• The personally identifiable information Arctic Nunavut collects and how it is used.

• With whom Arctic Nunavut may share information.

• The types of security procedures that are in place to protect against the loss, misuse, or alteration of information under Arctic Nunavut’s control.

• The options available to users regarding collection, use, and distribution of the information.

• How users can correct any inaccuracies in their information.

• Order Checkout and Customer Account Setup
  We request information from the user on our order form (checkout), and in the new customer setup page.  Here, a user must provide contact information (like name and shipping address).  This information is used for billing purposes and to fill customer's orders.  If we have trouble processing an order, the contact information is used to get in touch with the user.
  
  Customer account information is retained by our system to provide our customers with faster service the next time they log in. It also allows an Arctic Nunavut employee to quickly find any information they need regarding a customer or an order so we can provide fast and reliable customer service. The information is kept confidential and secure, and is only accessible by the customer, or an employee of Arctic Nunavut that has been granted system access for the purpose of handling online orders.  All Web pages involving private customer information, including our back store Web page, are secured using 128-bit SSL encryption. See below under "Sharing and Disclosure" for more information about SSL security encryption.
  
  
• Session Cookies
  A cookie is a piece of data stored on the user’s computer containing information about the user. A session cookie, unlike any other cookie, only stores an ID number on the user's computer that is linked to information stored on the server when a user is connected. This information might be the items in your shopping cart, your user name and password, and other information that is needed to keep track of what you do while you are connected to our site. The cookie itself contains no personally identifiable information and is only linked to personally identifiable information on our server during an individual login session. The session cookie's id number is hidden during all transactions between the user and the server, and a secure connection is also used for those transactions. Each user connected is assigned a unique session cookie that only they can access. This makes it impossible for an external entity to gain access to the personally identifiable information through use of the session cookie. The session cookie only lasts as long as the user is viewing our site. Upon logging out or closing your web browser, the session cookie is removed.
   
• Log Files
  Like most standard Web site servers we use log files to track user information.  This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks.  This information is used to analyze trends, administer the site, track user movements in the aggregate, and gather broad demographic information for aggregate use.  The information collected, including the IP address, is not linked to personally identifiable information.
   
• Alternate Methods of Collection
  For users who are particularly concerned about Internet security, we offer an alternative to placing an order using our secure online checkout.  Orders can be placed by phone or fax, and this contact information is provided on the order form as well as on the contact page of our Web site.
  
  In addition, we do not collect credit card information using our website at this time. Credit cards must be provided over the telephone or by fax. Credit card information is retained in our daily sales records only, and are only referred to if we receive a request for signature confirmation from the credit card company. Card numbers are not kept on file, and must be provided every time an order is placed even for repeat customers.

• Sharing
  The checkout on our Web site stores users' personal information, including names, addresses, contact information, and credit card numbers on the servers of our Web site host, clic.net.  This information is held on a secure server so it can then be retrieved for processing by a Arctic Nunavut representative.  clic.net does not have access to this information without our express permission wherein we believe it is absolutely necessary for them to have access to our account in order to provide technical support.  The Security section below outlines how the transmission of your information is protected.
  
  Our users' names and addresses are shared with Canada Post for the purpose of delivering orders.  The use of users' personally identifiable information by these shipping agents is governed by their individual privacy policies.  See www.canadapost.ca for more information on Canada Post's privacy practices.
  
  Our Web site developer, Kellett Communications, provides our hosting service and security, and owns the physical Web server.  Their web develoment team therefore has access at all times to our site and database files so they can provide development and maintenance services.  Kellett has assisted us in developing our security and privacy practices, and will do everything in their power to ensure that our client's confidential information is kept safe. Kellett staff members are legally bound by a confidentiality agreement that applies to all projects and clients they are involved with.
  
  In cases where we believe that financial information provided by a customer is fraudulent, we may release the information to an appropriate law enforcement agency.  Such an agency's privacy policy may be unknown to us, but we believe the information will be kept confidential and only used for the purpose of investigating fraudulent actions.
  
  
• Links
  This web site contains links to other sites.  Please be aware that Arctic Nunavut is not responsible for the privacy practices of such other sites.  We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information.  This privacy statement applies solely to information collected by this Web site.
   
