NightKey® treats the protection of personal information as a key responsibility and is committed to ensuring that patrons’ privacy is afforded the highest levels of protection. NightKey® is compliant with An Act Respecting the Protection of Personal Information in the Private Sector for the province of Quebec. You may visit Quebec’s Commission d’accés á l’information du Québec (Information Access Commission) website for information on the act and to learn more about Quebec’s privacy laws.
About NightKey's services
NightKey® provides identity verification and entry authorization services to Canadian businesses that subscribe to the NightKey® system (venues), such as nightclubs, bars, hotels and casinos. Venues use fixed terminals provided by NightKey® to record and verify patrons' identities when they enter their premises, and to ensure that such patrons have not been previously banned from entering their venues. This assists Venues in ensuring that they provide patrons with safe and secure environments primarily by deterring individuals who intend to engage in inappropriate or illegal activities from entering their premises. The information collected through NightKey® terminals is stored by NightKey® on a central server. When entering a Venue, if you do not wish to enroll on the NightKey® system, you may experience longer waiting times in queues or possible denied entry. However NightKey® has no authority to dictate how each individual venue decides to conduct their business. Denial of entry and or longer wait times is at the sole discretion of the Venue that uses NightKey®.
Kinds of information we collect
When you complete an enrolment or entry process at a Venue using a NightKey terminal, we will collect the information you provide through the terminal. Generally, this will include:
Your FingerPIN® – When you opt to use the “fast access” feature on the NightKey terminal as your primary method of identification, the terminal will scan your fingerprint and instantly formulate a unique 300 digit binary number (e.g. 011010110001…) to represent your fingerprint (this number is calculated based on distances between various ridge and meridian points on your fingerprint). The resulting number is called a FingerPIN®. The NightKey terminal only stores the scanned image of your fingerprint momentarily (a few seconds at most) whilst the FingerPIN® is being formulated. As soon as the FingerPIN® is calculated, the NightKey® terminal automatically and permanently deletes your fingerprint image. The terminal does not keep an image of your fingerprint and it is not possible to reverse engineer your fingerprint from your FingerPIN®.
Identifying information – When you enroll for the first time on a NightKey® terminal, you will be asked to provide some form of ID which will be scanned. If you provide another form of ID, relevant information (generally, your name, date of birth and gender) will be recorded in the terminal by a Venue staff member.
Photograph and audio visual footage – When you enroll for the first time on a NightKey® terminal, your photo is taken by a camera in the terminal and stored with your name, date of birth etc. The camera also takes an audio visual clip of approximately 5 seconds in length while you are enrolling and any time you interact with a NightKey® terminal.
Venues are able to maintain on the NightKey® server a “Banned Persons” database which they use to help them identify patrons that they have previously prohibited from entering their premises. The types of information that are recorded on this database include the patron's name, photo, date of birth, scanned ID, the reasons for which they have been banned and event summaries of the circumstances surrounding their ejection from the Venue.
We may hold other information about you that we have received or generated in the course of our day-to-day business activities, such as details contained in correspondence we have received from you.
How we collect your information
In almost all cases, information we collect about you is collected through NightKey® terminals and NightKey® server interface programs used by venues. From time-to-time, there may be other occasions on which we collect information about you via other means; for example, when you correspond directly with us via the NightKey® website at www.nightkey.ca.
Why and how we use your information
We use personal information contained on the NightKey® system for the following purposes:
- to provide identity verification and entry authorization services to Venues;
- to assist Venues to identify any individuals engaging in antisocial or illegal activities;
- photos taken at the time of enrolment are used for the purpose of verifying that a person who presented a photo ID matched the photo contained on the ID should the need to do so at a later date arise;
- Being granted a liquor license is a privilege not a right, and for this reason Venues have the right to properly protect themselves from ID fraud or from potential problem patrons that may cause directly or indirectly the suspension or cancelation of a Venues liquor license.
- For internal purposes, such as procedural assessments, risk management, product and service reviews.
Where is your Personal Information being stored?
NightKey® holds the collection and protection of personal information as a key priority and responsibility of our business. For this reason NightKey® has chosen to store data of site from the location from where it was given.(i.e at the venue). This is done to remove concerns a patron may have that a staff member at the venue or any other person may have access to very sensitive personal information. People’s personal information is stored on NightKey® central server which is housed in a highly secured data centre. The data center used by NightKey® shares the same security features any bank or government office would use that store people’s personal information.
How we secure your information
We hold all of your personal information in a secure manner to ensure that it is protected from unauthorized access, modification and disclosure. Our electronic databases are stored on a central server in a secure location which provides top-level physical security. Security measures regarding electronic records meet highest industry standards and include 1024 bit and 128 bit encryption, biometric verification for terminal access, usernames and passwords, firewalls and audit-trails. Access to electronic records is strictly limited to staff whose tasks require access, such as senior managers and security officers. When records containing personal information are no longer needed, we ensure those records are destroyed securely; for example, we degauss (i.e. demagnetize) electronic records so that information contained in them cannot be retrieved.
Who Has Access to Your Information?
