Dear,
I just received an email from {COMPANY_NAME} with the subject “{EMAIL_SUBJECT}.” As far as I am aware, I have not created an account, subscribed, shared my PII data, or consented to this commercial message, thus I consider it spam. Since it looks like you are definitely handling my PII data and actively processing it, as a resident of Canada, under my rights according to PIPEDA, I request:
- What is the Privacy Office within {COMPANY_NAME} in charge of ensuring compliance with Canada's data protection law?
- How my PII was collected?
- I see you have already collected my email address, but I don't see where I have consented to the collection of such personal information; can you clarify how you got my consent for processing my personal data?
- What are the measures {COMPANY_NAME} takes to ensure security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, or use of my personal information?
- Can I have a copy of all personally identifiable information {COMPANY_NAME} has on me?
- Can I have any personally identifiable data permanently deleted from {COMPANY_NAME} databases?
Please, address each question separately, referring to the numbering, to ensure clarification of all these points — again, as enforced by PIPEDA.
Best regards,