The privacy and security of personal information is very important to Buckingham Security Services (the “Company”). It is the Company’s policy to protect and respect the privacy of personal information in accordance with the applicable privacy laws. The Privacy Policy explains the Company’s privacy and security practices with respect to all personal information in the possession and control of the Company, and may be supplemented by specific policies, procedures, and practices.

Note to Residents of the European Union: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for European users, the Privacy Policy outlines the legal basis on which we process your personal data (also referred to as personal information herein) and provides other information required by the GDPR. We process personal data when we have a lawful basis to do so in accordance with the GDPR. Where possible, this means that we process personal data only where we have consent, where necessary to provide you with information or services, or where necessary to comply with our legal obligations. We may also process personal data where otherwise allowed by the GDPR for the purposes outlines in this Privacy Policy (for example, to communicate with you and to respond to your requests). Please see below for further information.

Why does the company collect personal information?

The Company may collect personal information for the following purposes:

• To administer, plan, and manage the relationship with individuals and to communicate with individuals;

• To provide individuals with requested information and/or services;

• To better understand how the Company may improve its services, to develop and conduct its business and operations, and for other internal business purposes;

• To provide individuals with information on current and future services or other developments with respect to the Company and its affiliates and partners (in accordance with Canada’s Anti- Spam Legislation – see below); and

• To comply with applicable legal and regulatory requirements or to protect the Company’s legal rights and property; (collectively, the “Authorized Purposes”).

The type of information that the Company may collect from individuals includes, for example, name, email address, address, phone number, and other information individuals choose to provide or which are relevant to the Company’s services.

The Company may collect personal information for other purposes where it has a legal duty or right to do so or where the Company has a good faith belief that it is necessary to protect the property or fight to the Company.

The Company does not collect personal information for any other purposes, unless it has the consent of the individual to whom it relates.

How does the company collect personal information?

Where possible, the Company collects personal information about an individual with the individual’s knowledge and consent. Generally, this means that the Company collects personal information directly from the individual to whom it relates, whether vis the Company’s website, e-mail, telephone, fax, or in person. Occasionally, the Company may collect personal information from third party sources or without the knowledge and consent of the individual where authorized by law. For example, in many cases an investigation would be compromised by obtaining the knowledge and consent of individuals, and privacy laws permit the reasonable collection of personal information without the knowledge and consent of individuals in such cases.

Visitors to the Company’s website should also be aware the anonymous technical information may be collected by the Company as a result of a visit to the Company’s website. For example, this information may include the visitor’s IP address, browser type, operating system, domain name, access times and referring website addresses. The Company uses this anonymous technical information for purposes such as diagnosing problems with the Company’s servers, improving the operation and content of the Company’s website and compiling aggregate and statistical information.

The Company will not attempt to link or match such anonymous technical information with any personally-identifiable information unless the Company has an individual’s consent, the Company (or its service providers) have detected or reasonably suspect any unlawful use of the Company’s services or a security breach, or the Company has a legal duty or right to do so.

The Company may use “cookies” on its website. “Cookies” are small text files placed on computers that can collect and store a variety of information. Permanent cookies are stored indefinitely on a user’s hard drive unless manually deleted, while temporary cookies are automatically deleted from the user’s browser upon logging out of a website. Web browsers typically allow users to disable permanent and/or temporary cookies.

Please note that the Company uses Google Analytics. There is more information about how Google collects, uses, and processes data here.

When does the company use or disclose personal information?

The Company only uses and discloses personal information as reasonably required to facilitate the Authorized Purposes listed able.

In some cases, the Company may share personal information with third party service providers performing functions on the Company’s behalf, including, for example, vendors that provide information technology services or provide analytics or assessment services.

The Company does not otherwise use or disclose personal information unless the Company has an individual’s consent, the Company has a good faith belief that disclosure of the information is necessary to protect the rights or property of Company, or the Company has a legal duty or right to do so.

The Company does not rent, sell or trade customer lists or other personal information.

Consent – is there a choice?

Individuals provide their consent to the collection, use, and disclosure of personal information by the Company when they provide their information to the Company or use its services.

