CaelumOne Privacy Policy

Protecting our customers’ personal, private, and confidential information that might be shared with us is of utmost importance to CaelumOne Solutions Corporation (“CaelumOne”, “us” and/or “we”). Given that customers entrust us with their very personal financial and other details, we take every possible step to ensure that information is protected.

This policy provides details about our program for ensuring the privacy of information provided to CaelumOne Solutions Corporation including the types of information we collect about you, how we utilize this information, and the methods we use to safeguard the information. Unless we have specifically stated otherwise herein, this policy applies to personal information, without regard as to the location from where it was provided, and is intended to be compliant with the seven Safe Harbor Principles applicable to personal information received from the European Union (“EU”) pursuant to EU Directive 95/46/EC on the protection of personal data.

Details and Definitions

These principles require a receiver of personal information to provide:

  1. Notice – Individuals must be informed that their data is being collected and about how it will be used.
  2. Choice – Individuals must have the ability to opt-out of the collection and forward transfer of the data to third parties.
  3. Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  4. Security – Reasonable efforts must be made to prevent loss of collected information.
  5. Data Integrity – Data must be relevant and reliable for the purpose it was collected for.
  6. Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  7. Enforcement – There must be effective means of enforcing these rules.

By utilizing any service provider that identifies CaelumOne as one of its service partners (“Partners”), you expressly consent to the collection and use of your Personal Information in accordance with the terms of this privacy policy. While we may process your Personal Information in the country of origin, we may also process it in other locations, in particular in our home territory of Canada.

1. What Do We Process?

This Privacy Statement applies to all Personal Information which you give to us and / or which we collect automatically from you, either via our site and / or our services and / or which we receive about you from third parties.

For purposes of this Privacy Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household.

Information we collect from you and use when you use our sites and / or our services and interact with us.

In the course of operating our business and our sites and delivering our products and services, we collect Personal Information that you provide to us by completing forms on our sites such as requests for quotes or online applications for free trials of our products / services. We also collect Personal Information when you purchase a product / service via our sites or by other means such as telephone or email. This Personal Information may include your name, email address, phone number, company name, job title, job role, country, city, province/state/parish (or similar designation) and IP address.

We use this Personal Information for typical business and commercial purposes (including providing and improving our products and services, marketing, compliance with legal obligations and use for auditing, security, and anti-fraud purposes) and as described more specifically below.

2. Collection of Personal Information

We and our third-party partners, including analytics providers, may automatically collect categories of Personal Information using cookies and similar technologies when you use our sites and emails. For more information about our use of cookies, please see our Cookie Statement. We use this information to provide and improve our products and services, tailor your experience on the sites and our marketing efforts, and create aggregate internal reports on site usage activity, such as views of certain pages as content.

We de-identify or aggregate data we receive and may use and disclose it for any business purpose. De-identified data is data that has had identifiable elements removed, and cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual. Aggregate data relates to a group or category of individuals, from which individual identities have been removed.

We receive Personal Information relating to your activity with our sites, including IP addresses, search terms, basic technical usage data (i.e., browser type and/or versions, OS type, platform type (e.g., mobile device browser, mobile app, etc.)), pages viewed, web page entry (URL page landed on), source of traffic (i.e., direct, organic, paid advertising etc.), from third party systems used to operate our sites, third party data providers and third party search engines related to your search activity, which we use to improve our products and services and tailor our marketing efforts.

3. Reason for Collection of Personal Data

CaelumOne Solutions Corporation collects your Personal Information only where it is necessary for us to provide services to you or to our Partners, as set out above. This information will be collected only as required to provide such services, and no additional information will be collected or utilized at any time, including any other sensitive personal information not directly related to the Services.

4. Use of Personal Information

We acknowledge and agree that we will not, at any time, collect or use Personal Information howsoever provided from any location, including but not necessarily limited to users in the EU, for any purpose that has not otherwise been disclosed in this privacy policy unless the supplier has received notice and has an opportunity to exercise his or her choice (as further described below) with respect to the provision and use of such Personal Information.

Users Located in the European Economic Areas, United Kingdom, or Switzerland (Collectively the “EEA”)

Obligation to Provide Personal Information and Automated Decision-Making.  Individuals in the EEA (“EEA Individuals”) are not required by statute or by contract to provide Personal Information. We will not use an EEA Individual’s Personal Information submitted through the site or services for automated decision-making, including for profiling, that produces legal effects or similarly significantly affects an EEA Individual Data Retention.

