Skip to main content

    Privacy Policy

     

    Digital Security Operations Services (DSOS)

    As part of the DSOS, your personal data is collected and processed by Securitas Intelligent Services AB (located in Sweden, reg no. 556655-4670), together with Data Privacy Officer (located in Canada) hereafter collectively referred to as “Securitas”.

     

    1.              Scope of the Privacy Notice

    Securitas values privacy and is therefore committed to protect the personal data of all its employees with the greatest possible care, and to process personal data only in a fair and lawful manner. This Privacy Notice is applicable to Securitas employees for the personal data collected and processed by Securitas within the DSOS.

    This Privacy Notice contains essential information on what types of personal information Securitas, as data controller collects, how Securitas uses that personal information, for what purposes, who Securitas shares it with, how Securitas protects that information, and your statutory rights in relation to your personal information.

    As the DSOS involves monitoring end user devices in the workplace (such as your work phone or computer), it is important you familiarize yourself with this privacy notice, and the DSOS information pack (soon to come) to ensure you understand the scope of this activity, what Securitas can see and what we can’t. If you require more information on the information pack please contact our Data Privacy Officer at privacy.officer@securitas.ca

     

    2.           Description of the DSOS

    The DSOS is a cyber security & incident response service, supported by a Global Cyber Emergency Response Team (the CERT team), which monitors the end-user IT environment and Securitas’ network for e.g. vulnerabilities, threats and malicious behaviour to ensure its compliance with corporate privacy & security policies. In addition to security monitoring and incident and response, the DSOS also include digital security forensics. Meaning that they actively search for breaches and infected hosts in the environment.

    The DSOS employs a number of third-party cloud solutions hosted in the USA. Please refer to the section on third parties below for more information.

    3.           Processing of Personal Data

    Personal Data can be defined as any information that allows a natural person to be identified, directly or indirectly.

    In order to ensure an effective service, Securitas is collecting the following personal data via the DSOS:

    • ZScaler: IP address, URLs, Department, Device name/owner, User ID.
    • Knowi: IP address and usernames.
    • CrowdStrike: IP address, usernames, work email (observed through raw event data collected from the end-device (e.g. Windows Event logs – native to Windows Operating System).
    • Rapid7: IP address, local user, user activity, system and service accounts.
    • NVISO; Incident response information

    Securitas processes your personal data in accordance with the requirements of the Personal Information Protection and Electronic Documents Act and applicable provincial laws. A balancing test has been performed to ensure the proper preservation of your rights and freedoms as data subjects in the set-up and operation of the service. For more information about the balancing test performed, please contact your local Data Protection Officer or Privacy Officer.

     

    4.           How Securitas will use Personal information

    The purpose of processing personal data in the context of the DSOS is information security and incident response: to provide cyber-security resilience for Securitas entities globally. To do this, Securitas is collecting, storing, accessing, viewing and monitoring your data. Securitas is also sharing personal data with specific third parties who are providing solutions to the DSOS. Please refer to the section on third parties for more information.

     

    5.           Your Rights as a Data Subject

    At all times, you as a data subject, have certain rights which you can exercise in relation to your personal data, and as described in Schedule 1 of the Personal Information Protection and Electronic Documents Act.

    Your data subject rights can be exercised free of charge by sending an e-mail to privacy.officer@securitas.ca.  

    Please note that Securitas reserves the right to request additional information in order to confirm your identity and ensure the request originates from you before fulfilling your request.

    You have the following rights:

    Right of access

    You have the right at any time and free of charge to access your personal data and to request a copy of the personal data that Securitas collects about you in the DSOS. Our file of your information will usually be made available to you by secure means within 30 days. Extensions are possible in case of complex requests.

    In the event that Securitas is unable to give you access to the personal information held about you (for example, if it would unreasonably affect someone else’s privacy or pose a serious threat to someone’s life, health or safety), we will inform you within 30 days. Those are exceptions that are provided for in Principle 4.9 of the Personal Information Protection and Electronic Documents Act.

    Please note that Securitas may apply an administrative charge for providing access to your information in a limited number of cases. If you request a copy of your data using electronic means (such as email), then Securitas will provide a copy of your information in electronic form unless you ask us to do otherwise.

    Right to rectification

    You always have the right to request incorrect personal data to be corrected, or incomplete personal data to be completed.

    Right to erasure (“right to be forgotten”)

    You can request to have your personal data erased from Securitas systems. The request to erase your personal data cannot always be granted due to contractual or legal obligations. Securitas will take these obligations into account when replying to your request.

