Privacy Policy

Northern Micro is committed to keeping personal information confidential and secure.

PURPOSE

This policy complies with legislation related to Canada’s Privacy Act. The Act balances the privacy rights of customers and employees and the reasonable needs of organizations to use personal information.

The Act affects the rights and obligations of private sector organizations with respect to their collection, use, disclosure, retention and disposal of personal information.

SCOPE

The Northern Micro Privacy Policy applies to personal information about customers and employees of Northern Micro that is collected, used or disclosed. It applies to the management of personal information in any form whether oral, electronic or written.

This policy does not impose any limits on the collection, use or disclosure of the following information:

  • Information that is publicly available such as a customer’s name, address, telephone number and electronic address, when listed in a directory or made available through directory assistance
  • The name, title or business address or telephone number of an employee of an organization

SUMMARY OF PRINCIPLES

Northern Micro collects personal information for the following purposes:

  • To establish and maintain responsible commercial relations and provide ongoing service
  • To understand customer needs and eligibility for products and services
  • To recommend particular products and services to meet customer needs
  • To develop, enhance, market or provide products and services
  • To manage and develop Northern Micro’s business and operations, including personnel and employment matters
  • To meet legal and regulatory requirements

The Northern Micro Privacy Policy will follow ten principles to protect the privacy of customer and employee personal information while carrying out business activities.

  1. Accountability — Northern Micro will be responsible for the personal information under their control. The Privacy Officer will ensure that the organization is in compliance with the Act.
  2. Identifying Purposes — Northern Micro shall identify the purposes for which personal information is collected at or before the time the information is collected.
  3. Consent — The knowledge and consent of a customer or employee is required for the collection, use, or disclosure of personal information, except where inappropriate. Consent may be implied or expressly given, it may be provided orally or in writing.
  4. Limiting Collection — Northern Micro shall limit the collection of personal information to that which is necessary for the purposes identified. Northern Micro shall collect personal information by fair and lawful means.
  5. Limiting Use, Disclosure and Retention — Northern Micro shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Northern Micro shall retain personal information only as long as necessary for the fulfillment of those purposes or as required by law.
  6. Accuracy of Personal Information — Personal information shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
  7. Safeguards — Northern Micro shall protect personal information by security safeguards appropriate to the sensitivity of the information.
  8. Openness —  Northern Micro shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.
  9. Individual Access — Northern Micro shall inform a customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate.
  10. Compliance — Compliance A customer or employee shall be able to address a challenge concerning compliance with the above principle to the designated person or persons accountable for the Northern Micro compliance with the policy.

NORTHERN MICRO PRIVACY POLICY IN DETAIL

Principle 1 – Accountability

Northern Micro will be responsible for the personal information under their control. The Privacy Officer will ensure that the organization is in compliance with the Privacy Act.

1.1 Northern Micro is responsible for personal information under its control, and shall make known, upon request, the name of the person designated to oversee the companies’ compliance with the Privacy Act. Comments and questions regarding this Privacy Policy or its administration should be forwarded to the Privacy Officer.

1.2 Northern Micro is responsible for personal information in its possession including information that has been transferred to a third party for processing.

1.3 Northern Micro has implemented policies and procedures to give effect to the principles of the Act, including: a) procedures to protect personal information; b) procedures to receive and respond to inquiries and complaints; c) training staff and communicating information to staff about NM’s policies and procedures.

 

Principle 2 – Identifying Purposes

Northern Micro shall identify the purposes for which personal information is collected at or before the time the information is collected.

2.1 Northern Micro collects personal information for the following purposes; a) To establish and maintain responsible commercial relations with customers and to provide ongoing service; b) To understand customer needs; c) To develop, enhance, market or provide products and services; d) To manage and develop their business and operations, including personnel and employment matters; e) To meet legal and regulatory requirements.

2.2 Northern Micro identifies the purposes for which it collects personal information at or before the time of collection from an individual, and collects only the information necessary for the purposes that have been identified. This may be specified orally, electronically, in writing or by means of implied consent.

