Effective Date: September 20, 2017
If you have an unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
- Your Consent
- Adults Only
Due to the nature and sensitivity of the personal information that can be populated on the Platform, we do not permit minors to register for the Platform as a user.
If you are under the age of 13 you may not provide any personal information about yourself. Onist does not knowingly collect, disclose or store personal information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal information, please contact us using our contact information provided in the “How to Contact Us” section below and provide us with as much information as reasonably necessary for us to locate and delete such personal information. In the event we become aware of a child under the age of 13 sending us personal information, we will delete such personal information as soon as possible.
- What is Personal Information?
Personal information means information about an identifiable individual. If information can be traced back to an individual, either through a name, address or a combination of other data elements such as job, postal code and type of car, that information is considered personal information.
- How do We Collect Your Personal Information?
The personal information residing on the Platforms is determined entirely by you and the other users. You decide what information to provide us with, either directly or indirectly. You directly provide us with your personal information by populating such information directly into the Platforms. You can indirectly provide us with your personal information in one of two ways:
- By permitting another user, such as your spouse or your accountant (see our discussion on Connections below), to populate information into the Platforms on your behalf; or
- By providing login IDs, associated passwords and instructions for the Platforms to retrieve your information from third-party accounts.
5. What Personal Information Do We Collect?
The personal information we collect and you populate will depend on how you wish to use the Platforms. For example, if you choose to use the Platforms to organize and communicate your financial data with your financial advisors, you and your advisors may populate various financial information about you and members of your family members including your/their bank account information, insurance policies, shareholdings, trading history and mortgage statements. By populating financial information and adding your financial advisor as a Connection, your advisor can have access to all relevant financial information to suggest products and activities that would benefit you, such as further diversifying your portfolio or reducing exposure to certain industries.
Information which may be collected by and/or populated in the Platforms include: personal information of you and your family members; information about business entities you or your family members own or are involved with, and your professional contact list; net worth information, which consists of your financial accounts, including your assets and liabilities; transaction activity, which consists of information about your financial transactions; and documents you, or other users you have granted permission to, upload into the Platforms.
You represent and warrant to us that you have obtained all required consents and are fully authorized to disclose all information populated into the Platforms including without limitation personal information of your family members and clients, as applicable. You further agree to indemnify and hold Onist, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees, harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from or in connection with your disclosure of such information in connection with your use of the Platforms.
- Who are Connections?
As part of the functionality of the Platforms, you may provide other registered users with access to all or some of your Onist Plan and/or certain individual resources (such as uploaded documents) through the Services (each such user is referred to as a “Connection”). You control who your Connections are and the level of access each Connection will have. For example, you may provide your broker or your financial advisor with access to only your net worth area and you may provide your spouse with full access to everything in your Onist Plan. In addition, you may choose to provide a Connection with limited access (i.e. “read-only” access) or full access (i.e. “can edit”, which includes the ability to add/edit/delete information) to the area(s) of your Onist Plan that you gave the Connection access to. If you provide a Connection full access to an area or an individual resource, such Connection will be able to see the names of all other Connections to whom you have provided access to the same area or individual resource.
Please be cautious in providing Connections access and allowing a Connection to share your Content with third parties. While you can change a Connection’s access rights at any time, once you have provided a Connection or a third party with access to your Content, Onist has no control over the use and disclosure of the accessed Content by such Connection and/or third party. Please ensure that you are comfortable with the information practices of your Connections before providing them with access to your Content.
- How Do We Use and Disclose Your Personal Information?
- Provide You with the Services
We may also use your personal information to improve and customize the Services. Onist requests your first name and last name when you register. Onist also allows you to upload your profile picture. Your first name, last name and profile picture (if uploaded) will be shown to any registered user who requests to appoint you as a Connection. Onist will notify you about such a request and will ask for your approval. Your first name, last name and profile picture (if uploaded) will also be shown to any registered user who has full access to any information or individual resource that is also shared with you.
- Contact You
Onist uses your personal information to contact you in order to provide product information, newsletters, service updates, and notifications about the Service.
You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving our marketing information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us by using our contact information provided in the “How to Contact Us” section below.
