Privacy Policy

At Norbord Inc., Norbord respects the privacy of all stakeholders. Norbord is committed to keeping personal information accurate, confidential, secure and private in accordance with applicable laws. The Norbord Privacy Policy is a formal statement of principles and guidelines concerning the protection of personal information collected, used and disclosed by Norbord.

1) INTRODUCTION

Norbord is an international forest products company which manufactures and markets a range of building material and paper products in North America and Europe.

In the course of its business activities, Norbord may collect certain personal information about its individual customers, suppliers and other stakeholders, in accordance with applicable laws.

“Personal information” means information about an identifiable, individual person. This may include, without limitation, the individual’s address, age, gender, income, employment status, credit history, debts and liabilities, personal preferences and other information. Personal information does not include the name, title, business address or telephone number of an employee of an organization.

The Norbord Privacy Policy is based on and will be applied to comply with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and other applicable privacy and data protection laws. For more information about Privacy in Canada, visit the official web site of the Privacy Commission of Canada at www.privcom.gc.ca. The Norbord Privacy Policy describes the ten principles Norbord follows to ensure protection of personal information when the company collects, uses or discloses it in the course of carrying on commercial activities. Norbord corporate headquarters are in Canada, but as an international company, Norbord may collect and transfer personal information across borders and between legal entities within Norbord. Accordingly, to the extent applicable, Norbord must comply with PIPEDA, provincial privacy legislation as it is enacted, and privacy legislation in jurisdictions where Norbord carries on business. This Privacy Policy establishes an international standard for Norbord. Norbord believes that this Privacy Policy, as supplemented by additional requirements of other jurisdictions where Norbord conducts business and additional requirements that apply to certain types and sources of personal information, meets the requirements set out in PIPEDA and other applicable privacy laws. Norbord businesses in countries with less stringent privacy laws are expected to make all reasonable efforts to meet the requirements of this Privacy Policy. Nothing in this Privacy Policy or otherwise will create, or add to, any right or claim (whether legal, equitable or otherwise) that any individual or person may have at law or otherwise against Norbord or any third party or any of their respective directors, officers, employees, agents or representatives (collectively, the “Norbord Group”); nor will the existence of this Privacy Policy or its application impose any obligations or liability upon the Norbord Group, or add to any such obligation or liability, that the Norbord Group does not already otherwise have to any individual or person at law or otherwise.

All Norbord employees with access to personal information must adhere to the Norbord Privacy Policy and its application. To this end, Norbord’s Corporate Secretary is designated as Norbord’s Privacy Officer to ensure compliance by all Norbord employees.

2) THE TEN PRINCIPLES OF PRIVACY

Principle 1 – Accountability
Norbord is accountable for all personal information in its possession, including personal information disclosed to third parties for purposes of providing products and services requested by customers, employees, suppliers and other stakeholders.

Principle 2 – Identifying Purposes for Collection of Personal Information
Norbord will identify the purpose for which it is collecting personal information, before or at the time the information is collected. Some of the purposes for which Norbord collects, uses or discloses personal information are described in section 3 below.

Principle 3 – Consent for Collection, Use or Disclosure of Personal Information
An individual’s knowledge and consent is required for the collection, use or disclosure of his or her personal information, unless otherwise permitted by law. Consent can be express or implied and may be given through an authorized representative. Consent can be withdrawn at any time upon written request to the Norbord Privacy Officer, subject to legal or contractual restrictions and reasonable notice. Norbord may collect, use or disclose personal information without knowledge or consent in exceptional circumstances, such as where permitted or required by law.

Principle 4 – Limiting Collection of Personal Information
The information collected from an individual will be limited to those details necessary for the purposes identified by Norbord. Information will be collected by fair and lawful means.

Principle 5 – Limiting Use, Disclosure and Retention of Personal Information
Personal information will only be used or disclosed for the purposes for which it was collected, unless the individual has otherwise consented, or when it is required or permitted by law. Personal information will be retained by Norbord only as long as necessary to fulfill the purposes for which it was collected.

