Aerial view of a point on Peninsula Lake from above

Privacy Policy

PURPOSE

Freed has adopted this Privacy Policy in accordance with The Personal Information Protection and
Electronic Documents Act (PIPEDA). The protection of personal information is important to us. We
as a company are committed to protecting the privacy of our clients, customers and other
individuals. Our Privacy Policy sets out how we collect, use, safeguard and disclose the personal
information of clients, customers, and applicants applying for a job. Our commitment is to
maintain the confidentiality of all personal information and to preserve rights to privacy.

SCOPE

This Privacy Policy contains ten principles as defined by PIPEDA that are observed by Freed
regarding the collection, use and disclosure of personal information. Each principle must be read
in conjunction with the accompanying commentary. The commentary in the Freed Privacy Policy
has been tailored to reflect the personal information issues specific to Freed.

APPLICATION

This policy applies to all employees of Freed who are covered by the ESA, regardless of their
location of workplace, remote, at home, on site, on the road in office or a combination of any or
all of the above.

Freed’s Ten Privacy Principles:

Principle 1 – Accountability
Principle 2 – Identifying Purposes for Collection of Personal Information
Principle 3 – Consent
Principle 4 – Limiting Collection of Personal Information
Principle 5 – Limiting Use, Disclosure of Retention of Personal Information
Principle 6 – Accuracy
Principle 7 – Security Safeguards
Principle 8 – Openness
Principle 9 – Individual Access
Principle 10 – Managing Inquiries and Challenges

POLICY

The Policy applies to personal information about Freed’s customers, clients, applicants and other
individuals, that is collected, used or disclosed by Freed.
The Policy does not apply to information about Freed’s employees; however, such information is
protected by Freed’s Employee Privacy Policy.
This Policy is subject to change and may be supplemented or modified by additional terms
applicable between Freed and an individual.

DEFINITIONS

Collection – the act of gathering, acquiring, recording, or obtaining personal information.
Consent – voluntary agreement with the collection, use and disclosure of personal information
for defined purposes. Consent can be either expressed, implied or deemed, and can be provided
directly by the individual or by an authorized representative. Express consent can be given orally,
electronically or in writing. Implied consent is consent that can reasonably be inferred from an
individual’s action or inaction. Deemed consent is consent that is deemed to be given pursuant
to applicable legislation or other regulations.
Disclosure – making personal information available to a third party.
Freed – Freed Corp. and its subsidiaries and certain designated affiliates, as they may exist from
time to time.
Personal information – information about an identifiable individual, but does not include
aggregated information that cannot be associated with a specific individual. Personal information
also excludes certain information as is excluded pursuant to applicable legislation or other
regulations, such as publicly available information or business contact information, as and when
applicable.
Third party – an individual or organization outside Freed.
Use – the treatment, handling and management of personal information by and within an
organization.

PRINCIPLE 1 – ACCOUNTABILITY

Freed is responsible for personal information under its control and shall designate one or more
persons who are accountable for Freed’s compliance with the following principles.
Freed designates the Chief Privacy Officer as the person accountable for compliance with the
Policy. From time to time, the Chief Privacy Officer is entitled to delegate day-to-day responsibility
for administration of this Privacy Policy and related privacy policies and practices to other
employees and consultants.
Freed shall make known, upon request, the title of the person or persons designated to oversee
Freed’s compliance with the Policy.
Freed is responsible for personal information in its possession or under its control. Freed shall use
appropriate means to protect personal information while information is being processed by a
third party on behalf of Freed (see Principle 7).
Freed shall implement policies and procedures to give effect to the Policy, including:
Implementing procedures to protect personal information and to oversee Freed’s compliance with
the Freed Privacy Policy;
i. establishing procedures to receive and respond to inquiries or complaints;
ii. training and communicating to staff about Freed’s policies and practices;
iii. developing public information to explain Freed’s policies and practices.

