Privacy Policy
Canadian Microelectronics Corporation/ Société canadienne de micro-électronique operating as CMC Microsystems (“CMC”) is committed to the collection, use, and disclosure of personal information in accordance with the requirements set out in the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5. CMC shall comply with the following principles unless exempted by the Act.
Policy
Accountability:
CMC is responsible for personal information under its control and has designated the Corporate Treasurer to be the Privacy Coordinator to be accountable for CMC’s compliance with the Act. The Corporate Treasurer is accountable for preparing appropriate internal procedures.
Identifying Purposes:
CMC endeavors to identify the purposes for which personal information is collected at or before the time the information is collected.
Consent:
CMC will inform you and request consent where appropriate for the collection, use or disclosure of personal information. The collection of personal information shall be limited to that which is necessary for the purposes identified by CMC. Information shall be collected by fair and lawful means.
Limiting Use, Disclosure, and Retention:
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes. CMC does collect information through digital markers such as cookies on portions of our website to support your interaction(s). During your visit your browser exchanges data with CMC’s Web server. You may adjust your browser settings at any time to reject digital markers if you so choose. Web analytics may also be used to gather certain information such as the originating IP address, the date and time of the request, the type of browser/device used, and/or the page(s) visited. Such data may be used for communications and information technology statistical purposes, audit, evaluation, research, planning and reporting.
CMC may also collect information from you for the following purposes including, but not limited to:
- Account Data and Profile: We collect certain information when you open an account such as your name, email address, job title, academic affiliation, payment information and transaction information.
- User Content and Files: When you use our services or attend training, workshops or courses, we may collect personal data included as part of the information you provide such as inputs, text, documents, images, or feedback.
- Geolocation Information: Depending on the functionality and services you access, we may collect regional geolocation data.
- Feedback Data: This consists of information you submit through surveys, reviews, or interactive features.
- Payment Information: For paid subscriptions, we collect details like name, billing address, and payment specifics.
- Sales and Marketing Data: This includes information provided for promotional communications, such as name, email address, and company name.
- Support Data: When you seek customer support, we may collect and/or retain related details.
Safeguards:
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Accuracy and Individual Access:
CMC endeavours to maintain personal information as accurate, complete and up-to-date as is necessary for the purposes for which it is used. Upon request, you can access information concerning the existence, use, and disclosure of your personal information. You may provide updated information or request the removal of your information at any time.
Challenge Compliance:
Every individual may address a challenge concerning compliance with the above principles by sending a request in writing to the designated individual or individuals accountable for CMC’s compliance.
Responsibility
All CMC employees who collect, maintain and/or use personal information, are responsible for ensuring that the collection, use and disclosure of this information is carried out in accordance with this policy and related procedures.
All questions related to the interpretation and application of this policy should be directed to the Privacy Coordinator at [email protected].
Board approval of the revised policy: June 19, 2024
Last revised: May 8, 2024
Whistleblower Policy
1. Background
CMC is committed to conducting itself with honesty and integrity at all times. If, at any time, this commitment is not followed or appears in doubt, CMC will seek to identify and remedy such situations. With this in mind, Individuals (as defined below) are encouraged to raise genuine concerns without fear of reprisals or consequences.
1.1 Purpose
The purpose of this Whistleblower Policy is to provide direction to Individuals regarding the communication of concerns with respect to issues of honesty and integrity, and, in particular, of questionable financial or operational matters or acts of corruption. A concern regarding wrongdoing can be raised at any time, whether the incident has already happened, is currently happening, or is expected to happen in the future.
2. Policy
2.1 Definitions
“Board” – means the Board of Directors of CMC.
“Board Observer” – means the person who is appointed by a funder to CMC to observe the operations and decision making of CMC respecting funding matters.
“Individuals” – means all current and former employees, current or former directors, officers, committee members, contractors, subcontractors, agents, volunteers, vendors, clients, and partners of CMC and those individuals representing them. “Individual” means any one of them.
“Personal Information” – means any information that can be used to identify an individual including their name, home address, personal e-mail address, personal telephone number and date of birth.
