Privacy Policy


LAST UPDATED ON: June 1, 2017

1. AGREEMENT TO BE BOUND. Concept Interactive Inc. and its subsidiaries and affiliates (collectively “Concept”) recognize and respect the importance of privacy and the sensitivity of personal information. This Privacy Policy describes and governs how Concept collects, holds, stores, uses and manages personal information of individuals, including personally identifiable information, who access and use products, services, websites, platforms, portals, communication services, mobile services, databases, documentation, and software, present or future, associated with the Concept Suite Solution (collectively the “Services”) provided by or through Concept under the Customer Agreement between Concept and the Customer of Concept (“Customer”) under which the Customer’s “Service Users” (as that term is defined in the Customer Agreement between Concept and the Customer) have obtained or gained such access or use. Access or use of any of the Services by you, the Customer, or access or use of any of the Services by any party authorized or permitted by you (a Service User), shall constitute agreement by you the Customer on your own behalf and on behalf of your Service User to be bound by this Privacy Policy, as it may be amended.

2. AMENDMENTS TO PRIVACY POLICY. Concept may, in its sole and absolute discretion, amend this Privacy Policy at any time and from time to time by posting such amended Privacy Policy to the Customer’s portal provided by Concept. Such amended Privacy Policy shall be effective and binding as soon as it is posted, and any access or use of the Services by the Customer or Service Users after such posting constitutes agreement to and acceptance of the amended Privacy Policy. You the Customer are responsible for monitoring the posted Privacy Policy regularly for amendments that may impact you or your Service Users and for notifying your Service Users of such amended Privacy Policy.

3. CUSTOMER RESPONSIBLE FOR SERVICE USERS. The Customer, by permitting Service Users to access or use the Services, acknowledges and agrees that it is the Customer’s responsibility to ensure that all Service Users in relation to their access and use of the Services are aware of and in agreement and compliance with the terms of this Privacy Policy and to inform such Service Users that if any such Service User does not accept and agree to the terms of this Privacy Policy, the Customer may prevent such Service User from accessing and using the Services.

4. PRIVACY RIGHTS. All businesses in Canada engaged in commercial activities, including Concept, are required to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA, or the “Act”) and the Canadian Standards Association Model Code for the Protection of Personal Information, which it incorporates. The Act gives all individuals, including Service Users, rights concerning the privacy of their personal information. Personal information is any information that personally identifies an individual or from which an individual could be identified. This may include the individual’s name, address, telephone number, email address, profession or occupation, or other personally identifiable information.

5. SCOPE OF CONCEPT’S PRIVACY POLICY. This Privacy Policy applies to all products and Services provided by Concept under its Concept Suite Solution, except as follows:

(a) where there is a specific privacy policy or statement for a particular Concept product or service that supersedes or supplements this Privacy Policy;

(b) where Concept’s Services provide links to third-party applications, products, services, or websites. The Customer is responsible for advising its Service Users that by accessing those links, Service Users may leave Concept’s websites, platforms, or portals, and Concept has no control over such third party sites or their privacy practices, which may differ from Concept’s practices or Privacy Policy. Concept makes no endorsement or representations about third-party sites. The Customer is responsible for advising its Service Users that they are encouraged to review the privacy policy of any site they choose to interact with before allowing the collection and use of their personal information. The Customer is responsible for advising its Service Users that the personal information that Service Users choose to provide to or that is collected by third parties is not covered by this Privacy Policy; and

(c) where Concept’s Services involve cross-border products, processes, structures and systems and personal information of Service Users is transmitted across international borders. The Customer is responsible for advising its Service Users accordingly. Concept, as part of its Services, may also provide social media features that enable Service Users to share information on social networks and to interact with Concept or others on various social media sites. The Customer is responsible for advising its Service Users that use of these features by Service Users may result in the collection or sharing of their personal information with others, depending on the feature. The Customer is responsible for advising its Service Users that they are encouraged to review the privacy policies and settings on the social media sites with which Service Users interact to make sure Service Users understand the information that may be collected, used, and shared by those sites and that is not governed by this Privacy Policy.

