The purpose of SecureKey’s Privacy Policy is to inform our customers and other individuals we deal with how we collect, use, disclose and protect their Personal Information under applicable Canadian Privacy Legislation. Personal Information is information about an identifiable individual, as defined in Canadian Privacy Legislation. This Policy adopts the ten (10) basic principles articulated in the Canadian Standards Associations Model Code for the protection of Personal Information, provides guidelines on the collection, storage, use, disclosure and retention of your Personal Information and addresses the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA).

Personal Information we collect

Some examples of Personal Information SecureKey may collect include:

  • Contact Information: Name, address, telephone number, email address and other contact information;
  • Financial Information: Credit card numbers, bank name, billing address, transaction and purchase history with SecureKey;
  • Usage Information and History: usernames and passwords (hashed or encrypted), IP address, support ticket history, visit history to www.securekey.com and related websites;
  • Such other information we may collect with consent or as permitted or required by law;
  • Meaningless But Unique Numbers (MBUN);
  • Persistent Anonymous Identifiers (PAI).
 

Principle 1 – Accountability

All Personal Information collected by SecureKey will remain confidential. It is not shared with, or transferred to, any other corporation, body, or individuals unless required by the statute of legal proceedings, authorized by the client or employees, for the purposes necessary to fulfill our contractual obligation to clients or employees, including transfer of information to a service provider or another organization performing services or providing data processing.

SecureKey has implemented policies and practices to follow the principles set out in this Privacy Policy, including:

  • Implementing procedures to protect Personal Information through use of physical, organizational, and technical security measures;
  • Establishing procedures to receive and respond to inquiries and complaints through a confidential email address;
  • Training and communication to staff about this Privacy Policy;.
  • Providing information to the public about this Privacy Policy.
  • SecureKey’s Executive Management is accountable for compliance with SecureKey’s Privacy Policy and has delegated the authority to oversee and promote compliance with SecureKey’s Privacy Policy to the Chief Privacy Officer.
 

The Chief Privacy Officer’s responsibilities include:

  • Responding to written access requests made within 30 days;
  • Determining the method of disclosure of Personal Information;
  • Responding to requests for correction of Personal Information;
  • Providing public access to this Policy.
 

Principle 2 – Identifying Purposes of Collection

SecureKey identifies the purposes for collecting Personal Information at or before the time of collection, and ensures that the collection of Personal Information is limited to that which is necessary to fulfill the purpose.

The purpose for collecting Personal Information may include, but not be limited to:

  • Providing our authentication service;
  • Providing our Credential Broker Service;
  • Managing recruitment and employment relationships;
  • Administering payroll and employee benefits;
  • Verifying qualifications and suitability for positions;
  • Conducting internal reviews, investigations and complaint resolution processes;
  • Complying with regulatory and legal obligations.
 

Principle 3 – Obtaining Consent

Consent to the collection, use and disclosure of Personal Information can be express or implied. You may provide your consent by not withdrawing your consent for an identified purpose, such as by not using an “opt out” option if provided. Consent may be given by your authorized representative. Generally, by providing us with Personal Information, we will assume that you consent to our collection, use and disclosure of such information for the purposes identified or described in this privacy statement. You may withdraw your consent to our collection, use and disclosure of Personal Information at any time, subject to contractual and legal restrictions and reasonable notice. Please note that if you withdraw your consent to certain uses of your Personal Information, we may no longer be able to provide our products or services. For employees and applicants for employment, consent to collect personal information is obtained during the recruitment process in accordance with the Human Resources Security Policy.

Principle 4 – Limiting Collection

SecureKey limits the collection of Personal Information to that required to fulfill the purposes identified by SecureKey. Information shall be collected by fair and lawful means. Personal Information will be collected directly from the individual it is about unless the individual (or authorized representative) has authorized the collection of Personal Information from another source.

Principle 5 – Limiting Use, Disclosure and Retention

SecureKey limits the use of Personal Information for the purpose that it was collected for except with the consent of the individual or as required by law. Personal Information will only be retained as long as necessary (at least one year) to fulfill the purposes of collection or as required by law. After the purpose has been fulfilled the information will be disposed of in a confidential, secure manner in accordance with SecureKey policies and procedures.

Principle 6 – Accuracy

SecureKey will make reasonable efforts to ensure Personal Information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Individuals may update their Personal Information in order to ensure its accuracy and completeness by provided means or by writing to the Chief Privacy Officer.

Principle 7 – Safeguards

SecureKey protects Personal Information using physical, electronic or procedural security measures appropriate to the sensitivity of the information in our custody or control. These security measures may include safeguards to protect against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Only authorized employees and agents of SecureKey who require access to Personal Information in order to fulfill their job requirements will have access to it. SecureKey Employees are made aware of the importance of maintaining the confidentiality of Personal Information and are required to sign a confidentiality agreement relating to protection of client information.

Principle 8 – Openness

SecureKey’s Privacy Policy is available at www.securekey.com. Upon written request to the Chief Privacy Officer a copy of SecureKey’s Privacy Policy can be provided as well as responses to specific inquires about SecureKey’s Practices relating to Personal Information.

Principle 9 – Individual Access

Individuals may request details regarding their Personal Information by writing to the Chief Privacy Officer and on verification of identity; SecureKey will provide details on the collection, use and disclosure of his or her Personal Information and access to that information. Individuals can challenge the accuracy and completeness of information disclosed to him/her and have it amended as appropriate.

Principle 10 – Questions or Concerns

Any questions or concerns regarding SecureKey Privacy Policy can be addressed to:

Chief Privacy Officer
36 York Mills Road
Suite 501
Toronto, Ontario
M2P 2E9

SecureKey will take appropriate action to resolve the complaint.