PRINCIPLE 2 – IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL
INFORMATION

Freed shall identify and document the purposes for which personal information is collected at or
before the time the personal information is collected or, when appropriate, at or before the time
the personal information is used for a new purpose.
Freed collects personal information for the following purposes:
i. to establish and maintain a responsible commercial relationship with customers;
ii. for purposes identified to individuals or purposes obvious to individuals, in respect of
particular collections of personal information;
iii. to meet legal and regulatory requirements;
iv. to understand needs and preferences of individuals;
v. to develop, enhance, market and/or provide products and services; and,
vi. to manage and develop Freed’s business and operations, including transfer of data among
affiliated entities.
Further references to “identified purposes” mean the purposes identified in this Principle.
Freed shall, as appropriate, specify orally, electronically or in writing the identified purposes to the
individual at or before the time personal information is collected. Upon request, persons collecting
personal information shall explain these identified purposes or refer the individual to a designated
person within Freed who shall explain the purposes.

The knowledge and consent of an individual are generally required for the collection, use or
disclosure of personal information. In certain circumstances personal information can be collected,
used or disclosed without the knowledge and consent of the individual, such as in the case of an
emergency where the life, health or security of an individual is threatened.
Freed may disclose personal information without knowledge or consent to a lawyer or other
advisor representing Freed, to collect a debt, to comply with a subpoena, warrant or other court
order, or as may be otherwise required or authorized by law.
In obtaining consent, Freed shall use reasonable efforts to ensure that an individual is advised of
the identified purposes for which personal information will be used or disclosed. Purposes shall
be stated in a manner that can be reasonably understood by the individual.
Generally, Freed shall seek consent to use and disclose personal information at the same time it
collects the information. However, Freed may seek consent to use and disclose personal
information after it has been collected, but before it is used or disclosed for a new purpose.
Freed will require individuals to consent to the collection, use or disclosure of personal information
as a condition of the supply of a product or service only if such collection, use or disclosure is
reasonably required to fulfill the identified purposes.
In determining the appropriate form of consent, Freed shall take into account the sensitivity of
the personal information and the reasonable expectations of the individual.
Where consent is required for a particular use or disclosure, an individual may withdraw consent
at any time, subject to legal or contractual restrictions and reasonable notice. Individuals may
contact Freed for more information regarding the implications of withdrawing consent

PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION

Freed shall limit the collection of personal information to that which is necessary for the purposes
identified by Freed and as permitted by law.
Freed collects personal information primarily from the individual to whom the information relates.
Freed may also collect personal information from other sources including credit bureaus or other
third parties who represent that they have the right to disclose the information, or as otherwise
permitted by law.

PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION OF
PERSONAL INFORMATION

Freed shall not use or disclose personal information for purposes other than those for which it
was collected, except with the consent of the individual or as required by law. Freed shall retain
personal information only as long as necessary for the fulfillment of those purposes or as required
or permitted by law.
Freed may disclose an individual’s personal information to:
i. a person who in the reasonable judgement of Freed is seeking the information as an agent
of the individual
ii. a company or individual employed by Freed to perform functions on its behalf, such as
but not limited to research or data processing;
iii. another company or individual for the development, enhancement, marketing or provision
of any of Freed’s products and services;
iv. an agent used by Freed to evaluate the individual’s creditworthiness or to collect the
individual’s account;
v. a credit reporting agency;
vi. a public authority or agent of a public authority, if in the reasonable judgment of Freed, it
appears that there is imminent danger to life or property which could be avoided or
minimized by disclosure of the information;
vii. another entity as part of a merger, a sale of assets of all or part of a business, or any other
corporate change or re-organization; and,
viii. a third party or parties, where the individual consents to such disclosure or disclosure is
required or permitted by law.
Only Freed employees with a business need to know, or whose duties reasonably so require, are
granted access to personal information about individuals.
Depending on the circumstances, where personal information has been used to make a decision
about an individual, Freed shall retain, for a reasonable period of time, either the actual
information or the rationale for making the decision.
Freed shall maintain reasonable and systematic controls, schedules and practices for information
and records retention and destruction which apply to personal information that is no longer
necessary or relevant for the identified purposes or required or permitted by law to be retained.
Such information shall be destroyed, erased or made anonymous.
Where appropriate, Freed may communicate updates of personal information to third parties.
Freed may engage affiliates or third-party service providers for the purpose of providing services
or processing information on behalf of Freed, and we may transfer or disclose personal
information to such parties in connection with such purposes. Some divisions, affiliates or thirdparty service providers may be located in other jurisdictions, and information in their custody (i)
may or may not be subject to privacy legislation similar to that applicable to Freed, and (ii) may
be subject to laws applicable in such jurisdictions that permit access to such information by
foreign governments or law enforcement agencies or by others.

