Privacy Policy

Date of last revision March 31st, 2021

WHAT IS THE SCOPE OF THIS PRIVACY POLICY?

GFL Environmental Inc. and its corporate affiliates (“GFL”, “we”, “us”, “our”) provide environmental solutions to residential, municipal, industrial and commercial customers currently in 27 states of the United States and in 9 provinces across Canada. Your privacy is important to us, and we are committed to maintaining and securing your information as described in this Privacy Policy. This Privacy Policy applies whenever you access any of our services, products, websites or their content (including mobile applications) as a non-employee.

This Privacy Policy describes, for example:

  • What information we collect and how we collect it
  • The purposes for which your information is collected, shared, and used
  • How you can access and/or update your information
  • How your information is protected and stored
  • How we use third party service providers in the collection, use, and storage of your information
  • Ways to contact us with your questions about this Privacy Policy or any concerns you have about how we collect, share, use, or store your information


This Privacy Policy does not cover business communications or information about our business customers, except to the extent such communications or information are required to be addressed in this Privacy Policy by applicable law and regulations. By using our services, products, content, or websites, you agree that GFL may collect, share, use, or store your information as we describe in this Privacy Policy.

WHAT INFORMATION IS COLLECTED?

Information that we, or our third party service providers on our behalf, may collect about you includes:

  • Personal or identifying information such as your name, address, telephone number, email address (note: in general, you may access our websites without providing this type of information);
  • Information regarding services and products we market or provide to you;
  • Transactional, credit and financial information, for example banking or payment card numbers and expiration dates, and information about your credit, billing, and payment history;
  • Contact and correspondence content such as your requests for customer service, and other information regarding our customer relationship; and
  • Digital or technical information as described below, including information such as which webpages you visit as well as the frequency and duration of your visits, which web browser you use, computer access points and mobile devices, referring website information, and your Internet Protocol (“IP”) address. Device-specific information (ex. device model, operating system, etc.) and device-event information (ex. crashes, hardware settings, etc.) may also be tracked. Digital information may sometimes be personally identifying; other times, it may be aggregated or anonymized.


To the extent your consent is required by applicable law and regulations in order for us to collect your information, your consent to such collection will be obtained.  As required by applicable law and regulations depending on the situation, we may seek consent at the time we collect your information, or after collection but prior to using or sharing your information, or after collection but prior to using or sharing of your information for a purpose different than that which was initially communicated. Your consent may be obtained in one of these ways:

  • This means orally, electronically, or in writing, you specifically provide your consent.
  • This means your consent can reasonably be inferred from your actions or inaction. An example is when you accept our services or products, at which time we are entitled to assume you consent to your information collection (and subsequent use, sharing, and storage) related to your acceptance and use of such services or products (or for purpose/s otherwise identified at such time).  By continuing your business relationship with us, we assume your consent to the collection, use, sharing, and storage of your information as described in this Privacy Policy.
  • This means we are entitled to assume your consent has been given. For example, if you do not opt-out of consent when offered to do so, your consent will be deemed provided.


We may combine different types of information collected about you.  We may also collect, use, share, or store your information without your knowledge or consent when we are permitted or required to do so by applicable law and regulations.

HOW IS YOUR INFORMATION COLLECTED?

Your information may be collected in several different ways, such as:

  • Directly from you. For example,
    • You may provide your contact information by telephone or email as part of a customer service request or account registration.
    • When you use or access our websites, automated tools or digital applications may collect your information.
    • Our trucks are equipped with cameras which collect photo and video information.
    • We, or our third-party service providers, may place small files on your device called “cookies” as a tool to personalize your experience with our website. You may set your browser to restrict cookies, and/or may delete them after they have been placed on your device; please note the result of either of these actions may mean impairment of our website functionality.  Please check your current browser settings prior to using our websites to ensure they reflect your consent in regards to cookies.
  • Indirectly from you. We may engage third parties to collect your information on our behalf, and/or we may collect your information from third parties. For example,
    • Our analytics partners may use technologies to analyze your browsing of our websites and share this information with us.
    • Our marketing partners may use embeds, plug-ins, and other search engine optimization tools to track your use of our websites and share this information with us.
    • Other examples of third parties we may engage are our payment processing providers and credit reporting agencies.


We will take efforts to ensure the information we obtain from third parties is accurate, however we accept no responsibility for inaccurate information.

FOR WHAT PURPOSE DO WE COLLECT, USE OR SHARE YOUR INFORMATION?

Your information may be collected, used, or shared to:

  • Establish, organize, and manage our business relationship with you
  • Review and tailor the services and products we offer and/or provide to you
  • Analyze the delivery and your use of our services and/or products
  • Ascertain the effectiveness of our marketing of services or products
  • Customize services and products that we offer through our websites
  • Determine the best use of website content as well as service and product offerings
  • Allow our third party service providers, such as marketing partners, analytics firms, and payment processing vendors, to process, analyze or store your information (please note that providing information to us is your consent for us to transfer it to our third party service providers across international boundaries)
  • Protect us from error, fraud, or theft
  • Enable us to comply with applicable law and regulations
  • Assess your credit or financial standing
  • Undertake and analyze the effectiveness of market research
  • Tailor and direct marketing and advertising material to you
  • Register and measure digital use patterns or methods of our website users
  • Diagnose problems with our server or troubleshoot our website functionality
  • Evaluate and improve the content of our websites
  • Protect and enforce our Terms of Use or our rights, which may include debt collection
  • Protect the safety of people or property
  • Defend ourselves against claims or allegations
  • Facilitate the diligence process in a sale, merger, acquisition, or financing
  • Comply with obligations (including to disclose or transfer your information) related to the sale of, or other transaction involving, our assets or business
  • Enable other purposes described in this Privacy Policy
  • Enable other purposes to which you consent at or before providing your information as required by applicable law and regulations


When a third party collects your information on our behalf, or when we share your information with a third party for their data processing/analytics services, your information will only be used or shared by such third party for the purposes described in this Policy and in connection with provision of the respective services.  We will take commercially reasonable measures to attempt to ensure such authorized use via contractual, technical, and/or organizational measures, as appropriate. Your information which we have collected may also be shared with and/or used by a third party upon your express consent.  We will not sell or license your personal identifying information to third party advertisers.