NightKey® has developed its system of accessing personal information with the highest regard of privacy and protection. All of NightKey® staff members that are responsible for managing personal data are trained and assed to comply with the responsibility they will be undertaking. All of NightKey® staff goes through a strict background check and must provide a Police security clearance before being employed by NightKey®
All of the data stored in NightKey® secure servers are only accessible through a unique user ID and password. Each individual employee charged with the responsibility of managing the data will be assigned his or her own personal unique user ID and Password. This is so all interactions with NightKey® servers are audited and tracked so we know exactly who was logged into the system and which employee was looking at who’s information. NightKey® was built first and foremost with privacy as its primary foundation; you are always protected with NightKey®.
How we disclose your information
NightKey® only discloses your information in very limited circumstances and, when it does so, only provides parts of your information that are necessary for the recipient's purposes. This will generally only occur in the following situations:
- When you re-enter a Venue at which you have enrolled on the NightKey® system – For example, if you enroll on the system at a Venue and choose to have a FingerPIN® allocated to you, each time you subsequently visit the Venue you will be asked to identify yourself by having your finger scanned. The NightKey® system will then automatically provide your first name (but no other details) to the Venue staff member operating the NightKey® terminal.
- If an individual attempts to enter a Venue from which he or she has been banned – The NightKey® system will automatically notify the Venue staff member operating the NightKey® terminal of this as well as the Patrons name, date of birth, the reasons for being banned and event summaries of the circumstances surrounding the Patrons ejection from the premises. In only this case a copy of your ID will be retrieved from the data base to confirm the identity of the banned patron in case identity is disputed.
- When a Venue turns its NightKey® terminal on, the Banned Persons database relating to that Venue will automatically be sent to that terminal to enable the Venue to identify persons listed on its banned database. We do not share information between Venues. For example, if you enroll on the NightKey® system at Venue A and then subsequently visit Venue B, you will be required to re-register on the NightKey® system at Venue B as we will not reveal any information collected at Venue A to Venue B. The same applies in relation to information contained on Banned Persons databases.
- When a venue at which you are enrolled on the NightKey® system wishes to view your information - Senior Staff at Venues (Managers) have access to limited information about patrons who have enrolled on the NightKey® system at their venue. This enables them to, for example, place a ban on entry for a particular patron who was ejected from their venue. Senior staff is limited to only a photo of your last entry into the venue, your age and your name.
We do not share information between venues, under any circumstances, sell or otherwise trade in your personal information. Generally, NightKey® will not disclose your personal information to any of its contractors or service providers. However, circumstances may arise where this is necessary at some point in the future. Should such circumstances arise, we will ensure that strict contractual measures are in place requiring the recipient to protect the privacy of your information, to only use the information for the purposes of their engagement and to destroy any copies of the information once their engagement is complete.
We may also disclose a person's personal information where we are legally required to do so (such as under a court order) or where the police inform us that they are investigating a particular individual and request information from us about that individual to assist them with their inquiries (in which case we will only provide details after making a record of the name and badge number of the police officer to whom the information is provided).
Removing your information
If you have enrolled on the NightKey® system, you may request for your information to be deleted at any time by visiting our website at www.nightkey.ca and following the prompts. Once your details are deleted, they will be stored in an archives database for 30 days in case we need to retrieve the information for any reason. After 30 days, the details will be automatically deleted. Please note that to regain entry to any NightKey® venue which you have requested deletion from will require you to fully enroll again. Please note that if you have been banned from a NightKey® venue then your details will not be deleted until such time as the ban has expired.
Accessing your information
You may request access to the personal information we hold about you by sending a written request to our Privacy Officer. You do not need to provide a reason for your request. Once our Privacy Officer has verified your identity, we will provide you with a print-out of information we hold about you within 14 days. Generally, we do not charge any fees for providing access; however, fees may be charged in special circumstances on a cost-recovery basis.
In rare circumstances, we may not be able to provide you with access to your information. This may occur where, for example, we are required by law to withhold the information, it relates to legal proceedings or would affect negotiations we are holding with you. If we are unable to provide you with access, we will provide reasons for this and consider whether the use of an intermediary would be appropriate to provide you with an explanation of your personal information.
Correcting your information
If your personal information is out-of-date or incorrect, you may inform us of this in writing and we will correct it for you. There is the ability to correct or amend your personal information through visiting our website at www.nightkey.ca. In the unlikely event that we disagree about the accuracy of the information and are unable to change it, you may provide us with a statement indicating that you dispute its accuracy and we will associate the statement with your information in such a manner that it will be brought to the attention of each person who subsequently uses the information.
If you are not satisfied with how we handle your personal information, you can lodge a complaint in writing with our Privacy Officer. Your complaint will be treated confidentially. Our Privacy Officer will contact you within 14 days to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in an appropriate manner with which you are satisfied. You may contact our Privacy Officer to enquire about the progress, or any other aspect of your complaint at any time.
Changes to this policy
If you have any queries or requests in relation to this policy, please contact our Privacy Officer whose contact details are available on the contact page at www.nightkey.ca