Radialpoint - Privacy Policy

The purpose of this document is to outline the privacy policies of Radialpoint Inc. ("Radialpoint"), in order to promote privacy and protect the personal information of all individuals who interact with Radialpoint, especially our customers and our personnel. The Policy reflects our commitment to comply with all applicable regulatory requirements and to demonstrate world leadership in privacy and data protection.

"Personal information" means information about an identifiable individual; i.e., any information that relates to a natural person or allows that person to be identified.

1. Scope and Application
The Radialpoint Privacy Policy applies to the operations of Radialpoint and its wholly owned subsidiaries, with respect to the collection, use, and disclosure of personal information. Radialpoint will use reasonable efforts, including contractual obligations, to ensure that its business partners also comply with this Policy with respect to personal information shared with them by Radialpoint.

The day-to-day application of the Radialpoint Privacy Policy is carried out through administrative procedures which apply in all activities. The major custodians of personal information at Radialpoint are customer support, people department, accounting department, information services, technical operations and marketing. Throughout the company, all employees are responsible to adhere to these administrative procedures, and to the principles of the Policy.

2. Applicable Legislation
This document sets out policies and procedures to support compliance with all relevant legislation, particularly the Personal Information Protection and Electronic Documents Act of Canada and Quebec's Act respecting the protection of personal information in the private sector. This Policy also supports compliance with the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, and the European Union Directive (95/46/EC) on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data.1

3. Principles of Fair Information Practices
In developing this Privacy Policy, Radialpoint strives to conform to the following principles found in the Personal Information Protection and Electronic Documents Act of Canada:

Accountability - The Chief Financial Officer is responsible for complying with measures that give effect to the principles stated in this Policy. The means of contacting the Chief Financial Officer in connection with this Policy is posted on the Company's Intranet and Internet sites. The Company maintains documentation and materials related to the policies and administrative procedures, and is responsible for training Radialpoint staff for compliance with this Policy.

Identifying Purposes - The purposes for which personal information are collected shall be specified at the latest at the time of collection. Where personal information is required at Radialpoint , the purposes, primary uses, accessibility, storage and retention periods shall be documented and the information accessible by the Chief Financial Officer.

Consent - Personal information will be collected with the knowledge and consent of the person concerned, and directly from them, in accordance with applicable law. On such rare occasions when it is necessary to collect information without knowledge and consent, a note will be posted in the subject file to that purpose, and efforts will be made to communicate with the individual to advise them of the information collection. No information will be communicated to third parties without the consent of the subject, except as required or permitted by law.

Limiting Collection - Radialpoint will only collect information that is necessary for the explicitly stated purpose. In order to ensure this, those responsible for the collection, use or disclosure of information must perform a necessity test for all aspects of the information life cycle. Any personal information provided to Radialpoint in excess of what is necessary is not retained for purpose.

Limiting Use, Disclosure and Retention - Personal information will not be used, made available or otherwise disclosed for purposes other than those specified, unless the consent of the individual is obtained or where Radialpoint is compelled by law to do otherwise. Radialpoint may use personal information if it has reasonable grounds to believe that the information could be useful in the investigation of a contravention of the laws of Canada, a province or a foreign jurisdiction, or of the policies and contractual obligations of Radialpoint. Radialpoint may also use the information when acting in an emergency situation that threatens the life, health or security of an individual or the protection of property. Such special uses of personal information without consent will be documented and accessible to the individual in accordance with the privacy laws of Canada and Quebec.

Personal information must not be kept for periods longer than are necessary to fulfill the identified purposes. It is the responsibility of all Radialpoint employees to implement retention schedules which minimize the storage of personal information. All retention schedules shall be based upon the following needs: administrative, legal, statistical and archival, and in the latter two cases, the information will be de-identified wherever feasible.

Accuracy - Radialpoint will ensure that the personal information it holds is as accurate as is necessary for the purposes stated. With respect to information that may not be current, we will corroborate with the person concerned, the personal information used in relation to a decision affecting the rights, benefits or status of an individual, before reaching the decision.

Safeguards - Radialpoint will put in place appropriate safeguards to protect against unauthorized access to personal information, as well as use, destruction and modification of data. Technical details are confidential.

