Statement of Privacy

s01ve Cyber Solutions is committed to protection and safe handling of all personal information entrusted to us during the course of doing business. s01ve Cyber Solutions adheres to the policies of its parent company, ReTrain Canada, regarding the secure management of privileged, personal, or sensitive information, recapitulated here. These policies were crafted in accordance with Alberta’s Personal Information Protection Act (PIPA) and other applicable privacy laws.

This policy, in its entirety, applies to s01ve Cyber Solutions and all of its subsidiaries and business units, including s01ve Managed Services Provider and s01ve Investigations.

A copy of this policy will be provided to any client, upon request.

What is Personal Information?

Personal information is any identifying information about an individual. This includes an individual’s name, home address, phone number, age, sex, marital or family status, any identifying number (ex. SIN), financial information, educational history, employment role or history, etc.

Due to the nature of s01ve’s business, personal information also includes distinct technological identifiers, such as email addresses, Internet Provider addresses (IP address), MAC addresses, WiFi geolocations, and any other present or future data that could be used to identify an individual.

What Personal Information do we collect?

We collect only the personal information that is needed for the purposes of providing services to our clients. We normally collect information directly from the interacting party, whether it is client information about that client, or broker information about that broker. We may collect your information from other persons or organizations with your consent or as authorized by law.

The types and frequency of this collection are different depending on the service requested, and is broken down, below:

s01ve Broker Pipeline

s01ve collects some personal information for the purposes of opening and administering partner accounts, contracting for the delivery of services, administering warranties for goods and services provided, booking or maintaining appointments, providing customer service, administering insurance-based services or reviews, and to meet regulatory requirements. The specific information we collect to fulfill these obligations is as follows:

  • First/Last Name
  • Phone Number
  • Email
  • Payment information
  • Job Title
  • Employer Information
  • Insurance Policy Information
  • Insurance Claims History & Information

s01ve Website

The s01ve Website may collect non-identifying user metadata using cookies, for the purposes of market and traffic analytics. The data collected may include:

  • Browsing metadata
  • Rough geolocation
  • IP address

s01ve Cyber Service

To administer cybersecurity and Managed Service Provider (MSP) services, s01ve collects some personal information to open and administer client accounts, deliver contracted goods and services, provide warranties for goods and services, schedule or maintain appointments, follow up to determine client satisfaction, and to meet regulatory requirements. The specific information we collect to fulfill these obligations is as follows:

  • Job Title
  • First & Last Name
  • Employer/Employment History
  • Banking & Financial information
  • Insurance Status
  • IP address
  • Network information (including MAC Addresses, architecture)
  • Hardware information

s01ve Scan

The s01ve Scan only uses publicly available information to conduct its tasks, including names and business domains. This information may be paired with personal information at a later time, pending the establishment of a client relationship. Once paired with personal information, any information collected using the s01ve Scan will be protected and administered with the same regard for protection and security. The public information collected by the s01ve Scan is as follows:

  • First & Last Name
  • Email address
  • Business Domain
  • Corporate Information
  • Phone Number (Optional)

Consent

We inform our clients, before or at the time of collecting personal information, of the purposes for which we are collecting the information. However, we don’t provide this notification when a client, partner, or broker volunteers information for an obvious purpose (for example, producing a credit card for payment of a product or service when the information will only be used to process the payment).

We will ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use, or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent in a formalized way orally (in person or by telephone), in writing (by signing a consent form or waiver), or electronically (by clicking a button or applying a digital signature).

s01ve does not apply “opt-out” consent, and your personal information will only be disclosed to partners or third parties in order to facilitate the service for which s01ve was granted the personal information originally. We do not share client information with partners for the purposes of business development, marketing, or promotions without express consent from our clients.

A client may withdraw consent for s01ve to use and disclose their personal information at any time unless the personal information is necessary for us to fulfill our legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.

s01ve may collect, use, or disclose client personal information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health, or safety, or when the personal information is available in a public resource like a telephone directory.

Use and Disclosure

s01ve will use and disclose personal information only for the purposes for which the information was collected, except as authorized by law. For example, we may use client contact information to deliver goods. The law also allows us to use that contact information for the purpose of collecting a debt owed to our organization, should that be necessary.

As outlined in our consent policy, we will only use your personal information for a new business purpose after asking your express consent.

Information Safeguards

s01ve takes the protection of personal information very seriously, and uses a variety of technologies, processes, and policies to ensure that client personal information is protected against unauthorized or accidental release. Due to the nature of our business, we strive to exceed reasonable measures where possible.

