Privacy Policy

Napkyn Inc. (“Napkyn”, “we” or “us”) is committed to protecting your privacy and confidentiality in accordance with its obligations under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the applicable provincial privacy legislation to the extent that they apply to Napkyn.

This Privacy Policy (the “Policy”) explains how we will collect, use and disclose your Personal Information. We urge you to read the Policy carefully in order to gain a clear understanding of how Napkyn may collect, use or disclose your Personal Information in the course of your use of our products, services and website. By registering for and using our website (www.napkyn.com), you agree to the terms of this Policy. This Policy covers the following:

  1. What is Personal Information?
  2. How do we obtain your consent to collect, use and disclose your Personal Information?
  3. What Personal Information do we collect?
  4. Why do we collect your Personal Information?
  5. How do we collect your Personal Information?
  6. How do we use your Personal Information?
  7. When may we disclose your Personal Information?\
  8. How do we use cookies and similar technologies?
  9. How can you access or correct any inaccuracies in your Personal Information?
  10. How do we protect your Personal Information?
  11. Links to other websites
  12. Resolving your privacy concerns
  13. Changes to this Policy

In the delivery of the Service, Napkyn complies with the following principles set out in Schedule I to PIPEDA:

Principle 4.1 (Accountability) – An organization is responsible for personal information under its control and must designate an individual responsible for compliance with PIPEDA;

Principle 4.2 (Identifying Purposes) – An organization must specify why it is collecting personal information, and such purposes must be identified at or before the information is collected;

Principle 4.3 (Consent) – An organization must obtain an individual’s consent for the collection of personal information and subsequent use and disclosure;

Principle 4.4 (Limiting Collection) – An organization must limit the collection of information to that which is necessary for the identified purposes;

Principle 4.5 (Limiting Use, Disclosure, and Retention) – An organization must not use or disclose personal information for a purpose other than for which it was collected, except with the consent of the individual or where required or permitted by law;

Principle 4.6 (Accuracy) – An organization must ensure that personal information it maintains is accurate, complete, and up to date;

Principle 4.7 (Safeguards) – An organization must take appropriate safeguards to protect personal information;

Principle 4.8 (Openness) – An organization must be open about its policies and practices;

Principle 4.9 (Individual Access) – An organization must provide individuals with a right of access to their personal information, subject to certain restrictions as set out in PIPEDA; and

Principle 4.10 (Challenging Compliance) – An organization must advise individuals of its complaint procedures.

1. What is Personal Information?

Personal Information” means any information, recorded in any form, about an identified individual or an individual whose identity may be inferred or determined from such information, other than business contact information (e.g. name, title, business address).

This Policy does not cover aggregated data from which the identity of an individual cannot be determined. Napkyn retains the right to use aggregated data in any way that it determines appropriate.

2. How do we obtain your consent to collect, use and disclose your Personal Information?

We will not collect any of your Personal Information without obtaining your consent prior to the collection of the information. By using this site or by providing us with your Personal Information over the telephone, by email, in writing, by fax or in person, you provide your consent for Napkyn to collect, use, disclose and store your Personal Information in accordance with the terms of this Policy.

Withdrawing your Consent

In most cases and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent to the collection, use or disclosure by Napkyn of your Personal Information at any time upon reasonable, advance notice to Napkyn. However, the withdrawal of your consent is not retroactive. It should be noted that in certain circumstances, our products or services can only be offered if you provide us with your Personal Information. Consequently, if you choose not provide us with the required Personal Information, we may not be able to offer you the use of this site, or other products or services. We will inform you of the consequences of the withdrawal of consent. Notwithstanding anything in this Policy, we may, from time to time, seek consent from you to use and disclose your Personal Information collected for a purpose other than the purposes set out herein.

If you provide us with the Personal Information of other individuals, you are responsible for obtaining the consent of the individuals from whom you collect any Personal Information at the time of collection in accordance with all applicable privacy laws.

3. What Personal Information do we collect?

We collect the following types of information from you: name, position, company, email address and telephone number.

We may also collect non-personally identifiable information about your use of our website, or your responses to e-mails, newsletters, or promotional or other informational communications from Napkyn.

4. Why do we collect Personal Information?

We collect your Personal Information in order to provide you with our products and services, as well as communicate with you about our products, services or website and answer any questions you may have or provide further information.

