Products and Services
About
Contacts
Back
NAPA PAY PRIVACY POLICY
  • INTRODUCTION

NAPA PAY CORP. (“NAPA PAY”) is a digital marketing service provider that facilitates connections between users seeking products or services (hereinafter referred to as “User” or “Users”, as may be applicable), at their request, with one or more professionals (hereinafter referred to as “Partner” or “Partners”, as may be applicable) poised to meet those needs.


NAPA PAY takes your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we re and who and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us in the event you have a complaint or inquiry.


NAPA PAY is committed to protecting the privacy and security of customer records, and to meeting our obligations under Canadian data privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and applicable provincial laws. We adhere to the privacy principles set out below, which govern the way we collect, use, store and disclose personal information that is obtained in the course of our  business operations as a digital marketing brokerage.


Our operations, spanning Canada and the U.S. with global data processing capabilities, are designed to offer tailored financial solutions while safeguarding personal and financial information.


This Privacy Policy outlines our practices regarding the collection, use, and sharing of your information, underlying our dedication to transparency, security, and your privacy rights.


  • INFORMATION COLLECTION
  • In fulfilling this mission, we collect and utilize personal information under strict compliance with Canadian data collection, storage laws, and considerations for international data transfers, notably to the U.S.

  • The overall responsibility for ensuring our compliance with data privacy laws and this Privacy Policy rests with our Privacy Officer, although other individuals within NAPA PAY have responsibility for the day-today collection and processing of personal information and may be delegated to act on behalf of the Privacy Officer.

  • We are responsible for personal information in our possession or custody, including personal information that we may transfer to third parties for processing. We will require our service providers to agree to contractual requirements that are consistent with our privacy and security policies. We will require that our service providers and partners are prohibited from using personal information, except for the specific purpose for which we supply it to them.

  • Types of Information Collected:
  • Personal and Contact Details: This includes names, email addresses, telephone numbers, gender, location, and company affiliations of our users and partners to facilitate the provision of our services.

  • Professional Information: Professional details such as job titles and roles, as well as online presence (e.g., LinkedIn profiles), to customize and optimize our brokerage services.

  • Financial Information: With your consent, we collect billing, transaction, and payment card information for services rendered, ensuring all financial operations are transparent and secure, and other information to enable us to undertake credit or other financial checks on you.

  • Digital Interaction Data: Utilization patterns of our website and other digital platforms are gathered to enhance user experience and service delivery.

  • Identity Verification Information: For the purpose of verifying identities and performing credit checks, we collect information such as dates of birth and other pertinent details with your explicit consent.

  • Collection Methods:
  • Direct Interactions: Information collected directly from you – in person, by telephone, text or e-mail and/or via our website and apps. However, we may also collect information from publicly accessible sources, e.g. Land Registries, Personal Property Security Registries, etc.

  • Automated Technologies: Data collected through cookies (please see our Cookie Policy) and similar technologies as you navigate our website, which helps us tailor your online experience.

  • Third-Party Sources: With your consent, we may receive additional information about you from external parties (e.g., sanctions screening providers, credit reference agencies, customer due diligence providers, etc.) to further personalize and improve our services.

  • Legal Framework Compliance:
  • In collecting this information, NAPA PAY adheres to a robust legal framework, ensuring that all data collection practices are compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, relevant provincial laws, and where applicable, considerations for U.S. data protection regulations. This compliance underscores our commitment to safeguarding your privacy and managing your information responsibly, with a clear understanding of our obligations under both Canadian and international laws regarding data collection and storage.

  • Our practices are designed to respect your privacy rights, offering transparency and security at every interaction. By engaging with NAPA PAY, you entrust us with your personal and professional information, and we pledge to use this data solely for the purposes outlined, with unwavering dedication to legal compliance and ethical responsibility.

  • We will use our best efforts to ensure that personal information that is used on an ongoing basis and information that is used to make a decision about an individual is as accurate, complete, and up-to-date as necessary for the purpose for which it is to be used.

  • Safeguards:
  • We will protect personal information with safeguards appropriate to the level of sensitivity of the information.

  • Our safeguards protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which the information is held.

  • We will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

  • Our methods of protection include:
  • physical measures (e.g., locked file storage and restricted access to offices);

  • organizational measures (e.g., security clearances and limiting access on a need-to-know basis); and

  • technological measures (e.g., the use of passwords and encryption).

  • We also require our outside service providers to provide a comparable level of protection to personal information that we may supply to them.

