This policy statement provides information on the obligations and policies of the subsidiaries, affiliates, and associated companies of Northern Electric & Power Inc (NEP).

NEP believes the principles embedded in the Ordinance are equal to any in the world in respect of the protections they provide to an individual. As such, NEP undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally.

Throughout this policy, our use of the term 'personal data' has the meaning ascribed to it by the Ordinance.

NEP shall fully comply with the obligations and requirements of the Ordinance. The Company's officers, management, and members of staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company.

NEP shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance.

Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the times and manners stipulated within the Ordinance.

For the purpose of carrying on the Company's business, including registration and administration of the Company's web site and related products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:

a. Your name;

b. Contact details, including contact name and telephone number or email address.

In some instances, you may also be requested to provide certain data that may be used to further improve our products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalized service, or provision of a product or dependent on your providing all requested data, failure to provide the requested data may prevent us from providing the service to you. This type of data includes, but is not limited to:

a. Your age;

b. Permanent residence;

The Company's Web servers may also collect data relating to your online session, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that we may better meet the demands and expectations of visitors to our sites. This type of data may include, but is not limited to:

a. The browser type and version;

b. Operating system; and

c. The IP address and/or domain name.

The Company will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:

a. Personal data will only be retained for as long as is necessary to fulfill the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and

b. Personal data are purged from the Company's electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and the Company's internal procedures.

All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:

a. Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;

b. Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;

c. Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and

Personal data may also be disclosed to any person or persons that have a right under the Ordinance to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.

Physical records containing personal data are securely stored in locked areas and/or containers when not in use.

Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.

Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a 'need to know' basis that is commensurate with an individual's Company responsibilities and their training.

Records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate and complies with the Ordinance.

Audit records may be produced to validate data modifications in order to verify the data's integrity.

There may be violations logging processes for investigation of any unauthorized attempt to access information.

Encryption technology, such as SSL, may be employed for the transmission of data collected online.

The personal data will be highly protected, however, consider of the unexpected risks from the third party, including but not limited to the unlawfully intercept or access the data, the Company do not promise and you should not expect that your personal data will always remain private.

Under the terms of the Ordinance, individuals have the right to:

a. Access or update the personal information you provided to us;

b. Ascertain the Company's policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.

An individual may exercise his or her right of access by checking it online with assigned password and login name.

The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavor to comply with and respond to the request within the period set by the Ordinance.

An individual may exercise their right of correction by login to personal data update with assigned password and login name.

The Company will, upon satisfying itself of the authenticity and validity of the correction request, make every endeavor to comply with and respond to the request within the period set by the Ordinance.