Privacy Policy - Internal Applications

Effective Date: March 13, 2025 | Version: 1.0 | Issued by: Nordik Data Canada Ltd.

This Privacy Policy describes how Nordik Data Canada Ltd. collects, uses, and manages information in connection with its internal software applications and tools. It applies to all employees, contractors, and consultants who access Company systems. This policy is not intended for public-facing products or external customers.

1. Scope

This policy applies to all internal applications, data pipelines, integrations, and administrative tools operated by Nordik Data Canada Ltd. ("Company Applications"). It governs the collection and handling of information generated by or about Users in the course of accessing and using those systems.

2. Information We Collect

In the course of operating Company Applications, Nordik Data Canada Ltd. may collect and process the following categories of information:

  • Access and authentication data — usernames, login timestamps, session identifiers, and IP addresses

  • Usage and activity logs — actions taken within an application, features accessed, queries executed, and records viewed or modified

  • System and device information — browser type, operating system, and device identifiers where relevant to application access

  • Business data — records, files, and information processed through an Application in the course of a User's Authorized Purpose (e.g. financial records, customer data, operational data accessed via third-party integrations)

Nordik Data Canada Ltd. does not collect personal information through Company Applications beyond what is incidental to system access and operational logging.

3. How We Use This Information

Information collected through Company Applications is used solely for the following internal purposes:

  • Authenticating and authorizing User access

  • Monitoring system performance, availability, and reliability

  • Investigating and responding to security incidents or unauthorized access

  • Supporting compliance with applicable legal and regulatory obligations

  • Auditing User activity for operational and governance purposes

  • Troubleshooting errors and improving application functionality

This information is not used for marketing, profiling, or any purpose unrelated to the operation and security of Company systems.

4. Third-Party Integrations

Some Company Applications connect to third-party platforms and services (for example, accounting software, cloud data warehouses, or API providers) in order to perform their intended function. In these cases:

  • Data exchanged with third-party platforms is limited to what is required for the integration's Authorized Purpose

  • Nordik Data Canada Ltd. does not sell or otherwise disclose data to third parties for their independent use

  • Third-party platforms are subject to their own privacy and data handling practices; Users should be aware of the terms governing any platform they access through a Company Application

5. Data Retention

Access logs and usage records are retained for a period reasonably necessary to support security monitoring, compliance obligations, and operational auditing. Business data processed through Company Applications is retained in accordance with the Company's data management policies and any applicable contractual or regulatory requirements.

Upon termination of a User's engagement with the Company, access to Company Applications is revoked and any personal access credentials are deactivated.

6. Data Security

Nordik Data Canada Ltd. implements reasonable technical and organizational measures to protect information processed through Company Applications, including:

  • Access controls and authentication requirements

  • Encrypted transmission of data where applicable

  • Activity logging and anomaly monitoring

  • Restricted access on a need-to-know basis

No system is entirely free from risk. Users are expected to follow all applicable security policies and to report any suspected breach or vulnerability to info@nordikdata.ca promptly.

7. No Expectation of Privacy

Users of Company Applications have no expectation of privacy with respect to their activity on Company systems. Nordik Data Canada Ltd. reserves the right to monitor, access, review, and audit any information transmitted, stored, or processed through Company Applications for legitimate business, security, and compliance purposes, in accordance with applicable law.

8. User Responsibilities

Users are responsible for:

  • Accessing only the data required for their Authorized Purpose

  • Maintaining the confidentiality of their access credentials

  • Not storing Company Data on personal devices or unauthorized systems

  • Reporting any suspected unauthorized access or data incident to info@nordikdata.ca

9. Applicable Law

This policy is governed by the laws of the Province of Nova Scotia and the federal laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy legislation. Nordik Data Canada Ltd. is committed to handling personal information in compliance with applicable Canadian privacy law.

10. Amendments

Nordik Data Canada Ltd. reserves the right to update this policy at any time to reflect changes in operations, technology, or legal requirements. Users will be notified of material changes, and continued use of Company Applications following such notice constitutes acceptance of the revised policy.

11. Contact

For questions or concerns regarding this Privacy Policy, contact:

Nordik Data Canada Ltd. Nova Scotia, Canada info@nordikdata.ca nordikdata.ca