PURPOSE
This Privacy Policy is designed to comply with applicable privacy legislation in Canada including the PIPEDA (The Personal Information Protection and Electronic Documents Act is governing how for private-sector organizations collect, use, and disclose personal/private information during commercial activity in a manner that recognizes the right to privacy of individuals with respect to their personal information and the need of organizations. Please visit this PIPEDA website for further details).
It is also designed to help individuals understand how their private information is managed at ISPRATIS, Inc. (“ISPRATIS”).
SCOPE
Those individuals protected by this Privacy Policy include customers, prospective customers, and customer of other third parties for which ISPRATIS may provide outsourced services. This Privacy Policy applies only to information collected during commercial activities. ISPRATIS Cyber Protection and ISPRATIS White Falcon Blog are websites affiliated with ISPRATIS, Inc. For this Privacy Policy, references to ISPRATIS are meant to include ISPRATIS Cyber Protection and White Falcon Blog.
INTENT
ISPRATIS is committed to protecting and respecting the personal information of its customers, employees, business partners, and all other entities it interacts with in accordance with PIPEDA. This policy will provide guidelines to ensure that ISPRATIS remains compliant with PIPEDA requirements.
DEFINITIONS
Breach of security safeguards – The loss of, unauthorized access to, or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards, or from a failure to establish those safeguards.
Personal information – Information about an identifiable individual.
Security safeguards – Security safeguards include the following:
- Physical measures, for example, locking filing cabinets and restricted access to offices.
- Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and
- Technological measures, for example, the use of passwords and encryption.
Significant harm – Includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property. All definitions sourced from the PIPEDA website reference above.
THE PRINCIPLES
Our Privacy Policy is designed to comply with applicable privacy legislation in Canada. It incorporates the following 10 principles:
- Accountability
- Identifying Purpose
- Consent
- Limiting Collection
- Limiting Use, Disclosure and Retention
- Accuracy of Information
- Safeguarding Information
- Openness
- Access to Information
- Challenging Compliance
Any changes to our Privacy Policy will be reflected in updates to our official Privacy Policy, wherever it is made available. Thus, you will always know what information we collect, how we use it and how we protect it. When information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified to you prior to use.
ACCOUNTABILITY
ISPRATIS is responsible for maintaining and protecting the information under its control. Accountability for this function within our organization is held by:
President, ISPRATIS, Inc.
IDENTIFYING PURPOSE
ISPRATIS will identify the purposes for which information is collected at or before the time the information is collected. Generally, ISPRATIS collects information for the following purposes:
- To manage and develop ISPRATIS’s business and operations, including personnel and employment matters; and
- To meet legal and regulatory requirements.
However, there may be other circumstances that require such information to be collected and used.
ISPRATIS collects the following information from individuals during normal commercial activities. The information obtained includes general contact information, levels of interest for our services and topics, and transaction activity with ISPRATIS. This information is used primarily to determine an individual’s entitlement to ISPRATIS’s services. In addition, this information may be used to:
- Inform individuals about ISPRATIS’s products and services that we believe may be of interest to them.
- Better understand an individual’s interests in our products and services.
- Develop, enhance, or improve products and services.
ISPRATIS routinely collects anonymous, non-personal information through our Web servers. This is information that is not associated with or traced back to a specific individual. Gathered electronically, this information includes the type of Web browser used, the level of encryption a browser supports and the Internet Protocol address. This information may be used for research and analytical purposes, to examine how the Web site is being used and to determine how it can be improved.
ISPRATIS is recording and monitoring all calls for training and quality assurance purposes.
If the caller objects to the recording, ISPRATIS will provide the caller with an alternate method.
ISPRATIS also uses cookies. A cookie is a small piece of information that is sent to your computer when you access a Web site. There are two kinds of cookies:
Session cookie – Stored temporarily in your computer’s memory. A session cookie is destroyed as soon as you close your browser.
Persistent cookie – A more permanent line of text that gets saved to your hard drive.
We use session cookies on all ISPRATIS Web sites to allow you to gain access to the site. Persistent cookies are used to store your encrypted user ID and password, so that you won’t have to type it in each time that you access our site. A persistent cookie is only set if you click on “Remember my sign-in information.”
CONSENT
An individual’s knowledge and consent are required before ISPRATIS is allowed to collect, use, or disclose his or her information, except where appropriate. Where possible, ISPRATIS or its client / third parties will obtain consent directly from the individual concerned at the time of collection. The consent of an individual is only valid if it is reasonable to expect that the individual understands the nature, purpose, and consequences of the collection, use, or disclosure of the personal information. By subscribing to our services, registering for access to our sites and systems, access to our on-line information services, calling our business or otherwise indicating approval, individuals consent to the collection and use of their information for the purposes identified in this Privacy Policy.
ISPRATIS will not require you to consent to the collection, use or disclosure of information beyond that required to provide our products or services to you.
After having provided consent, an individual has the right to withdraw consent at any time by providing 30 days written notice to [email protected]. If your request requires that we delete your registration information, we will no longer be able to provide you with the services or products for which you have subscribed. Cancellation will be subject to the terms and conditions of the subscription or services provided, as applicable.
In limited circumstances, ISPRATIS may use or disclose information without the knowledge or consent of the individual, for example, for purposes of debt collection, breaches of agreements, as required by governmental bodies acting with authority, or as authorized or required by applicable legislation.
LIMITING COLLECTION
ISPRATIS collects only the information that is necessary for the purposes outlined in this Privacy Policy.
LIMITING USE, DISCLOSURE AND RETENTION
ISPRATIS does not use information for purposes other than those for which it was collected, except with an individual’s consent or as required by law. Once information is no longer required to fulfill the identified purposes or other legal requirements, it will be destroyed, deleted, or made anonymous.
ISPRATIS does not sell information to third-party organizations.
Information is retained only if necessary for the fulfillment of the purposes stated in this policy.
ACCURACY OF INFORMATION
Information is kept as accurate, complete, and up to date as necessary for the purposes for which it is to be used. Individuals are encouraged to provide updates to their information as changes occur, to enable us to continue to provide services to them. The information of customers can be reviewed and modified either directly on-line or by contacting our Web site administrator:
OPENNESS
ISPRATIS is committed to being open about its policies and practices with respect to the handling of information. Our Privacy Policy is available through our home page site. If a hard copy or additional information is required, requests for such information may be made to the [email protected].
ACCESS TO INFORMATION
Individuals may request a copy of their information held at ISPRATIS by submitting a written request to the President of ISPRATIS at the address below in the Challenging Compliance. Acceptable proof of identification is required before such information is given out. If you feel the information about you is inaccurate, you may request that it be reviewed and, if inaccurate, changed, by contacting ISPRATIS at [email protected].
CHALLENGING COMPLIANCE
An individual can challenge compliance with the above policy by providing written details of the challenge to the President, via:
Email at: [email protected]