Privacy policy

Privacy Policy

Effective Date: August 18, 2018

Onist Technologies Inc. and its affiliates (collectively, “Onist“, or “we“) pride ourselves on our privacy practices. We are committed to being transparent about the personal information we collect, the manner in which such personal information is used by us and the limited circumstances in which some personal information may be disclosed. To help us meet this commitment to you, we have created this Privacy Policy for our program (this “Privacy Policy”) and have appointed a Privacy Officer to ensure that any personal information you provide to us through our websites, mobile application and our other online platforms (collectively, the “Platforms“) will only be collected, used and disclosed in accordance with this Privacy Policy. This Privacy Policy describes how Onist collects, uses, shares and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. Onist does not use your personal information other than for providing the Services (as defined below). References to “user”, “you” and “your” throughout this Privacy Policy are to you as a registered user of the Platforms.

  1. Your Consent

This Privacy Policy governs your use of the Platforms. By registering a user account on the Platforms or otherwise accessing or using the Platforms you agree with the terms of this Privacy Policy as it may be modified from time to time and consent to the collection, use and disclosure of personal information in accordance with the terms of this Privacy Policy.

  1. Adults Only

Due to the nature and sensitivity of the personal information that can be populated on the Platform, we do not permit minors to register for the Platform as a user. If you are under the age of 13 you may not provide any personal information about yourself. Onist does not knowingly collect, disclose or store personal information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal information, please contact us using our contact information provided in the “How to Contact Us” section below and provide us with as much information as reasonably necessary for us to locate and delete such personal information. In the event we become aware of a child under the age of 13 sending us personal information, we will delete such personal information as soon as possible.

  1. What is Personal Information?

Personal information means information about an identifiable individual. If information can be traced back to an individual, either through a name, address or a combination of other data elements such as job, postal code and type of car, that information is considered personal information.

  1. How do We Collect Your Personal Information?

The personal information residing on the Platforms is determined entirely by you and the other users. You decide what information to provide us with, either directly or indirectly. You directly provide us with your personal information by populating such information directly into the Platforms. You can indirectly provide us with your personal information in one of two ways:

a) By permitting another user, such as your spouse or your accountant (see our discussion on Connections below), to populate information into the Platforms on your behalf; or

b) By providing login IDs, associated passwords and instructions for the Platforms to retrieve your information from third-party accounts.

When you register an account with Onist, you provide us with your account information which will include your name and email (together with any other information you provide at registration, your “Account Information”). You choose whether your Account Information will include additional types of information and when and how such additional information is provided. All personal information you enter into a Platform or which is entered into a Platform on your behalf (including your Account Information, data, passwords, materials and other content) is collectively referred to in this Privacy Policy as “Content”.

  1. What Personal Information Do We Collect?

The personal information we collect and you populate will depend on how you wish to use the Platforms. For example, if you choose to use the Platforms to organize and communicate your financial data with your financial advisors, you and your advisors may populate various financial information about you and members of your family members including your/their bank account information, insurance policies, shareholdings, trading history and mortgage statements. By populating financial information and adding your financial advisor as a Connection, your advisor can have access to all relevant financial information to suggest products and activities that would benefit you, such as further diversifying your portfolio or reducing exposure to certain industries. Information which may be collected by and/or populated in the Platforms include: personal information of you and your family members; information about business entities you or your family members own or are involved with, and your professional contact list; net worth information, which consists of your financial accounts, including your assets and liabilities; transaction activity, which consists of information about your financial transactions; and documents you, or other users you have granted permission to, upload into the Platforms. You represent and warrant to us that you have obtained all required consents and are fully authorized to disclose all information populated into the Platforms including without limitation personal information of your family members and clients, as applicable. You further agree to indemnify and hold Onist, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees, harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from or in connection with your disclosure of such information in connection with your use of the Platforms.

06. Who are Connections?

As part of the functionality of the Platforms, you may provide other registered users with access to all or some of your Onist Plan and/or certain individual resources (such as uploaded documents) through the Services (each such user is referred to as a “Connection”). You control who your Connections are and the level of access each Connection will have. For example, you may provide your broker or your financial advisor with access to only your net worth area and you may provide your spouse with full access to everything in your Onist Plan. In addition, you may choose to provide a Connection with limited access (i.e. “read-only” access) or full access (i.e. “can edit”, which includes the ability to add/edit/delete information) to the area(s) of your Onist Plan that you gave the Connection access to. If you provide a Connection full access to an area or an individual resource, such Connection will be able to see the names of all other Connections to whom you have provided access to the same area or individual resource. Connections can request to share specific information and/or individual resources associated with your Onist Plan (as defined in our Terms of Use) with another person. In the event a Connection makes such a request, the request will go into “pending” status after which you, the owner, may approve such request before the other person becomes a Connection and is able to access the applicable information and/or individual resources. Please be cautious in providing Connections access and allowing a Connection to share your Content with third parties. While you can change a Connection’s access rights at any time, once you have provided a Connection or a third party with access to your Content, Onist has no control over the use and disclosure of the accessed Content by such Connection and/or third party. Please ensure that you are comfortable with the information practices of your Connections before providing them with access to your Content.