5. How do we collect your Personal Information?

Napkyn only collects Personal Information for purposes that would be considered reasonable in the circumstances and only such information as is required for the purposes of providing our products, services or website. We use only fair and lawful methods to collect Personal Information.

Unless permitted by law, no Personal Information is collected, without first obtaining the consent of the individual concerned to the collection, use and disclosure of that information. However, we may seek consent to use and disclose Personal Information after it has been collected in those cases where we wish to use the information for a new or different purpose where the individual concerned has not already consented to such a use of their personal information.

6. How do we use your Personal Information?

We use the information we collect to enable to you to use our site and to respond to your questions. We also use it to provide a better user experience and to continue improving the quality of our site. We may use Personal Information and other information to communicate with you about our products and services, including updates, newsletters or surveys, or to deliver content that may be of interest to you. We only use aggregate information for analytics or marketing purposes.

We also use the information we collect to ensure that our products and services remain functioning and secure, or to investigate, prevent or act on any illegal activities or violations of the Terms of Service. Our use of Personal Information is limited to the purposes described in this Policy and Napkyn does not otherwise sell, trade, barter, exchange or disclose for consideration any Personal Information it has obtained.

7. When may we disclose your Personal Information?

We use MailChimp to mail you electronic communications such as newsletters or blog updates, if you subscribe to receive such communications from us. Napkyn has no control over the privacy practices of MailChimp. Please consult the terms of MailChimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/.

We also Google Analytics 360 Suite for marketing purposes and to improve your customer experience. Napkyn has no control over the privacy practices of Google. Please consult the terms of Google’s Privacy Policy here: https://www.google.com/intl/en/policies/privacy/.

Napkyn may also disclose your Personal Information to:

  1. individuals or organizations who are our advisers or service providers; and
  2. individuals or organizations who are, or may be, involved in maintaining, reviewing and developing our systems, procedures and infrastructure including testing or upgrading our computer systems.

(i) Third Party Service Providers or Contractors

Napkyn contracts with third party service providers to provide support services required for the provision of our products and services.

Where Napkyn transfers Personal Information to service providers or contractors that perform services on its behalf, we will require those third parties to use such information solely for the purposes of providing services to Napkyn or our users, and to have appropriate safeguards for the protection of that Personal Information. Sharing of information with third party service providers and contractors will occur only after those entities have entered into a confidentiality agreement that:

  1. prohibits them from using, allowing access to, or disclosing your Personal Information to any other party (unless required to do so by law); and
  2. requires them to have appropriate protections in place to ensure the ongoing confidentiality of your Personal Information.

(ii) Cross Border Transfer of Information

Napkyn may transfer personal information to a service provider which is located in the United States where privacy laws may offer different levels of protection from those in Canada. Your personal information may also be subject to access by and disclosure to law enforcement agencies under the applicable U.S. legislation.

(iii) Where Disclosure can be made Without Consent

Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted or where Napkyn is obliged to disclose information without consent. Such circumstances may include:

  1. where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
  2. where Napkyn believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
  3. where it is necessary to permit Napkyn to pursue available remedies or limit any damages that we may sustain;
  4. where the information is public as permitted by law;
  5. where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
  6. where it is necessary for the purpose of a prospective business transaction if the information is necessary to determine whether to proceed with the transaction or to complete the transaction, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction. A “business transaction” includes:
    1. the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
    2. the merger or amalgamation of two or more organizations;
    3. the making of a loan or provision of other financing to an organization or a part of an organization;
    4. the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
    5. the lease or licensing of any of an organization’s assets; and
    6. any other prescribed arrangement between two or more organizations to conduct a business activity.

Where obliged or permitted to disclose information without consent, Napkyn will not disclose more information than is required.

8. How do we use cookies and similar technologies?

Cookies

We use cookies, which are small data files that are saved to your device when you visit our website. The cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

  1. Type of cookies we use: We may use both session cookies and persistent cookies. A session cookie is a temporary file which is only active while you are on the website and is erased once you close your browser. Unlike a session cookie, a persistent cookie is not deleted when you close your browser and will remain on your device indefinitely. We use cookies to identify when you return to our website, save login information (excluding passwords), track usage statistics, and store your preferences. We also use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
  2. Adjusting cookie settings on your browser: By default, most browsers will automatically accept cookies. However, you can disable cookies completely, or be prompted prior to a cookie being loaded, by adjusting your browser’s settings. Consult each individual browser’s “help” feature for more information.

