pRIVACY pOLICY

Note: This document serves as both a privacy paper and as Nymity's Privacy Policy, and is unique to Nymity's business practices. To the best of our knowledge, this is the first privacy policy in North America based the Generally Accepted Privacy Principles (the "GAPP"), formerly the Privacy Framework, developed by the American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). 

Last Revision Date: May 15, 2006 (Version 4.0)

Our Commitment

Nymity Inc. (“Nymity") is committed to protecting the privacy and security of our customers Personal Information. This Privacy Policy ("Policy") explains Nymity's Personal Information handling policies procedures. We encourage you to also read Nymity's Terms of Use and Disclaimer, as it works in conjunction with, and is a part of this Policy. Our Personal Information handling policies and procedures have been put in place to comply with privacy legislation, such as the federal Personal Information Protection and Electronic Documents Act ("PIPEDA"), as well as the Generally Accepted Privacy Principles ("GAPP") developed by the American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). Privacy legislation and GAPP impacts the way private sector organizations handle Personal Information. In this respect, they clearly establish a code of conduct for private sector organizations to ensure that Personal Information is handled with care, incorporating the principles of privacy.

Definitions:

Collection - the act of gathering, acquiring, recording or obtaining Personal Information from any source, including third parties, by any means.

Consent - a voluntary agreement for the collection, use and disclosure of personal information for identified purposes. To ensure meaningful consent is obtained from the individual (or authorized representative), Nymity will provide the individual with reasonable notice ensuring that the individual's consent is provided on an informed basis. Consent can be either express or implied.

• Express consent is clear, definite, explicit, direct and unmistakable; it does not require any inference on the part of the organization seeking consent. Express consent is given explicitly, either orally or in writing.
• Implied consent is reasonably inferred from the circumstances and is manifested by signs, actions, inaction, facts or silence which gives rise to a presumption or inference that consent has been given. Such presumption or inference arises from a course of conduct or relationship between the parties, in which there is mutual acceptance or a lack of objection under the circumstances signifying assent.

Customer - an individual who
(a) uses, or applies to use, the services of Nymity; or
(b) corresponds with Nymity.

Disclosure - making Personal Information available to a third party.

Employee - a person employed by Nymity.

Personal Information - information about an identifiable individual but not aggregated information that cannot be associated with a specific individual. Such information may include, but is not limited to a customer's credit card information, work and personal email addresses, home address, home telephone number, personal cell phone number and resume information. Note: Information such as business contact information (except business email addresses) and information available in public directories are not Personal Information.

Third Party - an individual or organization other than the customer, his agent or Nymity.

Transfer - unlike disclosure of Personal Information to a Third Party for that Third Party's use, the transfer of information involves an agency relationship where the Third Party steps into the role of Nymity to carryout what would have otherwise been performed by Nymity.

Use - the treatment, handling and/or management of Personal Information by Nymity.

Personal Information Handling Practices

This Policy has been structured in accordance with the privacy principles contained in the AICPA/CICA GAPP.

Management

Nymity defines, documents, communicates and assigns accountability for its privacy policies and procedures. Nymity takes responsibility for Personal Information under its custody and/or control and has designated an individual as the Privacy Officer who is accountable for the Nymity's compliance with this Policy. Nymity will make readily available to individuals specific information about its policies and procedures relating to the management of Personal Information. If you have any questions relating to the handling process of Personal Information by Nymity and/or this Policy, please contact:

Terry McQuay, Privacy Officer

Nymity Inc.

Brookfield Place (formerly BCE Place)

161 Bay Street, 26th Floor

Toronto, ON M5J 2S1

 

Local Tel.: 416.572.2777

Toll Free:  1.866.369.6489
Email:       info@nymity.com

Nymity has implemented policies and procedures to give effect to this policy, including training and communicating to Employees about the company's policies and procedures.

Nymity Transfers Personal Information to Third Parties for processing and storage purposes. Such information may be transferred across provincial and national borders, in which case, the information becomes subject to the legislation of that jurisdiction. Nymity will only Transfer Personal Information upon Third Parties executing contracts requiring them to protect the privacy and confidentiality of the Personal Information provided to them for purposes of performing their functions for Nymity.

Nymity web sites may contain links to Third Party sites that are not governed by this Policy. Although we endeavour to only link to sites with high privacy standards, this Policy does not apply once you leave Nymity's Web sites. Additionally, we are not responsible for the privacy procedures employed by Third Party Web sites. Therefore, it is suggested that you review the privacy policies of Third Party sites to learn how your information may be collected, used and disclosed.