  1. How Do We Use and Disclose Your Personal Information?
  • Provide You with the Services

Onist uses your personal information to provide you with the services rendered through the Platforms (collectively, the “Services”) including disclosing your personal information to its service providers as described below. Other than as specified in this Privacy Policy, our service providers do not use your personal information for any purpose other than to provide these services to us. This includes storing your personal information, using your third-party account access information to retrieve your data from the relevant accounts in accordance with your instructions, making your personal information available to your Connections and allowing you and your Connections (provided you have provided them full access) to modify and update your personal information. We will share your personal information with third parties only in the ways that are described in this Privacy Policy. We may also use your personal information to improve and customize the Services. Onist requests your first name and last name when you register. Onist also allows you to upload your profile picture. Your first name, last name and profile picture (if uploaded) will be shown to any registered user who requests to appoint you as a Connection. Onist will notify you about such a request and will ask for your approval. Your first name, last name and profile picture (if uploaded) will also be shown to any registered user who has full access to any information or individual resource that is also shared with you.

  • Contact You

Onist uses your personal information to contact you in order to provide product information, newsletters, service updates, and notifications about the Service. You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving our marketing information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us by using our contact information provided in the “How to Contact Us” section below.

  • Allow You to Review Activity in Your Account

Onist automatically collects session information whenever you log onto and out of the Platforms. This information includes your browser’s type and version, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), your operating system’s type and version, your IP address, the time you logged in and the time you logged out and/or clickstream data. We collect this information as an additional security measure, to give you full visibility to your active sessions and your login history, to analyze trends in the aggregate and administer the Platforms, to allow you to identify suspicious activity in your account, and, if needed, to delete an unrecognized session. Onist does not share this information with anyone but you, and you cannot share this information with your Connections.

  • Assist You with Technical Issues

Many technical issues can be resolved without looking into your personal information. Nevertheless certain technical issues might require Onist to access your personal information in order to analyze and fix them.

  • As Required By Law

Onist may use and disclose your personal information as required or permitted by law in response to lawful requests by public authorities, including to meet national security or law enforcement requirements including, without limitation, in order to assist with a law enforcement investigation or comply with any subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, warrant or any judicial, administrative orders or demands.

  • Aggregated Data

If you elect to have the Platforms access information from third party accounts by providing the access information to such third-party account, Onist’s service providers, Envestnet Yodlee, Inc. (“Yodlee”) and Quovo, Inc. (“Quovo”, and together with Yodlee, the “Data Aggregators”), will access such third-party accounts for the purposes of retrieving the relevant information and making it available on the Platform. Except for such access information, Onist does not provide the Data Aggregators any other information about you.

The Data Aggregators create anonymous information derived generally from your Content (“Aggregated Data”) and combine this Aggregated Data with other anonymous information in its possession (“DA Data”). The DA Data is an amalgam of anonymous information obtained from such sources. Each Data Aggregator uses its respective DA Data to improve its services, perform fraud screening, verify identities and verify the information contained in its accounts for use across the its network. Where permitted under applicable law, a Data Aggregator may also separately sell, license, reproduce, distribute and/or disclose the aggregated, anonymous DA Data. Even though the DA Data does not contain your personal information, nor does it allow you to be attributed to any data, we wanted to make you aware of our Data Aggregators’ anonymous data practices. You acknowledge that Onist has no control over the collection, use or distribution of DA Data by its Data Aggregators. When you close your Account with Onist, the anonymized data that was derived from your Content and combined into DA Data will not be removed from the DA Data. Please do not provide access information to any third-party account if you are not comfortable with our Data Aggregators’ practices described in this paragraph.

  1. The Protection and Security of Your Personal Information:

We implement and require our service providers to implement industry best practices appropriate to the sensitivity of your Content. We use and require our service providers to use administrative, technical, and physical safeguards to protect your Content against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices. These safeguards include, but are not limited to, token-based authentication, server hardening, running services in a virtual private cloud, encryption of data in transit and at rest, client side encryption, and audit trails. We train our employees to follow privacy and security practices specific to the Services. We also undertake security assessments to ensure that we maintain strong security controls. Onist makes further distinction between your financial data, your uploaded documents and the rest of your personal information in an effort to ensure that no person, not even our employees, will be able to gain access to your financial data or to the content of the documents you store with Onist. Your financial data, your uploaded documents and the rest of your personal information are stored separately on two different sub-systems. Your financial data is fully pseudonymized and encrypted when it is stored on our servers. The content of your documents is encrypted on your computer before it is uploaded to storage. Getting the full picture of your finances requires gaining access to both sub-systems. Such access is only given to your browser or the browser of your Connection(s) once you/they are logged onto the Platforms. Exceptional situations that require Onist to access your data, for example in order to fix certain technical issues, require our employees to follow a protocol that is fully audited and must involve more than one person. If you have any questions about the security of your personal information, you can contact us using our contact information provided in the “How to Contact Us” section below.