“Whistleblower” – means any Individual or any member of the general public who has reported or is considering reporting a Whistleblower Incident.
“Whistleblower Incident” – means a concern related to issues of honesty and integrity within CMC and, in particular, issues relating to financial or operational matters or acts of corruption. For greater clarity, Whistleblower Incidents are intended to include, but are not limited to the following:
- Breach of legal obligations, rules, regulations or governance and operating policies, which includes bribery, fraud, or other criminal activities.
- Inappropriate benefits being accepted from or provided to third parties;
- Endangerment of health and safety;
- Damage to the environment;
- Gross mismanagement or omission or neglect of duty;
- Abuse of authority;
- Mismanagement in the use or failure to use funds, including, inappropriate recording or reporting of revenues, or lack thereof;
- Inappropriate classification or presentation of assets and/or liabilities;
- Misleading accounting entries;
- Breach of fiduciary duty and/or abuse of trust;
- Breach of independent project evaluation procedures;
- Undue attempts to influence governance or operating decisions;
- Inappropriate actions or omissions by CMC staff or Board members; and
- Concealment of any of the above or any other breach of this Policy.
For additional clarity, a Whistleblower Incident does not cover personal or professional grievances arising because of one’s relationship with CMC or any of the Individuals who are its current and former directors, employees, contractors, subcontractors, agents, volunteers, vendors, and partners. These concerns should be raised through the appropriate internal channels, including through any applicable employment or contractual policies.
2.2 Authority
Overall authority for this Policy rests jointly with CMC’s Chair of the Board and Chief Executive Officer. Both shall have specific responsibility to facilitate the communication and operation of this Policy, including appropriate training and review for CMC Board members and staff. All Board members and staff should ensure that they take the actions required to make the Policy effective and of optimal value to CMC.
CMC’s Governance Committee is responsible for reporting to the Board on the implementation of this Policy and recommending updates to this Policy as appropriate.
3. Process for Raising a Whistleblower Incident
3.1 Reporting a Whistleblowing Incident
The Whistleblower should communicate a Whistleblower Incident in writing or by confidential e-mail or by telephone to a dedicated number as soon as possible after the Whistleblower becomes aware of such incidents to CMC’s Chair, CEO, or Chair of the Governance Committee. For this purpose, please use the following addresses: [email protected] or 613-530-4666.
If a Whistleblower is not comfortable having their concern reported to the CEO, Board Chair, or Governance Committee Chair, the Whistleblower should report the matter to another member of the Board of Directors or to a supervisor or member of management whom they are comfortable approaching. The Board member or supervisor/member of management must take immediate action to bring the matter to the attention of the Board Chair or CEO, maintaining the anonymity of the Whistleblower if the person desires.
If the Whistleblower wishes to remain anonymous, their written communication should clearly indicate their wish for anonymity. The communication should also indicate whether the individual raising a concern wishes to discuss the matter further.
If the Whistleblower wishes to discuss any matter with members of a Board Committee this request should be indicated in their communication. In order to facilitate such a discussion, the applicable individual should include a telephone number at which they can be contacted.
Upon receipt and review of a Whistleblower Incident report, the Board Chair or CEO should communicate it to the Chair of the Governance Committee for matters concerning ethics or governance or to the Chair of the Audit Committee in the case of financial matters.
If received by the Chair of the Governance Committee, the report should be communicated to the Board Chair or Chair of the Audit Committee as appropriate.
If the Whistleblower Incident involves any of the Board Chair, the CEO, the Chair of the Governance Committee or the Chair of the Audit Committee, the Whistleblower should contact the corporate Secretary, Peter Stokes at [email protected].
The Board Chair, Chair of the Governance Committee, and/or Chair of the Audit Committee shall together make a determination as to whether the allegations contained in a report have merit, require an investigation, and/or should be reported immediately to the broader Board. In general, allegations involving criminal allegations regarding financial or operational matters will be reported to the Board to allow for the Board to be involved in any direction to CMC regarding next steps, whereas other allegations may be investigated first prior to reporting to the Board.
Any allegations of wrongdoing concerning the Chair or the Board as a whole shall be reported to the Board Observer.