    Right to object

    You have the right to object to the processing of your personal data as the processing takes place on the ground of the legitimate interest of Securitas. We will stop processing unless we can prove that there are compelling legitimate grounds for the processing or for the exercise of legal claims.

    Right to restriction of processing

    In certain cases, you are entitled to request the restriction of the processing of your personal data. Securitas will continue to store your data but will restrict its use.

    Right to lodge a complaint 

    If, at any time, you believe that Securitas infringes your privacy, you have the right to lodge a complaint with Integritetsskyddsmyndigheten (the Swedish Authority for Privacy Protection), or with the Supervisory Authority in your country of residence, which is the Office of the Privacy Commissioner of Canada.

     

    6.           Third Parties & International Transfers

    Securitas is using the following third parties, hosted in the United States of America, to provide cloud service solutions to the DSOS:

    • CrowdStrike, prevents and detects malware or any other anormal behavior. This solution helps to get visibility on a global scale of what’s happening on the host (e.g.: environment).
    • ZScaler, implements a web proxy on the environment and monitors and logs activities.
    • Knowi, gives all members on the IT team and the CERT team insight into the IT security and overall health.
    • Rapid7, the platform, brings together Rapid7’s library of vulnerability research, exploit knowledge, global attacker behavior, Internet-wide scanning data, exposure analytics, and real-time reporting to provide a fully available, scalable, and efficient way to collect vulnerability data and turn it into answers.

    These companies are FISA regulated companies, meaning they are subject to overriding powers of investigation by US Federal Authorities who have a broad scope to access personal data. Securitas has taken both contractual (implementing EU Standard Contractual Clauses), as well as technical and organizational measures (such as anonymization and or encryption) to ensure that your personal data is afforded the same level of protection as under the Personal Information Protection and Electronic Documents Act, when processed by these FISA-regulated third-parties.

    Securitas contractually obliges the third parties in the DSOS to only process your personal data in accordance with Securitas’ instructions.

     

    7.            Retention of your Personal Data

    Securitas acknowledges the importance of the protection of personal data. We do not retain your personal data longer than strictly necessary for the realisation of the purposes for which we received the data. As standard process, we will delete your personal data from the DSOS within a reasonable period after you exit the company and are no longer a Securitas employee. For more detailed information about the retention and erasure of your data, please contact your Privacy Officer.

    In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so.

    We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.

     

    8.           Security and Confidentiality of your Personal Data

    Securitas uses technical and organisational security measures to prevent the destruction, loss, falsification, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorised processing of these data.

    We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. These measures include physical and operational security measures, access control, multi-factor authentication, encryption, anonymization and pseudonymization. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.

     

    9.           Contact Details

    If you have comments, questions or concerns about any of the information in this Privacy Notice, or any other issues relating to the processing of your personal data by Securitas, please contact us using the information below.

      

    To contact Securitas Intelligent Services AB please use the following:

     

    Contact our privacy team on

    Securitas Intelligent Services AB
    Att: Data Privacy
    P.O. Box 12307
    102 28 Stockholm
    Sweden

    E-mail: privacy@securitas.com

    Contact our Data Protection Officer on

    Securitas Intelligent Services AB
    Att: Data Protection Officer
    P.O. Box 12307
    102 28 Stockholm
    Sweden

    E-mail: dpo@securitas.com

     

     

    To contact your local Securitas entity please refer to the following contact information:

    Securitas Canada Limited

    Att: Data Privacy Officer

    235 Yorkland Blvd, Suite 400

    North York, ON, M2J 4Y8

    Canada

     

    Email : privacy.officer@securitas.ca

     

    10. Changes to our Privacy Notice

    Securitas may amend or update this Privacy Notice from time to time to reflect changes in their practices with respect to the processing of your personal data, or changes in applicable law. When we provide modification to our Privacy Notice, we will change the date and version number of the “last update” of our Privacy Notice. Material changes will be notified to you in advance.

    This Privacy Notice was last updated: 2021-08-24

    Manage your preferences

    You can decide how we use cookies on your device by adjusting the settings below. Click on “Accept all” if you accept all cookies. If you do not accept us storing cookies that are related to Google Analytics you can leave the box empty. All other cookies that we use are considered as always active since they are required for us to let visitors interact with and use the websites. When you have made your choice, scroll down the list and then click on the “Confirm my choices” button in the bottom of the list.