Individuals can deny or withdraw their consent to the Company’s collection, use and disclosure of their personal information at any time upon reasonable notice, subject to any legal or contractual requirements. However, if consent is denied or withdrawn, the Company may not be able to provide certain services.

The Company and its affiliates may use personal information to inform individuals of current and/or new services or other developments that the Company or its affiliates or partners believe will be of interest to individuals in accordance with Canada’s Anti-Spam Legislation. Such communications may be made by way of telephone, text message, direct messaging, e-mail, fax or regular mail. Individuals provide their
consent to the Company and its affiliates and partners contacting them in this manner when they use the Company’s services. Individuals may opt-out of receiving such communications by contacting the Company at the address below.

How does the company protect the security of personal information?

The Company has in place reasonable policies, procedures and safeguards (including physical, technological and organizational measures) designed to protect the security of personal information under its control.

The protection of personal information is of paramount concern to the Company, and the Company is prepared to take appropriate and timely steps in the event of any incidents involving personal information in accordance with applicable privacy laws.

The Company makes every reasonable effort to ensure that personal information is accurate and complete. This may involve requesting further information or updates from individuals. The Company relies on individuals to notify the Company if there is a change to their personal information that may affect their relationship with the Company.

The Company retains personal information only as long as is reasonable to fulfill the purposes for which the information was collected, or for legal or business purposes.

Does the company provide access to personal information?

The Company will provide individuals with access to the personal information the Company holds about them in accordance with applicable laws. The Company reserves the right to require that any request for access to personal information be made in writing. Generally, there is no cost for such access. However, the Company reserves the right to charge such costs on a case by case basis in accordance with applicable laws. The individual will be notified in advance if charges apply.

The Company will correct or amend the personal information in its files where it can be shown that the information is incorrect or incomplete.

Storage and Processing

The Company will store the personal information on its internal servers and/or with its services providers.

The Company’s service providers may store and/or process personal information outside of Canada (including in the United States of America). When information is stored or processed outside of Canada, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions. The Company has taken appropriate technical, organizational, and legal steps to secure this information.

GDPR Information

The GDPR sets out obligations and rights with respect to the personal data of residents of the European Union. The Company is committed to ensuring that it complies with the requirements of the GDPR. As such, this section outlines additional information relevant to residents of the European Union only. Please see the remainder of the Company’s Privacy Policy for more information on our privacy practices.

Your Rights Relating to Your Personal Data

Subject to some exceptions, the GDPR provides you with the following rights:

1. Right of access: You have the right to information about whether and why we process your personal data and related information (for example, what personal data we are processing).

2. Right of rectification: You have the right to correct any inaccurate or incomplete personal data that we hold about you.

3. Right to erasure: You have the right to ask us to delete personal data that we hold about you.

4. Right to restrict or object to processing: You have the right to ask us to limit or stop our processing of your personal data in certain cases (for example, if the personal data we are processing about you is inaccurate or is for direct marketing purposes).

5. Right to data portability: You have the right to ask us for a copy of personal data we hold about you and to transfer such data to another entity.

6. Right to complain: We encourage you to contact us at the contact information below if you have any questions or concern with our personal data practices. However, you also have the right to complain to regulatory authorities in your jurisdiction. Please contact us at the contact information below if you need information about the appropriate authority.

You may exercise these rights or find out more about these rights by contacting the Company at the contact information listed below.

Retention and Storage of Personal Data

The Company is based in Canada and processes personal data in Canada. The European Commission recognizes Canada as providing an adequate level of protection for personal data. The Company’s service providers may process your personal information outside of Canada (such as in the United States of America). When your information is processed outside of the European Union, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions. The Company has taken appropriate technical, organizational, and legal steps to secure this information.

Contact the Company

For further information about the Company’s privacy practices, to make a request for access to personal information to exercise any other rights outlines above, please contact the Company’s Privacy Officer at privacy@buckinghamsecurity.com.

The foregoing policy is effective as of December 1, 2020. The Company reserves the right to change this policy at any time in accordance with applicable laws – please check our website for updates to this policy.