(“Replicon” or “we”, “us”, “our”, etc.)
Effective Date: November 10, 2015
Replicon is committed to maintaining the privacy of individuals and protecting personal information in its custody or control in accordance with privacy legislation applicable to Replicon. This Policy is intended to comply with the requirements of Alberta’s Personal Information Protection Act (“PIPA”). However, in certain circumstances, other legislation may be applicable.
This Policy describes and summarizes the practices of Replicon and its affiliates with respect to our collection, use and/or disclosure of personal information related to all individuals other than employees and individual contractors of Replicon; those individuals are subject to a separate policy. Employees of Replicon dealing with personal information are expected to be familiar with this Policy. This Policy does not apply to non-personally identifiable information, anonymous information, or aggregate information that does not identify any specific individual.
In this Policy, the following terms have the meanings below:
Personal information means information about an identifiable individual, which does not include information of an aggregate or anonymous nature where a specific individual or individuals cannot be identified. Personal Information also does not include business contact information, as long as business contact information is used to contact an individual in their capacity as an employee or official of an organization, and for no other purpose. Information about a corporation, firm, trust, union or other non-individual entity is not personal information.
Business contact information means an individual’s name and position or title as an official or employee of an organization, as well as their business telephone number, business address, business e-mail, business fax number and other business contact information.
Privacy and our Website
We do not collect any personal information from individuals who simply visit our website. However, individuals should be aware that most web servers do collect some information about visitors, such as the browser and version being used, the operating system, and the “IP” or internet address of the visitor, which may identify the individual’s Internet Service Provider or computer but not necessarily the individual using it.
If you voluntarily submit personal information to us by e-mail for purposes of obtaining information, we will consider that you have done so with your consent for purposes reasonably related to your providing the information. If reasonable to do so, after our initial response, we may send further information to you with information that may be useful, but we will include instructions on how to terminate receiving such further information. Please be advised that the Internet and e-mail are inherently insecure media, and we cannot take responsibility for the security or privacy of personal information in transit over the Internet.
Third Party Websites and Third Party Services
Please note that our website may contain links to other websites which are provided as a convenience for visitors to our website only, in addition to third party services, applications, and widgets that may be bundled into, included in, or provided in connection with our services. Any third party websites, third party services, applications and widgets will have their own privacy policies and practices, and we cannot be responsible for such third parties, their websites, services, applications, widgets, or their privacy practices. Where “Third Party Services” (as defined in our Terms & Conditions) are provided or made available to you, you consent to your name, email address and any other reasonably required information being sent to the applicable third party to enable such third party to make its Third Party Services available or to provide you with its Third Party Services as required or requested by you, and to authenticate or validate you as a customer of Replicon that is entitled to such Third Party Service.
Sources of Personal Information
Replicon generally collects, uses and discloses personal information about the following types of individuals:
Customers, employees of and contractors to customers;
Prospective or potential customers or their employees;
Subscribers to Replicon newsletters, white papers or similar types of information;
Employees and independent contractors (where such contractors are individuals) of Replicon for the purposes of establishing, managing and terminating employment and contractor relationships;
Other individuals who may voluntarily choose to provide Replicon with personal information.
Shareholders and investors in Replicon; and,
Directors of Replicon.
Notification and consent
Subject to this Policy and applicable legislation, Replicon will identify the purposes for collection, use and disclosure in advance of collection, and will notify the individual of the purposes for collection, use or disclosure at or before the time of collection. Replicon may obtain consent from individuals by receipt of consent from their employers or contractors where such employers or contractors have entered into an agreement with Replicon pursuant to which the employer or contractor, as agent for the individual, or with their authority, provides Replicon with consent to collect, use and disclose personal information regarding such individuals for the purposes of providing services or products to their employer or party to which they are contracted.
There are a number of exceptions to the above provisions in that in some circumstances, such as with certain personal information related to employees, Replicon does not require consent to collect, use or disclose personal information but is required to provide notification in advance. In certain circumstances, specifically those set out in applicable legislation, the law does not require that Replicon obtain consent or provide notification. Replicon reserves all its rights to rely on any available statutory exemptions and exceptions.
Exceptions to the requirement for consent
Replicon may collect personal information without consent in circumstances that include but are not limited to the following:
Where a reasonable person would consider that the collection of the information is clearly in the interests of the individual and consent of the individual cannot be obtained in a timely way or the individual would not reasonably be expected to withhold consent;
Where the collection of the information is pursuant to a statute or regulation of either Alberta or Canada that authorizes or requires the collection;
Where the collection of the information is from a public body and that public body is authorized or required by an enactment of Alberta or Canada to disclose the personal information to Replicon;
Where the collection of the information is reasonable for the purposes of an investigation or a legal proceeding;
Where the information is publicly available;
Where the collection of the information is necessary in order to collect a debt owed to Replicon or for Replicon to repay to an individual money owed by Replicon.
