Privacy Policy Personal Information

Definitions. The following capitalized terms have the following meanings and any capitalized terms that are not defined in this privacy policy have the meaning attributed to them in UIM's Client Service Agreement (the "Agreement"):

1. "Authorized Personnel" means employees, representatives and permitted subcontractors of UIM who require access to Personal Information for OWL to provide the products and services it is to provide under the Agreement;
2. "FIPPA" means the Freedom of Information and Protection of Privacy Act (Ontario) and the regulations made there under as amended from time to time;
3. "Personal Information" means information about an identifiable individual including without limitation, his or her gender, address, telephone number, and email address to which Workoptics has access under the Agreement for the provision of the Services; and
4. "Services" means collectively the products and services to be provided by UIM under the Agreement.

Relationship of the Parties. UIM acknowledges and agrees that:

1. Client is subject to FIPPA and FIPPA imposes legal obligations on the collection, use, disclosure and retention of Personal Information;
2. UIM is a third party service provider to Client;
3. the Services facilitate Client's ordinary operations; and
4. it will be necessary for the purpose and in the course of providing the Services, for UIM to access, use, hold and store Personal Information.

Ownership of Personal Information. Nothing in this Agreement provides UIM with any rights in or to, or control over Personal Information, other than the ability to access and use Personal Information as set out in this Agreement.

Restrictions Relating to Personal Information UIM shall:

1. only access and use Personal Information to the extent required to provide the Services and shall not access or use Personal Information or any information derived from Personal Information on its own behalf;
2. not disclose Personal Information, and for greater certainty, the provision of Personal Information by Workoptics to its Authorized Personnel constitutes a use rather than a disclosure of the Personal Information by Workoptics ; and
3. only permit access to Personal Information to Authorized Personnel who have received training in regard to UIM's obligations under this Schedule "C" and have agreed to perform their services in a manner that permits UIM to comply with this Schedule "C".

Notification of Client UIM shall immediately give Client written notice:

1. if it is made aware of any complaint, allegation or report, including an internal report, to the effect that the provision of the Services violates FIPPA and/or any other legislation that has data protection and/or privacy as a purpose;
2. upon becoming aware of the loss, theft, or unauthorized access, use (including downloading, copying or manipulating), disclosure or destruction of Personal Information;
3. upon becoming aware of any breach or attempted breach of the security of its technology, equipment or facilities that impacted, could reasonably have impacted, or could impact the security and/or integrity of Personal Information;
4. if it receives any privacy-related requests or complaints in relation to the Services;
5. if it receives any subpoena or order relating to Personal Information; and
6. if it fails to comply or anticipates that it will be unable to comply with this Schedule "C", provide a description of its non-compliance or anticipated non-compliance and the steps it proposes to take to address the non-compliance or prevent the anticipated non-compliance.

Logging: UIM shall to the extent reasonably practicable and in a manner that is practicable, maintain a record of Authorized User access to Personal Information which record shall include the name of the individual accessing the information and the date, time and duration of the access.

Audit: Workoptics shall permit and provide reasonable assistance with a visit, inspection and/or audit, by Client or a person appointed by Client for the purpose, at any time during regular business hours and on reasonable prior notice, of any location from which OWL accesses, uses and/or stores Personal Information, including at Client's discretion, an examination of equipment used and records maintained in connection therewith (and making copies of such records), interviewing UIM personnel (including any subcontractors and suppliers), and otherwise auditing and verifying, both physically and electronically, Workoptics 's compliance with this Schedule "C". Notwithstanding the preceding, Client shall have no duty to make any such visit, inspection, or audit, shall not incur any liability or obligation by reason of doing or not doing so and shall treat information obtained through such visit, inspection or audit as confidential information of Workoptics in accordance of the confidentiality provisions of the Agreement.

Assistance with Inquiries, Complaints, Proceedings. At Client's request, acting reasonably, UIM shall:

1. assist Client to investigate and/or respond to any inquiry, investigation or complaint with respect to Personal Information, including an inquiry or investigation by a privacy regulatory authority;
2. cooperate with Client in regard to any regulatory or court proceedings arising out of a complaint relating to Personal Information, including obtaining the attendance of witnesses; and
3. provide information and assistance to Client, acting reasonably, that Client requires for assessments relating to the Services, including without limitation, privacy impact assessments and threat risk assessments.

Requests for Access and Correction. UIM shall direct any requests it receives for access to or the correction of Personal Information to Client.

Security. UIM shall:

1. segregate Personal Information from other data held by UIM ;
2. maintain appropriate access controls to facilities, equipment, applications and other software and systems used in connection with Personal Information;
3. periodically review and update where appropriate its security safeguards;
4. ensure that any permitted subcontractor it retains to assist it in providing the Services agrees to comply with these privacy terms and conditions;
5. take reasonable steps, including the application of appropriate sanctions, to ensure Authorized Personnel performs its service in compliance with Section 4(c) above;
6. terminate Authorized Personnel access to Personal Information immediately upon termination of their employment or affiliation with UIM ; and
7. not, and hereby forever waives any and all right to, withhold any Personal Information from Client to enforce any dispute relating to the terms of the Agreement or any other matter between UIM and Client, including a dispute over UIM's fees.

Return of Personal Information. In the event of any termination or on the expiry of the Agreement, UIM shall forthwith securely return or at Client's direction, securely destroy, Personal Information that it is storing, including all copies thereof and provide confirmation of same.

Indemnification. Without prejudice to any indemnification provided by UIM under the Agreement, UIM shall indemnify and hold harmless Client, including its officers, directors, employees and representatives (the "Indemnified Parties") from and against any and all claims, demands, suits, losses, damages, causes of action, fines or judgements (including related expenses and legal fees) that the Indemnified Parties may incur related to or arising from any non-compliance by Workoptics with this privacy policy.

Survival. Notwithstanding the termination of the Agreement, to the extent that UIM continues to have access to or hold Personal Information for any reason, UIM shall continue to govern itself in accordance with this privacy policy.

Conflict. In the event of a conflict or inconsistency between the provisions of this privacy policy and any other provisions of the Agreement, the provisions of this privacy policy shall prevail to the extent of the conflict or inconsistency.