  • PURPOSE OF COLLECTION
  • NAPA PAY's collection of personal information is multifaceted, designed to enhance our service offerings and comply with regulatory standards. This detailed purpose encompasses:
  • Service Provision and Customization: We collect information to facilitate the seamless matching of users with professional partners, enabling us to provide tailored digital marketing brokerage services. This customization extends to personalizing your interactions and transactions on our platform to meet your specific needs and preferences.

  • Credit Checks: We collect personal information to facilitate credit checks on behalf of our partners to which users apply for various financial solutions. This process is essential for assessing the creditworthiness of users, ensuring our partners can make informed decisions regarding the provision of financial services. This activity is conducted with the utmost respect for privacy, adhering to applicable laws and ensuring transparent use of individuals’ information for these purposes.

  • Fraud Prevention: We may use the information we collect for our legitimate interests or those of our partners, i.e. to minimize criminal activity, fraud, unauthorized access and modifications to systems that could be damaging for you, us and/or our partners.

  • Customer Inquires: We may use the information we collect to efficiently respond to customer inquiries regarding accounts and other services. This ensures timely and accurate support, enhancing customer satisfaction and service quality.

  • Legal Compliance and Security Measures: Adhering to the legal landscapes of Canada and potentially the U.S., we gather information necessary for identity verification, financial checks, and compliance with laws such as PIPEDA. This ensures the integrity and security of our transactions and services.

  • User Experience Optimization: Through the analysis of digital interaction data, we aim to continuously improve our website’s functionality, making it more intuitive and user-friendly. This includes understanding how our services are used and identifying any areas for enhancement.

  • Operations: We may use information we collect for operational reasons, such as improving efficiency, training, quality control, updating and enhancing customer records, and statistical analysis to help us manage our business, e.g., in relation to our financial performance, customer base, product range or other efficiency measures.

  • Marketing and Communications: With your explicit consent, we use collected information to inform you about relevant services, updates, and marketing initiatives. This ensures that you are kept up to date with our latest offerings and how they can benefit your business or professional endeavors.

  • Feedback and Service Improvement: Collecting feedback on our services allows us to identify areas for improvement and innovate our offerings. This purpose serves to elevate the quality of our brokerage services, ensuring they remain competitive and responsive to user needs.

  • Unless required by law, we will not use personal information for a new purpose without the knowledge and consent of the individual to whom the information relates.

  • In every instance of information collection, NAPA PAY is committed to transparency, ensuring that users are fully aware of and consent to how their data is used. This commitment underlines our dedication to respecting user privacy and maintaining trust within our service ecosystem.

  • CONSENT
  • Personal information will only be collected, used or disclosed with the consent of the individual, except where otherwise permitted or required by law. The way in which we seek consent may vary depending upon the sensitivity of the information sought. We will obtain consent in all cases where the personal information involved is considered sensitive, such as financial status, but otherwise we are entitled to rely on implied consent.

  • We may rely on implied consent with regard to the following information and in the following specific circumstances:
  • Basic Contact Information: For sending newsletters or service updates, when a user provides their contact details;

  • Publicly Available Information: Utilizing information such as published telephone numbers for standard business inquiries;

  • Service Provision: When using provided information is a reasonable expectation of the service.

  • Legal Obligation: Disclosing information to government authorities or in response to a court order where required by law, without the explicit consent of the individual.

  • Typically, we will seek consent for the use or disclosure of personal information at the time of collection. However, additional consent will be sought after the personal information has been collected id the personal information is required for a new purpose.

  • In certain  circumstances, obtaining consent may be inappropriate, the federal PIPEDA and provincial laws provide for exceptions where it is impossible or impractical to obtain consent. We will comply with the applicable legal requirements in all cases.

  • We ensure that consent is knowingly and voluntarily given for the collection, use, and disclosure of personal information. We prioritize transparency, informing users about the purpose of data collection and how it will be utilized, ensuring alignment with both the PIPEDA and relevant provincial laws.

  • Users have the right to withdraw consent at any time, and we’ve implemented easy mechanisms for this process, including among others:
  • A dedicated section within user account settings on our website;

  • Direct links in email communications for opting out;

  • Contacting us via designated email or phone, as provided in Section 13..

  • Consent is obtained through explicit means, especially for sensitive information, and we maintain detailed records of consent for accountability.

  • LIMITATIONS
  • We will collect personal information by fair and lawful means and will limit the amount and type of personal information we collect to that which is necessary for our identified purposes.