PRINCIPLE 6 – ACCURACY

Freed shall take steps to ensure that personal information is as accurate, complete and up-to-date
as is appropriate for its purposes.
Personal information used by Freed shall be sufficiently accurate, complete and up-to-date to
minimize the possibility that inappropriate information may be used to make a decision about an
individual.
Freed shall take all reasonable steps to update personal information about individuals as and
when reasonably necessary to fulfill the identified purposes or as reasonably requested by the
individual.

PRINCIPLE 7 – SECURITY SAFEGUARDS

Freed shall protect personal information by security safeguards appropriate to the sensitivity of
the information.
Freed shall take appropriate and reasonable steps to protect personal information against such
risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction.
Freed shall take appropriate and reasonable steps to protect personal information disclosed to
third parties, for example by contractual agreements stipulating the confidentiality of the
information and the purposes for which it is to be used.

PRINCIPLE 8 – OPENNESS

Freed shall make readily available to individuals’ specific information about its policies and
practices relating to the management of personal information.
Copies of the Policy will be made available upon request.
Freed shall make information about its policies and procedures easy to understand, including:
i. the title and addresses of the person or persons accountable for Freed’s compliance with
the Policy and to whom inquiries or complaints can be forwarded;
ii. the means of gaining access to personal information held by Freed;
iii. a description of the type of personal information held by Freed, including a general
account of its use.

PRINCIPLE 9 – INDIVIDUAL ACCESS

Upon request, Freed shall inform an individual of the existence, use and disclosure of his or her
personal information, at a minimal or no cost to the individual. An individual shall be able to
challenge the accuracy and completeness of the information and have it amended as appropriate.
In certain situations, Freed may not be able to provide access to all the personal information that
it holds about an individual. For example, Freed may not provide access to information if doing
so would likely reveal personal information about a third party or could reasonably be expected
to threaten the life or security of an individual. Also, Freed may not provide access to information
if disclosure would reveal confidential commercial information, if the information is protected by
solicitor-client privilege, if the information was generated in the course of a formal dispute
resolution process, or if the information was collected in relation to the investigation of a breach
of an agreement or a contravention of a law. If access to personal information cannot be provided,
Freed shall, upon request, provide the reasons for denying access.
In order to safeguard personal information, an individual may be required to provide sufficient
identification information to permit Freed to authorize access to the individual’s file.
Individuals can seek access to their personal information by contacting the Privacy Officer at Freed.
Freed will endeavor to respond to all requests within 30 days or, in any event, as required or
permitted by applicable law.

PRINCIPLE 10 – HANDLING INQUIRES AND CHALLENGES

An individual shall be able to address a challenge concerning compliance with the above principles
to the designated person or persons accountable for Freed’s compliance within the Policy.
Freed shall maintain procedures for addressing and responding to all inquiries or complaints from
individuals about Freed’s handling of personal information.
Freed shall inform its customers about the existence of these procedures as well as the availability
of complaint procedures.
The person or persons accountable for compliance with this Policy may seek external advice where
appropriate before providing a final response to individual complaints.

If you have questions or concerns about our privacy policy or practices, or would like changes to
the communications we send you, please contact our Privacy Office.
Chief Privacy Officer: Elaine Crossland, VP, Legal & General Counsel
Email: elainec@freedevelopments.com
Phone: (416) 781-5699 Ext 142
Mail: Attn: Chief Privacy Officer
552 Wellington Avenue West, Suite 1500, Toronto, ON, M5V 2V5