PRIVACY POLICY STATEMENT
H2o Graphics by Design Inc.
11700 station rd, Columbia Station ohio, 44028
Revision Number: NE001
Introduction
1. Privacy Policy Statement (the “Privacy Policy”) contains the policies, procedures and practices to
be followed by H2o Graphics by Design Inc. and any of its present or future subsidiaries (the
“Company”) pertaining to the collection, use and disclosure of personal information (the
“Personal Information”) of an identifiable person (the “Individual”) that is a present, future or
former customer of the Company.
2. The Company recognizes the confidential nature of the Personal Information in its care and is
accountable for the compliance of itself and its directors, officers, management, employees,
representatives and agents including consultants and independent contractors (the “Staff”) in
protecting this Personal Information.
3. For the purpose of this Privacy Policy, the term “Personal Information” has the meaning of any
information or collection of information in any form, whether oral, electronic or written that
pertains to the Individual excluding information that is publicly available in its entirety. Personal
Information will also include any publicly available information that is combined with nonpublicly
available information.
4. Personal Information includes but is not limited to name, home address, home phone number,
home email address, identity verification information, physical description, age, gender,
education, professional designation, personal hobbies and activities.
5. The Company will implement policies and procedures that give effect to this Privacy Policy
including procedures to protect and secure Personal Information, procedures to receive,
investigate and resolve complaints, procedures to ensure adequate training of the Staff
concerning the Company's privacy policies, and procedures to distribute new and current
information pertaining to the Company's Privacy Policy.
Corporate Privacy Policy
6. The Company and the Staff will at all times respect the confidentiality of the Personal
Information placed in its care. The Company will endeavor to ensure that the policies affecting
the collection, storage and disclosure of Personal Information reflect the confidential nature of
the information.
7. The Company will comply with all applicable privacy legislation and regulations in force now
and in the future related to protecting the confidentiality of Personal Information.
Purposes for which Personal Information is Collected
8. Personal Information will be collected, used and disclosed for purposes pertaining to the
Individual's employment relationship with the Company, including but not limited to the
administration of employee hiring, performance reviews, the administration of employee payroll,
processing of employee benefit claims, and for the purpose of complying with all applicable
labor and employment legislation.
9. The purposes for collecting Personal Information will be documented by the Company. Personal
Information will only be used for the stated purpose or purposes for which it was originally
collected. The purposes for which Personal Information is being collected will be identified
orally or in writing to the Individual before it is collected. The person collecting the information
will be able to explain the purpose at the time that the information is collected.
10. The Company may use Personal Information for a purpose other than the originally stated
purpose where the new purpose is required by law or where the Company has obtained consent in
writing from the affected Individual for each new purpose.
Knowledge and Consent
11. Knowledge and consent is required from the affected Individual for the collection, use and
disclosure of all Personal Information subject to exceptions noted elsewhere in the Privacy Policy
statement.
12. Consent will not be obtained through deception or misrepresentation.
13. Any use or disclosure of Personal Information will be within the reasonable expectations of the
Individual.
14. Subject to legal and contractual obligations, an Individual may withdraw their consent on
reasonable notice.
Legislation and Regulation
15. Where the Company has Individuals living and working in different jurisdictions the specific
rights and obligations of Individuals may vary between jurisdictions.
16. The Company is subject to the privacy legislation in all jurisdictions in which the Company
operates. If any term, covenant, condition or provision of this Privacy Policy is held by a court of
competent jurisdiction to be invalid, void or unenforceable, it is the intent of this Privacy Policy
that the scope of the rights and obligations of the Privacy Policy be reduced only for the affected
jurisdiction and only to the extent deemed necessary under the laws of the local jurisdiction to
render the provision reasonable and enforceable and the remainder of the provisions of the
Privacy Policy statement will in no way be affected, impaired or invalidated as a result.
17. Where this Privacy Policy provides greater rights and protections to the Individual than the
available governing law, the terms of this Privacy Policy will prevail wherever allowed by law.
Scope and Application
18. The rights and obligations described in this Privacy Policy will apply to all Individuals. The
Company and the Staff must comply with the policies, procedures and practices described in the
Privacy Policy.
Collection of Personal Information
19. The type and amount of Personal Information collected by the Company will be limited to the
minimum necessary to accomplish reasonable business purposes. Personal Information will not
be collected maliciously, indiscriminately or without a reasonable business purpose.
20. Personal Information will be collected using fair and lawful means.
Access by Authorized Company Representatives
21. All Personal Information will be released internally only on a need-to-know basis. In the course
of normal and reasonable business practices it is the policy of the Company to grant designated
Company representatives access to Personal Information files. This access will not exceed that
necessary to accomplish the specific business function of the Company representative nor the
purpose for which the information was originally collected.