We retain the Personal Information as stated in the Data Retention section below. You may request that we delete your Personal Information as described in this Privacy Statement.

  • The disclosure of Personal Information to a non-agent third party for any reason not disclosed in this privacy policy to a non-agent third party for any reason not disclosed in this policy; and
  • Our use of such user’s Personal Information for a purpose other than the purposes disclosed in this privacy policy, and ancillary but different purpose, or a purpose subsequently authorized by the user. CaelumOne will provide users with reasonable means to exercise their ability to choose in the event of such circumstances arising.

5. Sharing and Distribution of Personal Information

As part of our commitment to providing the utmost protection of your Personal Information, we will not, under any circumstances, rent, loan, or sell your Personal Information or any portion thereof in any capacity or for any reason. Your Personal Information is only exchanged between us and our Partners as required to facilitate the provision of the Services, and we only exchange such information with Partners that uphold same commitment to protecting your Personal Information as we do. We do not work with Partners who are not willing to uphold the same standards of protection that we observe ourselves.

We may in the future utilize certain online interactions for support services that will require you to login with a specific user ID and/or email address. In the event these services are provided by a third party, any information you provide may be retained by them only as required to provide support services and your Personal Information will at all times be retained exclusively by us.

We may be required to provide your Personal Information by an act of law, court order, or otherwise by an entity with the power to compel such disclosure by us. Otherwise, this information will not be provided to anyone by us on a voluntary basis.

You have a right to know what Personal Information we have collected about you. If at any time you wish to know what Personal Information we have in our database, please contact our privacy officer as set out in Article IX (b) herein with your request.

6. Cookies

CaelumOne Solutions Corporation and our Partners use a variety of e-commerce technologies on their respective websites to perform a variety of functions, primarily to understand how our sites are used and to facilitate the user experience.

Cookies” are used to collect non-specific, non-Personal Information that allows us to increase the functionality of our website. These “cookies” are simple text files delivered to your Web browser and stored on your computer, but do not contain nor do they provide us with any Personal Information.

You may choose not to store “cookieson your computer by changing the privacy settings on your web browser or on your computer. Rejecting “cookies” may alter your experience in using our website or those of our Partners, and prevent you from being able to do so altogether.

We also may gather and analyze non-specific information about the general traffic visiting our website or those of our partners. The log files associated with this information are anonymous, not associated with the account of any specific user, and do not contain any Personal Information.

7. Use by Third Parties

CaelumOne Solutions Corporation does not share your Personal Information with anyone other than as generally described below.

From time to time, we may share some or all of your Personal Information with a parent company or subsidiary of CaelumOne, joint venture partner, or other entity with a similar shared ownership to that of CaelumOne. All such entities will be required to honour the terms of this privacy policy. If CaelumOne is sold to or a controlling interest acquired by another company, then that company will possess your Personal Information and will assume all rights and obligations of this privacy policy.

If at any time you leave our website or any site operated by one of our Partners, the terms and conditions of this privacy policy no longer apply and your disclosure of Personal Information will be subject to the terms of that site owner’s privacy policy, which may differ materially from those herein.

8. How We Contact You

We may contact you through any of the methods you provide to us, primarily via email and telephone, though letter mail may also be appropriate in certain circumstances.

You may inform us at any time if you do not wish to be contacted via any particular method for unwanted solicitations. However, transactional confirmations and details pertaining to your account will still be provided to you in accordance with principles of business efficacy or as may otherwise be required by law.

9. Changing Your Personal Information

We take great care in not only protecting your Personal Information, but also in ensuring that it is used only for the purposes for which it was provided to us.

In order to provide the best possible service to you, we encourage you to contact us at any time to update your Personal Information whenever it changes. You may contact us via email or telephone using the information found on the website that this privacy policy has been posted to. At the time of the drafting of this policy, the appropriate contact details are via our compliance officers:

CaelumOne Solutions Corporation
Telephone: +1 (705) 293-3095
Email: privacy@caelumone.com
Letter Mail: 114 Kirby Avenue, Collingwood, ON L9Y 4C5

You will be asked appropriate security questions in order to verify your identity and that we are speaking to the original provider of the Personal Information only.

