“Personal Information” is defined as information that identifies an individual and includes, but is not limited to, their name, email, address, age, marital status, race/nationality, financial records, religion, or social insurance number.
Clients are requested to notify XIB as soon as possible of any changes, deletions or corrections to their Personal Information so that XIB may keep such information up-to-date.
Purposes of Collection, Use and Disclosure of Personal Information and Client Consent
XIB collects and maintains Personal Information about Clients in connection with the offering and sale of interests in XIB private investment funds (the “XIB Funds”), the opening and operating of managed accounts, Client communications, or otherwise as required by law. XIB collects and maintains Personal Information in order to:
- Establish, service and administer Client accounts (such as providing tax receipts, transaction confirmations, statements; investment fund financial statements, and other information that may be requested or needed to service these accounts);
- Establish the identity of a Client or an authorized individual;
- Assess a Client’s eligibility in a XIB fund;
- Execute transactions;
- File with applicable Canadian regulatory authorities a report setting out a Client’s name, address, telephone number, email address and other information relating to a Client, the class and series of Interests issued, the date of issuance, the purchase price of Interests issued to a Client and other details of the distribution;
- Protect XIB and its Clients from error and fraud;
- Comply with anti-money laundering/anti-terrorist financing and other regulatory requirements; and
- Establish XIB’s legal rights or defend against legal claims.
Personal Information collected from a client includes name, address, date of birth, and social insurance number; XIB typically collects this information from the following sources:
- Subscription agreements submitted by an investor or prospective investor;
- Investment management agreements;
- Transactions with XIB or any of its affiliates;
- Communications between XIB and a Client; and
- Other information provided.
Personal Information shall not be used or disclosed for purposes other than those for which it was collected. XIB may disclose Personal Information to third parties and to XIB affiliates, when necessary and without the consent of a Client, including:
- financial service providers, such as banks and others used to finance or facilitate transactions by, or the operations of, an XIB Fund and/or managed account;
- other service providers to a Fund and/or managed account such as fund administrators, accounting, legal, or tax preparation services; and
- regulatory, tax or other government authorities and agencies. XIB will only disclose Personal Information to a governmental entity or other regulatory or self-regulatory organization when required to do so by such laws and regulations, or by court order.
The collection of Client information will be limited to that which is necessary for XIB to provide services to a Client and for third-party service providers to be able to provide services to XIB, its Funds and/or managed accounts. Before XIB may use Personal Information for a purpose not previously identified to a Client, the new purpose shall be identified and consent will be obtained from the Client before the information is used for the new purpose (or the client may opt-out), unless the use is otherwise required by law.
XIB maintains physical, technological and organizational controls consistent with regulatory standards to safeguard Personal Information in its possession. Reasonable security safeguards have been implemented to help protect Personal Information from loss, misuse, unauthorized access or disclosure. These measures include, but are not limited to:
- Restricted physical and system access controls;
- Safeguards to detect and prevent security system failures;
- Use of secure user authentication protocols for access to records with Personal Information;
- Use of reasonably up-to-date firewall protection and operating system security patches;
- Use of reasonably up-to-date versions of system security agent software including malware protection and virus definitions;
- Reviewing safeguarding controls of service providers who receive Personal Information as part of the provision of XIB services; and
- Employee training on XIB’s privacy obligations.
XIB remains responsible for Personal Information it has disclosed to third parties and endeavors to protect this information through contractual agreements. XIB does not sell or lease Personal Information to third parties nor does it share Personal Information with third parties for their marketing purposes.
Notwithstanding the aforementioned controls, there remains a residual risk of a breach of security safeguards which could result in a real risk of significant harm. See section “Breaches and Risk of Harm” below for XIB’s reporting and notification procedures to deal with a privacy breach which results in a real risk of significant harm to an individual.
Personal Information will be retained for at least seven years following the end of the relationship (unless there are legal requirements that require its retention) after which all documentation will be destroyed in a manner commensurate with its sensitivity.
Client Access to their Personal Information
XIB’s Chief Compliance Officer has been appointed Chief Privacy Officer (“CPO”). The CPO oversees privacy governance including the development of policies, adherence to procedures, training and education, reporting to XIB’s Board, and dispute resolution. Clients may contact XIB’s Chief Privacy Officer in writing if they wish to:
- access their Personal Information;
- correct their Personal Information;
- withdraw consent to any use and disclosure of their Personal Information (however, this may limit the Client’s opportunity to access XIB’s services or products);
- obtain more information or have concerns; and
- file a complaint relating to how XIB has handled their Personal Information (if a Client is dissatisfied with the results of an investigation of a complaint, they may bring the complaint to the attention of the Office of the Privacy Commissioner of Canada (“OPC”)).
Costs associated with the provision of Personal Information further to a Client’s written request are borne by the Client. Requested information will generally be provided within 30 days of the request being made. XIB’s Chief Privacy Officer may be contacted at:
Chief Privacy Officer
XIB Asset Management Inc.
200 Bay Street, Suite 2102
PO Box 93
Toronto, ON M5J 2J2
Breaches and Risk of Harm
XIB is subject to reporting and notification obligations in the event a privacy breach occurs which results in a real risk of significant harm to an individual. A privacy breach is the loss of, unauthorized access to, or disclosure of, Personal Information resulting from a breach of an organization’s security safeguards. A real risk of significant harm includes but is not limited to damage to reputation or relationships, identity theft, humiliation or financial loss. In the event of a privacy breach, XIB will investigate and assess the implications of the breach as soon as feasible. Where XIB has determined the breach creates a real risk of significant harm to an individual, XIB will investigate the matter, report to the OPC and notify affected individuals as soon as feasible, and take remedial measures as applicable.
About the Fund
Learn more about the Fund and its performance
Meet the XIB Team
Subscribe for updates
Stay up to date on Fund Performance from XIB Asset Management