Protecting our customers’ personal, private and confidential information that might be shared with us is of utmost importance to Axcess Canada Inc. and our subsidiary company CaelumOne Enterprise Content Management Corporation (“Axcess”,"CaelumOne", “us” and/or “we”). Given that customers entrust us with their very personal financial and other details, we take every possible step to ensure that information is protected.
This policy provides details about our program for ensuring the privacy of information provided to Axcess and/or CaelumOne, including the types of information we collect about you, how we utilize this information, and the methods we use to safeguard the information. Unless we have specifically stated otherwise herein, this policy applies to personal information, without regard as to the location from where it was provided, and is intended to be compliant with the seven Safe Harbor Principles applicable to personal information received from the European Union (“EU”) pursuant to EU Directive 95/46/EC on the protection of personal data.
These principles require a receiver of personal information to provide:
1. Notice - Individuals must be informed that their data is being collected and about how it will be used.
2. Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
3. Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
4. Security - Reasonable efforts must be made to prevent loss of collected information.
5. Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
6. Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
7. Enforcement - There must be effective means of enforcing these rules.
As part of our supplying of products and services to a variety of front-end providers, we may collect and use information that is personal and private to you, such as your name, address, telephone number(s), email address(es), as well as banking, credit or debit card, and other financial information, all collectively defined herein as “Personal Information”.
Internet portals and databases that we host, manage and interface with accept applications for financial products and services via the World Wide Web, available to members of the general public. These applications will require you to provide Personal Information in order to provide you with the services offered.
Applications are then underwritten and processed via our proprietary financial services management platform, and utilizing your Personal Information, in order to affect the approval or disapproval such products and services.
A credit report about you may be required if an underwriter deems it necessary to facilitate the provision of a product or service.
When approved, products and services may be funded by interfacing to a card processor gateway or banking interface. Your Personal Information will be used at this stage in order to complete the advancement and repayment of funds to the appropriate account.
When funded, products and services are then managed and administered throughout the life cycle of the product or service via our proprietary financial services management platform, and utilizing your Personal Information, in order to affect the administration of such products and services.
The provision of these services to you and/or our Partners, or on behalf of our Partners, shall be collectively called the “Services”.
II. Collection of Personal Information
a. Axcess will collect your Personal Information primarily when you visit a Partners’ Internet web site, apply for a loan, or request other services provided by the Partner. Some of this information will be required for us to ensure that we have proper contact information for you, including your name, address, and email address. Other information collected as a necessary part of the application process may be considered more sensitive in nature, including personal bank account information, employment details, income particulars and credit history.
b. It is important to note that if you choose not to provide us with the Personal Information we request, all of which is necessary for us to facilitate providing you with the services anticipated hereunder, we may not be able to provide such services to you, or may choose not to do so if there are any deficiencies in the Personal Information so provided.
c. Only Personal Information provided by legal adults (deemed to be any person over the age of eighteen years, regardless of location) will be retained by Axcess.
III. Reason for Collection of Personal Information
a. Axcess collects your Personal Information only where it is necessary for us to provide Services to you or to our Partners, as set out in Article I, above. This information will be collected only as required to provide such services, and no additional information will be collected or utilized at any time, including any other sensitive personal information not directly related to the Services.
IV. Use of Personal Information
b. We offer users, including but not necessarily limited to those located in the EU, whose Personal Information has been transferred to our servers or databases in Canada, the opportunity to opt out from:
V. Sharing and Distribution of Personal Information
a. As part of our commitment to providing the utmost protection of your Personal Information, we will not, under any circumstances, rent, loan, or sell your Personal Information or any portion thereof in any capacity or for any reason. Your Personal Information is only exchanged between us and our Partners as required to facilitate the provision of the Services, and we only exchange such information with Partners that uphold same commitment to protecting your Personal Information as we do. We do not work with Partners who are not willing to uphold the same standards of protection that we observe ourselves.
b. We may in the future utilize certain online interactions for support services that will require you to login with a specific user ID and/or email address. In the event these services are provided by a third party, any information you provide may be retained by them only as required to provide support services and your Personal Information will at all times be retained exclusively by us.
c. We may be required to provide your Personal Information by an act of law, court order, or otherwise by an entity with the power to compel such disclosure by us. Otherwise, this information will not be provided to anyone by us on a voluntary basis.
