COVARITY

You are here: Home / Covarity Official Privacy Policy

Covarity Official Privacy Policy

Covarity Inc. (“Covarity”) has always been committed to safeguarding the accuracy, confidentiality, privacy, and security of its clients’ personal and financial information. As part of this commitment, Covarity has established a comprehensive privacy policy that governs all aspects of the company’s operations as they relate to the use of client information. This policy is based on the Model Policy for the Protection of Personal Information published by the Canadian Standards Association, as well as on the principles set out in the Personal Information Protection and Electronic Documents Act, which became effective on January 1, 2001.

The ten principles of privacy are:

  • Accountability
  • Identifying the purposes for client personal information collection
  • Client consent
  • Permission-based Email Marketing
  • Limitations regarding collection of client personal information
  • Limitations regarding use, disclosure and retention of client personal information
  • Accuracy
  • Safeguarding client personal information
  • Openness: Client access to standards and procedures
  • Client access to their personal information
  • Handling client complaints and suggestions
  • The following sections describe Covarity’s approach to each of these principles.

1. Accountability
Covarity has appointed a Chief Security Officer with responsibility for all privacy and security matters, including ensuring compliance with this policy. Clients may contact Covarity’s Chief Security Officer directly at security@covarity.com. The company does not currently contract any third parties for data processing purposes, but in the event that Covarity were to do so, responsibility for protecting the privacy of client personal information would remain with Covarity.

2. Identifying client personal information collection purposes
Covarity offers a service that allows clients to upload financial information electronically to their financial institutions for the purposes of ongoing commercial loan maintenance. Covarity collects certain personal information from clients who use the Covarity service. Covarity collects only the client personal information required to provide the service the company offers, and uses client personal information only for the provision of the service.

Covarity currently collects the following client personal information directly from clients or their financial institutions (not all information listed may be collected for each client):

  • Client name, business name, mailing address, phone and fax numbers, and email address
  • Client business financial statements, including balance sheet, income statement, accounts receivable, accounts payable, and inventory

Covarity may also collect certain technical information from clients who use the company’s service, such as a client’s internet address and service usage patterns. Covarity collects this information to help diagnose technical problems with the service, and to continually improve the quality the service. This information is retained in aggregate and anonymously. Covarity does not sell, transfer, or in any way distribute this technical information to any third party.

3. Client consent
Covarity only collects personal information provided directly by clients or their financial institutions, as well as limited technical information used to help diagnose problems with the company’s service and to improve the quality of the service.

When a client is initially set up on the Covarity service, the client’s financial institution inputs the client’s name and contact information into the service. Clients themselves or their financial institutions may subsequently change that information in the service; Covarity does not alter client personal information unless specifically requested to do so by either a client or a client’s financial institution. Client financial data is uploaded electronically to the Covarity service by clients themselves.

Clients may withdraw consent to the use of personal information in accordance with the terms contained in this policy by either contacting their financial institution or by notifying Covarity directly at security@covarity.com.

4. Limitations regarding collection of client personal information
Covarity collects only the client personal information required to provide the service the company offers. Covarity only collects personal information directly from clients or their financial institutions.

5. Limitations regarding use, disclosure and retention of client personal information
Covarity uses client personal information only for the provision of the company’s service. Covarity will not distribute client personal information in any way to third parties, except in the possible case where the company has retained the services of a third party for data processing purposes. Covarity does not currently contract any third parties for data processing purposes, but in the event that the company was to do so, responsibility for protecting the privacy of client information would remain with Covarity.

Covarity retains client personal information for the period of time necessary to conduct the business for which it was disclosed to Covarity, or as required by law. Covarity shall expunge or make anonymous, as the company chooses, client personal information, upon receiving notice to this effect from a client or his/her financial institution, unless Covarity is legally required by court order or other official decree to maintain the personal information.

6. Accuracy
Covarity only collects personal information directly from clients or their financial institutions, as well as limited technical information used to help diagnose problems with the company’s service and to improve the quality of the service. Covarity does not alter client personal information unless specifically requested to do so either by a client or a client’s financial institution. In order to help ensure the accuracy of personal information, Covarity provides clients with ready access to their personal information on-line through the company’s service. Clients may verify, update, remove, or otherwise alter their personal information.

7. Safeguarding client personal information
In order to ensure the safeguarding of client personal information, Covarity has established a comprehensive security policy that governs all aspects of the company’s operations. This policy is based on industry-standard best practises, is overseen by the highest levels of Covarity management, and is regularly updated to reflect emerging security trends and threats.

At the heart of this security policy is a strict data classification schema which prescribes information handling procedures and which ranks client personal information as the most critically sensitive information in the company’s possession. Client personal information:

  • Must not be stored on employees’ workstations or other computing or storage devices client personal information must only be stored on Covarity’s live production environment, which is physically isolated from other company networks, and which is carefully protected by firewalls and other industry-standard security measures
  • Must not be printed on paper
  • Must not be sent via unencrypted email or fax
  • Must not be disclosed in voice messages
  • Must only be viewed and discussed by employees authorized to work with client personal information
  • Covarity performs background checks on all employees authorized to work with client personal information, and these employees receive special training in security and privacy matters.

Covarity’s live production environment is hosted by a world-class hosting services provider that provides state-of-the-art physical security. Live data is backed up off-site every 15 minutes. Covarity’s live production environment is protected from intrusion by multiple firewalls, and areas containing client data are not accessible from the Internet. The production environment is architected with load balanced web, application, and database servers to ensure high availability, and Covarity has in place a comprehensive disaster recovery plan to ensure business continuity. All web connections and data and financial statement transmissions to the Covarity service are protected with the strongest available 128-bit SSL encryption technology.

8. Openness: Client access to standards and procedures
Covarity will ensure that this policy is easily accessible to clients. Clients may inquire about any aspect of this policy or its application by contacting Covarity’s Chief Security Officer directly at security@covarity.com. Covarity’s Chief Security Officer will always respond within a reasonable time period, not to exceed 30 days under any circumstance.

9. Client access to their personal information
Clients may access their personal information on-line through the Covarity service. Clients may verify, update, remove, or otherwise alter their personal information.

10. Handling client complaints and suggestions
Clients may inquire about any aspect of this policy or its application by contacting Covarity’s Chief Security Officer directly at security@covarity.com. Covarity’s Chief Security Officer will always respond within a reasonable time period, not to exceed 30 days under any circumstance.