6. PURPOSES FOR COLLECTION OF PERSONAL INFORMATION. Concept collects personal information only by lawful means and not in an intrusive way, primarily directly from the Service User through the Service User’s access and use of the Services, including Concept’s products, services, websites, platforms, portals, communication services, mobile services, databases and applications, but also through submission of online data and conversations or communications between the Customer or a Service User with a Concept representative. Concept collects, holds, stores, uses and manages personal information for the following purposes:

(a) to manage the relationship of the Customer with Concept and the interaction of the Customer and Service Users with Concept;

(b) to better serve the Customer and Service Users in their use of the Services;

(c) to provide products, services and maintenance and support to the Customer and Service Users;

(d) to inform the Customer and Service Users of new products and services;

(e) to prevent and detect security threats, fraud or other malicious activity;

(f) to improve and develop products, services and support including through quality control, research and data analysis activities;

(g) to assess and improve the performance and operation of Concept websites, platforms and portals;

(h) to process and respond to information requests or complaints made by the Customer or Service Users;

(i) to respond to product or service orders, activations, and registrations by the Customer or Service Users;

(j) to permit profile creation and user verification for online services for the Customer and Service Users; and

(k) to manage visits or browsing by the Customer or Service Users on Concept’s websites, platforms, or portals.

7. TYPES OF PERSONAL INFORMATION COLLECTED. Concept may collect, hold, store, use and manage the following types of personal information about Service Users:

(a) personal and business contact information, such as name, address, telephone number(s), email address(es), profession or occupation;

(b) in some cases, a Service User’s business contact information may be provided to Concept by a designated entity within the Service User’s business or enterprise (such as a member of the IT department) or by the Customer under which the Service User has obtained or gained access to or use of the Services;

(c) financial information, such as a Service User’s credit card or debit card details or other billing information;

(d) other unique information such as user IDs and passwords of a Service User, product functionality, product and service preferences, contact preferences, educational and employment background, and job interest data;

(e) geo-location data such as a Service User’s IP address or physical location when location based services are requested;

(f) details of the products and Services a Service User has used or enquired about, together with any additional information necessary to deliver those products and Services and to respond to enquiries; and

(g) any additional information relating to a Service User that a Service User from time to time provides directly to Concept through its websites, service centre or representatives, or indirectly through use of Concept’s Services, websites or online presence or otherwise. The Customer is responsible for cautioning its Service Users that if they post, comment, indicate interest or complaint, or share personal information, including photographs, to any public forum through a Concept or other website, platform or portal, or a social network, blog, or other such forum, Service Users should be aware that any information they submit can be read, viewed, collected, or used by other users of such forums, and could be used to contact or to send unsolicited messages to such Service Users, or for purposes that neither the Service Users nor Concept has control over. The Customer is responsible for cautioning its Service Users that Concept is not responsible for the personal information that Service Users choose to provide in these forums and such personal information is not covered by this Privacy Policy. The Customer is responsible for cautioning its Service Users that in addition to the information a Service User provides to Concept, Concept may also collect personal information during a Service User’s visit to a Concept website, platform or portal, or to a web-based application, or a website “powered by” another company on behalf of Concept, through automatic data collection tools, which may include web beacons, cookies, and embedded web links. These tools collect certain traffic information that a Service User’s browser sends to a website, such as the browser type and language, access times, and the address of the website from which the Service User arrived. Concept may also collect information about a Service User’s Internet Protocol (IP) address, unique device identifier, clickstream behavior (i.e., the pages viewed, the links accessed, and other actions taken in connection with Concept websites or “powered by” websites) and product information. Concept may also use automatic data collection tools in connection with certain emails and communications sent from Concept and therefore may collect information using these tools when a Service User opens the email or clicks on a link contained in the email. The Customer is responsible for also cautioning its Service Users that Concept may also collect information from publicly or commercially available sources that it deems credible. Such information may include a Service User’s name, address, email address, preferences, interests, and demographic/profile data. The information Concept collects from such public or commercial sources may be used along with the information Concept collects when a Service User visits Concept’s websites, platforms, or portals. For example, Concept may compare the geographic information acquired from commercial sources with the IP address collected by automatic data collection tools to derive a Service User’s general geographic area. Where Concept deems it necessary, Concept may also use information provided by a Service User or their employer, together with information from publicly available and other online and offline sources, to conduct due diligence checks on business contacts as part of Concept’s anti-corruption program. Concept may also collect information that is not personal information because it does not identify a particular individual. For example, this may include anonymous answers to surveys or aggregated information about how Service Users use Concept’s websites, platforms, portals or Services.