Openness - The policies and procedures of Radialpoint with respect to the management of personal information are accessible to the public upon request to the Privacy Office, with the exception of certain aspects of our security systems.

Individual Access - Individuals have the right to obtain confirmation of whether or not Radialpoint has personal information relating to them, subject to applicable law. Individuals may request access to their own personal information, and Radialpoint will respond to the request no later than thirty days, in the format requested, subject to reasonable availability. While it is our policy not to charge for personal information, Radialpoint reserves the right to charge reasonable fees for onerous requests.

Challenging Compliance - Any individual may challenge the compliance of Radialpoint to any of the principles set forth in this Policy, and to its privacy procedures. The Chief Privacy Officer will investigate all challenges and attempt to resolve them. Individuals will be made aware of possible recourse that they might also have under applicable law and policy.

4. Accountability and Organization
The Chief Financial Officer (CFO) is accountable for this Privacy Policy and for its implementation in Radialpoint. The CFO is accountable to the Chief Executive Officer of the Company and his delegate. Every departmental manager is accountable for the information under his/her control, and for the policies and procedures under this Policy, for which he or she is responsible.

5. Access
Radialpoint encourages informal access to information by the concerned person in the regular course of business, but in no way wishes to substitute informal procedures in a manner that would deprive an individual of their rights under relevant law and policy. For instance, if an individual has applied for a job and neglected to keep relevant correspondence, the People Department in most cases would be happy to provide copies without a formal request being filed. When an individual wishes to access the personal information about them that is held by Radialpoint, they may either contact privacy@radialpoint.com, or write, fax, telephone or communicate through live chat with the Customer Service Department. Radialpoint will require positive identification from the applicant before communicating any personal information. All formal requests for access to information are forwarded to the Chief Financial Officer. The CFO will work with the Customer Service Department to fulfill requests from the public, and with the People Department to fulfill requests from staff and job applicants.

Customer Service staff have checklists which will help an individual identify where their personal information might be found, such as in webstore records, or Radialpoint Security Services software user logs. We strive to respond to requests for personal information in ten business days.

If an individual obtains personal information and wishes to contest its accuracy, he or she may request a change or deletion of certain items. This request will be routed to the office of the Chief Financial Officer. All reasonable requests will be honored, and in instances where the Chief Financial Officer determines that it is not appropriate to either change the information or delete the record, a notation will be added to the file explaining the case as represented by the individual. This notation will be sent to any parties that the individual deems should receive his/her comments.

Requests by individuals for their own personal information will be honored at no cost. Radialpoint does reserve the right, in exceptional circumstances where extensive information has been requested and which requires excessive time and effort, to charge the same rates as are charged under the Access to Information Act of Canada, and shall so inform the data subject before completing the request.

6. Complaints
If an individual is not satisfied with the results of an information request, or if the data subject is unsatisfied in any way with this Radialpoint Privacy Policy, with Radialpoint compliance with this Policy or with law, he or she may complain to the Office of the Chief Financial Officer for a review of the issue. The Chief Financial Officer will investigate all cases, conduct a review of the findings, and establish a dialogue with the individual to resolve the complaint. In cases where there are controversial issues, the CFO may establish an ad hoc committee to review the complaint, or with the permission of the individual, seek an outside mediator or consult privacy experts for independent opinions. All efforts will be made to resolve complaints internally.

7. Training
The Chief Financial Officer is responsible for training all Radialpoint staff in basic privacy awareness, this Privacy Policy, and all required procedures. Managers are responsible to ensure that their employees obtain the necessary training. The People Department, in collaboration with the Privacy Office, is responsible for maintaining the curriculum and delivering courses. Information packages are available on the Radialpoint Intranet which provide full instructions to staff in the privacy policies and procedures, as well as frequently asked questions.

8. Compliance
Compliance to the Radialpoint Privacy Policy is mandatory for all Radialpoint employees. Breach of such policies may result in disciplinary action, including termination of employment.

9. Forms
All forms used to gather information, advise on this Policy, inform individuals of their rights, as well as access and complaint procedures are available on the Radialpoint Intranet and Internet sites.

This version of the policy reflects the state of the aforementioned legislation as of April 1, 2001