Accuracy of Personal Information
22. The Company will endeavor to ensure that all Personal Information collected is accurate and
validated using reasonable business practices and procedures. The Company is also committed to
ensuring that the Personal Information remains accurate for the purpose for which it was
collected.
Rights of Access and Correction
23. The Company will make reasonable efforts to ensure that Personal Information is at all times
complete and accurate for its stated purpose.
24. An Individual may apply for access to their Personal Information by submitting a request in
writing along with adequate proof of identity to an authorized personnel officer. Where the
application is made in person the requirement for proof of identity will be at the discretion of the
personnel officer. The Individual will be provided with a copy of all available information that is
not subject to restriction as described in this Privacy Policy. All Personal Information and
Medical Information will be provided at no cost or at a minimal cost that is not prohibitive.
25. The Company will also provide a specific summary of how the Personal Information has been
used and to whom it has been disclosed. Where a detailed account of disclosure is not available,
the Company will provide a list of organizations to which the Personal Information may have
been disclosed.
26. The Personal Information disclosed to an Individual must be in a form that is reasonable and
understandable. Where the meaning of information is not clear then translations and explanations
will be provided without additional cost.
27. Where an Individual suspects that an error exists in their Personal Information, the Individual
may submit a request in writing for correction. This request should include any relevant
information substantiating the error and should describe the correction to be made. The Company
will make all reasonable efforts to address any request for correction.
28. Where the Individual successfully demonstrates an error in their Personal Information the
Company will make appropriate corrections. Any modifications, additions or deletions to the
Individual's Personal Information will be made only by an authorized personnel officer.
29. Where a request for correction is not successful, the details and substantiating evidence of the
request will be recorded and retained by the Company.
30. The Company will endeavor to respond promptly to any reasonable request for disclosure and
correction made by an Individual to ensure the continued accuracy of Personal Information.
31. In some instances the Company may be required to limit access to Personal Information because
of statutory or regulatory requirements. In all instances however the Company will make all
reasonable efforts to comply with the Individual's request for access and correction to the extent
of what is allowed by statute or regulation.
32. The Company may refuse access to portions of the Personal Information of an Individual where it
is found to contain Personal Information pertaining to another Individual.
Use and Disclosure of Personal Information
33. The Company and the Staff will keep confidential all Personal Information in its control except
where one or more of the following conditions apply:
a. where the Individual who is the subject of disclosure has provided written consent;
b. where the disclosure is in accord with the purposes for which the Personal Information
was originally collected;
c. where the disclosure is for the purpose of providing employment references to prospective
employers and where the Personal Information disclosed is limited to information
considered reasonably necessary for the purpose of providing employment references;
d. where the Company is permitted or required to do so by applicable legislation or
regulation;
e. where the disclosure is directed to health benefit providers and where the purpose of the
disclosure is in accord with the purposes for which the Personal Information was
originally collected;
f. where the disclosure is required by authorized government representatives who are acting
to enforce any federal or state law or carrying out an investigation relating to the
enforcement of any federal or state law or gathering information for the purpose of
enforcing any federal or state law;
g. where the Company is required to comply with valid court orders, warrants or subpoenas
or other valid legal processes and
h. in an emergency to protect the physical safety of any person or group of persons.
Disclosure Log
34. The Company will take reasonable care to maintain a disclosure transaction log that accurately
records all use, corrections, additions, deletions and disclosures including the names of all parties
enabling the transaction. Where the Personal Information of the Individual is disclosed to any
person or organization, the name of the person or organization to which the Personal Information
is disclosed will be recorded along with a reasonably thorough description of the purpose of the
disclosure.
Ownership of Personal Information
35. All Personal Information collected by the Company in compliance with this Privacy Policy are
business records of the
Retention and Disposal of Personal Information
36. Any Personal Information collected by the Company will be retained by the Company during the
period of active employment of the Individual as well as during the post-employment period only
as long as the Personal Information is required to serve its original purpose or as directed by
applicable legislation or regulation.
37. Personal Information that is no longer needed for its stated purpose will be destroyed, erased or
made anonymous.
38. The Company will ensure that all practices and procedures relating to the disposal of Personal
Information will respect the fundamental policy of confidentiality. All Personal Information
disposal procedures, including the disposal of computerized data storage devices, will ensure the
complete destruction of Personal Information so that there will be no risk of subsequent
unauthorized disclosure of Personal Information.
