SecureKey Concierge is a service designed to allow the end user to authenticate themselves on certain websites of the Government of Canada (the “Relying Parties”), using credentials they have been provided by their financial institution or other Sign-In Partners. SecureKey Concierge is managed by SecureKey Technologies Inc. (“SecureKey”, “us”, or “we”).

SecureKey is committed to respecting and valuing your privacy and security. The information below in this Privacy Notice constitutes a summary of the privacy practices that apply to your use of the SecureKey Concierge. By using SecureKey Concierge, you agree and consent to our use of information in accordance with this Privacy Notice.

If you do not wish to use SecureKey Concierge, the Relying Parties’ online services do allow you to use alternative government credentials, as well as provide options to access such services by phone, fax, mail, or in person. For further details, contact the Relying Party.

The End User Information We Collect

We do not collect or use your personally identifying information in the operation of SecureKey Concierge. This is achieved through the use of anonymous authentication requests and anonymous identifiers in the authentication responses. The personal information you provide to your Sign-In Partner is not collected by us, it is provided by you to your Sign-In Partner pursuant to their privacy policy, and is not provided by them to us. In addition, the personal information you provide to the Relying Parties to use their services is not provided to us.

In addition to the anonymous identifiers, the following information relating to end users is generated and used in the operation of SecureKey Concierge (“End User Information”):

  • An anonymous session identifier (contained in a session cookie);
  • The end user’s language preference (contained in a session cookie);
  • The end user’s Internet Protocol (IP) address.

Details as to how we use this information are listed below.

 

How We Use End User Information

We use your End User information to provide you with the SecureKey Concierge service. This includes providing this information to the Sign-In Partners and the Relying Parties to the extent required to provide you with the service.

SecureKey Concierge uses session cookies. Session cookies are only active for the duration of the session, and contain a session identifier, but no personally identifiable information. The session cookie will be automatically deleted by your browser when the cookie expires. If you want to use SecureKey Concierge, your browser must accept cookies.

SecureKey Concierge monitors network traffic to identify unauthorized authentication requests or otherwise protect SecureKey Concierge from damage (for example from virus attacks). This includes identifying the IP address of the computer that has contacted our web sites, the date and time of the visit and information about the request made. SecureKey will not use this Information for marketing purposes.

Our Disclosure of End User Information

We only disclose End User Information to Sign-In Partners and Relying Parties, and only in connection with the ordinary operation of SecureKey Concierge. In addition, if we cease to act as the manager of SecureKey Concierge, the Relying Parties have the right to receive from us or to cause us to deliver to a replacement service manager the End User Information of their end users, so that end users can continue to receive services.

We may disclose End User Information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (c) as otherwise required under any applicable law, rule, or regulation, and (d) in good faith, to protect or defend our rights or property or those of other persons.

Finally, if we sell our business or the part thereof that operates SecureKey Concierge, we will transfer to the purchaser our copy of the End User Information, so that the purchaser can continue to operate the service.

If you require clarification about this statement, please contact our Privacy Office by email at cpo@nullsecurekey.com, by phone at 416-477-5625, or in writing to SecureKey Privacy Office, 4101 Yonge Street,
Suite 501, Toronto, Ontario M2P 1N6. SecureKey’s general Privacy Policy can be obtained by visiting SecureKey’s website (www.securekey.com).

For more information on privacy issues and PIPEDA in general, please consult the Department of Justice / PIPEDA website, or call 1-800-O-Canada (1-800-622-6232).

Each Relying Party and Credential Service Provider has their own Privacy Policy. For more information please refer to the specific RP or CSP website.