Privacy Notice

Contents

Privacy Notice

Our Privacy Commitment

Consent

Personal Data we receive from our customers and visitors of our website

How we use the Personal Data collected

Responsibilities of our customers

Responsibilities of third-party vendors

Information Security: How Securefact Protects Your Privacy

Reviewing and updating your information

Retention of personal information

Children’s Privacy

Changes to this Policy

Enforcement

Choice

Acceptance of Privacy Policy

Disclosure of Personal Data to Government Agency

Privacy Notice

This Privacy Notice sets forth Securefact’s (“Company”, “we”, “us” and/or “our”) policy with respect to personally identifiable data (“Personal Data”) that is collected from visitors of the website and from our customers using our digital solutions.

We reserve the right to update and change this Privacy Notice from time to time by posting the updated Privacy Notice at /privacy-policy/. It is your responsibility to consult with this Privacy Notice to ensure that you are up to date on any changes which may affect you.

Our Privacy Commitment

We know you care deeply about your privacy and data security.

That’s why we implement robust governance, risk management and cyber security controls designed to prevent unauthorized access to or disclosure of Personal Data.

We appreciate your trust that we will do so with the highest of standards.

As part of our culture of continuous improvement, in addition to employing privacy and cyber security subject matter experts, we participate in periodic independent certified audits and assessments to strengthen our privacy controls and compliance with federal and provincial privacy regulations and authoritative cyber security standards.

If you have questions or complaints regarding our Privacy Notice, please contact:

David Sudbury, President & Chief Executive Officer
Phone: (416) 646-5558
Email: david.sudbury@securefact.com

Paulo Freitas, Chief Privacy Officer
Phone: (416) 642-2242
Email: paulo.freitas@securefact.com

We aim to respond to all queries within 30 days.

Consent

By visiting our website, you consent to our collection, use and disclosure of your personal information for the purpose for which it was collected, as described in this Privacy Notice, as amended from time to time, or as identified by us to you at the time of collection.

If you do not wish to have your Personal Data collected, used or disclosed as set out in this Privacy Statement, please either (1) do not use our website or services, or (2) exercise the opt-out procedures described in this Privacy Notice.

Subject to our legal obligations, you may withdraw your consent to our collection, use, retention or disclosure of Personal Data by contacting the address provided above.

Personal Data we receive from our customers and visitors of our website

“Personal Data” is information that may be used to identify you. It may also include information about the computer or device you use to access the Securefact website.

Securefact collects a wide range of Personal Data, including personal name, physical and email address, telephone number, national ID numbers such as – social security, driver’s license, passport, date of birth, vehicle identity number, IP addresses, among others.

You acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Securefact and its authorized third-party vendors located in Canada and the United States.

How we use the Personal Data collected

a. Personal Data from our customers

Personal Data is used by Securefact only as directed by our customers that integrate our digital solutions into their website, application, or other online service.

Our digital solutions collect, use and disclose Personal Data such as name, address and date of birth for verification with authoritative and reliable independent sources such as government registries and private databases as required by FINTRAC regulations.

Our collection, use and disclosure of received Personal Data from our customers may include sharing it with third-party vendors or verification sources to provide services to our customers, but only as necessary for the provision of the services.

b. Personal Data from visitors of our website

i. Enquiries on our website

We may receive information, including Personal Data, you enter on our website. Examples of what we collect are your name, company name, address, phone number and e-mail address.

We use the information that you provide for such purposes as responding to your requests, improving our services, and communicating with you.

ii. Automatic non-identifiable data

When you interact with Securefact through its website, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you.

In operating our website, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our website provides to your browser when you access the website. Our cookies help provide additional functionality to the website and help us analyze usage more accurately.

For instance, we may allow third-party vendors to use cookies or similar technologies to collect information about your browsing activities over time. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”).

Google Analytics uses cookies to help us analyze how users use the website and enhance your experience when you use it. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/

In all cases in which we use cookies, we will not collect Personal Data except with your permission. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off.

We recommend that you leave cookies turned on because they allow you to take advantage of some of the website features. For instance, our website may set a cookie on your browser that allows you to automatically add your name and address for your next enquiry.

iii. Our website includes social media features, such as the Twitter and LinkedIn button and widgets, such as the Share button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly.

Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy notice and practices of the company providing it.

Responsibilities of our customers

Securefact may directly receive your Personal Data from our customers using our digital solutions. Therefore, our customers are responsible for:

  • disclosing to you that your Personal Data will be shared with third-party vendors for the provision of services to our customers
  • ensuring robust explicit consent policies and procedures
  • maintaining the accuracy and completeness of your Personal Data and up to date security controls for protecting the information in their custody
  • securing your Personal Data sent to us over the internet
  • ensuring proper opt-out procedures are in place for your Personal Data
  • advising on retention period and removal of your Personal Data from our databases.

Responsibilities of third-party vendors

The third-party vendors with which we share your Personal Data from our customers are contractually required by us to keep this information confidential and may generally not use such information for any purpose other than to help us provide solutions to our customers.

As part of our vendor risk management program, we perform due diligence of our vendors’ privacy and cyber security programs during the on-boarding process and periodically during the period of our contractual relationship. We also periodically request for independent assurance reports on our vendors’ privacy and cyber security posture.

