Privacy policy

We, our employees, and sub-contractors take responsibility for Personal Information in accordance with ORCHESTRO’s policies and standards. ORCHESTRO trains its employees with respect to its privacy policies and practices. ORCHESTRO’s Privacy Officer is responsible for defining the requirements of this policy and ensuring compliance with its provisions. The Information Security Officer is responsible for implementing and maintaining appropriate controls and measures to enable compliance and the security of your Personal Information. If you have any question regarding this Policy or our compliance with this, please communicate with: service.admin@orchestro.ca All third parties, whether or not they are located in Canada, are required to protect the confidentiality of your Personal information in a manner that is consistent with our privacy policy and practices.

We are liable for Personal Information We process and for Personal Information We provide to sub-contractors for processing or custody. Accordingly, contractual obligations are used to provide a comparable level of protection to Personal Information that has been transferred to a contractor to be processed. ORCHESTRO’s liability for a third party’s performance of its obligations is set forth in each agreement We sign with our Customers, and We assume liability for the performance of the services and obligations subcontracted to such contractors.

Our Services also involve the transfer of data to third parties (for example, financial institutions, tax agencies, insurance company) as instructed by Customers (usually employers who are our clients and with whom you have an agreement). In these cases, ORCHESTRO does not have a direct relationship with the third party and is not liable for the processing of data in their possession. These third parties have their own independent obligations with respect to the data, usually by operation of law or through contracts with employers.

ORCHESTRO does not collect data indiscriminately; We only collect Personal Information that is necessary to provide our Services and to comply with applicable laws and regulations. Our Services can be used by a variety of industries in connection with their administrative functions, payroll, services, products, and activities, so a broad range of information about you may be uploaded to or sent through our Services through indirect sources (i.e. not provided by you directly) such as employers or benefit providers. Without information about you, we may not be able to provide the Services or the support for Services that you, your employer, benefit provider, or our Customers (third parties with whom you have an agreement) request.

Our Services are not targeted or directed at children under the age of 13 and we do not allow the creation of an Account for them. Personal information about children under the age of 13 is only collected and stored when it is provided by, and therefore with the consent of, the legal guardian and such information is only used for the purposes of providing our Services.

We may use information about you to provide, maintain, and improve our Services, such as:

Processing or recording transactions including those related to your employees, employment, or health plans;

Transferring data to third parties designated by Customers (such as banks, the Canada Revenue Agency, and benefit providers) as part of the Services provided to employers;

Displaying historical transaction or usage information;

Developing new Services;

Delivering the information and support you request, including technical notices, security alerts, and support and administrative messages;

Preparing and distributing communications, conducting surveys, collecting feedback about our Services and responding to inquiries;

Improving, personalizing, and facilitating your use of our Services including measuring, customizing, and enhancing our Services, including the design, content, and functionality of our applications and websites, or to track and analyze trends and usage in connection with our Services.

We may use information about you:

To protect our rights or property, or the security or integrity of our Services;

To enforce our Terms of Use or other applicable agreements or policies;

To verify your identity (for example, some of the government-issued identification numbers we collect are used for this purpose);

To investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities;

To protect Us, users of our Services or the public from harm or potentially prohibited or illegal activities;

To comply with any applicable law, regulation, legal process, or governmental request;

With our subsidiaries, group companies, contractors and other affiliates, for the purposes outlined in this policy;

In connection with, or during the negotiation of, any merger, sale, transfer or acquisition of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;

With third parties to provide, maintain, and improve our Services, including your employer, health plan and other benefit providers, financial institutions and service providers who access information about you to perform services on our behalf (for example, fraud prevention, identity verification, and fee collection services);

With other users or Customers of our Services with whom you interact through your own use of our Services. For example, we may share information when you make or receive a payment using our Services, file/update leave of absence requests using our Services, or file/maintain health plan claims using our Services;

With your consent;

For any other purpose disclosed to you in connection with our Services.

When required to provide information in response to a legal enquiry, ORCHESTRO exercises reasonable caution to ensure that the order or request is valid and only legally required Personal Information is disclosed. If ORCHESTRO has knowledge that a third party uses or discloses Personal Information in an unapproved manner, ORCHESTRO takes reasonable steps to prevent or stop the use or disclosure.

We also may share aggregated information with third parties that does not specifically identify you or any individual user of our Services.

We may, and we may use third-party service providers to, process and store your information in Canada. If We transfer Personal Information outside a local jurisdiction We do it only with adequate protections in place and in compliance with applicable laws.

We take reasonable measures, including administrative, technical, and physical safeguards, using recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information to protect Personal Information from loss, theft, misuse, and unauthorized access, disclosure, modification, and destruction. We hold information about you at our premises and with the assistance of third-party service providers. We restrict access to personal information to those ORCHESTRO employees, contractors, and agents who need to know that information in order to transmit, store, or process it, who are subject to contractual confidentiality obligations consistent with this Privacy Policy. Our third-party service providers store and transmit Personal Information in compliance with adequate confidentiality and security measures in compliance with applicable laws to protect your Personal Information.