Deceased Individuals
39. The rights and protections of the Company's Privacy Policies will extend to deceased Individuals.
Security
40. The Company will take and enforce all reasonable security measures appropriate for the
sensitivity of the information to ensure that all Personal Information for every Individual is
protected against any form of unauthorized use including but not limited to accidental or
malicious disclosure, unauthorized access, unauthorized modification, unauthorized duplication
or theft.
41. Methods of security will include but not be limited to the following:
a. physical security including locked filing cabinets and secure-access offices;
b. organizational security including security clearances and access limited on a “need-toknow”
basis and
c. technological security including passwords and encryption.
42. The Company will educate and inform all Staff regarding the Privacy Policy and related
procedures and on the importance of confidentiality of Personal Information and will monitor
compliance with the Privacy Policy and may observe and investigate the information
management practices of all Staff having care of Personal Information.
Knowledge of Unauthorized Disclosure
43. Responsibility for the security of Personal Information is a responsibility that the Company holds
in very serious regard. Any Staff having knowledge of an impending unauthorized disclosure,
whether intentional or unintentional, and who fail to act to prevent the unauthorized breach will
be subject to sanction as described in the Enforcement section of this document including the
immediate dismissal of the offending Staff.
Enforcement
44. All Staff having care over Personal Information must comply with the policies, procedures and
practices described in the Privacy Policy. Any breach of any term or condition of this Privacy
Policy, whether intentional or unintentional, including but not limited to the unauthorized
disclosure of Personal Information is grounds for disciplinary action up to and including the
immediate dismissal of any and all responsible Staff. Any breach of any term or condition of this
Privacy Policy, whether intentional or unintentional, is grounds for dismissal with cause.
Compliance with Privacy Policy
45. The Company will have a procedure that will allow Individuals to challenge the Company's
compliance with this Privacy Policy. The Company will also have procedures to promptly
respond to Privacy Policy compliance challenges.
46. The Company will make all reasonable efforts to investigate and respond to compliance
challenges relating to this Privacy Policy. Where a challenge is well founded the Company will
take action to correct any outstanding problems up to and including amending the Privacy Policy
and related procedures.
Arbitration
47. In the event a dispute arises out of or in connection with this Privacy Policy, the parties will first
attempt to resolve the dispute through friendly consultation.
48. If the dispute is not resolved within a reasonable period then any or all outstanding issues may be
submitted to final and binding arbitration in accordance with the laws of the State of Ohio. The
arbitrator's award will be final, and judgment may be entered upon it by any court having
jurisdiction within the State of Ohio
1. Privacy Policy Statement (the “Privacy Policy”) contains the policies, procedures and practices to
be followed by H2o Graphics by Design Inc. and any of its present or future subsidiaries (the
“Company”) pertaining to the collection, use and disclosure of personal information (the
“Personal Information”) of an identifiable person (the “Individual”) that is a present, future or
former customer of the Company.
2. The Company recognizes the confidential nature of the Personal Information in its care and is
accountable for the compliance of itself and its directors, officers, management, employees,
representatives and agents including consultants and independent contractors (the “Staff”) in
protecting this Personal Information.
3. For the purpose of this Privacy Policy, the term “Personal Information” has the meaning of any
information or collection of information in any form, whether oral, electronic or written that
pertains to the Individual excluding information that is publicly available in its entirety. Personal
Information will also include any publicly available information that is combined with nonpublicly
available information.
4. Personal Information includes but is not limited to name, home address, home phone number,
home email address, identity verification information, physical description, age, gender,
education, professional designation, personal hobbies and activities.
5. The Company will implement policies and procedures that give effect to this Privacy Policy
including procedures to protect and secure Personal Information, procedures to receive,
investigate and resolve complaints, procedures to ensure adequate training of the Staff
concerning the Company's privacy policies, and procedures to distribute new and current
information pertaining to the Company's Privacy Policy.
Corporate Privacy Policy
6. The Company and the Staff will at all times respect the confidentiality of the Personal
Information placed in its care. The Company will endeavor to ensure that the policies affecting
the collection, storage and disclosure of Personal Information reflect the confidential nature of
the information.
7. The Company will comply with all applicable privacy legislation and regulations in force now
and in the future related to protecting the confidentiality of Personal Information.
Purposes for which Personal Information is Collected
8. Personal Information will be collected, used and disclosed for purposes pertaining to the
Individual's employment relationship with the Company, including but not limited to the
administration of employee hiring, performance reviews, the administration of employee payroll,
processing of employee benefit claims, and for the purpose of complying with all applicable
labor and employment legislation.
9. The purposes for collecting Personal Information will be documented by the Company. Personal
Information will only be used for the stated purpose or purposes for which it was originally
collected. The purposes for which Personal Information is being collected will be identified
orally or in writing to the Individual before it is collected. The person collecting the information
will be able to explain the purpose at the time that the information is collected.
