CASL – CEM Compliance Policy

One of the main purposes of Canada’s Anti-Spam Legislation is to regulate unsolicited commercial electronic messages (CEMs). Non-compliance with CASL will bring heavy penalties. Since we are a company that sends CEMs, the purpose of this policy is to ensure that everyone sending CEMs on behalf of follows the law and to provide the security framework upon which all CEM delivery efforts will be based. This policy defines appropriate and authorized behaviour for personnel approved to send CEMs on behalf of ARCSTONE SECURITIES AND INVESTMENTS CORP.

All electronic messages sent from the network to outside organizations or persons will be presumed to be CEMs and will therefore fall under the guidelines of this policy. This CASL – CEM Compliance Policy applies to all employees, interns, contractors, vendors and other parties sending electronic messages on behalf of ARCSTONE SECURITIES AND INVESTMENTS CORP. Definitions - Canada’s Anti-Spam Legislation (CASL): An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

  • Electronic address: An address used in connection with the transmission of an electronic message to an electronic mail account, an instant messaging account, a telephone account or any similar account.

  • Electronic message: A message sent by any means of telecommunication, including a text, sound, voice or image message. - Commercial electronic message (CEM): CEMs are commercial electronic messages that encourage participation in commercial activity. Even if a commercial message is not sent with an expectation of garnering a profit, it still qualifies as a CEM. - Commercial activity: Any transaction of commercial character, regardless of whether there is an expectation of profit or not. All emails you send from your work email will be treated as commercial.

  • Express consent: Permission obtained when a recipient “opts in” to receive CEMs. Consent can be oral or written and could be an unedited audio recording, paper form or electronic checkbox on a website. Express consent never expires, but it can be revoked by the recipient. ARCSTONE SECURITIES AND INVESTMENTS CORP. will maintain records of all contacts for whom express consent exists.

  • Unsubscribe: A withdrawal of consent to receive CEMs - Social networking sites: Specific online communities of users, or any website that links individuals electronically and provides a forum where users can connect and share information. These websites can be general or tailored to specific interests or certain types of users. Examples of popular social networking sites include Facebook®, Twitter®, Google+®, YouTube®, LinkedIn®, Foursquare®, Instagram® and TUMBLR®. The list of domains that constitute social networking sites is always growing and changing due to the nature of the Internet. Policy Guidelines All employees, contractors, vendors and any other person sending CEMs on behalf of ARCSTONE SECURITIES AND INVESTMENTS CORP. must adhere to the following policies: Location: Toronto, ON Effective Date: October 1, 2023, Revision Number: 4

  • All information systems within are the property of and will be used in compliance with policy.

  • All users will report any irregularities found in incoming or outgoing CEMs and the CEM delivery system to the IT team immediately upon detection.

  • The CEM delivery system is always subject to monitoring. Use of the CEM delivery system constitutes acceptance of this compliance policy.

  • Release of CEMs will be at the discretion of ARCSTONE SECURITIES AND INVESTMENTS CORP. All requests for release should be submitted to the IT team.

  • Users will not use devices to send CEMs without prior approval from management or another designated representative.

  • Users will not use devices to conduct personal business. • No personal emails should be sent from an email address. • No instant messaging should be conducted with parties outside of ARCSTONE SECURITIES AND INVESTMENTS CORP. • Employees are prohibited from using social networking sites to conduct personal or company business.

CEM Recipients:

  • Employees, interns, contractors, vendors and anyone else sending CEMs on behalf of ARCSTONE SECURITIES AND INVESTMENTS CORP. are to send CEMs ONLY to the electronic address of the parties listed on the Approved CEM Recipients List, which can be found AT THIS LOCATION.

  • All employees must ONLY use the approved email template to gain consent from a party NOT already on the Approved CEM Recipients List. The approved email template can be found AT THIS LOCATION.

CEM Components and Guidelines:

  • All CEMs must contain: • contact information clearly laid out. This includes sender first and last name, sender email address, company name, company mailing address, company telephone number and company Web address. • If the CEM is to be sent on behalf of ARCSTONE SECURITIES AND INVESTMENTS CORP. to another party at ARCSTONE SECURITIES AND INVESTMENTS CORP., the name of this party and the sender must both be included, in addition to the information listed above. • An “unsubscribe” link, clearly visible.

  • Employees are prohibited from modifying the existing signature or contact information.

  • Employees are prohibited from removing the “unsubscribe” tool inherent in the approved email templates.

  • Employees must follow all approved guidelines on how to craft subject lines and emails messages that are not false or misleading. The approved guidelines can be found AT THIS LOCATION,

  • All employees must attend the required training session on sending CEMs. Course content will include information on where to access the Approved CEM Recipients List, how to obtain consent if it does not yet exist, and how to craft a compliant CEM subject line and message. Proof of training attendance will be kept on file with HR.

Unsubscribe Requests:

- All “unsubscribe” requests must be immediately forwarded to the LIST APPROPRIATE PARTY at LIST APPROPRIATE EMAIL ADDRESS to ensure prompt processing of the request and to maintain accurate records. EMPLOYEES MUST NOT SEND ANY FURTHER COMMUNICATION TO THE UNSUBSCRIBED PARTY.