Issue Date: March 21, 2018
ACCOUNTABILITY AND OPENNESS / COMPLIANCE
Arrow is responsible for personal information under our control. We have established policies and procedures to effectively safeguard any confidential personal information that we collect, and to deal with complaints and inquiries. We are committed to maintaining the accuracy, confidentiality and security of your personal information, and we will ensure that you have access to information regarding the policies and procedures that we use to manage your personal information.
INFORMATION YOU PROVIDE AND WE COLLECT
Arrow collects both information which is capable of identifying you as an individual (i.e. “personal information”), and information that is anonymous or aggregated such that it cannot be used to identify you. The types of information we collect include:
User submitted information: we may collect personal information from you when you request information or technical assistance from us, or register for or use the Services. Such information can include your name, mailing address, phone number, email, etc.
Technical and device information: we automatically collect certain non-identifying information from you when you access our Services. This information can include, among other things, IP addresses, the type of browser you are using (e.g., Internet Explorer, Safari, Chrome, etc.), the Services from which your visit originated, the operating system you are using (e.g., Windows 7/8/10, Windows XP, Mac OS, Android, iOS, etc.), the domain name of your Internet service provider (e.g., Shaw, Telus, Verizon, ComCast, etc.), the search terms you use on our Services, data that tracks the specific web pages you visit, and the duration of your visits. We collect such technical and device information for purposes of system administration, to report non-personal aggregate information to others, and to track the use of our Services. It is not our practice to link IP addresses (or other technical or device information) to anything personally identifiable; that is, the visitor’s session will be logged, but the visitor remains anonymous to us. However, we reserve the right to use IP addresses to identify a visitor when we feel it is necessary to enforce compliance with our Services’ rules or to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Services, or other users; or (d) in an emergency to protect the health and safety of our Services’ users or the general public.
Email Communications: If you send us an email with questions or comments, we may use your personally identifiable information to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send non-public personal information, such as passwords, social insurance/security numbers, or bank account information, to us by email. However, aside from our reply to such an email, it is not our standard practice to send you email unless: i) you request a particular service or sign up for a feature that involves email communications, ii) it relates to purchases you have made with us (e.g., product updates, customer support, etc.), iii) we are sending you information about our other products and services, or iv) you consented to being contacted by email for a particular purpose. In certain instances, we may provide you with the option to set your preferences for receiving email communications from us; that is, agree to some communications but not others. You may “opt out” of receiving future commercial email communications from us by clicking the “unsubscribe” link included at the bottom of any commercial emails we send, or as provided below; provided, however, we reserve the right to send you transactional emails such as customer service communications.
We will identify the purposes for which we collect personal information before or at the time we request the information. We will not collect personal information which is not necessary and, except as specified below, will not use or disclose personal information for any purpose other than the purpose(s) for which it was collected without first obtaining your consent. In addition to the purposes set out above (see: Information You Provide and We Collect), the purposes for which we collect personal information include:
- to enable you to access and use the Services;
- to process, track and communicate with you about usage of the Services;
- to establish, maintain and manage business relations with you so that we may provide you with the information, products or services that you request;
- internal business purposes, such as administering or improving the Services;
- to perform internal market research and conduct polls and surveys;
- to obtain feedback regarding the Services;
- to provide users with information and promotional materials regarding Arrow and our products and services;
- to protect us against error, fraud, theft or damage to our business or our property;
- to comply with any legal, accounting and regulatory requirements, including reporting requirements, applicable laws, and any search warrants, subpoenas or court orders; and
- any other reasonable purpose for which you provide consent.
Where personal information that has been collected is to be used for a purpose not previously identified, and for which consent cannot be reasonably implied, the new purpose will be identified and consent obtained prior to the use of that information for the new purpose unless otherwise permitted by law.
DISCLOSURE TO THIRD PARTIES
In the course of providing the Services to you, we may delegate our authority to collect, use or disclose your information to third party subcontractors. Third party subcontractors may include web hosts, payment processors, delivery and logistics providers and social network integrators. If we transfer any personal information to a third party subcontractor, we will provide the subcontractors only with the information needed to perform the subcontracted service, and will use appropriate contractual or other means to provide a comparable level of protection while the information is being used by them.
We may disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena or court order, or based on our good faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena or court order, or to protect our business or assets, users of the Services, or the public.
We may also use and disclose your personal information without your knowledge or consent where necessary in connection with a proposed or completed business transaction, such as a sale of any or all of our business or assets. In each such case, we and the other part(ies) to the transaction or proposed transaction will enter into an agreement limiting the purposes for which the personal information may be used and disclosed, ensuring its protection by means appropriate to the sensitivity of the information, and providing for the return or destruction of the information if the transaction does not proceed, or if the transaction does proceed, to notify you within a reasonable time that your personal information has been disclosed.
We maintain reasonable security safeguards to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive personal information. We use user IDs, passwords and encryption technology, and restrict the employees and contractors who have access to personal information to those having a “need to know” and who are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. When destroying personal information, we delete electronically stored personal information and shred any tangible materials containing personal information. While we will endeavour to destroy all copies of personal information, you acknowledge that deleted information may continue to exist on back-up media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal data may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Therefore, by using the Services and/or communicating electronically with us, you acknowledge and agree to our processing of personal information in this way and agree that we are not responsible for any personal information which is lost, or which is altered, intercepted or stored by a third party without authorization.
ACCURACY / ACCESS
Arrow has a responsibility to ensure that all personal information contained in our records or which is disclosed to third parties for the purposes described above is accurate, complete and up-to-date. You may make a request in writing for access to your personal information. Except as permitted or required by law, we will inform you of your personal information held by us, and provide an account of the use that has been made of the information, as well as identify any third parties to whom the information has been disclosed. You may have reasonable access to your personal information, and if you demonstrate the inaccuracy or incompleteness of personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data, if your personal information changes, or if you wish to have your information removed from our files. All notices and requests should be in writing and sent to the Privacy Officer at the address listed above (see: Accountability and Openness / Compliance).
INTERNATIONAL TRANSFER AND STORAGE OF INFORMATION
You acknowledge and agree that your personal information may be transmitted, transferred, processed, and/or stored outside of your country of residence, and therefore may be available to governmental authorities under lawful orders and laws applicable in such foreign jurisdictions. We will use reasonable means to ensure that your information is protected, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of your country of residence.
THIRD PARTY CONTENT AND LINKS TO OTHER WEBSITES
Arrow Group of Companies (Co)
Attn: Privacy Department