Notice

Nymity provides notice about its privacy policies and procedures and identifies the purposes for which Personal Information is Collected, Used, Retained, and Disclosed. Nymity will, at or before the time Personal Information is collected, identify the purposes for which the information is collected.

Nymity collects Personal Information only for the following purposes:

• To establish and maintain responsible commercial relations with customers and to provide ongoing service. For example, when you apply for a PrivaWorks subscription, Nymity collects your Personal Information for billing purposes.
  
  
• To understand customer needs and preferences. For example, to maintain a record of the Nymity services you have purchased in the past.
  
  
• To develop and enhance market services. For example, based on your purchasing patterns, Nymity may notify you about services that may be of interest to you.
  
  
• To meet legal and regulatory requirements. For example, Nymity may collect Personal Information from you to satisfy government regulations, i.e.: tax.
  
  
• To evaluate candidates and applicants who have submitted personal information to Nymity for employment consideration purposes.

Unless required or permitted by law, Nymity shall not Use or Disclose Personal Information for a new purpose that has not been identified and Consented to by the Customer.

Nymity may share your information with third party organizations so that they may offer goods and services that may be of interest to you. You may modify or withdraw your consent to this practice at anytime.

Nymity may update this Policy, including the Terms of Use and Disclaimer from time to time. As such, Nymity encourages you to review these documents periodically. You may determine when this Policy was last updated by referring to the "revision date" found at the top of this web page.

Choice and Consent

Prior to obtaining the individual's Consent, Nymity shall describe the choices available to the individual and obtain implicit or explicit Consent with respect to the Collection, Use and Disclosure of Personal Information except in special circumstances, such as during a fraud investigation, an investigation by the police or in situations otherwise permitted by the law.

In most circumstances, Nymity relies on express Consent received directly from the Customer to Use his or her Personal Information. For example, when an individual requests a subscription to Nymity's PrivaWorks program, Nymity may require Personal Information for billing purposes.

Express Consent: If any of the Personal Information that we collect is sensitive, such as financial information, Nymity shall obtain written, electronic or oral Consent from you before collecting, using or disclosing the information.

Implied Consent: Nymity may rely on implied Consent when Consent may reasonably be inferred from the action or inaction of the customer.

Nymity will only require customers to Consent to the collection, use or disclosure of Personal Information as a condition to the supply of a product or service if such collection, use or disclosure is required to fulfill the identified purposes. Nymity will not unreasonably withhold products, services or information from Customers who refuse or withdraw their Consent.

You may withdraw or modify your Consent at any time, subject to legal and contractual restrictions, provided that reasonable notice is given to Nymity. If you have your name removed from Nymity's telephone, mail or email marketing lists, you will not be made aware of certain products, services, events and promotions offered by Nymity.

Consent may be withdrawn or modified by simply contacting Nymity's Privacy Officer at the contact information provided in the Management section of this Policy. Please allow us 30 days to complete your request. Some of our promotions may already be in progress when you submit your request, therefore you may be contacted during this time.

Collection

Nymity collects Personal Information only for the purposes identified in this Policy. Nymity shall only collect Personal Information by fair and lawful means.

Except as required to process a transaction, providing Nymity with your Personal Information is voluntary. You may choose whether or not to give us your Personal Information, and if you do, how we use it.

Clickstreaming is a technology that allows a web site operator to track the paths that visitors take as they access a web site and look at the site's pages, and as they use links to other sites. Nymity collects such information from visitors to Nymity's web sites.

Use and Retention

Nymity limits the Use of Personal Information to the purposes identified in this Policy and for which the individual has provided implicit or explicit Consent. In accordance with established policies and procedures, Nymity retains Personal Information for only as long as necessary to fulfill the stated purposes, except with the Consent of the individual or as required by law.

In accordance with established policies and procedures, Nymity will destroy or erase any Personal Information that is no longer needed. When Personal Information is destroyed or erased, Nymity takes reasonable steps to prevent unauthorized access.

Access

Nymity provides individuals with access to their Personal Information for review and update. Upon request, Nymity will inform an individual of the existence, Use, and Disclosure of his or her Personal Information and shall give access to that information. An individual may challenge the accuracy and /or completeness of the information and have it amended as appropriate.

An individual may access his or her Personal Information in the custody and/or control of Nymity by writing to Nymity's Privacy Officer at the contact information provided in the Management section of this Policy. Access to Personal Information shall be provided in accordance with Nymity's established policies and procedures.

