PRIVACY POLICY

OVERVIEW

High North, Inc. (“High North”) collects certain information that you provide to us as well as information on how you use our websites, applications, and other products and services. This privacy policy (the “Privacy Policy”) sets out our policies and procedures surrounding the collection and handling of any such information. In this policy, “personal information” means any information, either factual or subjective, about an identifiable individual. Personal information does not include the name, title, business address or telephone number of an employee of an organization.

This Privacy Policy does not apply to any third party site or service linked to our website or recommended or referred by our website or by our staff.

By accessing or using the website, you agree to the terms of this Privacy Policy and consent to the collection, use and disclosure of your personal information as set out herein. If you do not agree to these terms, do not access or use this site. High North reserves the right to change our Privacy Policy from time to time at our sole discretion. Your use of this site will be subject to the most current version of the Privacy Policy at the time of such use.

OUR COMMITMENT TO THE PROTECTION OF PERSONAL INFORMATION

High North is committed to protecting the privacy of our clients and others with whom we do business. We manage personal information in accordance with applicable privacy legislation in the jurisdictions in which we carry on business. In Canada, we abide by the principles of Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the substantially similar provincial legislation of Canada. We also take measures and we require our service providers to take measures, to protect your personal and company information (see “Data Protection Safeguards” below). [insert link to Data Protection Safeguards].

OUR PRIVACY PRINCIPLES

  1. Accountability

    We have appointed a Chief Privacy Officer who is responsible for our compliance with privacy legislation. All requests for access to your personal information under this Privacy Policy should be directed in writing to the Chief Privacy Officer, High North Inc., 7 – 241 Hanlan Road, Woodbridge, Ontario, L4L 3R7, info@HIGH NORTH.com.

  2. Identifying Purpose

    We may collect personal information that is relevant for the purposes of providing services to our clients and service providers, securing our websites, meeting our legal obligations, promoting, advertising and marketing our services and, in some cases, the products and services of our clients and researching and developing new products and techniques to improve our services, business or websites. Specifically, we collect, use and disclose personal information for the following purposes that include: to identify you, to protect you and us from error and fraud, to understand your needs and eligibility for products and services, to recommend particular products and services to meet your needs, to provide ongoing service, to respond to regulatory and governmental requests and to comply with legal and regulatory requirements.

    Personal information may be transferred, processed and/or stored outside of Canada for the purposes described above. Legal requirements in foreign countries applicable to us or our subsidiaries, affiliates, agents, intermediaries and other third parties operating on their or our behalf may include an obligation to disclose personal information to government authorities in foreign countries.

    We identify the purposes for which we collect personal information at or before the time the information is collected, unless that purpose is implied by the context.

  3. Consent

    Generally, we obtain your consent to the collection, use or disclosure of personal information at or prior to the time of collection. However, we may collect, use or disclose personal information without your knowledge or consent in certain circumstances that are permitted or required by law. For example, we may disclose personal information in response to a court order, subpoena or warrant, in connection with legal proceedings to enforce our rights, or in connection with an emergency involving a person’s life, health or security.

    Consent may be expressed in writing or implied, and in some cases, it may be provided verbally, electronically, or through an authorized representative, provided such representative has the appropriate written authorization to do so.

    You may withdraw your consent to the further use of your personal information at any time, subject to any legal or contractual restrictions, and upon reasonable notice to us.

  4. Limiting Collection

    We collect only information that is necessary for the identified purposes herein and to meet our legal and contractual obligations.

  5. Limiting Use, Disclosure and Retention

    We may use and/or disclose your personal information, company information, license numbers or test results only in relation to the purposes identified herein. In connection with such identified purposes, we may employ third parties to process personal information or perform tasks on our behalf, including website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our clients. We seek assurances to ensure personal information and company information is similarly protected by these third parties in accordance with all applicable privacy and data security laws.

    We have established guidelines and put procedures in place for the appropriate retention and destruction of personal information.

  6. Accuracy

    We take steps to ensure any personal information is accurate and up-to-date.