We will use our best efforts to update your Personal Information as quickly as possible, but in no event will it take longer than fourteen (14) days to do so.

Personal Information received from the EU will only be retained for a period of time as necessary to accomplish our legitimate business purposes or as otherwise may be required by applicable local, national or international law.

10. Methods of Protecting Your Personal Data

  • CaelumOne utilizes the most up-to-date data protection methodologies available to us in order to protect against unauthorized access, loss, misappropriation or misuse of your Personal Information as it is stored in our database. We have implemented a series of internal and external procedures that are required to be adhered to by any of our staff or contractors in order to access any Personal Information.
  •  Our website, as well as those of our Partners, is tested regularly to ensure compliance with this policy as well as to ensure security measures have been maintained.
  • All employees and contractors working for or with CaelumOne are restricted in their access to production databases through the use of firewalls (at the drafting of this policy Shorewall Firewall).
  • Any technical support or developmental workers that may need access to Personal Information are required to execute a comprehensive non-disclosure and confidentiality agreement and are only provided access to Personal Information on a strictly “need to know” basis, if at all.
  • We protect the transfer and delivery of, and access to, Personal Information through 128-bit SSL encryption for all traffic across the network. We use the following encryption solutions throughout the application and its environments:
  • Cipher Modes
    • ecb The cipher output is used directly.
    • cbc-plain The cipher is operated in CBC mode. The CBC chaining is cut every sector, and reinitialised with the sector number as initial vector (converted to 32-bit and to little-endian). This mode is specified in [Fru05b], Chapter 4.
    • cbc-essiv:{hash} The cipher is operated in ESSIV mode using hash for generating the IV key for the original key. For instance, when using sha256 as hash, the cipher mode spec is “cbcessiv:sha256”. ESSIV is specified in [Fru05b], Chapter 4.
    • xts-plain64 plain64 is 64-bit version of plain initial vector
  • Hash Specifications
  • At drafting of this policy we utilize Microsoft Defender and ClamAV to ensure a virus-free operating environment for both incoming and outbound data transfers.
  • Our solution can be located on premise or in a private or public cloud environment. If we host the environment for a client here in Canada, we would recommend the servers be located at the Microsoft Azure Canada Central, located in Toronto, Ontario. All data is backed up in two ways: nightly, using Microsoft Servers in production server rack, and again weekly, using the Microsoft Azure Back-Up within the data center, but not in the same physical server rack as the hardware used for the nightly backup.
  • We also maintain procedures to protect against outages and to ensure data recovery: Virtual Server Failure – PostgreSQL Version 14.2 servers are virtualized to failover in real-time on same physical install, and in the event of a physical server failure, one redundant physical server is available to failover to with manual cold reboot.
  • We also maintain procedures to protect against outages and to ensure data recovery: Virtual Server Failure – PostgreSQL Version 14.2 servers are virtualized to fail over in real time on same physical install, and in the event of a physical server failure, one redundant physical server is available to fail over to with manual cold reboot.
  • CaelumOne Solutions Corporation does not retain any of your Personal Information in hard copy at any time for any reason.
  • We will undertake regular reviews of our privacy policies and procedures to ensure adherence to its principles and those of EU Directive 95/46/EC. Any EU-based user who has a complaint regarding the processing of his or her Personal Information should contact our compliance officer at the address set forth in Article IX (b).
  • Notwithstanding that we believe we take every reasonable precaution to ensure the safety of your Personal Information, we cannot absolutely guarantee the security of your Personal Information.

11. Changes to This Privacy Policy

We reserve the right to make changes to this privacy policy at any time. As a result, we encourage you to review it regularly to ensure that you understand and agree with the manner in which we will collect, protect, and disclose your Personal Information. The most recent date that the policy has been changed will be noted on the link for the policy, and we will post notice of any material changes to the policy on our home page. We may also contact you directly to alert you to any such changes.

12. Acknowledgement and Acceptance of This Privacy Policy

We reserve the right to make changes to this privacy policy at any time. As a result, we encourage you to review it regularly to ensure that you understand and agree with the manner in which we will collect, protect, and disclose your Personal Information. The most recent date that the policy has been changed will be noted on the link for the policy, and we will post notice of any material changes to the policy on our home page. We may also contact you directly to alert you to any such changes.

13. Effective Date

This Privacy Policy was last updated on April 7, 2022.