Last revised: April 20th, 2023
ONTAB takes the privacy and security of its end user and their personal data very seriously. For every product or service we currently offer (or will offer in the future) we prioritise your privacy at each stage; from product ideation to design to build, and at every interaction thereafter.
What this Policy covers
Furthermore we explain the choices you have regarding such use and disclosure, as well as your rights pertaining to the amendment, correction, or removal of personal information in compliance with Canada’s Federal and Provincial legislation.
The use of our social media channels that refer to this Privacy Statement;
Our clients and prospective clients, including those who make enquiries of our Products and Services;
Attendees at ONTAB sponsored events, or our office location where ONTAB staff is present;
Individuals who provide their services or business to ONTAB;
Any individual who submits a request under the Request for Personal Information.
i. Personal information about you collected by our clients, and;
ii. Personal information you provide to websites not controlled by ONTAB.
You must refer to them and their privacy policies for additional enquiries or clarification.
What is your Personal Information
Personal Information is any information that is identifiable with an individual that subscribes to use our Services. This information may include, but is not limited to your:
ii. Contact information including mailing or billing address, home, work or mobile phone number, email address and banking information.
iii. Your location and IP address.
iv. Demographic information such as age, sex, gender, and preferences.
v. Information about your use of our Products or Services.
vi. Payment information such as credit card details.
vii. Any other information relevant to customer surveys and/or offers
Personal information does not include the name, business title or business address and business telephone number in an individual’s capacity as an employee of an organisation.
In accordance with our commitment to privacy by design; we strive to anonymize and encrypt data such as account numbers and card proxy numbers, so that it does not identify a specific user. Your anonymized and unidentifiable information is also not considered personal information.
How we collect your Personal Information
ONTAB always collects your information by fair and lawful means. We will collect your Personal Information with your consent or as required by law when you visit the ONTAB website or application (“Sites” and “Application”) and when you create an ONTAB account to use our Products and Services (the “Services”).
We will also collect Personal Information from third parties sites and applications only where we have obtained your consent or as otherwise permitted or required by law.
Cookies: When you access our Sites, we, or companies we hire to track how our website is used, may place small data files called “cookies” on your computer. In general, we use these cookies to collect your IP (Internet Protocol) address and standard web log information, such as your browser type and the pages you accessed on our website, in order that ONTAB may track and generate reports, in each case on a non-identifiable basis. More specifically, we send a session to your computer when you log in to your ONTAB account.
This type of cookie helps us to recognize your computer and records the time and date you logged in, and ensure that you are free to navigate the website once you have logged in. Once you log out or close your browser, this cookie expires and no longer has any effect. We also use longer-lasting cookies for other purposes such as to display your e-mail address on our sign-in form, so that you don’t need to retype the e-mail address each time you log in to your ONTAB account. We encode our cookies so that only we can interpret the information stored in them.
You are given the option to decline our cookies, allow only necessary cookies or accept all cookies when you first access our site or open an anonymized session. You may also block our cookie at a later time by accessing your browser Privacy settings and disabling cookies.
However please note that restricting access to cookies may interfere with your use of our website.
Analytics: We use third party analytics, such as Google Analytics, to track your visits to the Sites to help us improve the user experience, navigability and convenience of our Sites and Services.
Social Media: We use ONTAB branded third party social networking websites and messaging applications to deliver news and product updates, as well as to engage with individuals in broader conversations. By interacting with these updates or our pages, you allow us to gain access to certain information associated with your account on these third-party platforms including, but not limited to; name, username, handle, gender, profile picture and general location.
From time to time, we may engage with our users and members of the general public in contests, games, surveys, or requests for interviews to collect feedback and opinions that help us improve our product offerings.
The Personal Information we collect is stored on a legally compliant third party cloud storage in Canada including Quebec, the US or other jurisdictions, and is subject to limited access by authorised ONTAB personnel or service providers as required for the Purposes (the “Purposes”) including data collection, storage, and processing. We only authorise employees and service providers to have access to clients’ personal information on a “need to know” basis in order to fulfil their job requirements.
In addition, our affiliates and service providers may store, maintain and process your Personal Information in Canada, the US or other jurisdictions for the Purposes as described earlier.
Any personal information that is stored outside Canada is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
While our affiliates and service providers may, from time to time, also hold your Personal Information in connection with purposes for which you provided your consent or as otherwise permitted or required by law, we remain responsible, and remain the contacts for, such information.
We identify the purposes for which we use your Personal Information at the time we collect such
information from you, and obtain your consent, in any case, prior to such use, as well as otherwise permitted or required by applicable law. In the case of your ONTAB account, we generally use your Personal Information for the following purposes, in each case to the extent that you consent to same:
i. to open and administer your ONTAB account, including for identity verification and risk management,
ii. to process, and send notices regarding, your transactions;
iii. to assist you with technical support;
iv. to gather your opinion and feedback through surveys*;
v. to enrol you in our contests or promotional programs*;
vi. to include you on our mailing list for targeted marketing or promotional offers*;
vii. to collect aggregate expenditure data for a specific market sector or merchant;
viii. for such purposes as for which we have obtained your consent, and otherwise to the extent required or permitted by applicable law.
*You may decline to receive, or unsubscribe from promotional communications as described in Section: ‘Your Rights under this Policy’, ‘Your Right to Opt out of Marketing Communications’.
