top of page

Privacy Policy

PURPOSE

Nrolled Inc. (the “Business”) is committed to ensuring that it collects, uses, discloses, and safeguards personal information in a manner that respects the privacy rights of individuals. The purpose of this Privacy Policy (the “Policy”) is to set out the Business’ policy and practices in respect of collecting, using, disclosing, and safeguarding personal information.

SCOPE

This Policy applies to the Business’ operations in Ontario and in respect of any personal information collected from individuals located in Ontario. All employees, freelancers, contractors, consultants, volunteers, and other individuals working for or on behalf of the Business are required to comply with this Policy at all times.

DEFINITIONS

The following definitions apply for the purpose of this Policy:

​

“Personal information” means information about an identifiable individual but does not include business contact information.

​

“Business contact information” means any information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession such as the individual’s name, position name or title, work address, work telephone number, work fax number or work electronic address.

COLLECTING PERSONAL INFORMATION

Unless the purposes for collecting personal information are obvious and the individual voluntarily provides their information for those purposes (for example, to verify identity), the Business will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.

 

The Business will only collect employees’ or freelancers’ personal information that is necessary to fulfill the following purposes:

  1. To establish, manage, or terminate an employment relationship.

  2. To respond to emergencies and protect employees or freelancers from theft, fraud, and similar risks.

  3. To comply with applicable laws.

  4. To fulfill other purposes as required and communicated to affected individuals from time to time.

​

​

Examples of the types of personal information that the Business may collect to fulfill the purposes identified in this Policy include, but are not limited to:

​

  1. Name, address, email address, telephone number, date of birth.

  2. Residency and work permit status.

  3. Social insurance number.

  4. Banking information for payroll purposes.

  5. Information required by the Business’ benefits providers.

  6. Information about medical conditions and/or prescriptions that an individual voluntarily provides to the Business.

  7. Information regarding employee/freelancer use of the Business’ technology, including information stored on or accessed using the Business’ electronic devices or systems.

  8. Work history, educational history, reference information, professional designations or certifications, and results from criminal record checks.

  9. Records of attendance or absences, vacation entitlement and requests.

  10. Compensation information, performance appraisals and disciplinary records.

  11. Any other information reasonably required to establish, manage, or terminate an individual’s employment or engagement with the Business.

​

The Business will limit the collection of personal information to that which is reasonably necessary for the purposes identified.

The Business will not use or disclose personal information for any purpose other than those for which it was collected, as identified in this Policy or as communicated from time to time.

CONSENT

The Business will obtain an individual’s consent to collect, use, or disclose personal information.

Consent may be provided explicitly either orally or in writing, or may be implied where the purpose for collecting, using, or disclosing the personal information would be considered obvious and the individual voluntarily provides personal information for that purpose.

With employee/freelancer consent, the Business may collect, use, and disclose personal information about the employee or freelancer for marketing and business development purposes.

An individual may withdraw consent to the collection, use, or disclosure of personal information on giving reasonable notice to the Business provided that such withdrawal of consent would not frustrate a legal obligation of the Business.

​

The Business may collect, use, or disclose personal information without an individual’s knowledge or consent in the following limited circumstances:

​

  1. When such collection, use, or disclosure of personal information is permitted or required by law;

  2. In an emergency that threatens an individual’s life, health, or personal safety;

  3. When the personal information is available from a public source;

  4. When the Business requires advice from external legal counsel;

  5. For the purposes of collecting a debt;

  6. To investigate an anticipated breach of an agreement or a contravention of law; or

  7. Any other circumstance authorized by law.

​

The Business will normally collect personal information directly from the individual; however, the Business may collect personal information from other persons with the individual’s consent or as authorized by law.

In all circumstances, the Business will only collect, use, or disclose personal information for purposes that are reasonable.

RETENTION

Personal information will be retained only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Personal information that is no longer necessary to fulfill the purposes for which it was collected or that the Business is not otherwise required to retain by law or for business purposes will be destroyed or rendered non-identifying by authorized personnel.

ACCESS AND ACCURACY

Individuals have the right to request access to:

  1. Their personal information that is in the possession of the Business;

  2. Information about the ways in which their personal information has been used by the Business; and

  3. The names of the individuals and organizations to which their personal information has been disclosed by the Business.

On written request to the Business’ Privacy Officer, the Business will inform individuals of the existence, use, and disclosure of their own personal information and will be given access to that information to the extent permitted by law.

An individual may challenge the accuracy and completeness of their personal information in the Business’ possession and request, in writing to the Business’ Privacy Officer, that their personal information be amended as appropriate.

The Business will respond in writing to an individual who makes a request in respect of their personal information within 30 days. Where the Business denies a request for access to personal information, the Business will provide the reasons for such denial.

The Business will make all reasonable efforts to ensure that personal information retained by the Business is accurate, complete, and current. If the personal information is inaccurate or deficient with regard to the purposes for which the personal information was collected, the Business will correct or amend the individual’s personal information.

SAFEGUARDING PERSONAL INFORMATION

The Business will make every reasonable effort to prevent any loss, misuse, disclosure, or modification of personal information, as well as any unauthorized access to personal information.

The Business will safeguard personal information, including by taking the following measures as appropriate:

  1. Retaining physical copies of documents containing personal information in locked offices, drawers, or filing cabinets;

  2. Restricting access to personal information only to designated individuals on a “need to know” basis; and

  3. Encrypting and password protecting electronic devices and systems.

ACCOUNTABILITY

The Business is responsible for protecting any personal information under its control and has a designated Privacy Officer. Questions or concerns regarding privacy procedures or the Business’ compliance with applicable privacy legislation may be directed to the Privacy Officer by emailing care@nrolled.com.

REVIEW OF THE POLICY

This Policy will be reviewed annually and may be amended from time to time.

bottom of page