  1. Storage of your Personal Information

Your third-party account access information is collected by Onist, encrypted and transmitted through Onist’s systems to our Data Aggregators for storage. Onist will not access your third-party account access information. All other personal information will be stored by Onist on a collection of servers many of which are located outside of Canada, including the United States. As a result, your personal information will be used, stored and/or accessed in countries outside of Canada, including the United States. However, all such information will be protected in accordance with this Privacy Policy. Please note that when your personal information is located outside of Canada it will be subject to the laws of the country in which it is situated. Neither Onist nor its Data Aggregators store any of your personal information on your device, although Onist may store session tokens in your browser’s local storage. Your personal information is encrypted during electronic transmission and when at rest.

  1. Use of Session Tokens and Cookies

Onist and its partners use cookies and/or similar technologies to analyze trends, administer the Platforms, track users’ movements on the Platforms, and to gather demographic information about our user base as a whole.

When using the website application, you can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions. When you log onto the website, a session token is created and stored on your device (in your HTML5 Local Storage). The token is valid for 24 hours. The token is not automatically sent to the server on every request like session cookies. Rather the token is only sent if the server has to authenticate you again. This happens if you actively refresh the page or try to open the page on a different browser tab or simply log out. You can disable the use of HTML5 Local Storage in your browser preferences, which will not affect the functionality of Onist, except for asking you to login again when the server has to authenticate you in the cases described above. Tokens stored in HTML5 Local Storage can only be accessed by pages from Onist.

Your session with Onist will automatically log itself out after an inactive period of about 30 minutes. Onist also uses cookies in to track your activity on the Platforms. The cookies help Onist collect non-personally-identifying information, such as the browser type, language preference, referring site, and the date and time of each request. The information is fed to our web analytics tools and is used in order to learn about the usage of our product and improve our services. The cookies are deleted as soon as your web browser is closed. You can disable the use of cookies in your browser preferences. Your third-party account access information is collected by Onist on the form, encrypted on submit and transmitted (fully encrypted) to one (or both) of our Data Aggregators. Your account access information is stored on the servers at our Data Aggregators, not Onist.

  1. Retaining Your Personal Information

We may retain your personal information for as long as your account is active or as needed to provide you the Services, comply with our legal obligations, resolve disputes and enforce our agreements. Your personal information is securely stored as described in this Privacy Policy until (i) you delete your account after which it is destroyed, rendering it unable to identify you, or (ii) 18 months after you cancel your account, at which point Onist will delete your account. For more information on your cancellation and deletion options, please see our Terms of Use.

  1. How you can update or remove your Personal Information

Upon request, Onist will provide you with information about whether we hold any of your personal information. To request this information please contact us using our contact information provided in the “How to Contact Us” section below. Depending on the relevant personal information, updates may happen automatically. For example, if you have enabled direct access to your bank account, your banking information will be updated each time it is accessed in accordance with your directions. If you wish to update your Account Information or other Content, you can do so directly through the Platforms. If you have any questions, please contact us using our contact information provided in the “How to Contact Us” section below. You can remove all of your personal information from the Platforms by deleting your account as described in the Terms of Use. We will respond to these requests within a reasonable timeframe.

  1. Accessing Your Information and Addressing Your Privacy Concerns

You have the right to access personal information we hold about you and to have any concerns you may have over our policies and practices addressed. In addition, you have the right to obtain information regarding our policies and practices with respect to our use of service providers outside Canada, including Amazon. To access your information, discuss your concerns or learn more about our policies and practices please contact us using our contact information provided in the “How to Contact Us” section below.

  1. Service Platform

As contemplated in Section 5, in certain circumstances, our users may provide personal information of an individual other than himself/herself. In such circumstances, Onist may not have a direct relationship with the individual whose personal data it processes. However, such personal information will be collected, used and disclosed in accordance with this Privacy Policy. In the event your personal information has been provided by someone other than yourself, and you would like to access, correct, amend, or delete inaccurate data please direct your query to the user who provided your personal information. If requested to remove data we will respond within a reasonable timeframe.

  1. Modifications

We reserve the right to modify this Privacy Policy at any time and, depending on the change, will notify you by posting a modified Privacy Policy on the Website or through the Platforms. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our Platforms prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

  1. How to Contact Us

Any comments or questions regarding your personal information or our policies and practices with respect to your personal information may be directed to Onist Technologies Inc., 325 Front Street West, 4th Floor, Toronto, ON M5V 2Y1