  7. Safeguards

    We use safeguards and security measures to protect your personal and company information. See “Data Security Safeguards” below. [insert link to Data Security Safeguards section]

  8. Openness

    Information about our policies and procedures for handling personal information, as well as addressing any concerns or complaints, is available by contacting the Chief Privacy Officer [add link to Accountability section above]

  9. Individual Access

    You are entitled, on request, to know of the existence, use and disclosure by us of your personal information. You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.

    All requests for access to your personal information must be made in writing and will be handled in a timely manner. In order to respond to a request, we are entitled to request sufficient personal information to allow us to confirm whether or not we have personal information relating to you, the individual making the request. We reserve the right to charge a minimal fee for copies of documents requested under this Privacy Policy. Please advise us if you need any help in preparing your request and we will ensure you are provided with such assistance. Additionally, for those with a sensory disability, we will endeavour to provide you with access to your personal information in an alternate format, if so requested. Please contact our Chief Privacy Officer for such requests and assistance. [add link to Accountability section above]

    There may be circumstances where we are unable to provide the requested access. Those circumstances include if the cost of providing access would be prohibitive, the information contains references to other individuals, disclosure is prohibited for legal, security or commercial proprietary reasons, and/or the information is subject to solicitor client or litigation privilege.

  10. Challenging Compliance

    We review all complaints and respond within the time period prescribed by law. If a complaint is found to be justified, we will take prompt and appropriate measures. In the event that a complaint cannot be resolved satisfactorily, the complainant will be advised of further complaint procedures that may be available to them.

ADDITIONAL TERMS AND CONDITIONS

Cookies

We use cookies to help understand and save users’ preferences for future visits, compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf. Cookies may be turned off, but if you turn cookies off, some of the features that make your site experience more efficient may not function properly.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

We, along with third-party vendors such as Google, use first-party cookies or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

Transactions

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Anonymity /Do Not Track

Users can visit our site anonymously.

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

It is important to note that we allow third-party behavioral tracking

CASL

High North uses complies with the Canada Anti-Spam Law with respect to all commercial electronic messages we send out.

At any time if you would like to unsubscribe from receiving future emails, you can email us at

info@HIGH NORTH.com and we will promptly remove you from ALL correspondence.

Security of Personal and/or Company Information

Your information will be contained in secured networks and will only accessible by a limited number of persons who have access rights to confidential information and are bound by confidentiality agreements. The following is the security protocol used to protect our customer information, Certificate of analysis, High North Reports and other sensitive data:

  • The High North application will be running as a web service and access to the application will be allowed only via the https protocol. All the traffic between the application and users is encrypted using Transport Layer Security (TLS).

  • The database storing user accounts and marketing report data will be hosted on Amazon’s RDS service. Data will be encrypted both at rest and in transit. The database cannot be accessed directly from the internet, only the application has access to the database server within the private network.

  • Data from the Laboratory Information Management System (“LIMS”) will be migrated to the High North database using web services in the cloud. These web services will be restricted to the High North website and LIMS use and only the authenticated authorized web application service account will have the permissions to make requests using this service.

  • Backup data files are encrypted and stored in the private file system not accessible on the internet. When required, and to prevent data exposure, the files meant for disposal will be erased with high quality available methods.

User access to the authenticated area is password protected and controls are implemented to restrict the user access only to their own data. The application will have a set of rules that will require users to set strong passwords and will not allow easily discoverable ones. Multi-factor authentication as well may be implemented in the future.

A third-party partner implements security testing throughout the whole duration of the Software Development Life Cycle. From the planning, design and architecture phase, security reviews have been conducted to identify any specific threats that are relevant to a system based on its design so that the appropriate measures can be applied to prevent loss of data. In addition, a third-party will implement a number of supervisory controls designed to prevent or detect errors and/or intentional and unauthorized changes to our application source code or to the hosting environment.

Disclaimers

Notwithstanding that we take the security precautions set out herein to protect your privacy and confidentiality, we cannot guarantee the security of your personal information, company information or test reports.

E-mails or forms sent via the Internet are neither confidential nor secure and can be viewed and modified by third parties. High North will not be liable for damages arising from messages sent to it via unsecured e-mail or other messages sent electronically (SMS, etc.).