iVenuto.com Software Corporation
The purpose of this Privacy Statement is to inform Individuals about the types of Personal Information that iVenuto.com Software Corporation (“SIGN IN”) receives, holds and processes in its capacity as a service provider on behalf of SIGN IN’s Clients.
SIGN IN is proud to demonstrate our commitment to protecting the Personal Information we receive from its Clients by complying with applicable privacy laws in Canada, including the Personal Information Protection and Electronic Documents Act. In order to fulfill this commitment, SIGN IN has policies and practices intended to appropriately safeguard SIGN IN’s facilities, information systems and data.
This Privacy Statement may be revised periodically to maintain its currency and compliance with evolving law and policy.
1. TO WHOM DOES THIS PRIVACY STATEMENT APPLY?
This Privacy Statement applies to the Employer Services division of SIGN IN. SIGN IN contracts with Clients to provide them with the opportunity to outsource their business processing functions. Specifically, SIGN IN provides its Clients with electronic payment processing and related services, including making electronic or cheque payments to Individuals and providing required information to third parties such as banks, taxing authorities and other government agencies as required (e.g., for the purpose of administering family support payments).
SIGN IN’s “Clients” are various entities such as corporations, partnerships, trusts or other businesses that receive our services.
The Personal Information SIGN IN receives from its Clients relates to a variety of Individuals. An “Individual” is any person directly or indirectly designated by a Client to be covered by the services to which this Privacy Statement applies.
2. WHAT IS PERSONAL INFORMATION?
“Personal Information” is generally any information about an identifiable Individual. The type of information that a Client may collect from an Individual and transfer to SIGN IN in order for us to provide the Client with our business process outsourcing services may include an Individual’s name, residential contact information, annual gross revenue, bank account information, family support payment obligations and tax filing information, as well as additional information that an Individual may choose to disclose. Personal Information may not, however, include an employee’s business title, business address or business telephone number.
3. WHAT ARE SIGN IN’S OBLIGATIONS AS A PROCESSOR OF PERSONAL INFORMATION?
As a service provider, SIGN IN does not independently use or disclose Personal Information transferred to SIGN IN by, or on behalf of, a Client or an Individual for any purpose other than to process that information in order to fulfill our contractual business processing functions, except as required or permitted by law.
Furthermore, SIGN IN takes all commercially reasonable steps to safeguard the Personal Information we hold against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the Personal Information is held. The precise nature of the safeguards SIGN IN employs will vary depending on (i) the sensitivity of the Personal Information at issue, (ii) the format in which it is held, and (iii) the manner in which it is stored.
4. HOW DOES SIGN IN TRAIN AND MANAGE OUR ASSOCIATES?
SIGN IN’s Human Resources Department is responsible for associate management and training.
SIGN IN educates our associates about our information security policies and practices, and uses reasonable efforts to help ensure that our associates comply with these policies and practices. These efforts include:
Conducting appropriate background checks of all newly-hired associates;
Including information on SIGN IN’s policies in our associate orientation process;
Requiring associates to execute appropriate non-disclosure agreements;
Including information on SIGN IN’s policies and practices on the SIGN IN associate intranet site;
Disseminating information on SIGN IN’s policies and procedures to associates at appropriate intervals;
Limiting access to Personal Information to associates with a business need for seeing it;
Promptly ending associate access to systems and facilities upon termination of associate employment;
Monitoring associates for compliance with policies; and
Imposing appropriate disciplinary measures for breaches of policies and procedures.
5. HOW DOES SIGN IN ENSURE THE SECURITY OF OUR FACILITIES?
The Director of Facilities is responsible for the security of SIGN IN’s facilities.
SIGN IN utilizes reasonable security measures at all of our facilities. Such security measures include:
Using access control devices, such as card keys; computerized access control, and/or receptionist verification of identification badges for all associates;
Requiring that visitors to our facilities check-in at a reception desk and obtain a visitor badge;
Utilizing enhanced security measures at all data centers, including limiting access to specially authorized associates (controlled by computerized access control) and limiting visitors to pre-cleared individuals who must be escorted at all times;
Maintaining secured areas for storage of materials containing confidential information; and
Implementing other appropriate security measures including security patrols and security cameras, where such measures are judged to be necessary and reasonably appropriate.
6. HOW DOES SIGN IN ENSURE THE SECURITY OF OUR INFORMATION SYSTEMS?
The Chief Information Officer (“CIO”) is responsible for the overall security of SIGN IN’s information systems. Information systems include network and software design, as well as information processing, storage, transmission, retrieval and disposal. SIGN IN employs policies and practices to protect Personal Information throughout its life cycle – from data entry to data disposal. These policies and practices include, among other things:
Requiring use of virus protection software on all computer systems attached to SIGN IN networks;
Encrypting all client information transmitted over the Internet;
Limiting all access to SIGN IN computer resources and networks to approved configurations and utilizing appropriate identification and authentication methods;
Utilizing firewalls (which are configured and maintained in accordance with SIGN IN and industry-standard procedures and specifications);
Requiring appropriate disposal of all documents and electronic media containing Personal Information;
Employing appropriate intrusion detection, monitoring, and logging capabilities to enable detecting and responding to potential security breaches;
Maintaining appropriate incident handling procedures for responding to any breaches;
Regularly obtaining and installing patches to address software vulnerabilities;
Developing Client applications utilizing appropriate security methods including multiple-factor authentication, strong passwords, session time-outs, and access controls; and
Maintaining adequate disaster recovery and business continuity plans for all core functions.