There is no cost for reasonable access to Personal Information, unless, for example, you require copies of records. Nymity shall advise you of the cost, if any, prior to satisfying your access request. Prior to providing you with access to your Personal Information, Nymity may require additional forms of information, including your Personal Information to validate your entitlement to the information being requested. Information collected for identification purposes will only be used to process your access request and for no other purpose.

Nymity will assist any individual who needs help in preparing an access request to Personal Information. If you have a sensory disability, upon request, we will give you access to your Personal Information in an alternative format that is more suitable for you.

Nymity will provide a response within 30 days of receiving an access request to Personal Information. In the event access to Personal Information is denied, Nymity will explain the reasons for this lack of access and any recourse the Customer may have, except where prohibited by law.

Upon written request for access to Personal Information, Nymity shall provide an account of the use and disclosure of Personal Information and where reasonably possible, shall state the source(s) of the information. In providing an account of disclosure, Nymity shall provide a list of organizations to which it may have disclosed Personal Information about you when it is not possible to provide an actual list.

Under certain circumstances, such as when Nymity is unable to separate your Personal Information from that of another individual, Nymity will not be able to provide you with access to your Personal Information.

If you notify Nymity of inaccuracies contained in our records about you and we do not agree to change your Personal Information, you may challenge our decision. We will make a record of your challenge by documenting the requested changes to the copies of your Personal Information; and if necessary, disclose the challenge to Third Parties who also may have previously received your Personal Information from Nymity.

Depending on the circumstances, where Personal Information has been used to make a decision about a Customer, Nymity shall retain the Personal Information for a period of time that is reasonably sufficient to allow the Customer to access his or her Personal Information.

Disclosure  to Third Parties

Nymity Discloses Personal Information to Third Parties only for the purposes identified in this Policy and with the implicit or explicit Consent of the individual, except where required or permitted by law.

Although very unlikely, in some instances, such as a legal proceeding or court order, Nymity may be required to disclose certain information to authorities. Only the information specifically requested is disclosed and Nymity shall take precautions to satisfy ourselves that the authorities who are making the request have legitimate grounds to do so.

In the event Nymity is merged with or is acquired by another organization, Nymity will make every reasonable effort to notify you if Nymity shares with the merging or acquiring organization some or all of your Personal Information.

Security for Privacy

Nymity protects Personal Information against unauthorized access. In accordance with established policies and procedures, Nymity has security safeguards in place to protect Personal Information. Personal Information shall be protected by security safeguards appropriate to the sensitivity of the information.

Security safeguards implemented by Nymity include:

• Physical - Locked doors and filing cabinets. Secure destruction of Personal Information, regardless of the storage medium (i.e., paper shredding).
  
  
• Technological - Password-protected computer systems and files.
  
  
• Organizational - Employees trained to understand the importance of safeguarding Personal Information from loss and unauthorized access.

Notwithstanding that Nymity has security safeguards in place to protect Personal Information, Customers are always encouraged to take measures to protect themselves against unintended intrusions to their personal privacy (i.e., maintain access pass codes and/or PINs in a confidential manner)

Quality

Nymity maintains accurate, complete and relevant Personal Information for the purposes identified in this Policy. In this regard, accuracy of Personal Information will be maintained so as to minimize the possibility that inappropriate information may be used to make a decision about an individual.

In accordance with established policies and procedures, if you believe that your Personal Information in our records may be inaccurate, Nymity will make it easy for you to access, verify, update and correct your Personal Information. Simply contact Nymity's Privacy Officer at the contact information provided in the Management section of this Policy. Nymity encourages its Customers to keep us posted with any changes to their Personal Information that is relevant to Nymity for the purposes for which it was collected.

If your Personal Information has been provided to Third Parties by Nymity, Nymity will convey the corrected information to them, if necessary.

In accordance with established policies and procedures, Nymity does not routinely update your Personal Information unless such a process is necessary to fulfill the purposes for which the information was collected.

Monitoring and Enforcement

Nymity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes. In this regard, individuals may address their privacy related concerns by contacting Nymity's Privacy Officer who is accountable for Nymity's compliance with this Policy.

Nymity shall respond to all inquiries, concerns and/or complaints about its Personal Information handling practices. The regulatory body that oversees Nymity's handling of Personal Information is the Office of the Privacy Commissioner of Canada. For more information, please visit www.privcom.gc.ca.

Every privacy related complaint will be acknowledged, recorded and investigated, and the results of the investigation will be provided. If a complaint is found to be justified, appropriate measures will be taken including, if necessary, amending our privacy policies and procedures.