3.2 Content of a Whistleblowing Incident Report
To the extent possible, reports of alleged Whistleblower Incidents should be factual, rather than speculative, and should contain as much specific detail as possible to allow for proper assessment. The complaint describing an alleged Whistleblower Incident should be candid and should clearly set forth all of the information that the person knows regarding the Whistleblower Incident. In addition, the complaint should contain sufficient corroborating information to support the commencement of an investigation. CMC may, in its reasonable discretion, determine not to commence an investigation if a complaint contains only unspecified or broad allegations of wrongdoing without appropriate factual support.
3.3 Confidentiality
All reported Whistleblower Incidents shall be treated in a confidential and sensitive manner. In addition, the Whistleblower shall be provided the opportunity to remain anonymous, save and except in those circumstances where the nature of the disclosure and/or the resultant investigation make it necessary to disclose identity (for example, legal investigations or proceedings or third-party investigations). In such cases, all reasonable steps shall be taken to protect the Whistleblower from detriment as a result of having made a disclosure. While it is the Whistleblower’s prerogative as to whether they remain anonymous, CMC does not encourage anonymous reporting if an investigation is initiated, as proper investigation may prove impossible without the opportunity to substantiate allegations by obtaining further facts and information and confirming good faith. It also allows CMC to provide appropriate reporting and follow up.
3.4 Privacy
Any Personal Information collected through a Whistleblower Incident process or related investigation, including Personal Information of the Whistleblower, those suspected of wrongdoing and other third parties will be held and used in accordance with the privacy policy of CMC. https://www.cmc.ca/privacy-policy/
3.5 Investigation of Complaints
Upon receipt of a complaint alleging a Whistleblower Incident, the Board Chair and/or CEO together with the Chair of the Governance Committee in the case of ethical or governance issues or for financial matters the Chair of the Audit Committee shall make a determination as to whether a reasonable basis exists for commencing an investigation into the alleged complaint. Once agreed, appropriate action and investigation commences, involving appropriate levels of management and Board members, dependent on the scope and severity of the incident reported.
The CEO, Board Chair, Chair of the Governance Committee, and/or Chair of the Audit Committee shall have the authority to obtain assistance from CMC’s management, counsel or auditors, or to retain separate outside legal or accounting expertise as deemed necessary or desirable in order to conduct the investigation. Depending on the severity of the alleged breach or whom within CMC may be under investigation, a Special Committee of the Board may be established to deal with the complaint directly.
The Board Chair may also refer any Whistleblower Incident for review by an independent third party previously approved by the Board. Any Whistleblower Incident involving an executive of CMC, Chair of the Board, or any member of the Board shall be referred immediately to an independent third party.
Ethical and governance incidents involving management or individual Board members shall be referred to INQ Law, and financial issues involving management and individual Board members shall be referred to MNP LLP, or to such other professional(s) as may be appropriate in the Board’s discretion. Any Whistleblower Incident involving the Board Chair or the Board as a whole shall also be referred to the Board Observer.
All investigations of Whistleblower Incidents shall be carried out in a manner to ensure confidentiality of the matter. If requested by the complainant, the investigation will be carried out in a manner to protect the anonymity of the complainant to the fullest extent possible.
At each quarterly meeting of the Governance Committee and Audit Committee, the Committees shall discuss the status of any ongoing investigation and review the resolution of each complaint submitted during the previous quarter, including whether or not the complaint resulted in the commencement of a formal investigation.
Depending on the nature of the alleged Whistleblower Incident and its materiality, and in particular, with respect to financial or operational-related complaints that could materially affect the financial statements of CMC or the integrity of CMC’s system of internal controls, the person(s) designated to investigate the Whistleblower Incident shall keep each member of the Board (except to the extent a member of the Board is allegedly implicated in the Whistleblower Incident) apprised of the status of the investigation for purposes of ensuring compliance with regulatory requirements, the timely and continuous disclosure obligations of CMC, and the certification obligations of CMC’s CEO and CFO.