  • Accordingly, s01ve employs many of the following as safeguards:
  • Least-Access Administrative privilege
  • Multi-Factor Authentication
  • Strong password enforcement
  • Segregated File Access (based on business need and security considerations)
  • Managed end-point security
  • Portable device encryption

We protect client personal information in a manner appropriate for the sensitivity of the information. With the safeguards above, we make every reasonable effort to protect personal information against loss, misuse, disclosure, or unauthorized access and modification.

s01ve is also committed to safeguarding your personal information against inaccuracy and incompleteness. We rely on our clients to notify us if there is a change to their personal information that may affect their relationship with s01ve. If you are aware of an error in our information about you, please let us know and we will correct it on request as soon as circumstances allow.

In some cases, s01ve may ask for a written request for correction.

Information Retention and Removal

The information collected by the s01ve Scan will be held indefinitely for as long as the client intends to do business with s01ve. Data collected by the s01ve Scan is not retained for individuals or organizations that do not wish to do business with s01ve. If a client ends their business relationship with s01ve, we will only retain the client information necessary to maintain any legacy accounting and administration until such time that all accounts are settled and closed, a period not exceeding six years from the last tax year of the client relationship.

We will notify the Office of the Information and Privacy Commissioner of Alberta, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals. This extends as well to any potential breach of any vendors or business partners of s01ve which operate outside of Canada.

s01ve may be required, from time to time, to conduct investigative work on behalf of clients. Records and results from investigative work are kept indefinitely in encrypted storage drives, duly segregated from s01ve’s day-to-day IT infrastructure, and/or in high-security storage if the records exist as physical copies.

At the expiry of a record’s useful period, or at the direction of a client, s01ve will render the information non-identifying by conducting one or more of the following:

  • Zeroing and overwriting a drive/drive partition on which the record was stored
  • Deleting any records which exist on a third-party platform
  • Physically destroying any portable or external media on which the record may have been stored
  • Cross-shredding any paper copies of personal information
  • Acrylic epoxy casting (plastic vitrification) any physical components which are unable to be destroyed, rendered non-identifying, or otherwise rendered harmless.

s01ve will select the appropriate choice of security measures when destroying client or partner personal records.

Access to Records

Clients of s01ve have the right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations are required under the Personal Information Protection Act (PIPA) to refuse to provide access to information that would reveal personal information about an individual. Organizations are authorized under the Act to refuse access to personal information if disclosure would reveal confidential business information. Access may also be refused if the information is privileged or contained in mediation records.

As required by law, s01ve may also refuse access to some personal records based on their relation to any past or ongoing contracted forensic investigations.

If s01ve refuses a request in whole or in part, we will provide the reasons for the refusal in writing. In some cases where exceptions to access apply, we may withhold information and provide you with the remainder of the record.

You may make a request for access to your personal information by writing to s01ve’s Privacy Officer. The Officer’s contact information is included within this policy. s01ve asks that you provide sufficient information in your request to allow us to identify the information you are seeking.

You may also ask request information about our use of your personal information and any disclosure of that information to persons outside our organization.

You may also request a correction of an error or omission in our records at any time.

s01ve will respond to all records requests within 45 calendar days, unless granted an extension. We may also charge a reasonable fee to provide information from our records, but not to make a correction. We will advise of any applicable fees before beginning to process your request.

Non-Canadian Vendors used by s01ve

s01ve uses the following vendors, of which all are headquartered in the United States:

  • Microsoft
  • ThriveDX
  • Comodo
  • HubSpot
  • Berla
  • Adobe
  • Asana

s01ve uses these vendors for the provision of a variety of services, including managing client and partner accounts, delivery of cybersecurity and MSP services, conducting investigative services, providing warranties for goods or services, notifying clients of results or updates to their service agreements, and meeting regulatory requirements.

Questions, Requests and Complaints

If you have a question or concern about any collection, use or disclosure of personal information by s01ve, or a request for access to your own personal information, please contact s01ve’s PIPA-mandated Privacy Officer in the first instance for service.

Information and Privacy Commissioner of Alberta

Office of the Information and Privacy Commissioner of Alberta

Suite 2460, 801 – 6 Avenue, SW

Calgary, AB T2P 3W2

Phone: (403) 297-2728

Toll Free: 1 (888) 878-4044

email: generalinfo@oipc.ab.ca

Website: www.oipc.ab.ca