In addition to the above, the law generally provides that an individual is deemed to consent to the collection, use or disclosure of personal information about that individual for a particular purpose if the individual voluntarily provides the information for that purpose, and it is reasonable that a person would voluntarily provide that information. If an individual provides personal information to us voluntarily, we will rely on deemed consent and consider that the individual consents to our collection, use or disclosure of their personal information as necessary to carry out the purposes for which they provided the information.
Where a new purpose for the use or disclosure of personal information previously collected arises, Replicon will contact the individual in question to obtain any required consent or to provide any required notification for use and/or disclosure for such new purpose or purposes.
Where practical, Replicon will try to collect personal information directly from the individual. Where necessary, Replicon will collect personal information from other sources. When Replicon collects personal information about individuals directly from them, except when their consent to the collection is deemed or has otherwise been previously and lawfully obtained, or is not required, we will tell them the purpose for which the information is collected, and, if reasonable to do so, the name of a person who can answer questions about the collection.
Why we collect, use and disclose personal information
Replicon generally collects, uses and discloses personal information for the following purposes:
Customers, employees of and contractors to customers: To establish, maintain, manage and terminate a relationship with a customer.
Prospective or potential customers or their employees: To attempt to establish a relationship with a customer.
Subscribers to Replicon newsletters, white papers or similar types of information: To provide services, information or documentation and to solicit business.
Suppliers (including non-individual contractors to Replicon), employees of and contractors to suppliers: To establish, maintain, manage and terminate a supplier relationship.
Individuals who may voluntarily choose to provide Replicon with personal information: To fulfill the purposes for which such information was provided.
Shareholders and investors: To manage our relationship with and our obligations to investors and shareholders. Replicon is required by applicable laws and regulatory authorities to collect, as well as use and disclose certain information with respect to its shareholders.
Directors and officers: To manage our relationship with and our obligations to directors and officers. Replicon is required by applicable laws and regulatory authorities to collect, as well as to use and disclose, certain information with respect to its directors and officers.
Other individuals: Personal information from other individuals may be collected, used or disclosed when such individuals contact Replicon for a variety of reasons personal to them. For example, if an individual contacts us with an inquiry, we will use the information provided to assist us in responding to that individual and communicating with them. Generally, such information is used to contact or reply to individuals who have contacted us where such contact or reply is reasonable in the circumstances, or is subject to deemed consent, or is legally required.
Telephone Conversations: Please refer to the more comprehensive section on telephone conversations in this Policy.
To fulfill our legal obligations.
Use of Personal Information
As with collection, there are exceptions to the requirement of consent with respect to use. For example, Replicon may use personal information without consent in circumstances that include but are not limited to the following:
Where a reasonable person would consider that the use of the information is clearly in the interests of the individual and consent of the individual cannot be obtained in a timely way or the individual would not reasonably be expected to withhold consent;
Where the use of the information is pursuant to a statute or regulation of Alberta or Canada that authorizes or requires the use;
Where the information in question was collected is from a public body and that public body is authorized or required by an enactment of Alberta or Canada to disclose the personal information to Replicon;
Where the use of the information is reasonable for the purposes of an investigation or a legal proceeding;
Where the information is publicly available;
Where the collection of the information is necessary in order to collect a debt owed to Replicon or for Replicon to repay to the individual money owed by Replicon;
In certain circumstances, where the information may be disclosed without consent, it may also be used without consent.
Replicon will in all cases use personal information as permitted or required by applicable law.
Disclosure of personal information
It is the general policy of Replicon to not disclose personal information in its custody or control except with the consent of the individual and then only for identified purposes. However, individuals should be aware that there are exceptions to the above.
Alberta law permits us to collect, use or disclose personal information about an individual in some circumstances without the individual’s consent and/or knowledge. Such circumstances include (but are not limited) to where:
the collection, use or disclosure is clearly in the interests of the individual and consent cannot be obtained in a timely way;
collection, use, or disclosure is reasonable for the purposes of an investigation or proceeding;
the personal information is available to the public from a prescribed source; or
the collection, use, or disclosure is required or authorized by a statute or regulation of Alberta or Canada.
Replicon will in all cases disclose personal information as required or permitted by applicable law.