  • Personal information will be retained for 3 years and will be stored in a secured storage server on NAPA PAY premises or those of our affiliates, third party agencies, service providers, representatives and agents. Some of these third parties may be based outside Canada. Only Privacy Officer has access to the secured storage server in which the personal information records are being retained. After 3 years, the personal information will be destroyed in a secure manner and in accordance with applicable privacy legislation.

  • We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

  • We may sell and/or trade customer lists to selected third-party companies and organizations that meet our requirement for security and confidentiality. These lists will not include any personal information and do not contain credit or transaction information. Subject to any applicable business, legal, or regulatory requirements, we will ensure that the data is destroyed in a secure manner, erased, or made anonymous.

  • DATA SHARING AND DISCLOSURE
  • NAPA PAY is committed to upholding the highest standards of privacy and data protection. Our policies on data sharing and disclosure are designed to ensure transparency, security, and compliance with applicable data protection laws, including the PIPEDA, provincial privacy laws, and considerations for international data transfers.

  • With Whom We Share Data:
  • Affiliates: We may provide personal information to our affiliates. Our affiliates are the family of companies that form our parent company and any/all sister companies.

  • Professional Partners: To provide enhanced services, we may share information with selected professionals within our network, strictly for fulfilling service requests. Such sharing is based on explicit consent from our users or when it is necessary for the execution of a contract.

  • Service Providers: We engage third-party service providers to perform functions on our behalf, such as data processing, marketing assistance, and customer service. These providers are bound by confidentiality agreements and are restricted from using the information for purposes other than those specified by NAPA PAY.

  • We may also need to:
  • Share personal data with external auditors, e.g. in relation to ISO accreditation and similar accreditations;

  • Disclose and exchange information with law enforcement agencies and regulatory bodies, as may be applicable, to comply with our legal and regulatory obligations, if any; and

  • Share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring – usually, information will be anonymized but this may not always be possible, however the recipient of the information will be bound by confidentiality obligations.

  • Legal Obligations and Compliance: We may disclose personal information when required by law, such as in response to a court order or a legitimate request from a regulatory authority. In such cases, we verify the validity of the request and disclose only the information legally required.

  • Consent-Based Sharing: For any other data sharing not covered by the above categories, we will obtain explicit consent from our users, clearly informing them of who the data will be shared with and for what purpose.

  • Safeguards for Data Transfer:
  • Cross-Border Transfers: When transferring data across borders, we take measures to ensure that the information remains protected to a standard commensurate with Canadian privacy laws. This includes utilizing contractual clauses that require data recipients to uphold a comparable level of data protection.

  • Privacy Impact Assessments: Before sharing data, we conduct assessments to identify any risks to privacy and implement measures to mitigate these risks.

  • Transparency: Our privacy policy provides detailed information about our data sharing practices, ensuring that users are aware of how their information is shared and have control over their data.

  • User Rights and Control:
  • Withdrawal of Consent: Users have the right to withdraw their consent to data sharing at any time. We provide clear instructions on how to do this and process such requests promptly.

  • Access to Information: Users can request information on how their data has been shared and with whom, reinforcing our commitment to transparency and accountability.

  • In every instance of data sharing and disclosure, NAPA PAY prioritizes the privacy and security of our users' information, adhering to the principles of necessity, proportionality, and purpose limitation.


  • DATA SECURITY
  • NAPA PAY is committed to the protection and security of our users’ personal information. We implement robust physical, technical, and administrative security measures designed to safeguard data against loss, theft, unauthorized access, disclosure, alteration, or destruction. These measures are reflective of the high standards required by Canadian data protection laws, including PIPEDA, and are continually assessed and updated in response to new risks or advancements in security technology.

  • Key Security Measures Include:
  • Encryption: Utilizing strong encryption protocols for data storage and transmission to ensure that personal information is protected.

  • Access Control: Strictly limiting access to personal information to authorized personnel based on their role and necessity to access the data for our business operations.

  • Secure Infrastructure: Employing secure network architectures, including firewalls and intrusion detection systems, to protect against unauthorized digital access.

  • Data Minimization: Collecting only the information that is necessary and storing it only for as long as it is needed for the purposes for which it was collected.

  • Regular Audits and Monitoring: Conducting regular security audits and continuous monitoring of our systems to detect and address potential vulnerabilities.

  • Employee Training: Providing ongoing data security and privacy training to all employees to ensure they understand their roles in maintaining data security.

  • Incident Response Plan: Maintaining a comprehensive incident response plan to promptly address any data breaches or security incidents, including procedures for notification to affected individuals and regulatory authorities when required.

