Privacy and Legal

Legal Notice

The material contained in this website is intended to provide general information and should not be relied upon as legal advice. Securefact Transaction Services, Inc. does not provide legal services or legal advice. If you require legal advice you should contact a licensed legal practitioner in the jurisdiction for which you seek advice. Any information sent to Securefact Transaction Services, Inc. by e-mail through this website is not confidential. Securefact Transaction Services, Inc. does not necessarily endorse the material on any website accessible through links from this website.

All material on this site is copyright 2018 Securefact® and may not be reproduced in any form for commercial purposes without the express written consent of Securefact Transaction Services, Inc. Anyone seeking to link to this site from any external website must seek the consent of Securefact Transaction Services, Inc. by sending an e-mail to info@securefact.com

Contact Details

For any inquiries regarding this policy, please contact us:

372 Bay Street, Suite 200
Toronto, Ontario
M5H 2W9

Phone (416) 979-5858
Toll-free (800) 396-8241

Privacy Notice

This Privacy Notice sets forth Securefact’s (“Company”, “we”, “us” and/or “our”) policy with respect to personally identifiable data (“Personal Data”) that is collected from visitors of the Web Site and from our customers using our digital solutions.

Our Privacy Commitment

We know you care deeply about your privacy and data security.

That’s why we implement robust governance, risk management and cyber security controls designed to prevent unauthorized access to or disclosure of Personal Data.

We appreciate your trust that we will do so with the highest of standards.

As part of our culture of continuous improvement, in addition to employing privacy and cyber security subject matter experts, we participate in periodic independent certified audits and assessments to strengthen our privacy controls and compliance with federal and provincial privacy regulations and authoritative cyber security standards.

If you have questions or complaints regarding our Privacy Notice, please contact:

Glenn Harvey, President & Chief Executive Officer
Phone:  (416) 646-5558
Email:    Glenn.Harvey@securefact.com

Paulo Freitas, Chief Privacy Officer
Phone: (416) 642-2242
Email:    Paulo.Freitas@securefact.com

We aim to respond to all queries within 30 days.

Personal Data we receive from our customers and visitors of our Web Site

Personal Data is information that may be used to identify you. It may also include information about the computer or device you use to access the Securefact Web Site.

Securefact collects a wide range of Personal Data such as personal name, physical and email address, telephone number, national ID numbers such as – social security, driver’s license, passport, date of birth, vehicle identity number, IP addresses, among others.

How we use the Personal Data collected

  1. a) Personal Data from our customers

Personal Data is used by Securefact only as directed by our customers that integrate our digital solutions into their web site, application, or other online service.

Our use of received Personal Data from our customers may include sharing it with third-party vendors to provide services to our customers, but only as necessary for the provision of the services.

You acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Securefact and its authorized third-party vendors located in Canada and the United States.

  1. b) Personal Data from visitors of our Web Site
  2. i) Enquiries on our Web Site

We receive information you enter on our Web Site. Examples of what we collect are your name, company name, address, phone number, e-mail address.

We use the information that you provide for such purposes as responding to your requests, improving our services, and communicating with you.

By voluntarily providing us with your Personal Data, you are consenting to our use of it in accordance with this Privacy Notice.

  1. ii) Automatic non-identifiable data

When you interact with Securefact through its Web Site, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you.

In operating our Web Site, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Web Site provides to your browser when you access the Web Site. Our cookies help provide additional functionality to the Web Site and help us analyze usage more accurately.

For instance, we may allow third-party vendors to use cookies or similar technologies to collect information about your browsing activities over time. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze

how users use the Web Site and enhance your experience when you use it. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/

In all cases in which we use cookies, we will not collect Personal Data except with your permission. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off.

We recommend that you leave cookies turned on because they allow you to take advantage of some of the Web Site features. For instance, our Web Site may set a cookie on your browser that allows you to automatically add your name and address for your next enquiry.

iii) Social Media features

Our Web Site includes social media features, such as the Twitter and LinkedIn button and widgets, such as the Share button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly.

Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy notice and practices of the company providing it.

Responsibilities of our customers

Securefact may directly receive your Personal Data from our customers using our digital solutions. Therefore, our customers are responsible for:

  • disclosing to you that your Personal Data will be shared with third-party vendors for the provision of services to our customers
  • ensuring robust explicit consent policies and procedures
  • maintaining the accuracy and completeness of your Personal Data and up to date security controls for protecting the information in their custody
  • securing your Personal Data sent to us over the internet
  • ensuring proper opt-out procedures are in place for your Personal Data
  • advising on retention period and removal of your Personal Data from our databases.

Responsibilities of third-party vendors

The third-party vendors with which we share your Personal Data from our customers are required to keep this information confidential and may generally not use such information for any purpose other than to help us provide solutions to our customers.

As part of our vendor risk management program, we perform extensive due diligence of our vendors’ privacy and cyber security programs during the on-boarding process and periodically during the period of our contractual relationship. We also periodically request for independent assurance reports on our vendors’ privacy and cyber security posture.