Principle 6 – Accuracy of Personal Information
Norbord will keep personal information as accurate, complete and current as necessary for the purposes for which it is to be used. An individual may have his or her information amended as appropriate where it is found to be inaccurate or incomplete.

Principle 7 – Safeguarding Personal Information
Personal information is safeguarded using measures appropriate to the sensitivity of the information.

Principle 8 – Openness Concerning Policies and Practices
Norbord will make information available to individuals about its policies and practices related to the management of personal information. This information is available on the Norbord web site, www.norbord.com, or through alternate means upon request to the Norbord Privacy Officer.

Principle 9 – Access to Personal Information
As required by applicable laws, Norbord will inform an individual of the existence, use and disclosure of his or her personal information upon request, and subject to certain exceptions, will give the individual access to that information. If Norbord declines to provide such access for lawful reasons, Norbord will explain the reasons, except where prohibited by law.

Principle 10 – Addressing Complaints and Suggestions
Individuals may challenge Norbord’s compliance with this Privacy Policy. Norbord has policies and procedures to receive, investigate and respond to complaints and questions. Please contact the Norbord Privacy Officer to express concerns or request access to personal information. Contact information is provided in section 4 below.

3) APPLICATION OF THE TEN PRIVACY PRINCIPLES

What kind of information does Norbord collect?
Norbord gathers and uses personal information in order to provide customers, suppliers and other stakeholders with the products and services requested or to offer additional products or services these stakeholders may be interested in. Providing Norbord with personal information is the choice of each individual. However, Norbord may not be able to provide certain products or services if certain information is not provided.
The nature of each request will determine the kind of personal information Norbord might request.
Norbord may keep a file with contact history to be used for inquiry purposes so that it may ensure that individuals are satisfied with Norbord’s products and services.

How does Norbord use personal information?
Norbord and its agents, affiliates and service providers may collect, use and/or disclose personal information for the following purposes;

  1. To communicate with stakeholders and maintain commercial relations in order to provide products and services., to administer accounts, make and receive payments, and fulfill contractual obligations;
  2. To monitor its products and service and report back to individuals to ensure their satisfaction with the provision of such products and services.;
  3. To consider whether Norbord or any of its affiliates should establish or continue a commercial relationship, including without limitation, to extend credit and to evaluate credit standing and to match credit bureau or credit reporting agency information, to check references and to confer with banking institutions;
  4. To distribute our promotional information and other material to individuals on our mail and e-mail lists;
  5. To develop, enhance, market, sell, provide and inform individuals of Norbord’s products and services;
  6. To manage and develop Norbord’s and its affiliates’ businesses and operations;
    As permitted by, and to comply with, any legal or regulatory requirements or provisions; and
  7. For any other purpose to which an individual consents.

When May Norbord Disclose Personal Information?
Norbord is obliged to keep personal information confidential except as described in this Privacy Policy, including under the following circumstances: (i) When authorized by the individual, (ii) When required by law, and (iii) When permitted by law.

(i) When authorized by the individual
Certain of the products and services offered by Norbord may require it to obtain personal information in order to perform the services it has been engaged to provide. Norbord will use this information to tailor programs to meet the needs and objectives of the person requesting the services.

(ii) When required by law
The type of information Norbord is legally required to disclose usually relates to government taxation and employment reporting requirements. In some cases, such as under a court order, Norbord may be required to disclose certain information to persons specified in the court order.

(iii) When permitted by law
Privacy legislation provides for certain situations where Norbord is legally permitted to disclose personal information without consent. Examples include without limitation situations involving the collection of debt in arrears, medical emergencies, or suspicion of illegal activities.

With Whom May Norbord Share Information?
Norbord cannot share information without consent unless otherwise permitted by law. However, from time to time Norbord may need to provide information to the following persons for the purposes set out above.

