(November 5th, 2019)
The purpose of this Privacy Statement is to inform the end user (as follows, “end user”, “you” or “your”) of the types of Personal Information that ONTAB (as follows, “ONTAB” “we” or “us”) collects, uses and discloses. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information.
ONTAB takes the privacy of its end user very seriously. We are proud to demonstrate our commitment by complying with the laws and regulations pertaining to several jurisdictions, specifically the GDPR (EU Regulations), PIPEDA (Canadian Regulations) and the PATRIOT ACT for its US based customers as applicable. Additionally, the development team has adhered to the principles of Privacy by Design for the development of the Application. * A self audit is included along with this document based on the 7 principles of Privacy by Design.
SCOPE OF POLICY
DEFINITION OF PERSON INFORMATION
Personal Information is any information that is identifiable with an individual that subscribes to use our services. This information may include, but is not limited to, your name, mailing or billing address, home, work or mobile phone number, email address and banking information.
Personal information does not include the name, business title or business address and business telephone number in an individual’s capacity as an employee of an organization.
Where possible, we strive to anonymize and encrypt data such as account numbers and card proxy number, so that it does not identify a specific user. This information is also not considered personal information.
COLLECTION OF PERSONAL INFORMATION
ONTAB always collects your information by fair and lawful means. We will collect Personal Information from you and from third party service providers only where we have obtained your consent or as otherwise permitted or required by law.
When you visit the ONTAB website or application (“Website” and “Application”) and you open an account to use the ONTAB services (the “Services”)
When you access our website, we, or companies we hire to track how our website is used, may place small data files called “cookies” on your computer. In general, we use these cookies to collect your IP address and standard web log information, such as your browser type and the pages you accessed on our website, in order that ONTAB may track and generate reports, in each case on a non-identifiable basis. More specifically, we send a session to your computer when you log in to your account.
This type of cookie helps us to recognize your computer and records the time and date you logged in, and ensure that you are free to navigate the website once you have logged in. Once you log out or close your browser, this cookie expires and no longer has any effect. We also use longer-lasting cookies for other purposes such as to display your e-mail address on our sign-in form, so that you don’t need to retype the e-mail address each time you log in to your account.
We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser permits, but doing so may interfere with your use of our website.
STORAGE OF PERSONAL INFORMATION
The Personal Information we collect will be primarily held on a legally compliant third party cloud storage subject to limited access by ONTAB personnel as required for the Purposes (as defined
below). In addition, we may send Personal Information outside of the country for the Purposes,
including for process and storage by service providers, and you should note that while such information is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
While our service providers may, from time to time, also hold your Personal Information in connection with purposes for which you provided your consent or as otherwise permitted or required by law, we remain responsible, and remain the contacts for, such information.
UTILISATION OF PERSONAL INFORMATION
We identify the purposes for which we use your Personal Information at the time we collect such
information from you, and obtain your consent, in any case, prior to such use, as well as otherwise permitted or required by applicable law. In the case of your ONTAB account, we generally use your Personal Information for the following purposes, in each case to the extent that you consent to same:
(i) to open and administer your ONTAB account, including for identity verification and risk management,
(ii) to process, and send notices regarding, your transactions;
(iiii) to assist you with technical support;
(iv) to gather your opinion and feedback through surveys
(v) to enroll you in our contests or promotional programs
(vi) to include you on our mailing list for targeted marketing or promotional offers;
(vii) to collect aggregate expenditure data for a specific market sector or merchant;
(viii) for such purposes as for which we have obtained your consent, and otherwise to the extent required or permitted by applicable law.
SHARING OF PERSONAL INFORMATION
We identify to whom, and for what Purposes, we disclose your Personal Information at the time we collect such information from you and obtain your consent to such disclosure.
For example, we may disclose your Personal Information to Third party providers with whom we have a contractual agreement (that includes appropriate privacy standards and requires that these providers only use the information in connection with the services they perform for us and not for their own benefit) where such third parties are assisting us with the Purposes – for example, service providers may be used to assist in the processing of transactions; in the provision of telephone support, data storage, and marketing; and with fraud prevention.
When we engage with another party to provide specific services, and a customer signs
up for those services, we share only the contact information that is necessary for the third party to provide such services.
We may provide a potential acquirer and their representatives, in connection with a transaction involving the sale/merger/reorganization, etc. of some or all of the business of ONTAB; Third parties to which, and for the Purposes for which, you may otherwise consent; and as otherwise permitted or required by applicable law.
We will not disclose your bank account number to anyone you have paid or who has paid you through ONTAB, except with your express permission or as required or permitted by law (for example, in order to comply with a subpoena or other legal process);
Website Links to other Sites
Some of our websites may contain links to other sites. We are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they are leaving our site and to read the privacy statements of each website that collects personally identifiable information.
OBTAINING END USER CONSENT
We obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. You may provide your consent to us electronically (in response to statements provided in the format below) during your ONTAB account registration, account updates, or as required.
ENSURING PRIVACY WHEN DEALING WITH AFFILIATES AND OTHER 3RD PARTIES
RETENTION OF PERSONAL INFORMATION
We may keep a record of your Personal Information, correspondence or comments in a file specific to you. We will utilize, disclose or retain your Personal Information for as long as necessary to fulfill the Purposes for which that Personal Information was collected and as permitted or required by law.
REQUEST FOR ACCESS TO PERSONAL INFORMATION
If you, as the end-user, make a written request to review any Personal Information about you that we have collected, utilized or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable, and will explain any abbreviations or codes. You can review and edit certain Personal Information (that is, address, email address, phone number, and bank account and payment card information) at any time by logging in to your account and clicking the Profile tab.
ACCURACY AND AMENDMENTS TO PERSONAL INFORMATION
We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We do not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required. Mechanisms ONTAB uses to ensure accuracy and prevent fraud include conducting an identity verification process in connection with registering each ONTAB account.
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. We may ask you for proof to confirm the changes in your Personal Information, especially when it relates to change of name. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
ADDITIONAL SAFEGUARDS TO PROTECT PERSONAL INFORMATION
We have implemented, as applicable: physical security measures (e.g. enforce physical access controls to our buildings and files); organizational security measures (e.g. the only personnel who are granted access to your Personal Information are those with a business “need-to-know”; including where their duties reasonably require such information); contractual security measures (e.g. providing Personal Information only to third parties which are contractually or otherwise bound to protect the information); and technological security measures (e.g. firewalls and data encryption) to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification.
Attn: Privacy Officer
10 Dundas St. East, Suite 600
Toronto, ON M5B2G9