Nonetheless, ORCHESTRO cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your Personal Information for improper purposes. In the event that any information in our possession or under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those Customers and Individuals whose information may have been compromised and take other steps in accordance with applicable laws or regulations.

For more information about our security practices, please visit https://orchestro.ca/

ORCHESTRO retains Personal Information about you only as long as reasonably necessary to provide you and/or our Customers the Services or as legally required. When Personal Information is no longer necessary or relevant for the identified purpose or to fulfil a legal or business requirement, it shall be securely destroyed by making it anonymous in a non-recoverable manner or by electronically erasing it.

In delivering Services, ORCHESTRO relies on Customers and employees to supply ORCHESTRO with accurate, complete and up-to-date information that is relevant to ORCHESTRO’s delivery of the Services. Individuals are asked to review their records on a regular basis and make the appropriate updates or notify their employer or the third party with whom they have an agreement (our Customer) of errors promptly. We make reasonable efforts to maintain the integrity of the data within Our products as necessary to fulfill the purposes for which the information is to be used. Where We collect information outside of service delivery, We make reasonable efforts to keep Personal Information as accurate, complete and up-to-date as is necessary to fulfill the purposes for which the information is to be used. ORCHESTRO provides a means for Individuals to update or correct the Personal Information We possess as detailed in Sections 8.1 and 8.2 of this Privacy Policy.

ORCHESTRO provides notice as to the purposes for which Personal Information is collected, used, retained, and disclosed. In most cases, Customers are responsible for notification of purpose and for obtaining appropriate consent when they collect Personal Information and Personal Information that is transferred to ORCHESTRO by our Customers to be processed shall be deemed to have been collected with appropriate notification. ORCHESTRO assumes no responsibility for obtaining or validating that appropriate consent has been obtained in respect of data transferred to ORCHESTRO by organization(s)/Customers. In some cases, ORCHESTRO collects Personal Information directly from the Individual, for example, when Individuals visit an ORCHESTRO website, ORCHESTRO application or when Individuals use certain confidential services. In these cases, ORCHESTRO is responsible for obtaining appropriate consent, except where inappropriate or if the collection is required/permitted by law without consent. Where appropriate, ORCHESTRO describes any choices available within the Services to Individuals and obtains appropriate consent. Individuals who seek to vary or withdraw consent that has been obtained by ORCHESTRO directly may do in writing in the manner set out in Section 9 of this policy. Subject to legal or contractual restrictions, ORCHESTRO shall abide by the withdrawal or variation of consent, and shall advise the Individual of the consequences of a change in the scope of consent. In cases where consent has been obtained by the Customer, the individual will be referred to the Customer. Unless required by law, ORCHESTRO shall not use or disclose Personal Information for any purpose other than the purpose for which it was originally collected without first identifying and documenting the new purpose and obtaining the appropriate consent. Once data has been de-identified, aggregated or summarized it shall no longer be considered Personal Information, and Individuals cannot seek to have their information removed from an aggregated data set, nor is consent for further use required.

Personal Information. You may access, change, or correct certain information about you or your family members by logging into your Account at any time, or by contacting your employer (or other appropriate third party), or by making a request to Us as per Section 10 of this policy, in which case we may need to verify your identity and we may need to notify our Customer before granting access or otherwise changing or correcting your information.

Deactivating Your Account. If you wish to deactivate your Account, contact your employer or email us. ORCHESTRO generally retains information about you only as long as reasonably necessary to provide you the Services. However, even after you deactivate your Account, we may retain archived copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Use or other applicable agreements or policies, or to take any other actions consistent with applicable law.

Location Information. We may require location information to provide certain mobile applications, so if you do not consent to the collection of this information you cannot use our corresponding Services. You can stop our collection of location information at any time by changing the preferences on your mobile device but please note that certain aspects of our mobile application and Services may no longer function. Also, you may stop our collection of location information via mobile application by following the standard uninstall process to remove all ORCHESTRO mobile applications from your device.

Cookies. When you access or use the Services, our web server may send a cookie to your computer or mobile device (as the case may be). Some cookies we use last only for the duration of your web or application session and expire when you close your browser or exit the application, other cookies last longer and are used to remember you when you return to use the Services. Some cookies used in the Services are set by Us and others are set by third parties who deliver services on our behalf. Most web and mobile device browsers are set to automatically accept cookies by default. You can change your browser settings to prevent automatic acceptance of cookies or to notify you each time a cookie is set. Please note that by blocking or deleting cookies used in the Services, you may not be able to take full advantage of the Services.

Access. Unless ORCHESTRO is permitted or required by law to prohibit access, We make Personal Information available for review and updating, either directly through the self-service feature in our Services, by directing Individuals to the employer or the Customer with whom the Individual has an agreement, for access, or through an access request made to established contacts within ORCHESTRO. Where applicable, Individuals may contact ORCHESTRO in the manner set out in Section 9 of this policy.