This Policy describes Stone Tree's collection, use and/or disclosure of personal information. It governs the behavior of employees and agents acting on Stone Tree's behalf when dealing with personal information. It provides procedures for an individual's access to and correction of personal information.

Personal information includes information about an identifiable individual, presented in any form such as age, name ID number(s), income, ethnic origin, opinions, evaluations, social status, disciplinary actions, credit records, loan records, medical records.

Personal information does not include the name, title, business address and telephone number of an employee of an organization.

Stone Tree's Privacy Policy is enacted pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA), effective January 1, 2004.

The Stone Tree Privacy Policy is organized along ten privacy principles, which are:

1. Accountability

1.1 Accountability for Stone Tree's compliance with the principles rests with the senior management of Stone Tree and the person or persons designated by senior
management as Privacy Officer, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of senior management or the Privacy Officer.

1.2 Stone Tree's senior management has designated Privacy Officers to oversee the organization's compliance with the principles.

1.3 Stone Tree is responsible for personal information in it's possession or custody, including information that has been transferred to a third party for processing. Stone
Tree will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.

1.4 Stone Tree will implement policies, guidelines, procedures and practices to safeguard such personal information.

2. Identifying Purposes

2.1 Stone Tree collects personal information only for the following identified purposes:

(a) to provide service(s) and/or products to its members and customers;
(b) to communicate with members and customers with respect to invoicing, collection, advertising, promotion)
(c) to identify members and customers needs and preferences
(d) to administer and manage its business operations
(e) to meet legal and regulatory requirements

2.2 Stone Tree will provide notice of the identified purposes either orally, electronically or in writing prior to or at the time of collection of the personal information.

2.3 When personal information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new
purpose is required by law, Stone Tree will obtain the consent of the individual before information is used for that new purpose.

Occasionally, Stone Tree will communicate to you special membership or dining offers that we think may be of value to you. If you do not wish to receive this information in electronic, printed or verbal format, simply inform our privacy officers in writing.

3. Consent

3.1 Stone Tree will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sough after the information has been collected but before use (see 2.3).

3.2 In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical or
security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when there is an emergency threatening the individual's life, health or security, or where the individual is a minor, seriously ill, or mentally incapacitated. Moreover, Stone Tree may provide personal information to its lawyer or agent to collect a debt, comply with a subpoena, warrant or other court order, government institution requesting the information upon lawful authority, or as may be otherwise required by law.

3.3 The form of consent sought by Stone Tree may vary, depending upon the circumstances and the type of information disclosed. In determining the form of consent
to use, Stone Tree will take into account the sensitivity of the information and the reasonable expectations of the individual. A legal guardian or a person with power of
attorney can also give consent.

Stone Tree will seek express consent when the information is likely to be considered sensitive.

Implied consent will generally be appropriate when the information is less sensitive. The use of services by a customer or the acceptance of employment by an employee will be considered implied consent to collect, use and disclose personal information for all identified purposes.

3.4 With respect to personal information already collected and in the possession of Stone Tree prior to the publication of this Privacy Policy, this Policy will constitute reasonable notice to Stone Tree's current members, customers and employees of the purposes and uses for which such personal information has been collected. Should an individual object to these ongoing uses or disclosures, consent may be withdrawn upon providing
written notice to our Privacy Officers.

4. Collection

4.1 Stone Tree only collects personal information that is necessary for the purposes identified. Personal information is collected directly from the individual, and may, with
consent or as otherwise allowed by law, be collected from other sources such as credit bureaus, employers or personal references or other third parties that represent that they have the right to disclose the information.

5. Use, Disclosure and Retention

5.1 Personal information is not, without consent, used or disclosed to a third party for any purpose other than that for which it was collected, unless such use or disclosure is
required or allowed by law.

5.2 Stone Tree may disclose a member's personal information to:

(a) a person involved in the development, promotion, marketing or enhancements of Stone Tree's services
(b) a credit collections agency;
(c) emergency services in an emergency situation
(d) any other third party, upon receiving the consent of the member or as required by law.

5.3 Stone Tree may disclose an employee's personal information in the following circumstances:

(a) in the administration of that employee's benefits
(b) in providing references to prospective employers, upon receiving the consent of the employee;
(c) as may be required by law.

5.4 Certain Stone Tree employees may be given access to customer and/or employee information in so far as their duties require access for business purposes. Stone Tree
employees are governed by a non-disclosure policy in the Employee Handbook that prohibits disclosure or use of any confidential or personal information for any purposes
other than the stated business purpose.

5.5 Stone Tree will retain personal information for only as long as required to fulfill the identified purposes or as required by law. Personal information that is no longer
required to fulfill the identified purposes will be destroyed in a manner suitable to the sensitivity of the information.

6. Accuracy

6.1 Reasonable efforts will be made to ensure that personal information is accurate and complete for the purposes for which it is to be used.

7. Safeguards

7.1 Personal information will be protected by security safeguards appropriate to the sensitivity of the information.

7.2 Stone Tree protects all personal information regardless of the format in which it is held. The methods of protection include:

(a) locked filing cabinets, desks and restricted access to offices;
(b) use of passwords and encryptions on computers

8. Openness

8.1 Stone Tree will make readily available to individuals specific information about its policies and practices relating to the management of personal information upon request.

9. Individual Access

9.1 Upon written request to the Privacy Officers, an individual will be informed of the existence, use, and disclosure of his or her personal information and will be given
access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.2 In certain instances, Stone Tree will not be able to provide the individual access to his or her personal information. For example, Stone Tree will not provide access to
information where the information requested is prohibitively costly to provide; where the information contains references to other individuals; where the information cannot be disclosed for legal, security or commercial proprietary reasons; where the information is subject to solicitor-client or litigation privilege; or where the information can best be available from another source (for example, through a medical practitioner). In each case, Stone Tree will provide reasons for denying any access to personal information.

9.3 When an individual successfully demonstrates the inaccuracy or incompleteness or personal information, Stone Tree will amend the information as required. Depending
upon the nature of the information challenged, amendment involves the correction, deletion or addition of information. Where appropriate, the amended information will
be transmitted to third parties having access to the information in question.

10. Concerns, Inquiries, or Requests

10.1  Stone Tree has a privacy compliance officer.  Should you have questions or concerns, see CONTACT US or email us at stree@stonetree.on.ca to reach our privacy officer.

10.2 If you wish to make a formal complaint about our privacy practices, you ma make it in writing to one of our Privacy Officers. She will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision in writing.

10.3 This policy is made under the Personal Information Protection and Electronic Documents Act. It is a complex Act and provides some additional exception to the
privacy principle that are too detailed to set out here. There are some rare exceptions to the commitment set out above.

10.4 For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The
Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reach at:

112 Kent Street
Ottawa, Ontario
K1A 1H3
Phone: 613-995-8210
Toll-Free: 1-800-282-1376
Fax: 613-947-6850
TTY: 613-992-9190
www.privcom.gc.ca