Web Beacons

Web beacons are small graphic images or other programming code (also known as “web bugs”, “1×1 GIFs” or “clear GIFs”) used to keep track of your navigation through the website and your electronic communication with us. We may include web beacons in our web pages and email messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or email can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes including, without limitation, to count visitors to our website, to monitor how users navigate the website, to count how many emails that were sent were actually opened, or to count how many particular articles or links were actually viewed. Web beacons may be used to collect certain personal information (for example, the email address associated with an email message).

Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.

9. How can you access or correct any inaccuracies in your Personal Information?

Napkyn endeavors to ensure that any Personal Information provided and in its possession is as accurate, current and complete as necessary for the purposes for which we use that information. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use its best efforts to inform third party service providers or contractors which were provided with inaccurate information so that those third parties may also correct their records.

Napkyn permits the reasonable right of access and review of Personal Information held by us about an individual and will endeavour to provide the information in question within a reasonable time, generally no later than 30 days following the request. To guard against fraudulent requests for access, we may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.

We will provide information from our records in a form that is easy to understand. Napkyn reserves the right not to change any Personal Information but will append any alternative text the individual concerned believes to be appropriate.

Napkyn will not charge you for verifying or correcting your information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.

We keep your Personal Information only as long as it is required for the reasons it was collected. The length of time we retain information varies, depending on the purpose for which it was collected and the nature of the information. This period may extend beyond the end of your relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date.

When your Personal Information is no longer required for Napkyn’s purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form.

10. How do we protect your Personal Information?

Napkyn endeavours to maintain appropriate physical, procedural and technical security with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information. This also applies to our disposal or destruction of Personal Information. Napkyn further protects Personal Information by restricting access to it to those employees that require access to the information in order that we may provide our Service.

If any officer, employee or volunteer of Napkyn misuses Personal Information, this will be considered as a serious offence for which disciplinary action may be taken, up to and including termination of employment/volunteer contract. If any third party individual or organization misuses Personal Information obtained solely for the purpose of providing services to Napkyn, this will be considered a serious issue for which action may be taken, up to and including termination of any agreement between Napkyn and that individual or organization.

A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving Personal Information under our control, we will notify you and the Privacy Commissioner of Canada if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.

11. Links to other websites

Napkyn may provide links to, or automatically produce search results for third-party websites or resources or third-party information referencing or linking to third-party websites or resources. Napkyn has no control over such third-party websites and resources, and you acknowledge and agree that Napkyn is not responsible for the content or information contained therein. When you follow such a link, you are no longer protected by our Privacy Policy, and we encourage you to read the privacy statements or other disclaimers of such other parties. Napkyn is not responsible for the privacy or security practices or the content of non-Napkyn websites, services or products.

Napkyn cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. Napkyn is not responsible for the privacy or security practices does not endorse the content or information of any third-party Web site or resource and, further, Napkyn does not warrant that such Web sites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of Napkyn’s systems or websites to search for or link to a third-party website, you agree and understand that Napkyn shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with your use of, or reliance on, Napkyn to obtain search results or to link to a third-party Web site.

12. Resolving your privacy concerns

In the event of questions about: (i) access to your Personal Information; (ii) our collection, use, management or disclosure of Personal Information; or (iii) this Policy; please contact Napkyn’s Privacy Officer by sending an e-mail to privacy@napkyn.com.

Napkyn will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue.

13. Changes to this Privacy Policy

Napkyn will update this Policy from time to time if our practices change or if the law requires changes to it. We will post any Policy changes on this page, and, if the changes are significant, we will provide a more prominent notice and a summary of the relevant changes at the top of the page. You should review this policy regularly for changes, and can easily see if changes have been made by checking the Effective Date below.

If you do not agree to the terms of this Policy or any other Napkyn policy, agreement, or disclaimer, you should exit the site and cease use of all Napkyn products and services immediately. Your continued use of our products and services following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy.

Effective Date: This Privacy Policy was last updated on February 9, 2017.

OTT_LAW\ 7129571\2