Continental Assets Ltd., operating as Maxim Software Systems and its affiliated company, Nikra Inc. (each individually referred to as “we”, “us” or “our”) collects and stores personal information in compliance with the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”). This Privacy Policy (the “Privacy Policy”) informs you of our pledge of confidentiality and commitment to the privacy principles described in PIPEDA. This Privacy Policy also includes many of our personal information collection and usage practices and policies, no matter how the information is collected, used or disclosed.

As used in this Privacy Policy, “personal information” and “personal health information” have the meanings ascribed to them in PIPEDA and “you” and “your” refer only to individuals. This Privacy Policy does not apply in any circumstances where PIPEDA does not apply.

Purposes

Identifying Purposes. Except for situations described below under the headings “Where Consent is Unnecessary” and “Explaining the Purposes”, we will identify the purposes for which we collect personal information, before or when the information is collected.

Explaining the Purposes. We will generally identify the purposes for which we intend to use personal information, in writing, orally in person or over the telephone or electronically. Our Privacy Officer will be able to explain these purposes to you. In some cases the purposes for collecting personal information are obvious and will not be explained. However, you will always be entitled to ask and receive answers about such purposes.

General Purposes. We use personal information to:

Deliver services to our clients (“Clients”);

Send news, informational bulletins and updates to our Clients;

Send promotional materials to past and prospective Clients;

Maintain relationships with our business partners; and

Publish a list of customers on whose behalf we have made donations to the Canadian Dentistry Fund. This list contains the name and city of the contributor only.

Sale of Business. We do not sell or lease out our Client lists, however, as we continue to develop and grow, we may buy or sell parts of our business. As an important part of our businesses include the relationships with our Clients, employees and contractors, personal information would generally be one of the assets, which would be transferred or transitioned to a third party.

Consent

Obtaining Your Consent. We will make a reasonable effort to ensure you understand how your personal information will be used by us. Generally, we will obtain consent from you before or when we collect or use your personal information. Sometimes we may identify a new purpose and we will seek your consent to use and disclose personal information for that purpose after the information has been collected.

Forms of Consent. An individual’s consent can be express or implied. Consent may be implied through action or inaction, such as by using or applying for a product or service offered by us or not responding to an offer to have your personal information removed from a list. Express consent is the preferred form. Express consent may be given orally, in writing or electronically. Before deciding what form of consent is appropriate, we will consider the type of personal information we need, the reason for its use, and the type of individual contact that is involved.

Where Consent Unnecessary. We may collect, use or disclose personal information without your knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or as required by law. For example, we will not ask for consent when personal information is collected, used, or disclosed in the following instances:

Where it is in your best interests and consent cannot be obtained in a timely way;

Where personal information is given to our legal representatives;

Where personal information is given to a person who in our reasonable judgment is seeking the information as your agent;

Where personal information is given to our agents and business partners who need it to carry out business-related functions, such as product and services fulfillment, offers, and promotions, and data processing;

When asking for consent may compromise the information sought and collection relates to an investigation of a breach of an agreement or a contravention of a law;

To protect and defend us and our client’s rights or property;

Where personal information is disclosed for the purpose of collecting a debt, complying with a subpoena or warrant, responding to a lawful authority for lawful purposes, complying with the law;

Where PIPEDA permits personal information to be disclosed without obtaining your consent; and

When we obtain personal information from another organization governed by PIPEDA, we presume that the organization obtained each individual’s consent before disclosing the information to us.

Refusing to Consent. Subject to legal and contractual requirements, you can refuse to consent to our collection, use or disclosure of information about you, or you may withdraw your consent to our further collection, use or disclosure of information at any time in the future by giving us reasonable notice. If you refuse or withdraw your consent, we may not be able to provide you or continue to provide you with some products, services or information which may be of value to you. During the term of any agreement you have with us, you may not withdraw your consent to our ongoing collection, use or disclosure of your personal information in connection with such agreement.

Information We Collect. The types of information we may collect about you depends on the nature of the product or service being provided. Typical information that we collect includes: your name, mailing address, e-mail address, phone number(s), credit card information, chequing code, computer system information and banking information.

Non-Personal Information. We may collect anonymous/non-personal information and business information or render anonymous information we have about you. Because this information cannot be associated with or traced back to you, it is not governed by this Privacy Policy.

Pledge Of Confidentiality

All of our employees and contractors have pledged to maintain confidentiality of all personal information.

Limiting Collection

Limiting Collection. We will limit the collection of personal information to that which is necessary for the purposes we have identified to you, using means that are fair and lawful.

Sources for Information. Although we will collect your personal information primarily from you, we may also collect it from external sources such as telephone and association listings and/or directories.

Limiting Use, Disclosure And Retention

Limiting Use and Disclosure. We will use or disclose personal information only for the purposes it was collected, unless you give further consent to use or disclose it for another reason, or we are permitted or required by law.

Exceptions. Under certain circumstances, including those set forth under the heading “Where Consent is Unnecessary” above, we have a legal duty or right to disclose personal information without the individual’s knowledge or consent.

Retention Policies. We retain personal information only as long as it is required for the reasons it was collected. The length of time personal information is retained varies depending on the purpose for which the information was collected. This period may extend beyond the end of your relationship with us but only for so long as it is legally necessary for us to have sufficient information to respond to any issue that may arise at a later date.

Accuracy

Keeping Information Accurate. We will keep your personal information as accurate, complete and up-to-date as necessary for the purposes for which it is used. We will update personal information only if it is necessary for the purposes for which it was collected and if the information is used on an ongoing basis. We will also rely on you for keeping certain personal information accurate, complete, and current, such as a change in address.

