PrIVACY STATEMENT

Introduction

cfactor Works Inc. (“cfactor”) is committed to protecting the privacy of personal information.  Cfactor Works’ privacy practices and procedures are covered by service contracts, employment contracts, a Privacy Code, and internal policies and procedures, of which this Privacy Statement is a part.  cfactor Works’ business is dependent upon cfactor maintaining the privacy, security and confidentiality of personal information transferred to it by our clients and partners (“Clients”). 

The purpose of this Privacy Statement is to provide general information regarding the handling of personal information that is transferred to cfactor Works by our Clients (“Transferred Information”).  In this capacity, cfactor Works is the transferee of personal information for processing purposes and acts as third party processing agent on behalf of the Client.

In respect of the collection, use, retention and disclosure of personal information for cfactor Works’ own purposes, cfactor Works has adopted a Privacy Code that follows the ten privacy principles set out in the National Standards Association of Canada “Model Code for the Protection of Personal Information, CAN/CSA-Q830-96” and PIPEDA.  Our Privacy Code contains specific information about cfactor Works’ management and protection of personal information that is collected, used and disclosed by cfactor Works. 

 

What Is “Personal Information”?

Personal information is any information about an identifiable individual. 

 

Does cfactor Works Collect, Use or Disclose Personal Information When Providing Services to our Clients?

No.  cfactor Works does not collect, use or disclose personal information in the course of providing services to our Clients.  However, our Clients may transfer personal information to us in the course of our provision of services to our Clients.  cfactor Works, as an agent, receives only such personal information as is transferred to cfactor Works by our Clients and then we retain that Transferred Information only for so long as is required by the Client.

The types of information that our Clients collect from individuals (and transfers to cfactor Works for processing) may include an individual’s: name, address, other personal identification numbers, spousal and dependant information, bank account information, other financial and tax information, and such other personal information that an individual may choose to disclose to our Client. 

While cfactor Works takes steps to verify that our Clients comply with all applicable privacy requirements, cfactor Works has no control over or responsibility for the privacy practices of our Clients.

As a third party processor of information, cfactor Works does not independently use or disclose any Transferred Information for any purpose whatsoever other than to process the Transferred Information in accordance with our contractual obligations to our Clients.  cfactor Works does not independently disclose Transferred Information, other than when required to do so by law.

cfactor Works provides hosting services to our Clients from various locations.  Transferred Information retained at these sites is processed by cfactor Works for the purposes set out in contractual agreements between cfactor Works and our Clients.  Transferred Information is retained and processed only in the course of providing specific, identified services to our Clients.

 

How Does cfactor Works Protect Personal Information Transferred to cfactor Works?

The following material addresses the application of the ten (10) privacy principles set out in PIPEDA to cfactor Works in the context of cfactor Works’ provision of services to our Clients: 

1.  Accountability.  cfactor Works has appointed a Chief Privacy Officer (CPO) responsible for Transferred Information.  Accountability for privacy compliance rests with the CPO, even though other individuals within cfactor Works may be responsible for the day-to-day processing of Transferred Information.

2.  Identifying Purposes.  Our Clients are responsible for identifying the purposes for which Transferred Information is collected by them at or before the time of collection.  When personal information is collected by a Client through cfactor Works in the course of cfactor Works providing a service under contract to the Client, it remains the responsibility of the Client to identify to the individual the purpose for which the individual’s personal information is collected.

3.  Consent.  cfactor Works receives transfers of Transferred Information from our Clients.  As a contracted third party processor of Transferred Information, cfactor Works does not obtain consent from individuals.  The Client is responsible for obtaining the consent of each individual to the collection, use and disclosure of Transferred Information by the Client, prior to transfer of the personal information to cfactor Works.

4.  Limited Collection.  cfactor Works does not collect personal information other than as agent for a Client.  In such cases, cfactor Works collects only the information required for the purposes identified by the Client and only by lawful means.

5.  Limiting Use, Disclosure and Retention.  cfactor Works does not independently use or disclose Transferred Information, other than where required by law to do so.  cfactor Works retains Transferred Information only so long as is required under contract with our Client.

6.  Accuracy.  As a third party agent, cfactor Works makes no decisions about an individual on the basis of the individual’s personal information.  As such, the accuracy, completeness and currency of Transferred Information the responsibility of our Client.

7.  Safeguards.  cfactor Works ensures appropriate and adequate safeguards and security measures are continually in place and protecting Transferred Information at all times while it is in cfactor Works’ possession or control.  cfactor Works ensures all of its employees are aware of the importance of the privacy, confidentiality and security of Transferred Information.  Disposal and destruction of Transferred Information is handled very carefully to prevent unauthorized persons from gaining access to or knowledge of Transferred Information.

8.  Openness.  cfactor Works makes available to Clients and the general public specific information about our privacy policies and procedures. 

9.  Individual Access.  cfactor Works is a third party information processor under contract to a Client.  Our Clients have the legal obligation to grant an individual access to his or her personal information, subject to applicable restrictions.  Upon receipt of a request from an individual for access to their own Transferred Information, cfactor Works shall forthwith advise the applicable Client of the request and seek instruction and direction from the Client with respect to the access request. 

10.  Challenging Compliance.  Individuals or Clients who feel that Transferred Information has been handled by cfactor Works in a manner not in compliance with our stated privacy principles or the law should contact cfactor Works’ CPO with a written description of their concern.  After receiving such written concern, the CPO will contact the individual or Client to set up a time and manner to discuss their concern. cfactor Works will address all legitimate concerns regarding privacy issues and will, in good faith, engage in efforts to resolve all such concerns.

 

Does cfactor Works Collect Personal Information through its Corporate Web Sites?

Any personal information that is voluntarily provided to cfactor Works through the completion of electronic forms on our web site is collected in compliance with our Privacy Code and the National Standards Association of Canada “Model Code for the Protection of Personal Information, CAN/CSA-Q830-96”.  Personal information is used only for the purpose(s) for which it was collected, and cfactor Works does not disclose this information to other organizations or individuals, except as authorized by law.

Web site

When you visit cfactor Works corporate web site(s), the server may automatically assemble and retain a limited amount of information essential to the efficient operation of the web site.  These web log files help us determine the areas of our web site that are being viewed the most and provide us with statistical reports that are used to help us improve our site.  The following information about a visitor may be collected:

  • Internet Protocol (IP) address and hostname of your computer
  •  The type of browser used (e.g. Internet Explorer, Netscape Navigator)
  • Computer's operating system (e.g. Microsoft Windows 2000, Microsoft Windows XP Pro)
  • Referral Site (the site you came from when you entered our site)
  • The date and time of your visit
  • Requested filenames, query string and bytes sent for the request
  • Request protocol (e.g. HTTP, HTTPS), request method (E.g. POST, GET)
  • Requested server port
  • Status of your request

Email

cfactor Works’ web sites are public sites and as such are not restricted to only those users with an authorized user ID and password.  As a result, any email messages sent to us though email addresses available on our site could potentially be intercepted on their way to intended recipients.  cfactor Works will not be responsible for any damages suffered by organizations or individuals as a result of information that is sent via email to cfactor Works, or for any errors or changes made to information that is transmitted to cfactor Works.

 

Employees' Responsibilities

The employees of cfactor Works are responsible for maintaining the security, privacy and confidentially of all personal information to which they have access.  As a condition of employment all employees are required to sign a confidentially agreements binding them to this responsibility.

 

Privacy Concern?

Phone:  1.877.655.5798 and ask to speak with the Chief Privacy Officer