Last updated: September 19, 2022
CYPFER Inc. (“CYPFER”, or “we”, “us”, “our”, etc.) believes that protecting your privacy is important. Our policies have been designed to meet your needs and as well, they conform to Personal Information Protection and Electronic Documents Act, federal legislation which protects personal information.
What is “personal information?”
“Personal Information” is information about an identifiable individual. However, it generally does not include business contact information when used to contact a person in respect of their business role or function. Sometimes we will de-identify information in order to use and share that information for our business purposes in a way that does not identify you. For example, we may aggregate your personal information with other individuals to prepare statistical reports.
Personal information includes:
- name, gender, age, ID numbers (e.g., driver’s license number, credit card number, or social insurance number (SIN)), income, ethnic origin, home address, personal email address;
- opinions, evaluations, comments, social status, or disciplinary actions;
- employee files, credit records, loan records, intentions (for example, to acquire goods or services, or change jobs), financial information;
- call recordings, video surveillance,
What do we use personal information for?
CYPFER collects personal information only for the following reasons:
- To provide the products or services that you have requested and maintain commercial relations with you;
- To understand your needs and recommend products and services accordingly;
- To manage our business which includes partnership and employment matters;
- For analytics purposes;
- To develop proprietary tools and databases; and
Consent to use personal information
We may obtain your express consent or we may determine that consent has been implied by the circumstances. Express consent can be verbal (in person or over the telephone), written or by electronic application (including email). Implied consent occurs when we can assume you have given consent by some other action you take or decide not to take. For example, if you request a specific product or service and provide us personal information in that regard, we infer that you consent to us using that personal information reasonably to provide this service.
If you need to provide personal information about other individuals (such as employees, dependents, etc.), you must obtain their consent for these purposes prior to your disclosure to us.
When you request services from us, we ask that you provide information that enables us to respond to your request. In doing so, you consent to our collection, use and disclosure to appropriate third parties of such personal information for these purposes. You also authorize us to use and retain this personal information for as long as it may be required for the purposes described above. Your consent remains valid even after the termination of our relationship with you, unless you provide us with written notice that such consent is withdrawn. You should note that by withdrawing your consent, or not providing it in the first place, you may limit or even prevent us from being able to provide you or an authorized third party (such as an employer) with the products or services desired.
Additionally, in certain circumstances we will not need to obtain consent or explain the purposes for the collection, use or disclosure of personal information. For example, this exception would apply if there is an emergency that threatens the life, health or security of an individual, for fraud detection or prevention, or if we must comply with a court order.
Sharing of Information
Depending on the products or services that we provide to you, we may disclose personal information to our parent company and related affiliates to provide you with information regarding services you may find useful. If we are legally entitled to do so, we may share information with consumer reporting agencies, insurance reporting agencies and governmental authorities when requested to do so or in order to protect our business. We may also be required by law or by rules of arbitration or rules of court to share information.
CYPFER develops and uses proprietary platforms and databases to gather, store and use information about cybersecurity, including threat information and learning from incident response and remediation. CYPFER uses and combines this information and other information collected from its clients for the purposes of developing CYPFER products and services and CYPFER’s relationship with its clients (for example: benchmarking, market research, data analysis, and marketing of products and services that may be of interest to CYPFER clients).
As CYPFER continues to develop and grow, we may buy or sell parts of a business. As our businesses consist primarily of client relationships, information regarding the particular accounts or services being purchased or sold could include personal information and be one of the transferred business assets. We may also use this personal information to assess your future needs and to offer the products and services that may best meet those needs, from ourselves, our affiliates or reputable organizations selected by us. If you do not wish to receive these offers or such information, please contact our Privacy Officer as outlined below in the Contact Information section.
Keeping information accurate
It is important that your personal information is accurate and complete. Having accurate information about you enables us to give you the best possible service. You have the right to access, verify and amend the information we have about you. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly. To keep personal information up-to-date, please inform us of any changes, such as a change of address, telephone number or any other circumstances by contacting our Privacy Officer using the contact information below.
If you would like to access your personal information, please send your request in writing to our Privacy Officer using the contact information below. Please note that in certain cases as permitted by privacy laws, we may not be able to provide access to all your personal information. If this happens, we will inform you in writing of the reason.
How we safeguard personal information
We employ physical, electronic and procedural safeguards to protect our systems and all personal information under our control against unauthorized access and use. All safety and security measures are appropriate to the sensitivity level of the information collected. While we take privacy seriously and employ reasonable safeguards, no system is one hundred percent secure and we cannot guarantee the security of your information.
Our service providers and agents are bound to maintain the confidentiality of your personal information and may not use the information for any unauthorized purpose.
Employees are governed by strict standards and policies to ensure that personal information is secure and treated with the utmost care and respect.
CYPFER requires that partners and staff maintain the confidentiality of client and former client information, as well as the confidentiality of CYPFER information, except in rare and very specific circumstances.
CYPFER also requires partners and staff to not use confidential information for personal advantage, for the advantage of a third party or to the disadvantage of a client, former client or CYPFER, unless consent has been obtained from the client, former client or CYPFER.
CYPFER may collect user information from its websites (for example, via cookies which are alphanumeric identifiers transmitted from a website to a visitor’s browser and IP address or web beacons that detect when you take actions on our websites). This information is used to enable us to provide you with a customized online experience and to find ways to improve our site and marketing communications. Although cookies are widely used, it may be possible to disable cookies via your browser settings. You may also opt-out of third-party cookies and beacons by visiting https://youradchoices.ca/en/tools/ and clicking on “Launch Webchoices Tool”. However, in so doing, some websites may not function properly or optimally.
We may send you commercial electronic messages to an email address or other electronic address that you have provided to us. We may ask for your express consent or we may rely on implied consent if you have made an inquiry, purchased a product or service from us, entered into a written agreement with us, or in other limited circumstances. If you do not wish to receive commercial electronic messages from us, you may withdraw your consent at any time using the unsubscribe link in the message or by contacting our Privacy Officer as indicated below. Please note that you will still receive commercial electronic messages that we are required to send to you by law or for which consent is not required, such as confirmations of transactions or information about your account.
Please contact our Privacy Officer to obtain further information about our policies and procedures or if you have any unresolved inquiries or concerns. We will respond to you promptly and do our utmost to resolve your concerns.
Our Privacy Officer can be contacted as follows:
Mail: Canada Privacy Officer – Attention: Privacy Officer, 20 Bay Street, Toronto, Ontario M5J 2N9
Email: [email protected]
Attention: Privacy Officer
While CYPFER makes every effort to secure all communications within our control and on our premises, you should be aware that no method of delivery is absolutely secure and any communication of personal information may be accidentally or deliberately intercepted by third parties.