In order to ensure consistency of reporting, the Chair shall make a recommendation to the Board regarding reporting requirements of any Whistleblower Incident allegation and investigation, including how often and what details to include in reports to the Board and to other Committees.
3.6 Publicizing the Reporting Process
CMC will make this Policy and the process for reporting Whistleblowing Incidents known publicly on its website. This information will describe the confidential nature of the reporting process, protections for anonymity, and make it clear that no person will be penalized for making a good-faith report of a Whistleblower Incident nor will CMC tolerate retaliation against a person who makes a good-faith report of a Whistleblower Incident.
3.7 Dismissal of Complaints
If the Board Chair and Chair of the Governance Committee or Audit Committee determine that no investigation is warranted, possibly because the allegations are without merit or better dealt with through another CMC policy, the Chair or the Chair’s delegate will report this decision to the Whistleblower as soon as possible after a decision has been rendered and properly document such a decision as set out in Section 6 below.
3.8 Corrective Action
The Board, or its delegated representative, is ultimately responsible for determining the validity of each complaint and fashioning, with the input of its advisors and management, if requested, appropriate corrective action. The Board shall report any legal or regulatory non-compliance to management and ensure that management takes corrective action including, where appropriate, reporting any violation to relevant governmental authorities. Any director, officer, or employee found or deemed to have committed a Whistleblower Incident may be subject to disciplinary action, up to and including termination of their position or employment without compensation and possible further action.
4. No Retaliation
4.1 Anyone should feel confident to report violations as described above or to assist in investigations of such alleged violations. The Whistleblower will not be discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against as a result of communicating a genuine Whistleblower Incident.
4.2 CMC will not tolerate retaliation or discrimination of any kind by or on behalf of CMC and its employees against any Whistleblower making a good faith complaint of, or assisting in the investigation of, a Whistleblower Incident.
4.3 More specifically, neither CMC, nor any person acting on behalf of CMC or in a position of authority in respect of the CMC’s employees will take any disciplinary measure against, demote, terminate or otherwise adversely affect the employment of an employee or threaten to do so with the intent to compel an employee to abstain from reporting a Whistleblower Incident to a law enforcement and/or regulatory authority or with the intent to retaliate against the employee because the employee has reported a Whistleblower Incident to a law enforcement and/or regulatory authority. Note that engaging in retaliatory conduct may be considered an offence under various Canadian laws, including without limitation, the Criminal Code of Canada.
4.4. Any CMC Board member, committee member, employee, or contractor is found to engage in retaliation, discrimination or harassment of a Whistleblower may be subject to termination of Board membership, committee membership, employment, or have their contracts with CMC terminated, as applicable.
5. Documentation
5.1 Documents shall be held in confidence by all parties and participants under this Policy. Official reports for the Chair, CEO, Chair of the Governance Committee, or Chair of the Audit Committee, or other designated parties shall be kept confidential by any recipient unless otherwise authorized by the report. All relevant documentation including reports, discussions and supporting information shall remain in the control and custody of CMC unless otherwise authorized pursuant to a report of decision issued in accordance with this Policy.
5.2 All documents and records regarding any Whistleblower Incident shall be retained for a period of seven years. Such documentation will be available for inspection by members of the Governance Committee or Audit Committee, the external auditors and any external legal counsel of CMC and other advisors to CMC hired in connection with the investigation of a Whistleblower Incident. Disclosure of such documentation to any other person, and in particular any third party, will require the prior approval of the Chair of the Governance Committee or the Chair of the Audit Committee to ensure that privilege of such documentation is properly maintained and to ensure compliance with the CMC privacy policy.
5.3 It is illegal and against CMC’s governance policy to destroy any corporate audit or other records that may be subject to or related to an investigation by CMC or any federal, provincial or regulatory body.
6. Compliance
6.1 Each Individual has a personal responsibility to ensure that their behaviour and conduct complies with this Policy. Each Individual currently engaged with CMC shall review and affirm continuing compliance with this Policy annually.
7. Review and Amendment
This Policy shall be reviewed annually by the Governance Committee.
Any recommendations for amendments or updates to the Policy shall be approved by the Board.
Board approved: June 19, 2024