Errors May Occur. Although we make every effort to ensure that the data we collect and store is as accurate as possible, we do not vouch for, nor are we responsible for the accuracy of any data that is provided to us. Should you identify that we hold incorrect or out-of-date personal information about you, we will make the proper changes and provide you with a copy of the corrected information. Where appropriate, we will communicate these changes to other parties who may have unintentionally received incorrect personal information from us.

Security. We will take all appropriate and reasonable measures to assure the security of all personal information received or stored. Our safeguards vary depending on the information’s sensitivity, amount, distribution and format of the information and the method of storage. All electronic data is stored on secure servers. Access to servers is limited to network administrators and other authorized personnel. Paper-based files are kept in controlled facilities and access is restricted on a need to know basis. All security measures are appropriate to the sensitivity level of your information.

Staff Compliance. We inform our personnel about the importance of maintaining the confidentiality of personal information. As a condition of employment, our personnel are required to abide by our policies and procedures and they are prohibited from disclosing any personal information except as is necessary to carry on their employment duties.

Third Party Compliance. In instances where personal information is provided to third parties for assisting us in offering or providing goods or services to you, we generally require the third party to safeguard all personal information in a way that is consistent with this Privacy Policy, or as regulated by law and we only give to the third party the personal information necessary to perform those services. Further, the third party is prohibited from using that information for any other purpose.

Client Records

Client Records. We receive from our Clients personal information contained in our Client’s databases (“Client Records”) in our capacity as an information technology service provider in the course of delivering software, hardware, and technical support services to our Clients and/or acting as a storage facility for Client’s electronic data.

Application of this Privacy Policy. Despite any other provision of this Privacy Policy, this part of this Privacy Policy applies exclusively to personal information contained in Client Records. The rest of this Privacy Policy does not generally apply to Client Records.

Use. We make no use of Client Records except to perform the services for the Client described above.

Consent and Compliance with PIPEDA. Each Client is responsible to obtain the appropriate consent for the collection, use and disclosure of personal information contained in Client Records and to ensure that its Client Records are maintained in compliance with PIPEDA. We require our Client to comply with all of the requirements of PIPEDA in terms of personal information which is contained in a Client Record, including without limitation, identifying to you the purposes for which the Client collects personal information about you, obtaining consent for each use of personal information, limiting collection of personal information, limiting use, disclosure and retention of personal information and maintaining the accuracy of personal information in compliance with PIPEDA.

Ownership and Protection. Client Records remain the sole property of the Client. Pursuant to our arrangements with each Client, we pledge to keep the confidentiality of Client Records and to make no use of the Client Records other than to perform services for our Client. We make every reasonable effort to hold Client Records in confidence and to not inadvertently disclose Client Records to others. We may only intentionally disclose Client Records to others if the disclosure is directed or agreed upon by the Client or is required by law or an order of a court of competent jurisdiction. We handle Client Records with the same degree of care as we use to protect our own information of similar importance.

Employees. Employees and contractors will have access to Client Records on a “need to know” basis. In these situations, employees have agreed to maintain the confidentiality of the Client Records in a manner which is consistent with this Privacy Policy.

Accountability And Contact Information

Accountability. We have established policies and procedures to comply with this Privacy Policy, have informed and trained our personnel with respect to PIPEDA and such policies and procedures and have designated at least one person to be accountable for compliance. Overall responsibility for compliance with the provisions of this Privacy Policy rests with our Privacy Officer who can be contacted as set forth below.

Contact Information. Should you have any questions regarding this Privacy Policy or the Pledge of Confidentiality, please contact:

Alex Zlatin, Privacy Officer

Toll Free: 1-800-663-7199 Fax: (204) 987-9098

4-1761 Wellington Avenue,
Winnipeg, MB R3H 0G1
Canada

Copies of this policy are available via fax, email, mail, or at www.maximsoftware.com. Mailed copies require a self addressed, stamped envelope.

We will make specific information about our policies and practices regarding the management of personal information readily available to you upon request. We do have procedures in place to receive and respond to your complaints or inquiries.

Individual Access

Access to your Information. Upon written request, we will inform you of the existence, use, and disclosure of your personal information and will afford access to that information upon payment of any applicable charges. You are entitled to challenge the accuracy and completeness of the information and have it amended as appropriate.

Exceptions to Access. Please note that we may not be able to provide information about you if it (i) would reveal personal information about a third party, (ii) is subject to legal privilege, (iii) contains other confidential information which would be revealed, (iv) is information that was generated in the course of a formal dispute resolution process, (v) relates to an investigation of a breach of agreement or contravention of laws, (vi) cannot be disclosed for other legal or security reasons, (vi) is prohibitively costly to provide; or (vii) it is contained within a Client Record (in which event you will be referred to our Client to determine if access to such information may be granted by the Client).

Challenging Compliance

Challenging Compliance. You may challenge our compliance with this Privacy Policy. We will investigate and respond to the challenge. If we find your challenge is justified, we will take appropriate measures, including changing our policies or procedures, to ensure that other individuals will not experience the same problem.

Amendments

Amending this Policy. We may add, modify or remove portions of this Privacy Policy at any time and such change will become effective upon making our updated Policy available to the public.

Responsibility For Compliance

Responsibility for Compliance. This Privacy Policy has been adopted by both Continental Assets Ltd. and Nikra Inc. (each, a “member”), who are independent entities and individually responsible for their own compliance with PIPEDA and this Privacy Policy. Each member has determined to adopt a common privacy policy and by doing so no member shall be held responsible or have any liability for the failure of the other member to comply with PIPEDA or this Privacy Policy.