d. You have a right to know what Personal Information we have collected about you. If at any time you wish to know what Personal Information we have in our database, please contact our privacy officer as set out in Article IX (b) herein with your request.
a. Axcess and our Partners use a variety of e-commerce technologies on their respective websites to perform a variety of functions, primarily to understand how our sites are used and to facilitate the user experience.
b. “Cookies” are used to collect non-specific, non-Personal Information that allows us to increase the functionality of our website. These “cookies” are simple text files delivered to your Web browser and stored on your computer, but do not contain nor do they provide us with any Personal Information.
c. You may choose not to store “cookies” on your computer by changing the privacy settings on your web browser or on your computer. Rejecting “cookies” may alter your experience in using our website or those of our Partners, and prevent you being able to do so altogether.
d. We also may gather and analyze non-specific information about the general traffic visiting our website or those of our partners. The log files associated with this information are anonymous, not associated with the account of any specific user, and do not contain any Personal Information.
VII. Use by Third Parties
a. Axcess does not share your Personal Information with anyone other than as generally described below.
VIII. How We Contact You
a. We may contact you through any of the methods you provide to us, primarily via email and telephone, though lettermail may also be appropriate in certain circumstances.
b. You may inform us at any time if you do not wish to be contacted via any particular method for unwanted solicitations. However, transactional confirmations and details pertaining to your account will still be provided to you in accordance with principles of business efficacy or as may otherwise be required by law.
IX. Changing Your Personal Information
a. We take great care in not only protecting your Personal Information, but also in ensuring that it is used only for the purposes for which it was provided to us.
Chris Rea – Director Client Services & Data Management
Telephone: +1(888)883-2852 x 403
Lettermail: 356 Ontario Street, Suite 321, Stratford Ontario Canada N5A 7X6
You will be asked appropriate security questions in order to verify your identity and that we are speaking to the original provider of the Personal Information only.
c. We will use our best efforts to update your Personal Information as quickly as possible, but in no event will it take longer than fourteen (14) days to do so.
d. Personal Information received from the EU will only be retained for a period of time as necessary to accomplish our legitimate business purposes or as otherwise may be required by applicable local, national or international law.
X. Methods of Protecting Your Personal Information
a. Axcess utilizes the most up-to-date data protection methodologies available to us in order to protect against unauthorized access, loss, misappropriation or misuse of your Personal Information as it is stored in our database. We have implemented a series of internal and external procedures that are required to be adhered to by any of our staff or contractors in order to access any Personal Information.
b. Our website, as well as those of our Partners, is tested regularly to ensure compliance with this policy as well as to ensure security measures have been maintained.
c. All employees and contractors working for or with Axcess are restricted in their access to production databases through the use of firewalls (at drafting of this policy - Juniper Screen OS). Any technical support or developmental workers that may need access to Personal Information are required to execute a comprehensive non-disclosure and confidentiality agreement and are only provided access to Personal Information on a strictly “need to know” basis, if at all.
d. We protect the transfer and delivery of, and access to, Personal Information through 128 bit SSL encryption.
e. At drafting of this policy we utilize Microsoft Forefront to ensure a virus-free operating environment for both incoming and outbound data transfers.
f. Our servers are located at the Agilis Networks Data Centre located at 500 Regent Street, Sudbury ON P3E 3Y2. All data is backed up in two ways: nightly, using an Nutranix Servers in production server rack, and again weekly, using the Agilis Networks Back Up within the data center, but not in the same physical server rack as the hardware used for the nightly backup.
g. We also maintain procedures to protect against outages and to ensure data recovery: Virtual Server Failure - Microsoft Server SQL 2008 R2 servers are virtualized to fail over in real time on same physical install, and in the event of a physical server failure, one redundant physical server is available to fail over to with manual cold reboot.
h. Axcess does not retain any of your Personal Information in hard copy at any time for any reason.
i. We will undertake regular reviews of our privacy policies and procedures to ensure adherence to its principles and those of EU Directive 95/46/EC. Any EU-based user who has a complaint regarding the processing of his or her Personal Information should contact our compliance officer at the address set forth in Article IX (b).
j. Notwithstanding that we believe we take every reasonable precaution to ensure the safety of your Personal Information, we cannot absolutely guarantee the security of your Personal Information.