Replicon does not disclose, trade or sell its customer or contact lists.
Incoming and outgoing telephone calls using Replicon’s telephone systems may be subject to automated recording and archiving. Recording is a function of certain technology and cannot be turned off by individual Replicon employees or contractors for particular cases. Recording is carried out for the following purposes:
To ensure accuracy of communication. This includes ensuring accuracy of our understanding of customer requirements, orders and agreements made with customers, and, if necessary, to accurately document such agreements in the event of a misunderstanding or dispute to protect both Replicon and the customer;
To ensure quality of service provided by Replicon representatives.
Recordings of telephone calls are initially not reviewed or overheard in any manner, but are archived in digital format on a secure server without review. Such recordings may be subsequently reviewed by Replicon at any time for any one or more of the stated purposes and, in particular, may be used without notification or consent as evidence in the event of an investigation or legal proceeding related to such telephone conversation, or to review the quality of service provided in situations where Replicon has a basis to believe that such quality may not be adequate and generally only with respect to those Replicon representatives who interact with customers.
Callers from outside Replicon are advised that their call may be recorded and potentially used on the foregoing basis. Callers have the option at their request of opting out of such recording by asking their Replicon representative to call them back on a cell phone, which is not subject to automated recording. Individuals may also communicate with Replicon via e-mail, fax or mail.
Recordings, including recordings that are not reviewed, are retained on the same basis as other personal information pursuant to this Policy. Where required or permitted by law, Replicon may use or disclose personal information contained in recordings. Replicon does not use information contained in recordings for marketing or solicitation purposes. Access to such recordings is restricted to particular individuals within Replicon who have obligations of confidentiality to Replicon and who have a need to review such recordings as part of their obligations to Replicon.
There are occasions where Replicon representatives may remotely access a computer of a Replicon customer in order to provide services, including technical support or product support. Such access may include an exchange of information of a conversational nature and, while not intended to do so, such access may result in the collection of personal information incidental to our providing services. The activities carried out during such access are recorded and archived so that the recording of such activities may later be viewed or reviewed for the purposes of providing services to the customer in question. The recording is a video file without sound and is subsequently used only for the purposes of assisting the customer. In all cases where a computer becomes subject to access by Replicon, such access will be with the customer’s knowledge and consent.
Retention and Destruction of Personal Information
Alberta law allows us, for legal or business purposes, to retain personal information for as long as is reasonable. Upon expiry of an appropriate retention period, bearing in mind reasonable legal and business requirements, personal information will either be destroyed in a secure manner or made anonymous.
Should consent to our collection, use, disclosure or retention of personal information be revoked by the individual in question, the law also allows us to continue to retain the information for as long as is reasonable for legal or business purposes. In the event that revocation of consent may have consequences to the individual concerned, we will advise the individual of the consequences of revoking their consent where it is reasonable in the circumstances to do so.
When we collect, use or disclose personal information, we will make reasonable efforts to ensure that it is accurate, up to date, and complete.
Data and information provided or created by our customers in the course of using our products or services (“Customer Data”) remains the property of our customers, and is not used or disclosed by us except as reasonably required to provide our products or services to the applicable customer, or as otherwise set out in this Policy.
Anonymous and Aggregate Data
We may derive anonymous statistical and usage data, and data about the functionality of our products and services from Customer Data and eliminate personal information from Customer Data so that such derived data cannot be used to identify the customer or its individuals users (“Anonymous Data”). We may then combine Anonymous Data with similar anonymous data from other customers or users, and derive Aggregate Data and then license or sell such Aggregate Data. “Aggregate Data” shall mean anonymous data combined from various sources which cannot be used to identify any customer or user.
Outsourcing and Data Hosting Outside of Canada
We may use third party service providers, or provide or bundle in with our services software or services provided by third parties, to process or deal with records, documents, data and information on our behalf, or on your behalf, and such records, documents, data and information may include personal information. In order to protect the confidentiality and security of personal information processed on our behalf by our service providers, we use contractual and similar measures with such service providers, including contractual non-disclosure provisions.
We may use “cloud computing” third party service providers, and those providers may be either in or outside Canada, and the data housed, hosted and processed by such providers may reside in or outside of Canada, and may include personal information about individuals. Individuals providing us with their personal information are notified by this Policy about such service providers outside of Canada, and such individuals may, on request as set out in this Policy, obtain access to written information about our policies and practices with respect to service providers outside of Canada and the name or title of a person who can answer any questions about the collection, use, disclosure or storage of personal information by any service providers outside Canada.