- Allow You to Review Activity in Your Account
Onist automatically collects session information whenever you log onto and out of the Platforms. This information includes your browser’s type and version, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), your operating system’s type and version, your IP address, the time you logged in and the time you logged out and/or clickstream data. We collect this information as an additional security measure, to give you full visibility to your active sessions and your login history, to analyze trends in the aggregate and administer the Platforms, to allow you to identify suspicious activity in your account, and, if needed, to delete an unrecognized session. Onist does not share this information with anyone but you, and you cannot share this information with your Connections.
- Assist You with Technical Issues
Many technical issues can be resolved without looking into your personal information. Nevertheless certain technical issues might require Onist to access your personal information in order to analyze and fix them.
- As Required By Law
Onist may use and disclose your personal information as required or permitted by law in response to lawful requests by public authorities, including to meet national security or law enforcement requirements including, without limitation, in order to assist with a law enforcement investigation or comply with any subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, warrant or any judicial, administrative orders or demands.
- Aggregated Data
If you elect to have the Platforms access information from third party accounts by providing the access information to such third-party account, Onist’s service provider, Envestnet Yodlee, Inc. (“Yodlee”), will access such third-party accounts for the purposes of retrieving the relevant information and making it available on the Platform. Except for such access information, Onist does not provide Yodlee any other information about you.
Yodlee creates anonymous information derived generally from your Content (“Aggregated Data”) and combines this Aggregated Data with other anonymous information in Yodlee’s possession (“Yodlee Data”). The Yodlee Data is an amalgam of anonymous information obtained from such sources. Yodlee uses Yodlee Data to improve Yodlee’s services, perform fraud screening, verify identities and verify the information contained in Yodlee accounts for use across the Yodlee network. Where permitted under applicable law, Yodlee may also separately sell, license, reproduce, distribute and disclose the aggregated, anonymous Yodlee Data. Even though the Yodlee Data does not contain your personal information, nor does it allow you to be attributed to any data, we wanted to make you aware of Yodlee’s anonymous data practices. You acknowledge that Onist has no control over the collection, use or distribution of Aggregated Data by Yodlee. When you close your Account with Onist, the anonymized data that was derived from your Content and combined into Yodlee Data will not be removed from Yodlee Data. Please do not provide access information to any third-party account if you are not comfortable with Yodlee’s practices described in this paragraph.
- The Protection and Security of Your Personal Information:
We implement and require our service providers to implement industry best practices appropriate to the sensitivity of your Content. We use and require our service providers to use administrative, technical, and physical safeguards to protect your Content against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices. These safeguards include, but are not limited to, token-based authentication, server hardening, running services in a virtual private cloud, encryption of data in transit and at rest, client side encryption, and audit trails. We train our employees to follow privacy and security practices specific to the Services. We also undertake security assessments to ensure that we maintain strong security controls.
Onist makes further distinction between your financial data, your uploaded documents and the rest of your personal information in an effort to ensure that no person, not even our employees, will be able to gain access to your financial data or to the content of the documents you store with Onist. Your financial data, your uploaded documents and the rest of your personal information are stored separately on two different sub-systems. Your financial data is fully pseudonymized and encrypted when it is stored on our servers. The content of your documents is encrypted on your computer before it is uploaded to storage. Getting the full picture of your finances requires gaining access to both sub-systems. Such access is only given to your browser or the browser of your Connection(s) once you/they are logged onto the Platforms. Exceptional situations that require Onist to access your data, for example in order to fix certain technical issues, require our employees to follow a protocol that is fully audited and must involve more than one person. If you have any questions about the security of your personal information, you can contact us using our contact information provided in the “How to Contact Us” section below.
- Storage of your Personal Information
- Use of Session Tokens and Cookies
- Retaining Your Personal Information
- How you can update or remove your Personal Information
Upon request, Onist will provide you with information about whether we hold any of your personal information. To request this information please contact us using our contact information provided in the “How to Contact Us” section below.
We will respond to these requests within a reasonable timeframe.
- Accessing Your Information and Addressing Your Privacy Concerns
You have the right to access personal information we hold about you and to have any concerns you may have over our policies and practices addressed. In addition, you have the right to obtain information regarding our policies and practices with respect to our use of service providers outside Canada, including Amazon. To access your information, discuss your concerns or learn more about our policies and practices please contact us using our contact information provided in the “How to Contact Us” section below.
- Service Platform
- How to Contact Us
Any comments or questions regarding your personal information or our policies and practices with respect to your personal information may be directed to firstname.lastname@example.org.
688 Richmond Street West, Unit 302