Information Security: How Securefact Protects Your Privacy

Securefact is committed to implementing the highest standards of cyber security to protect the privacy and confidentiality of Personal Data. We limit access to Personal Data to authorized Securefact employees and contractors. We also maintain physical, electronic, and procedural safeguards to protect the Personal Data against loss, misuse, damage or modification and unauthorised access or disclosure.

Some of the key features of our cyber security risk management programme are:

  • A dedicated group responsible for cyber security that designs, implements, and provides oversight to our cyber security risk management programme;
  • The use of privacy enhancing technology such encryption tools. For example, Securefact encrypts Personal Data both in transit and at rest, as required. We specifically encrypt Personal Data using at least 128-bit secure socket layer technology (SSL).
  • Testing of the security and operability of our solutions before they are introduced to the Internet, as well as on-going scanning for publicly-known vulnerabilities in the technology;
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
  • Implementing controls to identify, authenticate and authorise access to various systems or sites;

The Chief Privacy Officer (CPO) serves as the privacy contact, with responsibility for administering the Securefact privacy programme within Canada, including implementation of this Privacy Notice and for ensuring that Securefact complies with applicable Canadian laws and regulations concerning the collection, use and storage of Personal Data.

The CPO is responsible for:

  • Overseeing employee privacy training and employee compliance programmes related to this Privacy Notice, obtaining annual privacy compliance confirmations from employees and contractors as well as enforcing disciplinary action of non-compliance by employees with the Privacy Notice.
  • Conducting periodic privacy risk assessments of Securefact’s compliance with this Privacy Notice, as well as specific implementation of policies and procedures.
  • Maintenance of annual independent SOC 2 certifications and for regularly conducting security audits, vulnerability scans, and penetration tests to ensure compliance with security sound principles and standards.
  • Ensuring that Securefact actively participates in appropriate privacy activities and regularly reviews its privacy practices and policies.
  • Ensuring databases are physically protected at secure, third party sites and are monitored by security personnel twenty-four hours a day. Only authorized personnel can access the data centers.

Notwithstanding our privacy and cyber security controls, due to the evolving nature of cyber security risks we cannot guarantee the absolute security of your Personal Data.  Moreover, we cannot guarantee the safety of your Personal Data when in the possession of other parties, such as our third-party vendors.

Reviewing and updating your information

Our customers that integrate our solutions into their website, application, or online service will grant you access to your Personal Data.

Thus, if you want to learn more about the Personal Data we have about you, or you would like to submit a request to update or change that Personal Data, please contact our customer that provided your information to us. Our customers will contact us to comply with your request.

As for visitors of our Web Site, we are committed to maintaining the accuracy of your Personal Data and that it is complete and up-to-date. If you discover inaccuracies in our records, you wish to inquire into your Personal Data maintained by Securefact, or your Personal Data changes, please notify us at info@securefact.com.

Retention of personal information

Our policy for retention and disposal of Personal Data of individuals is primarily dependant on the agreements we have with our customers. Therefore, Securefact will not remove Personal Data without the explicit consent of our customers.

In the absence of instructions from our customers, we generally retain Personal Data no longer than is necessary.

Children’s Privacy

Our services are not directed to children under the age of 18, and Securefact will never knowingly collect Personal Data from anyone it knows is under the age of 18. It is the responsibility of our customers to ensure such Personal Data is not collected without the express consent of the parents or legal guardians.

Changes to this Policy

Our business changes constantly, and our Privacy Notice will change also.

Our customers will be notified of any proposed changes prior to implementation.

As for visitors to our Web Site, our notice of any changes to this Privacy Notice will be appropriately displayed. You will be required to read and accept the changes prior to use of our Web Site.

We stand behind the promises we make, however, and will never materially change our Privacy Notice to make them less protective of Personal Data collected in the past without the consent of our customers and visitors of our Web Site.

Enforcement

Securefact uses a self-assessment approach and independent certifications to assure compliance with this Privacy Notice and to periodically verify the notice is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with federal and provincial privacy regulations of Canada.

We encourage interested persons, to use the contact information provided with questions or concerns about their Personal Data. We will promptly investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data.

Choice

Securefact recognizes that you have the right to opt in/opt out of the use of your Personal Data. Accordingly, you may contact our customer that provided your data to us.

As soon as we receive a written request from our customer, we will begin the process to remove your Personal Data from our databases. Please also note that implementation of an opt-out request will require a reasonable amount of time.

If after implementation of an opt-out request for you, we inadvertently include any data about you in a manner inconsistent with the above policy, please contact our Chief Privacy Officer promptly by email at so we can investigate and address what has occurred.

As for visitors of our Web Site, you have a choice to remove your Personal Data from our databases. Please contact us directly.

This opt-out policy only applies to Personal Data that is available through Securefact-owned databases. Please note opting-out of our databases will not prevent other companies or public record agencies from collecting or disseminating your Personal Data.

 Acceptance of Privacy Policy

By using our Web Site and our digital solutions, our customers and visitors of our Web Site are accepting and agreeing to all the privacy policies and practices described in this Privacy Notice.

 

This policy was last modified on:  August 23, 2018