We recognize our legal obligations to protect the personal information we have gathered about individuals. We have therefore made arrangements to secure against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of personal information. These arrangements may include physical security measures, network security measures, and organizational measures such as non-disclosure agreements and need-to-know access.
Notification of Loss or Unauthorized Access or Disclosure
Where an incident occurs involving the loss of or unauthorized access to or disclosure of personal information under our control, where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure, we will, without unreasonable delay, provide notice to the Information and Privacy Commissioner for Alberta of the incident, including any information required by law at the time to be provided to the Commissioner. While Alberta law provides that the Commissioner has the authority to require us to notify individuals of the unauthorized access or disclosure, we may elect to immediately do so in the event we consider it reasonable in the circumstances.
Requests for Access
Alberta law permits individuals to submit written requests to us to provide them with:
access to their personal information under the custody or control of Replicon;
information about the purposes for which their personal information under the custody or control of Replicon has been and is being used; and
the names of organizations or persons to whom and the circumstances in which personal information has been and is being disclosed by Replicon.
Requests for access are subject to the following:
Any requests must be in writing.
We do not accept such requests or respond to such requests via e-mail.
In order to receive a response to such a request, the individual must provide us with sufficient information to locate their record, if any, and to respond to them.
We will respond to requests in the time allowed by Alberta law, which is generally 45 days. In certain circumstances, we may have a right to extend this period of time and will advise in writing if we are doing so.
We will make a reasonable effort to assist applicants and to respond as accurately and completely as reasonably possible.
All requests may be subject to any fees and disbursements the law permits us to charge.
Where appropriate to do so, we may require advance payment of a deposit or the entire costs of responding to a request for access to personal information.
Please note that an individual’s ability to access his or her personal information under our control is not an absolute right. Alberta law provides that Replicon must not disclose personal information where:
the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request;
the disclosure would reveal personal information about another individual; or
the disclosure would reveal the identity of an individual who has in confidence provided us with an opinion about another individual and the individual providing the opinion does not consent to the disclosure of his or her identity.
Alberta law also provides that Replicon may choose not to disclose personal information where:
the personal information is protected by any legal privilege;
the disclosure of the information would reveal confidential commercial information and it is not unreasonable to withhold that information;
the personal information was collected by Replicon for an investigation or legal proceeding;
the disclosure of the personal information might result in similar information no longer being provided to us when it is reasonable that it would be provided;
the personal information was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to actunder an agreement,
under an enactment, or
by a court; or
the personal information relates to and may be used in the exercise of prosecutorial discretion.
Replicon reserves all its rights under the above.
Responses to Requests
Our responses to requests for access to personal information will be in writing, and will confirm:
whether we are providing all or part of the requested information,
whether or not we are allowing access or providing copies, and,
if access is being provided, when and how that will be given.
If access to information or copies are refused by us, we will provide written reasons for such refusal and the section of PIPA (the Personal Information Protection Act, Alberta) on which that refusal is based. We will also provide the name of an individual at Replicon who can answer questions about the refusal, and particulars of how the requesting individual can ask the Information and Privacy Commissioner of Alberta to review our decision. In order to receive a response to such a request, the individual must provide us with sufficient information to locate their record, if any, and to respond to them.
Requests for Correction
Alberta law permits individuals to submit written requests to us to correct errors or omissions in their personal information that is in our custody or control. If an individual alleges errors or omissions in the personal information in our custody or control, we will either:
correct the personal information and, if reasonable to do so, and if not contrary to law, send correction notifications to any other organizations to whom we disclosed the incorrect information; or
decide not to correct the personal information but annotate the personal information that a correction was requested but not made.
Corrections or amendments will not made to opinions as opposed to factual information, although we reserve the right to modify opinions where changes in the facts on which those opinions are based occur.
Replicon may amend this Policy from time to time as required and without notice, in order to better meet our obligations under the law.
If you have any questions with respect to our policies concerning the collection, use, disclosure or handling of your personal information, or if you wish to request access to, or correction of, your personal information under our care and control, or if you are dissatisfied with how we handle your personal information, please contact our Privacy Contact, Peter Kinash, at:
firstname.lastname@example.org OR 403-716-0386 ext 7386.
If you remain dissatisfied after our Privacy Contact has reviewed and responded to your concern, or have other concerns or questions, you have the right at any time to contact the Office of the Information and Privacy Commissioner at:
410, 9925 – 109 Street
Edmonton, AB T5K 2J8
Telephone (780) 422-6860 or Fax (780) 422-5682