2.3 If Northern Micro wishes to use personal information for a purpose not previously specified, it will identify the new purpose prior to such use. The individual whose personal information is at issue must consent before Northern Micro can use the information for this new purpose, unless the use is to comply with a law, to collect an account for services that Northern Micro has provided to the individual, or consent is implied. 

 

Principle 3 – Consent

The knowledge and consent of a customer or employee is required for the collection, use, disclosure of personal information, except where inappropriate. Consent may be implied or expressly given, it may be provided orally or in writing.

3.1 In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. For instance, if it is clearly in the interest of the indiv Northern Micro may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law.

Northern Micro may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

Northern Micro may disclose personal information without knowledge or consent to a lawyer representing the company, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required by law.

3.2 In obtaining consent, Northern Micro shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.

3.3 Generally, Northern Micro shall seek consent to use and disclose personal information at the same time it collects the information. However, Northern Micro may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.

3.4 Northern Micro will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.

3.5 In determining the appropriate form of consent, Northern Micro shall take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees.

3.6 In general, the use of products and services by a customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for Northern Micro to collect, use and disclose personal information for all identified purposes.

3.7 A customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

 

Principle 4 – Limiting Collection of Personal Information

Northern Micro shall limit the collection of personal information to that which is necessary for the purposes identified. Northern Micro shall collect personal information by fair and lawful means.

4.1 Northern Micro collects personal information primarily from their customers or employees.

4.2 Northern Micro may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties that represent that they have the right to disclose the information.

 

Principle 5 – Limiting Use, Disclosure and Retention

Northern Micro shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Northern Micro shall retain personal information only as long as necessary for the fulfillment of those purposes or as required by law.

5.1 In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individual. (See Principle 3.1)

5.2 In addition, Northern Micro may disclose a customer’s personal information to: a) another company for the efficient and effective provision of computer related services; b) a company involved in supplying the customer with computer or related products or services; c) another person for the development, enhancement, marketing or provision of any of the products or services of Northern Micro; d) an agent retained by Northern Micro in connection with the collection of the customer’s account; e) credit grantors and reporting agencies; f) a person who, in the reasonable judgment of Northern Micro, is seeking the information as an agent of the customer; and g) a third party or parties, where the customer consents to such disclosure or disclosure is required by law.

5.3 Northern Micro may disclose personal information about its employees; a) for normal personnel and benefits administration; b) in the context of providing references regarding current or former employees in response to requests from prospective employers; or c) where disclosure is required by law.

5.4 Only those employees of Northern Micro who require access for business reasons, or whose duties reasonably so require, are granted access to personal information about customers and employees.

5.5 Northern Micro shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or employee, Northern Micro shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or employee, either the actual information or the rationale for making the decision.

5.6 Northern Micro shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

 

Principle 6 – Accuracy of Personal Information

Personal information shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.

6.1 Personal Information used by Northern Micro shall be sufficiently accurate, complete and up to date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.

6.2 Northern Micro shall update personal information about customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.

 

Principle 7 – Safeguards

Northern Micro shall protect personal information by security safeguards appropriate to the sensitivity of the information.

7.1 Northern Micro shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. Northern Micro shall protect the information regardless of the format in which it is held.

7.2 Northern Micro shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.

7.3 All employees of Northern Micro with access to personal information shall be required as a condition of employment to respect the confidentiality of personal information.

 

Principle 8 – Openness Concerning Policies and Practices

Northern Micro shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.

8.1 Northern Micro shall make information about its policies and practices easy to understand, including: a) The title of the person or persons accountable for the companies’ compliance with the Policy and to whom inquiries or complaints can be forwarded; b) The means of gaining access to personal information held by the company; and c) A description of the type of personal information held by the company, including a general account of its use.

8.2 Northern Micro shall make available information to help customers and employees exercise choices regarding the use of their personal information and the privacy enhancing services available from the company.

