Privacy Policy

Canadian Privacy Policy

As used in this Privacy Policy (a) “PIPEDA” means the Personal Information Protection and Electronic Documents Act, SC 2000, c 5; (b) “Substantially Similar Legislation” means provincial privacy legislation deemed to be substantially similar to PIPEDA, which, to date, includes the Personal Information Protection Act, RSA 2003, c P-6.5 (Alberta), the Personal Information Protection Act, RSBC 2003, c 63 (British Columbia) and An Act respecting the protection of personal information in the private sector, CQLR c P-39.1 (Quebec); and (c) “Canadian Privacy Laws” means PIPEDA and/or Substantially Similar Legislation, in each case to the extent applicable.

To the extent that the Website is available to individuals located in Canada, or to the extent we process your personal information in the context of the activities of an establishment in Canada, this Privacy Policy sets out our practices and obligations under Canadian Privacy Laws, to the extent applicable.

Withdrawal of Consent: You can deny or withdraw your consent to our collection, use and disclosure of your personal information at any time upon reasonable notice, subject to any legal or contractual requirements. However, if consent is denied or withdrawn, we may not be able to provide certain products or services.

Accuracy and Completeness: We make every reasonable effort to ensure that personal information provided to us is accurate and complete. This may involve requesting further information or updates from you. We rely on you to notify us if there is a change to your personal information that may affect your relationship with us. We will correct or amend the personal information in our files where it can be shown that the information is incorrect or incomplete.

Access to Information: In accordance with Canadian Privacy Laws, we will provide you with access to personal information we hold about you. We reserve the right to require that any request for access to personal information be made in writing. Generally, there is no cost for such access. However, we reserve the right to charge such costs on a case-by-case basis in accordance with applicable laws. You will be notified in advance if charges apply.

Security Incident: The protection of personal information is of paramount concern to us, and we are prepared to take appropriate and timely steps in the event of any incidents involving personal information in accordance with Canadian Privacy Laws.

Retention: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Location: Mosaic and its service providers may store and/or process personal information outside of Canada (including in the United States). When information is stored or processed outside of Canada, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions. We have taken appropriate technical, organizational, and legal steps to secure this information.

Privacy Officer:
For further information about our privacy practices, to make a request for access to your personal information or to exercise any other rights outlined in this Privacy Policy, please contact our Privacy Officer at the following address:

Robert P. Arnold, Director of IT Security Risk and Compliance, Global IT Security and Infrastructure,