We may disclose your Personal Information to third party providers with whom we have a contractual agreement (within an appropriate privacy framework and with the requirement for providers to use the information only in connection with the services they perform for us and not for their own benefit) where such third parties are assisting us with the Purposes. For example, service providers may be used to assist in the processing of transactions; in the provision of customer support, data storage, and marketing; and with fraud prevention.
When we engage with another party to provide specific services, and a customer signs
up for those services, we share only the contact information that is necessary for the third party to provide such services.
We may provide a potential acquirer and their representatives, in connection with a transaction involving the sale/merger/reorganisation, etc. of some or all of the business of ONTAB; third parties to which, and for the Purposes for which, you may otherwise consent; and as otherwise permitted or required by applicable law.
We will not disclose your bank account or credit card number to anyone you have paid or who has paid you through ONTAB, except with your express permission or as required or permitted by law (for example, in order to comply with a subpoena or other legal process);
Links to other sites: Some of our websites may contain links to other sites. We are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they are leaving our site and to read the privacy statements of each website that collects personally identifiable information.
We obtain your consent prior to disclosing or sharing your Personal Information for any purpose by providing you with consent forms or through means of electronic communication, except as required by law such as for monitoring proceeds of crime, money laundering, and terrorist financing.
We may keep a record of your Personal Information, correspondence or comments in a file specific to you. We will utilise, disclose or retain your Personal Information for as long as necessary to fulfil the Purposes for which that Personal Information was collected and as permitted or required by law.
After a determined period of time, or at your request, we will delete all personal information or ‘personally identifiable information’ from our servers except as required by law. Please refer to Section ‘Your Rights under this Policy’, ‘Your Right to Remove your Personal Information’.
Your Rights under this Policy
You have the right to access, correct, or delete your personal information held by us. To exercise these rights, please contact us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
Your Right to Review any Personal Information: If you, as the end-user, make a written request to review any Personal Information about you that we have collected, utilised or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable, and will explain any abbreviations or codes. You can review and edit certain Personal Information (that is, address, email address, phone number, and bank account and payment card information) at any time by logging in to your ONTAB account and clicking the Profile tab.
Your Right to Amend your Personal Information: We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We do not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to update your Personal Information through our Sites and Application. ONTAB uses various mechanisms to ensure accuracy and prevent fraud including conducting an identity verification process in connection with registering each ONTAB account.
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. We may ask you for proof to confirm the changes in your Personal Information, especially when it relates to change of name. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
Your Right to Remove your Personal Information: You can request the removal of all personal information by sending an email or sending your request in writing to our address. Once your request is verified, we will delete all personal information or ‘personally identifiable information’ from our servers except as required by law. Please note this erasure does not include unidentifiable or anonymized account and transactional data.
Your Right to Opt out of Marketing Communications: You will only receive marketing and sales communication via mail, emails, phone calls, text messages and other methods of communication at ONTAB’s disposal with your expressed consent. We operate under an ‘Opt-in’ policy for such communication. Regardless of your initial choice, you may choose to ‘Opt-out’ of or unsubscribe from receiving such communication at any time. This option will be available to you at the bottom of all communication in clearly visible text. You may also opt out or unsubscribe by sending an email to email@example.com or firstname.lastname@example.org with the words ‘unsubscribe’ contained in the subject or text.
Please note this option does not extend to communication that we require in order to maintain your ONTAB account, such as a reminder to complete an outstanding application or to update your contact information.
Your Right to make Complaints: In the event you believe ONTAB has collected, used, disclosed, or taken any other action(s) in regard to your Personal Information that you believe may not comply with this Privacy Statement or with applicable privacy legislation, then you are entitled to make a complaint to a regulatory authority (e.g., Office of the Privacy Commissioner of Canada, Information and Privacy Commissioner of Ontario, Commission d’Accès à l’Information du Québec).
If you choose to, you may first contact ONTAB’s Privacy Officer with the details of your complaint to inform ONTAB of such activities in an effort to resolve the issue. Our Privacy Officer may contact you with a proposed resolution, and if you are not satisfied with the proposed resolution, then you are still entitled to file a formal complaint with the relevant regulatory body.
We have implemented, as applicable: physical security measures (e.g. enforce physical access controls to our buildings and files); organisational security measures (e.g. the only personnel who are granted access to your Personal Information are those with a business “need-to-know”; including where their duties reasonably require such information); contractual security measures (e.g. providing Personal Information only to third parties which are contractually or otherwise bound to protect the information); and technological security measures (e.g. firewalls and data encryption) to protect your Personal Information from loss or theft, unauthorised access, disclosure, copying, use or modification.
Children’s Privacy: Our Site and Application does not collect information on individuals under the age of Sixteen (16) and does not permit account creation or registration for individuals under the age of Eighteen (18). If we are made aware of information being inadvertently collected on individuals under the age of Sixteen (16), we will remove it immediately.
In the event of a Data breach
If we learn of a breach, we will inform you and the appropriate authorities of the occurrence of the breach in accordance with applicable law. If the data breach presents a risk of serious injury, we will notify you and the appropriate Provincial regulatory body (for example, the Commission d’accès à l’information in Quebec) as soon as possible.
Attn: Privacy Officer
10 Dundas St. East, Suite 600
Toronto, ON M5B2G9