One Arrow Consulting Inc. (referred to in this document as “OneArrow”, “we” or “us”) is a consultancy specializing in privacy, security, information governance and related fields. This Privacy Policy explains what Personal Information we collect, how we use, disclose and manage it, and how one may communicate with us if there are questions. Our management of employment-related personal information is governed by separate policies.
This Privacy Policy concerns “Personal Information” as that term is defined in applicable federal and provincial legislation. Such information generally means any information about an individual that is or can, without significant effort, be associated with that individual. OneArrow considers information that is excluded from the definition of Personal Information or which cannot be readily associated with an individual to be anonymized information and reserves the right to use such information as we consider appropriate.
Our collection of Personal Information generally occurs during a client engagement or in the administration or management of business-related activities. For example, we may collect information during a person’s use of our website or social media properties.
We usually collect personal information directly from the person to whom the information pertains but may also do so from other sources. This happens only in conformity with applicable personal information protection laws. We limit the collection of Personal Information to what is reasonably required for our purposes.
Our use of Personal Information is for the following uses or purposes:
Generally, we will identify the purpose for which Personal Information will be used or disclosed at or before the time the information is collected. If we wish to use Personal Information for a new purpose, we will obtain consent prior to such use, if required.
Our use of Personal Information is limited to the purposes described in this Policy or consistent purposes.
Our Sharing of Personal information
We may share personal information with other organizations outside of OneArrow that help us provide our programs, products or services or help us with our business operations. These other organizations may include providers in co-venture activities, sub-contractors, payment processors, organizations that help us improve our programs, products and services as well as our business and technology systems, procedures and infrastructure.
Service Providers. Where OneArrow discloses Personal Information to such service providers or suppliers, we limit their use of such information to those purposes requested by us and we require that they have appropriate safeguards for the protection of that Personal Information.
Mergers & Acquisitions. From time to time, OneArrow may decide to sell or transfer all or part of a business to a related company or to a third party, to merge with another entity, to insure or securitize its assets, or to engage in another form of corporate transaction. Personal Information may be disclosed to others involved in the transaction, including affiliates or advisors, both as part of due diligence and on completion of the transaction. We will require Personal Information being kept confidential.
Similarly, a business unit may be sold or a co-venturer may cease its relationship with us, and that business unit or co-venturer may continue to provide a program, product or service, separately from OneArrow. If this occurs, Personal Information may continue to be used by that unit or co-venturer to offer or provide that program, product or service, or a replacement program, product or service.
OneArrow does not otherwise sell, trade or disclose for financial or other consideration any Personal Information.
Consent
OneArrow will not collect Personal Information without first obtaining the consent of the individual concerned or unless permitted by law. We will seek consent to use and disclose Personal Information after it has been collected in those cases where we wish to use the information for a new or different purpose and consent is required.
Unless we require an express consent from an individual, by providing Personal Information to OneArrow, an individual agrees and consents that we may collect, use, disclose or otherwise process their Personal Information in accordance with this Privacy Policy.
Withdrawal of Consent. Generally, an individual may withdraw their consent and may do so for example, where that person had previously consented to receive information about programs, products, services offered by OneArrow, co-venturers or parties with whom we have a business relationship.
However, because of legal, regulatory or contractual requirements, there may be circumstances where an individual cannot withdraw their consent to the collection, use or disclosure of their Personal Information.
If consent is withdrawn, we will inform the person concerned of any consequences in doing so to help you make an informed decision. For example, a refusal to provide Personal Information, may prevent us from providing certain programs, products or services.
Please note that even if consent to receive marketing communications is withdrawn, we may still contact individuals for certain purposes that are necessary for the management of our businesses or as required by law.
No consent required. Canadian law permits or requires the use or disclosure of Personal Information without consent in specific circumstances. These circumstances include situations when required by law or necessary to protect OneArrow, our employees, our clients, or others. Where obliged or permitted to disclose Personal Information without consent, OneArrow will not disclose more information than is required.
OneArrow strives to maintain appropriate physical, procedural and technical safeguards with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information in our custody. Our safeguards also apply to our disposal or destruction of such information.
We also try to ensure that any Personal Information in our custody is as accurate, current and complete as necessary for the purposes for which we use that information.
Personal Information may be used, accessed, or stored in servers both in and outside of Canada, including in the United States. Please note that when Personal Information is outside of Canada, it is subject to the laws of jurisdiction where it is located.
We actively retain Personal Information for as long as it is required for business purposes or as required by federal and provincial laws. When this period ends, Personal Information is scheduled for destruction according to our record retention policies. Depending on the nature of the information and the purpose for which it was collected, this length of time may vary.
OneArrow provides a reasonable right of access and review and will attempt to provide the Personal Information in question within a reasonable time. An individual making an access request will be asked for identification so that we may verify their identity before providing them with Personal Information. If documents are required in an alternative format, we will make reasonable efforts to provide the Personal Information in that format. If there will be charges for us to retrieve and provide you with specific information, we will advise of the charges and obtain authorization before proceeding.
OneArrow may decline access to Personal Information in certain circumstances. These include where the information requested would reveal confidential information or personal information about someone else, or if we are permitted or prohibited by legal or regulatory requirements from disclosing such information.
If an individual has any concern about how OneArrow treats their Personal Information, please contact:
Privacy Office
One Arrow Consulting Inc.
If OneArrow is unable to resolve the matter to satisfaction, you may bring it to the attention of Office of the Privacy Commissioner of Canada or those privacy authorities in British Columbia, Alberta or Québec.
Contact OneArrow today to partner with experts who will expertly manage your ransomware challenges with precision and discretion.
Let us guide you through the crisis so you can focus on running your business.
Get in Touch Now