HOW IS YOUR INFORMATION STORED AND PROTECTED?

Your information (including information collected by third parties which they share with us ) will be stored and protected by us in accordance with our Code of Ethics (see Cybersecurity below) as well as  in accordance with applicable law and regulations.  Information you provide to us on our websites will be sent through a Secure Socket Layer (“SSL”) which is a secure internet session.  SSL technology protects your information during Internet transfer.  We safeguard your information with the same degree of care that we use to safeguard our own business information.  Our industry best practices are designed to provide 360-degree threat protection services to mitigate the impact of any attack from any access point to our systems where your information is stored;    however we do not warrant or guarantee that a breach will not occur.


If we become aware of a data breach that affects the protection of or which breached access to your information, we will notify you in writing as soon as commercially feasible where required by applicable law and regulations. If we are not required by law to notify you, we may post a notice on our websites regarding such breach. These notices are in addition to reporting such incidents to the required regulatory authorities in accordance with applicable law and regulations.


We will use reasonable efforts to store your information only for as long as necessary to fulfill the purposes for which it was collected, however we may store some of your information for longer as permitted or required by applicable law and regulations (such as tax or legal requirements).


Information collected by our Internet service providers (including your IP address) may be stored on such providers’ server logs for extended periods of time.  For information about the policies of our hosting platform, please visit https://wpengine.com/legal/.   We may use third parties to store information which we collect, in which case, we will take commercially reasonable measures to require that our third party service providers only use or share your information for the purposes described in this Policy and in connection with provision of the storage services.


Please note some data may be stored on your device locally via the use of “cookies” (see above) or data caches.

HOW AND WHY WILL WE CONTACT YOU?

We may contact you by mail, e-mail, or phone in order to better manage the business relationship we have with you, for example to:
  • Communicate about our service and product offerings
  • Request your response to marketing surveys
  • Correspond about billing and payments
  • Notify you of a data breach, if you have a legal right to receive such notice
  • Respond to or investigate any request or concern that you contact us about, for example to communicate results of a complaint investigation, to follow-up on a customer service issue, etc.

HOW AND WHY WILL THIS PRIVACY POLICY BE UPDATED?

We periodically review our Privacy Policy to ensure its compliance with industry best practice and applicable laws and revisions.


We may make changes to this Privacy Policy as needed within our business operations, for example:

  • To reflect changes in industry best practices or our legal or regulatory obligations
  • To reflect changes in how we treat information you provided to us
  • To reflect changes in our business or corporate structure, for example in the case of a merger or sale of all or a part of our business


If we revise our Privacy Policy, we will post the revised version on our websites, so that the websites will always reflect the most up to date version of our Privacy Policy. Any changes to our Privacy Policy will be effective from the time they are posted to our websites; except for any change in why we collect, use, share, or store your information that will only be valid upon your consent to such  change to the extent such consent is required  by applicable law and regulations.

HOW TO CONTACT US IN REGARDS TO YOUR INFORMATION OR THIS PRIVACY POLICY?

Please contact our Privacy Officer as follows:

  • By email at privacypolicy@gflenv.com; and/or
  • By mail at
    • Privacy Officer (c/o Legal Dept.)
      GFL Environmental Inc.
      100 New Park Place
      Suite #500
      Vaughan, ON L4K0H9
      Canada


  You may wish to contact us in regards to this Privacy Policy, for example to:

  • Ask questions about our practices regarding third party service providers we use
  • Change or withdraw your consent, subject to legal or contractual restrictions and reasonable notice (which may limit our ability to have a business relationship with you)
  • Inform us of changes or corrections to your information
  • Ask to see the information we store about you so that you may review or verify it
  • Communicate concerns about this Privacy Policy
  • Ask for assistance in preparing your request for access to your information


When contacting us in regards to this Privacy Policy or your information, please do so in writing.  Please note that we may require specific information in order to confirm your identity or right to access the information requested, or to search for and provide what you have requested.  We will let you know in advance if we will plan to charge you a fee for accessing your information.  If our refusal to your request to access your information is permitted or required by applicable law and regulations, we will inform you of such, subject to any legal or regulatory restrictions.

CYBERSECURITY

Our commitment to confidentiality, privacy, and protection of assets and communications is a fundamental principle of our Code of Ethics.  We have comprehensive internal IT policies, including data privacy, incident management, and security policies and procedures in place that are designed to protect the integrity of our digital platforms and systems and to prevent the unauthorized use of information stored in our systems including your information.  Our industry best practices are designed to provide 360-degree threat protection services to mitigate the impact of any attack from any access point to our systems.  Our procedures are continuously reviewed and updated to address constantly changing cybersecurity threats however your use of our websites, including any information transmission (such as email, online payments, etc.) or form submission, is at your own risk.


Our websites may also contain links to websites which we do not own or manage, and which are not governed by this Privacy Policy.  Even if accessed via the links on our websites, we do not accept responsibility for any third party websites, including the content of and third party compliance with the privacy policies which govern those third party websites.

Didn’t find what you’re looking for?

Enter your address so we can route your request to your local customer care team.

How can we help?

SEND MESSAGE

Connect With Us

Find Your Local Branch Start a Search