10. The Company may use Personal Information for a purpose other than the originally stated
purpose where the new purpose is required by law or where the Company has obtained consent in
writing from the affected Individual for each new purpose.
Knowledge and Consent
11. Knowledge and consent is required from the affected Individual for the collection, use and
disclosure of all Personal Information subject to exceptions noted elsewhere in the Privacy Policy
statement.
12. Consent will not be obtained through deception or misrepresentation.
13. Any use or disclosure of Personal Information will be within the reasonable expectations of the
Individual.
14. Subject to legal and contractual obligations, an Individual may withdraw their consent on
reasonable notice.
Legislation and Regulation
15. Where the Company has Individuals living and working in different jurisdictions the specific
rights and obligations of Individuals may vary between jurisdictions.
16. The Company is subject to the privacy legislation in all jurisdictions in which the Company
operates. If any term, covenant, condition or provision of this Privacy Policy is held by a court of
competent jurisdiction to be invalid, void or unenforceable, it is the intent of this Privacy Policy
that the scope of the rights and obligations of the Privacy Policy be reduced only for the affected
jurisdiction and only to the extent deemed necessary under the laws of the local jurisdiction to
render the provision reasonable and enforceable and the remainder of the provisions of the
Privacy Policy statement will in no way be affected, impaired or invalidated as a result.
17. Where this Privacy Policy provides greater rights and protections to the Individual than the
available governing law, the terms of this Privacy Policy will prevail wherever allowed by law.
Scope and Application
18. The rights and obligations described in this Privacy Policy will apply to all Individuals. The
Company and the Staff must comply with the policies, procedures and practices described in the
Privacy Policy.
Collection of Personal Information
19. The type and amount of Personal Information collected by the Company will be limited to the
minimum necessary to accomplish reasonable business purposes. Personal Information will not
be collected maliciously, indiscriminately or without a reasonable business purpose.
20. Personal Information will be collected using fair and lawful means.
Access by Authorized Company Representatives
21. All Personal Information will be released internally only on a need-to-know basis. In the course
of normal and reasonable business practices it is the policy of the Company to grant designated
Company representatives access to Personal Information files. This access will not exceed that
necessary to accomplish the specific business function of the Company representative nor the
purpose for which the information was originally collected.
Accuracy of Personal Information
22. The Company will endeavor to ensure that all Personal Information collected is accurate and
validated using reasonable business practices and procedures. The Company is also committed to
ensuring that the Personal Information remains accurate for the purpose for which it was
collected.
Rights of Access and Correction
23. The Company will make reasonable efforts to ensure that Personal Information is at all times
complete and accurate for its stated purpose.
24. An Individual may apply for access to their Personal Information by submitting a request in
writing along with adequate proof of identity to an authorized personnel officer. Where the
application is made in person the requirement for proof of identity will be at the discretion of the
personnel officer. The Individual will be provided with a copy of all available information that is
not subject to restriction as described in this Privacy Policy. All Personal Information and
Medical Information will be provided at no cost or at a minimal cost that is not prohibitive.
25. The Company will also provide a specific summary of how the Personal Information has been
used and to whom it has been disclosed. Where a detailed account of disclosure is not available,
the Company will provide a list of organizations to which the Personal Information may have
been disclosed.
26. The Personal Information disclosed to an Individual must be in a form that is reasonable and
understandable. Where the meaning of information is not clear then translations and explanations
will be provided without additional cost.
27. Where an Individual suspects that an error exists in their Personal Information, the Individual
may submit a request in writing for correction. This request should include any relevant
information substantiating the error and should describe the correction to be made. The Company
will make all reasonable efforts to address any request for correction.
28. Where the Individual successfully demonstrates an error in their Personal Information the
Company will make appropriate corrections. Any modifications, additions or deletions to the
Individual's Personal Information will be made only by an authorized personnel officer.
29. Where a request for correction is not successful, the details and substantiating evidence of the
request will be recorded and retained by the Company.
30. The Company will endeavor to respond promptly to any reasonable request for disclosure and
correction made by an Individual to ensure the continued accuracy of Personal Information.
31. In some instances the Company may be required to limit access to Personal Information because
of statutory or regulatory requirements. In all instances however the Company will make all
reasonable efforts to comply with the Individual's request for access and correction to the extent
of what is allowed by statute or regulation.
32. The Company may refuse access to portions of the Personal Information of an Individual where it
is found to contain Personal Information pertaining to another Individual.
