group’s Compliance Department or our Privacy Officer though the toll-free telephone number listed above.

If an individual wishes to enquire of his or her options with respect to certain personal information or otherwise wishes to withdraw consent for previously disclosed personal information, the Privacy Officer or designated representatives should outline the options the individual has, inform the individual of the implications of selecting such option, respect the choice indicated by the individual and record the individuals choice for future reference.

Article 9: Individual Access
Any individual is entitled to request information regarding the existence, use, and disclosure of his or her personal information and is entitled to be given access to that information. Any request for such information or access thereto shall be immediately referred in writing to the applicable office manager or the Sora Group’s Compliance Department with a copy in all circumstances to Sora Group’s designated Privacy Officer.

The office manager, Compliance Department representative or designated Privacy Officer, as the case may be, must be satisfied of any requesting individual’s identity and entitlement to the requested information prior to releasing such information or providing access to that information. Therefore, all requests must be submitted to Sora Group in writing and any individual requesting access must provide sufficient proof of entitlement as may be required by the applicable representative of Sora Group, acting reasonably. An individual may also be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information but any information so provided should only be used for this purpose. The requesting individual should be informed, in writing, of any cost or fee associated with the particular request and any such fee must be reasonable in the circumstances. The requesting individual should be given the option of withdrawing the request upon being informed to the costs or fee, if any, associated with the particular request.

The office manager, Compliance Department representative or designated Privacy Officer, as the case may be, must inform an individual whether or not Sora Group holds personal information about the individual and must allow the individual access to this information within a reasonable time but in any case, not longer than thirty (30) days from the date of the original request. If it appears unlikely that the requested information or access can be provided within the thirty day period, the designated Privacy Officer must be informed of the reasons and an application for an extension of this response period must be made pursuant to the applicable legislation or statute.

The report provided by the office manager, Compliance Department representative or designated Privacy Officer, as the case may be, to the requesting individual should be provided or made available in a form that is generally understandable. For example, if Sora Group uses abbreviation or codes to record information, an explanation shall be provided. The report should provide an account of the use that has been made or is being made of the information collected and an account of the third parties to which it has been disclosed. In providing an account of third parties to which it has disclosed personal information about an individual, reasonable efforts should be made to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, a list of organizations to which Sora Group may have disclosed information about the individual should be provided.

In certain limited situations, Sora Group may not be able to provide access to all the personal information it holds about an individual. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

Any individual shall be able to challenge the accuracy and completeness of the information to the responsible office manager, Compliance Department representative or designated Privacy Officer, as the case may be, and if the individual successfully demonstrates the inaccuracy or incompleteness of personal information, have it amended as appropriate. Depending upon the nature of the information challenged, amendment may involve the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by the responsible office manager, Compliance Department representative or designated Privacy Officer, as the case may be, and in any case of summary of the matter should be immediately forwarded to Sora Group’s designated Privacy Officer. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.

Article 10: Challenging Compliance

Any individual is entitled to make a challenge or complaint concerning compliance with Sora Group’s Privacy Policy or Sora Group’s compliance with the principles set out in applicable privacy legislation or statute. Any challenge or complaint shall be immediately referred in writing to the applicable office manager or to Sora Group’s Compliance Department with a copy in all circumstances to Sora Group’s designated Privacy Officer. Complaints that are not resolved at the office manager level within seven (7) days will be referred to the Sora Group’s Compliance Department and the designated Privacy Officer.

Individuals who make inquiries or lodge complaints shall be informed in writing of the existence of relevant complaint procedures and shall be informed of the individual’s right to address a challenge or complaint concerning compliance with Sora Group’s Privacy Policy or Sora Group’s compliance with the principles set out in applicable privacy legislation or statute directly to Sora Group’s designated Privacy Officer.

The designated Privacy Officer or his or her delegated representatives in Sora Group’s Compliance Department shall investigate all complaints. If a complaint is found to be justified, the appropriate measures, including, if necessary, amending Sora Group’s Privacy Policy or the policies and practices set out herein, shall be taken immediately.