Personal Information we collect
Some examples of Personal Information SecureKey may collect include:
- Contact Information: Name, address, telephone number, email address and other contact information;
- Financial Information: Credit card numbers, bank name, billing address, transaction and purchase history with SecureKey;
- Usage Information and History: usernames and passwords (hashed or encrypted), IP address, support ticket history, visit history to www.securekey.com and related websites;
- Such other information we may collect with consent or as permitted or required by law;
- Meaningless But Unique Numbers (MBUN);
- Persistent Anonymous Identifiers (PAI).
Principle 1 – Accountability
All Personal Information collected by SecureKey will remain confidential. It is not shared with, or transferred to, any other corporation, body, or individuals unless required by the statute of legal proceedings, authorized by the client or employees, for the purposes necessary to fulfill our contractual obligation to clients or employees, including transfer of information to a service provider or another organization performing services or providing data processing.
- Implementing procedures to protect Personal Information through use of physical, organizational, and technical security measures;
- Establishing procedures to receive and respond to inquiries and complaints through a confidential email address;
The Chief Privacy Officer’s responsibilities include:
- Responding to written access requests made within 30 days;
- Determining the method of disclosure of Personal Information;
- Responding to requests for correction of Personal Information;
- Providing public access to this Policy.
Principle 2 – Identifying Purposes of Collection
SecureKey identifies the purposes for collecting Personal Information at or before the time of collection, and ensures that the collection of Personal Information is limited to that which is necessary to fulfill the purpose.
The purpose for collecting Personal Information may include, but not be limited to:
- Providing our authentication service;
- Providing our Credential Broker Service;
- Managing recruitment and employment relationships;
- Administering payroll and employee benefits;
- Verifying qualifications and suitability for positions;
- Conducting internal reviews, investigations and complaint resolution processes;
- Complying with regulatory and legal obligations.
Principle 3 – Obtaining Consent
Consent to the collection, use and disclosure of Personal Information can be express or implied. You may provide your consent by not withdrawing your consent for an identified purpose, such as by not using an “opt out” option if provided. Consent may be given by your authorized representative. Generally, by providing us with Personal Information, we will assume that you consent to our collection, use and disclosure of such information for the purposes identified or described in this privacy statement. You may withdraw your consent to our collection, use and disclosure of Personal Information at any time, subject to contractual and legal restrictions and reasonable notice. Please note that if you withdraw your consent to certain uses of your Personal Information, we may no longer be able to provide our products or services. For employees and applicants for employment, consent to collect personal information is obtained during the recruitment process in accordance with the Human Resources Security Policy.
Principle 4 – Limiting Collection
SecureKey limits the collection of Personal Information to that required to fulfill the purposes identified by SecureKey. Information shall be collected by fair and lawful means. Personal Information will be collected directly from the individual it is about unless the individual (or authorized representative) has authorized the collection of Personal Information from another source.
Principle 5 – Limiting Use, Disclosure and Retention
SecureKey limits the use of Personal Information for the purpose that it was collected for except with the consent of the individual or as required by law. Personal Information will only be retained as long as necessary (at least one year) to fulfill the purposes of collection or as required by law. After the purpose has been fulfilled the information will be disposed of in a confidential, secure manner in accordance with SecureKey policies and procedures.
Principle 6 – Accuracy
SecureKey will make reasonable efforts to ensure Personal Information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Individuals may update their Personal Information in order to ensure its accuracy and completeness by provided means or by writing to the Chief Privacy Officer.
Principle 7 – Safeguards
SecureKey protects Personal Information using physical, electronic or procedural security measures appropriate to the sensitivity of the information in our custody or control. These security measures may include safeguards to protect against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Only authorized employees and agents of SecureKey who require access to Personal Information in order to fulfill their job requirements will have access to it. SecureKey Employees are made aware of the importance of maintaining the confidentiality of Personal Information and are required to sign a confidentiality agreement relating to protection of client information.
Principle 8 – Openness
Principle 9 – Individual Access
Individuals may request details regarding their Personal Information by writing to the Chief Privacy Officer and on verification of identity; SecureKey will provide details on the collection, use and disclosure of his or her Personal Information and access to that information. Individuals can challenge the accuracy and completeness of information disclosed to him/her and have it amended as appropriate.
Principle 10 – Questions or Concerns
Chief Privacy Officer
36 York Mills Road
SecureKey will take appropriate action to resolve the complaint.