  • NAPA PAY recognizes the importance of protecting the personal information entrusted to us by our users and professional partners. We are committed to upholding these security measures and continuously enhancing our security practices to protect against new threats and vulnerabilities, ensuring the trust and confidence of our users in our digital marketing brokerage services.

  • ACCESS AND CORRECTION RIGHTS
  • NAPA PAY recognizes the importance of accuracy and transparency in the management of personal information. We affirm the rights of our users to access, review, and correct their personal data held by us, in alignment with our commitment to upholding the principles of data protection and privacy laws.

  • Upon written request, we will inform an individual of the existence, use, and disclosure of his/her personal information and give him/her reasonable access to that information.

  • Accessing Your Information:
  • Users have the right to request access to the personal information NAPA PAY holds about them.

  • Upon verification of identity, we will provide a copy of the relevant data within a reasonable timeframe, ensuring users can verify the accuracy and completeness of their information.

  • Correction and Update:
  • Should you find any inaccuracies or incomplete information in the data we hold about you, NAPA PAY provides mechanisms to correct or update your information promptly.

  • We are committed to maintaining the accuracy of your personal data for its intended use.
  • Procedure for Requests:
  • To exercise your access or correction rights, please contact our Privacy Officer at the provided contact details.

  • Clearly indicate the nature of your request, whether it is for access or correction.

  • For corrections, please specify the inaccurate or incomplete information and provide the necessary corrections.

  • Response Time:
  • NAPA PAY is dedicated to responding to your requests efficiently, with most inquiries addressed within 30 days.

  • If there are any delays, we will inform you of the reason and the expected response time.

  • Fees:
  • Access to your personal information is provided free of charge. However, for requests requiring extensive administrative effort, a reasonable fee may be charged.

  • We will inform you of any such fees in advance.

  • Exceptions: There may be certain circumstances under which NAPA PAY may deny access to or correct personal information, such as when the information is prohibitively costly to provide, it is legally privileged, part of an ongoing investigation, where it cannot be disclosed for legal, security, or commercial proprietary reasons, or contains references to other individuals, or infringes on another individual’s privacy rights. We will provide the reasons for denying access or correction requests.

  • NAPA PAY is committed to facilitating the exercise of your rights with respect to your personal information, fostering an environment of trust and accountability.

  • DATA RETENTION

  • NAPA PAY is dedicated to managing personal information responsibly and securely. Our Data Retention policy ensures that personal data is kept only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, regulatory, and business requirements.

  • Retention Periods:
  • Customer Information: Retained for the duration of the customer relationship plus a period of seven years to comply with tax and accounting requirements.

  • Transactional Records: Held for a period of seven years to align with financial reporting and auditing standards.

  • Marketing Data: Kept until the user opts out or unsubscribes from our marketing communications, after which it is promptly deleted.

  • Inquiries and Requests: Information related to inquiries or customer service requests is retained for up to two years to ensure satisfactory resolution and follow-up.

  • Review and Deletion:
  • Regular audits are conducted to review the necessity of data retention, ensuring that outdated or unnecessary information is securely disposed of or anonymized.

  • Secure deletion methods are employed to remove personal data from our systems, making recovery impossible.

  • User Rights:
  • Users have the right to request deletion of their personal data, subject to legal and business requirements.

  • NAPA PAY provides clear instructions for users to exercise this right.

  • Legal and Regulatory Compliance:
  • Our retention practices are designed to comply with the PIPEDA, as well as other applicable local, provincial, and international regulations.

  • We stay abreast of changes in data protection laws to ensure our policies are updated accordingly.

  • Security Measures: Throughout the retention period, personal information is protected by comprehensive security measures, including encryption, access controls, and physical security protocols.

  • Policy Transparency: NAPA PAY is committed to transparency regarding our data retention practices. This policy is regularly reviewed and updated to reflect best practices and legal requirements. In addition, it embodies our commitment to protect user privacy while balancing the need to retain data for legal, regulatory, and operational purposes.

  • INTERNATIONAL DATA TRANSFERS
  • Your information may be processed or stored outside Canada, under strict privacy protections.

  • NAPA PAY committed to ensuring the secure and lawful transfer of personal data across the borders.