Information Security: How Securefact Protects Your Privacy

Securefact is committed to implementing high standards of cyber security to protect the privacy and confidentiality of Personal Data. We limit access to Personal Data to authorized Securefact employees and contractors. We also maintain physical, electronic, and procedural safeguards to protect the Personal Data against loss, misuse, damage or modification and unauthorized access or disclosure.

Some of the key features of our cyber security risk management program are:

  • A dedicated group responsible for cyber security that designs, implements, and provides oversight to our cyber security risk management program,
  • The use of privacy enhancing technology such encryption tools. For example, Securefact encrypts Personal Data both in transit and at rest, as required. We specifically encrypt Personal Data using at least 128-bit secure socket layer technology (SSL),
  • Testing of the security and operability of our solutions before they are introduced to the Internet, as well as on-going scanning for publicly-known vulnerabilities in the technology,
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions,
    Implementing controls to identify, authenticate and authorize access to various systems or sites.

The Chief Privacy Officer (CPO) serves as the privacy contact, with responsibility for administering the Securefact privacy program within Canada, including implementation of this Privacy Notice and for ensuring that Securefact complies with applicable Canadian laws and regulations concerning the collection, use and storage of Personal Data.

The CPO is responsible for:

  • Overseeing employee privacy training and employee compliance programs related to this Privacy Notice, obtaining annual privacy compliance confirmations from employees and contractors as well as enforcing disciplinary action of non-compliance by employees with the Privacy Notice,
  • Conducting periodic privacy risk assessments of Securefact’s compliance with this Privacy Notice, as well as specific implementation of policies and procedures,
  • Maintenance of annual independent Service Organization Control (SOC) 2 certifications and for regularly conducting security audits, vulnerability scans, and penetration tests to ensure compliance with security sound principles and standards,
  • Ensuring that Securefact actively participates in appropriate privacy activities and regularly reviews its privacy practices and policies,
  • Ensuring databases are physically protected at secure, third party sites and are monitored by security personnel twenty-four hours a day. Only authorized personnel can access the data centres.

Notwithstanding our privacy and cyber security controls, due to the evolving nature of cyber security risks we cannot guarantee the absolute security of your Personal Data. Moreover, we cannot guarantee the safety of your Personal Data when in the possession of other parties, such as our third-party vendors.

Reviewing and updating your information

Our customers that integrate our solutions into their website, application, or online service will grant you access to your Personal Data.

If you want to learn more about the Personal Data we have about you, or you would like to submit a request to update or change that Personal Data, please contact our customer that provided your information to us. Our customers will contact us to comply with your request.

As for visitors of our website, we are committed to maintaining the accuracy of your Personal Data and that it is complete and up-to-date. If you discover inaccuracies in our records, or your Personal Data changes, please notify us.

Retention of personal information

Our policy for retention and disposal of Personal Data of individuals is primarily dependant on the agreements we have with our customers. Therefore, Securefact will not remove Personal Data without the explicit consent of our customers.

In the absence of instructions from our customers, we generally retain Personal Data no longer than is necessary.

Children’s Privacy

Our services are not directed to children under the age of 18, and Securefact will never knowingly collect Personal Data from anyone it knows is under the age of 18. It is the responsibility of our customers to ensure such Personal Data is not collected without the express consent of the parents or legal guardians.

Changes to this Policy

Our business changes constantly, and our Privacy Notice will change also.

Our customers will be notified of any proposed changes prior to implementation.

As for visitors to our website, our notice of any changes to this Privacy Notice will be appropriately displayed. You will be required to read and accept the changes prior to use of our website.

We stand behind the promises we make, however, and will never materially change our Privacy Notice to make them less protective of Personal Data collected in the past without the consent of our customers and visitors of our website.

Enforcement

Securefact uses a self-assessment approach and independent certifications to assure compliance with this Privacy Notice and to periodically verify the notice is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with federal and provincial privacy regulations of Canada.

We encourage interested persons, to use the contact information provided with questions or concerns about their Personal Data. We will promptly investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data.

Choice

Securefact recognizes that you have the right to opt in/opt out of the use of your Personal Data. Accordingly, you may contact our customer that provided your data to us.

As soon as we receive a written request from our customer, we will begin the process to remove your Personal Data from our databases. Please also note that implementation of an opt-out request will require a reasonable amount of time.

If after implementation of an opt-out request for you, we inadvertently include any data about you in a manner inconsistent with the above policy, please contact our Chief Privacy Officer promptly by email at so we can investigate and address what has occurred.

As for visitors of our website, you have a choice to remove your Personal Data from our databases. Please contact us directly.

This opt-out policy only applies to Personal Data that is available through Securefact-owned databases. Please note opting-out of our databases will not prevent other companies or public record agencies from collecting or disseminating your Personal Data.

Acceptance of Privacy Policy

By using our website and our digital solutions, our customers and visitors of our website are accepting and agreeing to all the privacy policies and practices described in this Privacy Notice.

Disclosure of Personal Data to Government Agency

We will only disclose your personal information to a government institution or agency that has asserted its lawful authority to obtain the information, or to comply with a subpoena or warrant or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with court rules regarding the production of records and information.

Effective Date: August 3, 2017

For any inquiries regarding this policy, please Contact Us:

365 Bay Street, Suite 300
Toronto, Ontario
M5H 2V1 Canada

Phone (416) 979-5858
Toll-free (800) 396-8241