OUR COMMITMENT TO THE PROTECTION OF PERSONAL INFORMATION
High North is committed to protecting the privacy of our clients and others with whom we do business. We manage personal information in accordance with applicable privacy legislation in the jurisdictions in which we carry on business. In Canada, we abide by the principles of Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the substantially similar provincial legislation of Canada. We also take measures and we require our service providers to take measures, to protect your personal and company information (see “Data Protection Safeguards” below).
OUR PRIVACY PRINCIPLES
- Identifying Purpose
We may collect personal information that is relevant for the purposes of providing services to our clients and service providers, securing our websites, meeting our legal obligations, promoting, advertising and marketing our services and, in some cases, the products and services of our clients and researching and developing new products and techniques to improve our services, business or websites. Specifically, we collect, use and disclose personal information for the following purposes that include: to identify you, to protect you and us from error and fraud, to understand your needs and eligibility for products and services, to recommend particular products and services to meet your needs, to provide ongoing service, to respond to regulatory and governmental requests and to comply with legal and regulatory requirements.
Personal information may be transferred, processed and/or stored outside of Canada for the purposes described above. Legal requirements in foreign countries applicable to us or our subsidiaries, affiliates, agents, intermediaries and other third parties operating on their or our behalf may include an obligation to disclose personal information to government authorities in foreign countries.
We identify the purposes for which we collect personal information at or before the time the information is collected, unless that purpose is implied by the context.
Generally, we obtain your consent to the collection, use or disclosure of personal information at or prior to the time of collection. However, we may collect, use or disclose personal information without your knowledge or consent in certain circumstances that are permitted or required by law. For example, we may disclose personal information in response to a court order, subpoena or warrant, in connection with legal proceedings to enforce our rights, or in connection with an emergency involving a person’s life, health or security.
Consent may be expressed in writing or implied, and in some cases, it may be provided verbally, electronically, or through an authorized representative, provided such representative has the appropriate written authorization to do so.
You may withdraw your consent to the further use of your personal information at any time, subject to any legal or contractual restrictions, and upon reasonable notice to us.
- Limiting Collection
We collect only information that is necessary for the identified purposes herein and to meet our legal and contractual obligations.
- Limiting Use, Disclosure and Retention
We may use and/or disclose your personal information, company information, license numbers or test results only in relation to the purposes identified herein. In connection with such identified purposes, we may employ third parties to process personal information or perform tasks on our behalf, including website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our clients. We seek assurances to ensure personal information and company information is similarly protected by these third parties in accordance with all applicable privacy and data security laws.
We have established guidelines and put procedures in place for the appropriate retention and destruction of personal information.
We take steps to ensure any personal information is accurate and up-to-date.
We use safeguards and security measures to protect your personal and company information. See “Data Security Safeguards” below.
Information about our policies and procedures for handling personal information, as well as addressing any concerns or complaints, is available by contacting the Chief Privacy Officer
- Individual Access
You are entitled, on request, to know of the existence, use and disclosure by us of your personal information. You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.
There may be circumstances where we are unable to provide the requested access. Those circumstances include if the cost of providing access would be prohibitive, the information contains references to other individuals, disclosure is prohibited for legal, security or commercial proprietary reasons, and/or the information is subject to solicitor client or litigation privilege.
- Challenging Compliance
We review all complaints and respond within the time period prescribed by law. If a complaint is found to be justified, we will take prompt and appropriate measures. In the event that a complaint cannot be resolved satisfactorily, the complainant will be advised of further complaint procedures that may be available to them.
ADDITIONAL TERMS AND CONDITIONS
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
We, along with third-party vendors such as Google, use first-party cookies or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Anonymity /Do Not Track
Users can visit our site anonymously.
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
It is important to note that we allow third-party behavioral tracking
High North uses complies with the Canada Anti-Spam Law with respect to all commercial electronic messages we send out.
At any time if you would like to unsubscribe from receiving future emails, you can email us at
info@HIGH NORTH.com and we will promptly remove you from ALL correspondence.
Security of Personal and/or Company Information
Your information will be contained in secured networks and will only accessible by a limited number of persons who have access rights to confidential information and are bound by confidentiality agreements. The following is the security protocol used to protect our customer information, Certificate of analysis, High North Reports and other sensitive data:
- The High North application will be running as a web service and access to the application will be allowed only via the https protocol. All the traffic between the application and users is encrypted using Transport Layer Security (TLS).
- The database storing user accounts and marketing report data will be hosted on Amazon’s RDS service. Data will be encrypted both at rest and in transit. The database cannot be accessed directly from the internet, only the application has access to the database server within the private network.
- Data from the Laboratory Information Management System (“LIMS”) will be migrated to the High North database using web services in the cloud. These web services will be restricted to the High North website and LIMS use and only the authenticated authorized web application service account will have the permissions to make requests using this service.
- Backup data files are encrypted and stored in the private file system not accessible on the internet. When required, and to prevent data exposure, the files meant for disposal will be erased with high quality available methods.
User access to the authenticated area is password protected and controls are implemented to restrict the user access only to their own data. The application will have a set of rules that will require users to set strong passwords and will not allow easily discoverable ones. Multi-factor authentication as well may be implemented in the future.
A third-party partner implements security testing throughout the whole duration of the Software Development Life Cycle. From the planning, design and architecture phase, security reviews have been conducted to identify any specific threats that are relevant to a system based on its design so that the appropriate measures can be applied to prevent loss of data. In addition, a third-party will implement a number of supervisory controls designed to prevent or detect errors and/or intentional and unauthorized changes to our application source code or to the hosting environment.
Notwithstanding that we take the security precautions set out herein to protect your privacy and confidentiality, we cannot guarantee the security of your personal information, company information or test reports.
E-mails or forms sent via the Internet are neither confidential nor secure and can be viewed and modified by third parties. High North will not be liable for damages arising from messages sent to it via unsecured e-mail or other messages sent electronically (SMS, etc.).