    Click here to read our cookie policy.
    • Name:
      _ga

      Name: __ga Domain: www.securitas.ca Description: Used by Google Analytics Purpose: Used to distinguish users. A unique identifier associated with each user is sent with each hit in order to determine which traffic belongs to which user. This cookie enables the website's owner to track a visitor’s behavior and measure the website's performance. The main purpose of this cookie is to improve the website's performance. Storage period: 2 years Information to/from third party: This cookie sends information to Google

      Name:
      _gat

      Name: _gat Domain: www.securitas.ca Description: Used by Google Analytics Purpose: Used to throttle request rates for information on the website. This cookie does not store any user information. The main purpose of this cookie is to improve the website's performance. Storage period: 10 minutes Information to/from third party: This cookie sends information to Google

      Name:
      _gid
    • Name:
      ai_session
      Name:
      ai_user

      Name: ai_user (always active) Domain: www.securitas.ca Description: Used with Microsoft Application Insights for collecting statistical usage and telemetry information Purpose: Unique user identifier cookie for counting the number of users accessing an application over time. Storage period: This cookie is deleted when you session expires Information to/from third party: Information sent to Microsoft Azure

    • Name:
      ARRAffinity

      Name: ARRAffinity (always active) Domain: www.securitas.ca Description: Used to aid people who need to stay with a certain instance of web app or web site in Azure. Purpose: Routes the request made through a web browser to the same machine in the DXC cloud environment. See ARRAffinity - Microsoft Azure. This cookie is deleted when you close your browser. Storage period: This cookie is deleted when you close your browser Information to/from third party: Information sent to Microsoft Azure

    • Name:
      __cfuid

      Name: __cfuid (always active) Domain: www.securitas.ca Description: Speeds up page loading times. Purpose: Speeds up page loading times and overrides any security restrictions that may be applied to a browser based on the IP address from which it comes Storage period: 1 year Information to/from third party: Used for Cloudflare

    • Name:
      CookiesAccept

      Name: CookiesAccept (always active) Domain: www.securitas.ca Description: Website cookie settings Purpose: Used to keep track of whether the user has accepted the cookie usage or not. This is not set unless the visitor has clicked on "Accept" in the cookie banner in the bottom of the website. The main purpose of this cookie is to improve the website's performance. Storage period: 365 days Information to/from third party: No

    • Name:
      EPiForm_{FormGuid}:{Username}

      Name: EPiForm_{FormGuid}:{Username} (always active) Domain: www.securitas.ca Description: Functionality-related. Purpose: Stores partial form submissions so that a visitor can continue with a form submission upon return. One cookie is created for each form and each logged in visitor. Stores the current submission status of the form (formGuid, submissionID, and if submission is finalized or not). Storage period: 90 days Information to/from third party: No

      Name:
      .EPiForm_BID

      Name: .EPiForm_BID (always active) Domain: www.securitas.ca Description: Functionality-related. Purpose: Identifies the form submission made to the site when a visitor submits data via an Episerver form. Stores a GUID as the browser ID. Storage period: 90 days Information to/from third party: No

      Name:
      .EPiForm_VisitorIdentifier

      Name: .EPiForm_VisitorIdentifier (always active) Domain: www.securitas.ca Description: Functionality-related. Purpose: Identifies the form submission to the site when a visitor submits data to via an Episerver form. Stores a GUID which is the visitor identifier. Persistent (90 days from creation). Storage period: 90 days Information to/from third party: No

    • Name:
      EPI-MAR-<Content GUID>

      Name: EPI-MAR-<Content GUID> (always active) Domain: www.securitas.ca Description: Analytical/performance functionality Purpose: Records a visitors interaction with a running website optimization test, to ensure that a visitor has a consistent experience. Storage period: Typically optimization tests are short-lived (eg a couple of weeks). The cookie is removed after the test has completed. Information to/from third party: No

    • Name:
      ASP.NET_SessionId

      Name: ASP.NET_SessionId (always active) Domain:: www.securitas.ca Description: Session identifier Purpose: Used to keep track of a user navigating through the website. This is used to transfer information between pages and to store information that the user might reuse on different pages. The main purpose of this cookie is to improve the website's performance. Storage period: Session period when browsing the website Information to/from third party: No

    Sorry www.securitas.ca does not support Internet Explorer. To enjoy our website, try using a newer browser like Chrome, Safari, Firefox or Edge.