• Third Party Intermediaries
  For added security, any user may request the use of a third party intermediary known as an “escrow” service to handle the financial transaction where the value of the transaction is significantly high (in excess of $5,000 CAD).  An escrow service operates by taking the user’s payment without releasing any financial information (including credit card number and expiry date) to Arctic Nunavut.  The user’s payment is then held until the user confirms receipt of their order, at which time the escrow service releases the payment to Arctic Nunavut.  For more information visit www.escrow.com.
   
• Business Transitions
  In the event that Arctic Nunavut goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users’ personal information will, in most instances, be part of the assets transferred.  Users will be notified via prominent notice on our Web site for 30 days prior to a change of ownership or control of their personal information.  If, as a result of the business transition, the users’ personally identifiable information will be used in a manner different from that stated at the time of collection, they will be given a choice consistent with our notification of changes section.
   
• Security
  Our Web site takes every precaution to protect our users’ information.  When users submit sensitive information via the Web site, their information is protected both online and off-line.
  
  When our order checkout asks users to enter sensitive information (such as credit card number), it is protected during transmission with 256-bit SSL encryption, the best encryption software in the industry. The security certificate information can be viewed by clicking the locked icon that appears in your browser, or selecting the appropriate menu option in your Web browser.  All areas of the site that involve personally identifiable information, including our back-store area, make use of SSL encryption to ensure our customers information is kept safe at every level.
  
  The information that is collected and stored on our server can only be accessed through a secure user interface requiring a user name and password, or via web development tools only accessible by Kellett Communications.  Access information (user id's and passwords) is restricted only to Arctic Nunavut employees involved in handling web site orders, and the Kellett development team.
  
  While we use SSL encryption and user access restrictions to protect sensitive information online, we also do everything in our power to protect user-information off-line.  All of our users’ information, not just the sensitive information mentioned above, is restricted Arctic Nunavut's offices.  Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. At year end, all records are stored in a locked storage room and rarely referred to again. Credit card information is always destroyed.
  
  The physical server (owned by Kellett Communications) that our web site files and customer database are stored on is located in the secure server room at SSI Micro in Yellowknife, Northwest Territories.  SSI Micro manages a number of servers, including their own web servers and servers owned by their clients.  Considering the value of the hardware and the critical information that is stored on it, security is a paramount concern at SSI Micro.  The server room is physically secure and kept locked at all times.  Only SSI Micro employees authorized for server maintenance are granted physical access to this room.  SSI Micro is granted remote software access to the Kellett server only when required for server maintenance.  Kellett only grants permission for SSI Micro to access the areas of the server required for maintenance duties.  These duties do not involve the Web site or database files for Kellett clients.  Their job is only to ensure that the Kellett server is kept secure and running smoothly at all times, has sufficient power backup, and a reliable connection to the Internet.
  
  All employees of Arctic Nunavut and any third parties with access to the information on the server are kept up-to-date on our security and privacy practices.  Any time new policies are added or changed, our employees and partners are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.
  
  If you have any questions about the security at our Web site, please feel free to Contact Us .

We will not normally have any reason to contact any third parties regarding users’ personally identifiable information.  However, if we have sufficient reason to believe that financial information (such as credit card number and expiry date) submitted by a user may be false, we reserve the right to contact the credit card company to verify the ownership of the account number provided by the user.
 

• Correcting/Updating/Deleting/Deactivating Personal Information
  If a user’s personally identifiable information changes before we have finished processing an order, or if a user decides to cancel their order or make changes to the shipping address or credit card information, this can be done by contacting our Customer Service department by email, phone, or fax.  Contact information is provided on the Contact Page of our Web site.  When we receive a request to cancel an order, the order will be deleted from our electronic online database, and any documents and computer records pertaining to the order containing the user’s personally identifiable information will also be destroyed.  Information from previous orders will be retained unless the user requests that we destroy it.  Email correspondence will always be retained for future reference.
   
• Notification of Changes
  A notice will be placed on most pages of our Web site if we make any changes to this policy.  We like to ensure that our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.  If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email.  Users will have a choice as to whether or not we use their information in this different manner.  Otherwise we will always use information in accordance with the Privacy Policy under which the information was collected.

• Customer Service
  We communicate with users on a regular basis to provide requested services and in regards to issues relating to their order.  We reply via email or phone in accordance with the users wishes.