 

Principle 9 – Customer and Employee Access to Personal Information

Northern Micro shall inform a customer or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate.

9.1 Upon request, Northern Micro shall afford to a customer or an employee a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time and at minimal or no cost to the individual.

9.2 In certain situations, Northern Micro may not be able to provide access to all of the personal information that they hold about a customer or employee. For example, Northern Micro may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, Northern Micro may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, Northern Micro shall provide the reasons for denying access upon request.

9.3 Upon request, Northern Micro shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, Northern Micro shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.

9.4 In order to safeguard personal information, a customer or employee may be required to provide sufficient identification information to permit Northern Micro to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.

9.5 Northern Micro shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Northern Micro shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

9.6 A customer can obtain information or seek access to his or her individual file by contacting a designated representative of Northern Micro.

9.7 An employee can obtain information or seek access to his or her individual file by contacting his or her immediate supervisor. The request will be directed to Human Resources.

 

Principle 10 – Challenging Compliance

A customer or employee shall be able to address a challenge concerning compliance with the above principle to the designated person or persons accountable for the Northern Micro compliance with the policy.

10.1 Northern Micro shall maintain procedures for addressing or responding to all inquiries or complaints from its customers and employees about the companies’ handling of personal information.

10.2 Northern Micro shall inform their customers and employees about the existence of these procedures as well as the availability of complaint procedures.

10.3 The person or persons accountable for compliance with the Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints.

10.4 Northern Micro shall investigate all complaints concerning compliance with the Privacy Policy. If a complaint is found to be justified, the company shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.

CCPA Privacy

Your Rights under the CCPA

Under this Privacy Policy, and by law if You are a resident of California, You have the following rights:

  • The right to notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
  • The right to access / the right to request. The CCPA permits You to request and obtain from the Company information regarding the disclosure of Your Personal Data that has been collected in the past 12 months by the Company or its subsidiaries to a third-party for the third party’s direct marketing purposes.
  • The right to say no to the sale of Personal Data. You also have the right to ask the Company not to sell Your Personal Data to third parties. You can submit such a request by visiting our “Do Not Sell My Personal Information” section or web page.
  • The right to know about Your Personal Data. You have the right to request and obtain from the Company information regarding the disclosure of the following:
    • The categories of Personal Data collected
    • The sources from which the Personal Data was collected
    • The business or commercial purpose for collecting or selling the Personal Data
    • Categories of third parties with whom We share Personal Data
    • The specific pieces of Personal Data we collected about You
  • The right to delete Personal Data. You also have the right to request the deletion of Your Personal Data that have been collected in the past 12 months.
  • The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your Consumer’s rights, including by:
    • Denying goods or services to You
    • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
    • Providing a different level or quality of goods or services to You
    • Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CCPA Data Protection Rights

In order to exercise any of Your rights under the CCPA, and if you are a California resident, You can email or call us or visit our “Do Not Sell My Personal Information” section or web page.

The Company will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

 

Do Not Sell My Personal Information

We do not sell personal information. However, the Service Providers we partner with (for example, our advertising partners) may use technology on the Service that “sells” personal information as defined by the CCPA law.

If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that you use.

 

Website

You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:

  • From Our “Cookie Consent” notice banner

The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.

 

Mobile Devices

Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:

 

  • “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
  • “Limit Ad Tracking” on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.

 

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

 

Your California Privacy Rights (California’s Shine the Light law)

Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.

If you’d like to request more information under the California Shine the Light law, and if you are a California resident, You can contact Us using the contact information provided below.

 

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if you are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

 

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

 

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
  • Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
  • Request correction of the Personal Data that We hold about You. You have the right to to have any incomplete or inaccurate information We hold about You corrected.=
  • Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
  • Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
  • Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
  • Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

 

Changes to this Privacy Policy

We may update our Privacy Policy from time to time at Northern Micro’s sole Discretion. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

 

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: ctccpa@convergetp.com

By phone number: 416.360.1495