  • NAPA PAY employs the following, among others, mechanisms and safeguards to protect personal information when it is transferred internationally:
  • Standard Contractual Clauses: legally binding contracts ensuring both parties adhere to privacy standards;

  • Binding Corporate Rules: internal policies adopted by NAPA PAY for transferring personal data within organization across borders, ensuring all entities comply with high-level data protection standards;

  • Adequacy Decisions: reliance on countries deemed by certain regulatory bodies (like the European Commission) to have adequate data protection laws, allowing for data to be transferred without additional safeguards;

  • Privacy Shield Framework: adherence to international frameworks such as the EU-U.S. Privacy Shield (although it is invalidated for EU-U.S. transfers), and similar frameworks or agreements, ensuring protective measures for data transferred internationally;

  • Due Diligence: conducting due diligence on the data protection laws of the receiving country and ensuring that they provide an adequate level of protection;

  • Encryption: implementing encryption during data transfer and requiring data processing agreements that reflect these standards.

  • NAPA PAY adheres to legal frameworks like the EU General Data Protection Regulation (GDPR) for transfers to and from the EU, when applicable, and ensures all international partners meet a standard of data protection that complies with or exceeds Canadian privacy laws.

  • User rights:
  • Right to Be Informed: Users have the right to be informed about the transfer of their personal data to countries or organizations outside of their country of residence, including the identification of those countries and the rationale for such transfers.

  • Right to Object: Users may object to the transfer of their personal data to a third country or international organization, especially in cases where the country does not ensure an adequate level of data protection.

  • Right to Access Safeguards: Users are entitled to request a copy of or a reference to the safeguards under which their data is transferred internationally. This ensures transparency and allows users to assess the protection measures in place.

  • Right to Withdraw Consent: If the transfer is based on user consent, users have the right to withdraw their consent at any time. The withdrawal of consent should not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Legal Recourse: Users have the right to legal recourse in cases where they believe their data has been transferred internationally in violation of data protection laws, allowing them to seek enforcement of their rights or damages for breaches.

  • Our goal is to assure users of the continuous protection of their privacy and personal information, regardless of where the data is processed or stored.

  • COMPLAINTS
  • NAPA PAY is committed to maintaining high standards of service and data privacy. Should you have any complaints or inquiries regarding our handling of personal information or privacy practices, we encourage you to contact our Privacy Officer.

  • We commit to respond to any inquiry at earliest time possible, but within generally accepted thirty-days period. However, there may be times when longer processing may be required, especially when investigating complaints. We will keep you informed as your matter progresses regularly.

  • We take all feedback seriously and promise a timely and thorough investigation into your concern. Our process ensures:
  • Acknowledgment of Receipt: We will acknowledge receipt of your compliant promptly;

  • Investigation: Your complaint will be investigated by the appropriate team or individual within NAPA PAY;

  • Resolution: We aim to resolve all complaints in a timely manner, informing you of the outcome and any actions taken;

  • Escalation: If you are not satisfied with the resolution, you have the right to escalate the matter further within our organization or to a relevant data protection authority.

  • This process is designed to ensure transparency, accountability, and the protection of your privacy rights.

  • CHANGES  TO THE PRIVACY POLICY
  • NAPA PAY reserves the right to update this Privacy Policy to reflect changes in our data management practices, legal landscape, or service offerings.

  • We are committed to transparency and will notify users of any significant modifications through our website or direct communication.

  • Users are encouraged to review the policy periodically to stay informed.

  • Changes will become effective once posted, and continued use of our services after such updates constitutes acceptance of the new terms.

  • This section emphasizes our commitment to maintaining up-to-date privacy practices and keeping users informed of their rights and our responsibilities.

  • CONTACT INFORMATION
  • For any inquiries or concerns regarding our Privacy Policy, the handling of personal data, or your privacy rights, NAPA PAY encourages users to reach out to us.

  • We are committed to addressing and resolving any issues promptly and transparently.

  • Contact details are provided on our website, including email addresses and a phone number dedicated to privacy matters. By providing clear and direct lines of communication, we ensure that users can easily seek information, clarification, or report privacy-related issues.
Cookies Preferences

We use cookies on our website. Some of them are essential, while others help us to improve this website and your experience.

We won’t be collecting any non-essential cookies from now on. Make sure you’ve cleared existing cookies in your browser setting.

Cookies Preferences

We use cookies on our website. Some of them are essential, while others help us to improve this website and your experience.

Essential (1)
Essential cookies enable basic functions and are necessary for the website to function properly.
name
Cookie
Provider
Owner of this website
Saves the visitors preferences selected in the Cookie
Cookie by Google used to control advanced script and event handling.
Cookie Name
cookie
Cookie Expiry
1 Years
Statistics (1)
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
accept
name
Google Tag Manager
Provider
Google LLC
Purpose
Cookie by Google used to control advanced script and event handling.
Provacy Policy
https://policies.google.com/privacy?hl=en
Cookie Name
_ga,_gat,_gid
Cookie Expiry
2 Years