Use and Disclosure of Personal Information
33. The Company and the Staff will keep confidential all Personal Information in its control except
where one or more of the following conditions apply:
a. where the Individual who is the subject of disclosure has provided written consent;
b. where the disclosure is in accord with the purposes for which the Personal Information
was originally collected;
c. where the disclosure is for the purpose of providing employment references to prospective
employers and where the Personal Information disclosed is limited to information
considered reasonably necessary for the purpose of providing employment references;
d. where the Company is permitted or required to do so by applicable legislation or
regulation;
e. where the disclosure is directed to health benefit providers and where the purpose of the
disclosure is in accord with the purposes for which the Personal Information was
originally collected;
f. where the disclosure is required by authorized government representatives who are acting
to enforce any federal or state law or carrying out an investigation relating to the
enforcement of any federal or state law or gathering information for the purpose of
enforcing any federal or state law;
g. where the Company is required to comply with valid court orders, warrants or subpoenas
or other valid legal processes and
h. in an emergency to protect the physical safety of any person or group of persons.
Disclosure Log
34. The Company will take reasonable care to maintain a disclosure transaction log that accurately
records all use, corrections, additions, deletions and disclosures including the names of all parties
enabling the transaction. Where the Personal Information of the Individual is disclosed to any
person or organization, the name of the person or organization to which the Personal Information
is disclosed will be recorded along with a reasonably thorough description of the purpose of the
disclosure.
Ownership of Personal Information
35. All Personal Information collected by the Company in compliance with this Privacy Policy are
business records of the
Retention and Disposal of Personal Information
36. Any Personal Information collected by the Company will be retained by the Company during the
period of active employment of the Individual as well as during the post-employment period only
as long as the Personal Information is required to serve its original purpose or as directed by
applicable legislation or regulation.
37. Personal Information that is no longer needed for its stated purpose will be destroyed, erased or
made anonymous.
38. The Company will ensure that all practices and procedures relating to the disposal of Personal
Information will respect the fundamental policy of confidentiality. All Personal Information
disposal procedures, including the disposal of computerized data storage devices, will ensure the
complete destruction of Personal Information so that there will be no risk of subsequent
unauthorized disclosure of Personal Information.
Deceased Individuals
39. The rights and protections of the Company's Privacy Policies will extend to deceased Individuals.
Security
40. The Company will take and enforce all reasonable security measures appropriate for the
sensitivity of the information to ensure that all Personal Information for every Individual is
protected against any form of unauthorized use including but not limited to accidental or
malicious disclosure, unauthorized access, unauthorized modification, unauthorized duplication
or theft.
41. Methods of security will include but not be limited to the following:
a. physical security including locked filing cabinets and secure-access offices;
b. organizational security including security clearances and access limited on a “need-toknow”
basis and
c. technological security including passwords and encryption.
42. The Company will educate and inform all Staff regarding the Privacy Policy and related
procedures and on the importance of confidentiality of Personal Information and will monitor
compliance with the Privacy Policy and may observe and investigate the information
management practices of all Staff having care of Personal Information.
Knowledge of Unauthorized Disclosure
43. Responsibility for the security of Personal Information is a responsibility that the Company holds
in very serious regard. Any Staff having knowledge of an impending unauthorized disclosure,
whether intentional or unintentional, and who fail to act to prevent the unauthorized breach will
be subject to sanction as described in the Enforcement section of this document including the
immediate dismissal of the offending Staff.
Enforcement
44. All Staff having care over Personal Information must comply with the policies, procedures and
practices described in the Privacy Policy. Any breach of any term or condition of this Privacy
Policy, whether intentional or unintentional, including but not limited to the unauthorized
disclosure of Personal Information is grounds for disciplinary action up to and including the
immediate dismissal of any and all responsible Staff. Any breach of any term or condition of this
Privacy Policy, whether intentional or unintentional, is grounds for dismissal with cause.
Compliance with Privacy Policy
45. The Company will have a procedure that will allow Individuals to challenge the Company's
compliance with this Privacy Policy. The Company will also have procedures to promptly
respond to Privacy Policy compliance challenges.
46. The Company will make all reasonable efforts to investigate and respond to compliance
challenges relating to this Privacy Policy. Where a challenge is well founded the Company will
take action to correct any outstanding problems up to and including amending the Privacy Policy
and related procedures.
Arbitration
47. In the event a dispute arises out of or in connection with this Privacy Policy, the parties will first
attempt to resolve the dispute through friendly consultation.
48. If the dispute is not resolved within a reasonable period then any or all outstanding issues may be
submitted to final and binding arbitration in accordance with the laws of the State of Ohio. The
arbitrator's award will be final, and judgment may be entered upon it by any court having
jurisdiction within the State of Ohio