(i) Norbord Employees
In the course of daily business, access to personal information is limited to those employees with a legitimate reason for accessing it. As a condition of their employment, Norbord employees are required to follow all applicable laws and regulations, including this Privacy Policy and Norbord’s Code of Business Conduct. Unauthorized use or disclosure of confidential information by a Norbord employee is prohibited and may result in disciplinary measures including dismissal.

(ii) Norbord Affiliates
Norbord may share personal information with its affiliates for the purposes described in this Privacy Policy.
(iii) Norbord Third Party Suppliers
Norbord may engage and coordinate third party suppliers to provide certain services on Norbord’s behalf or otherwise for the purposes described in this Privacy Policy. Such suppliers are only given the information required to provide the specific service for which Norbord contracts them to provide. Suppliers are required to protect the confidentiality of personal information, and are prohibited from doing anything with this information that Norbord has not authorized them to do. They are required to treat all personal information in a manner consistent with the Norbord Privacy Policy.

(iv) Financial Institutions
Norbord may disclose personal information to a financial institution, or other organization or individual retained by Norbord for the purposes described in this Privacy Policy, including without limitation, to evaluate creditworthiness, to collect debts outstanding on an account, or in connection with the assignment of a right to receive payment, the provision of security or other financing arrangements.

(v) Agents of the Individual
Norbord may collect or disclose personal information for the purposes described in this Privacy Policy from or to a person who, in the reasonable judgment of Norbord, is providing or seeking the information as the agent of the subject individual.

(vi) Other Third Parties
Norbord may disclose personal information to third parties with the consent of the subject individual or where disclosure is required or permitted by law.

How Does Norbord Safeguard Information?
Norbord has controls in place to maintain the security of its information and information systems. Appropriate controls are placed on Norbord’s computer systems and data processing procedures. Physical access to areas where personal information is gathered, processed or stored is limited to authorized employees.

Is Norbord’s Web Site Secure?
Norbord offers customers access to certain information through its web site. www.norbord.com provides general information about Norbord and the products and services it offers. This site also links to the web sites of Norbord subsidiaries.

Norbord will ensure that any information accessed or provided through these sites remains secure.
In order to facilitate navigation on the Norbord web site and those of its subsidiaries and preserve settings between visits, Norbord may use “cookie” technology. Norbord does not use cookies to store information about its visitors. Cookies are small pieces of data stored by Internet browser on a computer’s hard drive, which makes browsing easier when pages are revisited. Web browsers may be set to notify the user when a cookie is received or to prevent cookies from being sent. Please note, however, that by not accepting cookies, the functionality provided to visitors to these sites may be limited.

Norbord’s subsidiaries may collect information that identifies users who require secure access to Norbord sites or who send Norbord correspondence via the internet. Norbord’s various systems log information about which users access the system and what options are used. In the case of correspondence to Norbord, Norbord only uses information contained within such communications to respond to the user or to identify how to best resolve the situation outlined in the message. Norbord may collect such correspondence, but no further information (other than what is needed to resolve the matter) will be collected.

The Norbord’s Privacy Policy does not apply to external web sites to which this site links. Norbord makes no representation about the privacy policies on external web sites, and is not responsible for the privacy practices employed by other web sites.

How do I access and amend my information?
To access personal information in accordance with Principle 9, individuals should make a written request to the Norbord Privacy Officer.

How do I opt out or withdraw my consent?
Should an individual not want to share their personal information with Norbord’s employees, affiliates or third party suppliers, subject to legal restrictions consent can be withdrawn for certain of the purposes described in this Privacy Policy by contacting the Norbord Privacy Officer.

4) QUESTIONS, CONCERNS AND COMPLAINTS

Questions, concerns or complaints about personal information, or about the Norbord Privacy Policy, should be directed to the Norbord Privacy Officer at the following address:

Norbord Inc.
Corporate Secretary
One Toronto Street, Suite 600
Toronto, Ontario
M5C 2W4

Phone: (416) 365-0705 or 1-888-667-2673
Fax: (416) 365-7989
E-mail: info@norbord.com