8. SHARING OF PERSONAL INFORMATION. Concept will not share, sell, rent or lease a Service User’s personal information to other non-Concept parties without such Service User’s permission or the Customer’s permission, as the case may be, which may be in writing, oral or in some cases implied through the Service User’s conduct with Concept, except as follows:

(a) to comply with any law, regulation, subpoena, or court order;

(b) to respond to duly authorized information requests of police and governmental authorities;

(c) to report any activity that it suspects violates any applicable laws to appropriate law enforcement agencies, regulators, or other appropriate third parties;

(d) to investigate, report and help prevent security threats, fraud or other illegal, malicious or inappropriate activity, including violations of this Privacy Policy or misuse of the Services;

(e) to enforce and/or protect the rights and properties of Concept, its subsidiaries and affiliates;

(f) to protect the rights or personal safety of Concept, its employees, and third parties on or using Concept property when allowed and in line with the requirements of applicable law;

(g) where Concept deems it necessary in relation to providing the Services to or for the Service User; and

(h) to service providers and suppliers retained by Concept to manage or support its business operations, provide professional services, deliver complete products, services and customer solutions and to assist Concept with marketing and communication initiatives. These providers and suppliers may be located anywhere in the world and may include, for example, providers of customer support and live-help, marketing and communications, hosting and IT service providers, email service providers, automated data processors, shipping agents, management and support of Concept websites, platforms or portals, and order fulfillment and delivery. Such service providers and suppliers are required by contract to keep confidential and secure the information received on behalf of Concept and may not use it for any purpose other than to carry out the services they are performing for Concept.

Concept may for strategic or other business reasons decide to sell, buy, merge or otherwise reorganize some or all of its business. Such transactions may necessarily involve the disclosure of personal information to prospective or actual purchasers, or the receipt of personal information from sellers. Concept will seek appropriate protection for personal information in these types of transactions.

9. ACCESS TO AND ACCURACY OF PERSONAL INFORMATION. Concept strives to keep a Service User’s personal information accurately recorded. Concept has implemented technology, management processes and policies to help maintain data accuracy. Concept provides Service Users with reasonable access and ability to review personal information provided to Concept. To protect a Service User’s privacy and security, Concept will also take reasonable steps to verify identity, such as requiring a password and user ID, before granting access to such Service User’s data. To view and change the personal information provided to Concept in relation to a Service User, the Service User must deal directly with the Customer through whom the personal information was provided. Where such personal information has been archived because it is no longer current, or where such personal information has already been deleted by Concept, Concept may refuse to take any further steps in relation to such personal information. Access to such information may also be denied where denial of access is required or authorized by applicable law, where the granting of access may have an unreasonable impact on the privacy of others, where Concept deems the request frivolous or vexatious, or where Concept is protecting its own rights and property.

10. KEEPING SERVICE USER’S PERSONAL INFORMATION SECURE. Concept takes seriously the trust the Customer places in Concept. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of personal information, Concept utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the personal information collected and processed. Concept retains personal information only as required or permitted by Canadian law and while Concept has a legitimate business purpose. When collecting or transferring sensitive personal information of Service Users, such as credit card information, Concept uses a variety of additional security technologies and procedures to help protect such personal information from unauthorized access, use, or disclosure. The personal information provided to Concept is stored on computer systems located in controlled Microsoft facilities to which there is limited access, but over which Concept has no control. Such facilities may or may not be in Canada. When Concept transmits highly confidential information (such as credit card numbers or passwords) over the internet, such information is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

11. CONTACTING CONCEPT AND HOW TO MAKE A COMPLAINT. Concept values the Customer’s opinions. If the Customer or any of its Service Users has comments or questions about Concept’s Privacy Policy, or any concerns or a complaint regarding Concept’s collection and use of Service Users’ personal information or data, or suspects a possible breach of privacy, the Customer is requested to send full details to the Concept Privacy Officer in writing at the address below. Concept will not accept communications directly from Service Users. Such comments, questions or complaints will be treated confidentially. A Concept representative will respond to the Customer within thirty (30) days after receipt of a question or complaint to address concerns and outline options regarding how they may be resolved. Concept’s goal is to ensure that complaints are resolved in a timely and appropriate manner.

Concept Interactive

Privacy Officer
55 King St W,
Kitchener, Ontario, Canada
N2G 4W1

Return to Top of Page