The CIO is also responsible for maintaining current documentation of our information systems security procedures. These procedures are disclosed to individuals on a need-to-know basis.
7. HOW DOES SIGN IN ENSURE THE PRIVACY OF PERSONAL INFORMATION WHEN DEALING WITH THIRD PARTY SERVICE PROVIDERS?
In connection with providing our services to our Clients, SIGN IN may from time to time grant certain third party service providers access to the Personal Information SIGN IN holds for the purposes of storing or destroying that information, or for the purpose of physically transporting that information to the Client. SIGN IN requires any third party granted such access to execute contracts mandating many of these same polices and practices with regard to the training and management of their employees, and with regard to the security of their information systems and data.
Further information about the third party service providers that SIGN IN permits to access the Personal Information it holds is available upon request.
8. WHAT ADDITIONAL SAFEGUARDS DOES SIGN IN HAVE IN PLACE TO PROTECT PERSONAL INFORMATION?
Due to the constantly changing nature of technologies and security concerns, SIGN IN conducts appropriate, periodic reviews of our security policies and practices. Additionally, periodic assessments are conducted as appropriate. All allegations of system or data misuse (by associates, contractors or any third parties) are thoroughly investigated by SIGN IN in accordance with our policies, and reported to law enforcement authorities where appropriate.
9. HOW LONG WILL SIGN IN RETAIN PERSONAL INFORMATION?
SIGN IN may keep a record of an Individual’s Personal Information, correspondence or comments in a file specific to the Client, to which access by SIGN IN’s associates and by any third parties with whom SIGN IN contracts will be strictly limited on a business need-to-know basis. SIGN IN will retain an Individual’s Personal Information for as long as necessary to fulfill the purposes for which it was transferred to SIGN IN, or as required or permitted by law. SIGN IN has established minimum and maximum retention periods, as well as appropriate procedures for the destruction and disposal of Personal Information.
10. HOW DOES SIGN IN UPDATE PERSONAL INFORMATION SUCH THAT IT IS SUFFICIENTLY ACCURATE FOR PROCESSING PURPOSES?
As a service provider of business processing functions, SIGN IN relies on its Clients to provide SIGN IN with updated Personal Information on an ongoing basis, as necessary in relation to our provision of the services.
In certain cases, Individuals may not be able to update their Personal Information through the Client. Where this is the case, and where SIGN IN can adequately authenticate the Individual’s identity, SIGN IN will rely on the Individual to provide SIGN IN with the necessary updated information.
Upon receipt of updated Personal Information, SIGN IN will amend the Individual’s Personal Information that SIGN IN’s holds where such amendment is reasonably necessary to enable SIGN IN to continue providing the services to the Client in accordance with SIGN IN’s contractual obligations as a service provider.
11. HOW CAN INDIVIDUALS ACCESS AND CORRECT THEIR PERSONAL INFORMATION THAT HAS BEEN TRANSFERRED TO SIGN IN FOR PROCESSING?
In light of the fact that SIGN IN acts at all times on behalf of SIGN IN’s Clients, any request by an Individual to access and/or correct his or her Personal Information in our possession should be directed to the Client rather than to SIGN IN.
SIGN IN recognizes, however, that there are circumstances where the Client may not be able to respond to an access request (e.g., where the Client no longer exists). Where an Individual successfully demonstrates to us that the access request cannot be addressed by the Client and authenticates his or her identity, SIGN IN will make available to the individual, on written request and to the extent permitted by law, the requested Personal Information, as well as information about the manner in which SIGN IN has handled that information. SIGN IN will make such information available to the Individual in a form that is generally understandable, and will explain any abbreviations or codes or use an alternative format, if required. Furthermore, where SIGN IN provides access under these limited circumstances, and where the Individual successfully demonstrates that the Personal Information we hold is incomplete or inaccurate, SIGN IN will amend the information as required.
Access requests to SIGN IN should be directed to the Privacy Officer listed below.
12. HOW DOES SIGN IN AUTHENTICATE AN INDIVIDUAL’S IDENTITY?
Where SIGN IN receives an access request or an update request from an Individual under the limited circumstances noted above, SIGN IN may request that the Individual provide sufficient identification prior to providing such access. Any such identification information shall be used only for the purpose of authenticating the identity of the Individual. SIGN IN uses a “favourites question”, selected by the client, and only known by the client, which is the primary authenticator of client identity.
SIGN IN reserves the right to deny an access request or an update request where an Individual is unwilling or unable to authenticate his or her identity.
13. CONTACT SIGN IN REGARDING OUR PRIVACY POLICIES AND PRACTICES.
Any inquiries or complaints regarding SIGN IN’s privacy policies and practices should be forwarded to SIGN IN’s Privacy Officer as follows:
Attn: Privacy Officer
iVenuto.com Software Corporation
83 Elma Place
Via email: firstname.lastname@example.org