1. OBJECTIVE AND SCOPE OF POLICY
Vitrium Systems Inc. (“Vitrium” or “Company”), www.vitrium.com, is committed to protecting the privacy of its customers (“Customers”), end users (“Readers”, the people viewing the documents that have been protected using Vitrium’s DRM technology), employees and others dealing with Vitrium. This policy informs you of Vitrium’s practices concerning the collection, use and disclosure of personal information and ensures compliance with Canadian privacy laws, including the Canadian Personal Information and Protection and Electronic Document Act (“PIPEDA”) and the British Columbia Personal Information Protection Act (“PIPA”). Any questions regarding compliance with other privacy laws should be directed to the Privacy Officer shown below.
Vitrium employees, contractors or agents who provide services to Vitrium that entail dealing with personal information are required to comply with this policy.
Please note that Customers who use Vitrium’s document security solutions or Protectedpdf software with their PDF documents are responsible for the use and disclosure of any such personal information that is collected. Vitrium is not responsible for such use and disclosure.
2. WHAT IS PERSONAL INFORMATION?
This policy applies to “Personal Information” which is defined as any information about an identified or easily identifiable individual. Personal information does not include information about corporations or other entities or information about individuals not associated with their identity.
Personal information is very broadly defined and includes unrecorded information and information recorded in any form, including electronically. Personal information includes relatively obvious or publicly available information such as home or business telephone number or email address, as well as more sensitive or confidential information such as credit card numbers or other financial information.
Personal information also includes specific information about how a Reader uses a document or from where a Reader accesses a document, e.g. the IP address from which a document was opened, how many times a document was opened, whether a document was printed, etc. (“Reader Use Data”), but only if this personal information is associated with an identifiable individual.
3. THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION BY VITRIUM.
Vitrium only collects such personal information about individuals or Customers as is reasonably required in order to provide the appropriate products or services to that individual or Customer. Generally speaking, Vitrium will obtain the individual’s or Customer’s consent to the collection, use and disclosure of personal information, subject only to exceptions permitted or required by law. In most situations, when visiting the Vitrium website or web-based applications (collectively, “Websites”) or otherwise dealing with Vitrium, you will be asked to voluntarily provide personal information about yourself or your organization and the use of the information will be obvious, e.g. contact information to establish a Customer account, request a demonstration, watch a video, request a trial of the software, etc. In those situations, since you are voluntarily providing the information, this constitutes sufficient implied consent to such use.
Vitrium will not and does not disclose any personal information collected to external third parties. All financial and billing information that Vitrium collects through its Websites, on the phone, or through other electronic means is used solely to check the qualifications of prospective customers and to bill for the appropriate product or service. Vitrium uses a third-party intermediary to manage the credit card processing. This intermediary is solely a billing provider, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing. Other third parties, such as hosting providers are not permitted to use this information other than for Vitrium’s required uses.
Personal Information Collected From The Vitrium Website
From time to time, Vitrium may collect personal information from Website visitors who sign up, request, or register for something including, but not limited to:
- Video Requests
- Demo Requests
- Trial Requests
- Contact Us Requests
- Webinar Registrations
Vitrium may use this information to contact individuals to discuss their interest in Vitrium’s products or services, or to send other information including, but not limited to: PDF links, video links, trial information, webinar details, partner information, promotional or event information, etc. Vitrium consents that any personal information collected such as email address, phone number or other such personal information will not be distributed or shared with any third party.
In addition, the Vitrium Website automatically logs other information from Website visitors including, but not limited to:
- URL and IP address
- Browser type and language
- Date and time of requests
Vitrium consents to only use this information to research and analyze how Vitrium’s Website visitors interact with its Website in order to improve the content or relevance of the Website, or to improve the products or services Vitrium provides.
Like most websites, Vitrium’s Website places a “cookie” on the browser of visitors to the Website. The cookie only collects information about the visitor’s access to the Website and that information is only used to facilitate a visitor’s use of the website and improve the content and relevance of the Website. Visitors can remove cookies by adjusting settings on their browser.
Personal Information Collected From Customers
From time to time, Vitrium may collect and use personal information from its Customers for a variety of reasons including, but not limited to:
- Sending invoices or billing alerts
- Communicating planned server or service outages
- Promoting new features or new products
- Notifying of new product releases
- Sending monthly newsletters
These emails will originate from an email with the domain address @vitrium.com or @protectedpdf.com. Vitrium recommends adding these domains to your safe senders list to ensure they are not caught in your spam filter or junk folder. Any and all marketing-related emails will include a method to unsubscribe at the bottom of each email.
Vitrium considers that it has express consent from its Customers and from those individuals who have provided their contact information when visiting the Vitrium Website for the company to forward the occasional marketing email. Recipients who do not wish to receive such communications can request to be removed from the email list by following the unsubscribe instructions at the bottom of the email.
The choice to provide us with personal information is always the individual’s. Upon request, we will explain the individual’s options of refusing or withholding consent of the collection, use or release of his/her personal information, and we will record and respect the individual’s written choices. However, an individual’s decision to withhold particular details may limit the services we are able to offer.
From time to time, the Vitrium Website or its affiliated social media pages including but not limited to LinkedIn, Facebook, or Twitter, may offer publicly accessible blogs, community forums, or other such communication vehicle. As a visitor to one of these sites or pages, you should be aware that any information you provide in these areas may be read, collected, and used by others who can access them. To request the removal of your personal information from any of these sites or pages, please send an email to firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Collection, Disclosure or Use Without Consent
There are circumstances permitted under applicable privacy laws where the collection, use, or disclosure of personal information may be done without consent and other situations where collection, use or disclosure is required by other legislation. Such situations include:
- Where disclosure of information is required by applicable legislation or by order of an authorized court, tribunal, or regulatory or law-enforcement agency;
- Where the Company believes, on reasonable grounds that it is necessary to protect the health or safety of you or another;
- Where it is necessary to collect monies owing to the Company or respond to proceedings against the Company; and
- As part of an investigation into possible breach of an individual’s obligations to the Company or proceeding involving the Company.
4. COLLECTION, USE AND DISCLOSURE OF READER PERSONAL INFORMATION
Customers can configure Vitrium’s document security solutions to provide Aggregated Data on Reader access and use of a subject document without providing any associated personal information about the Reader’s identity.
PUBLISHERS CAN ALSO CONFIGURE VITRIUM DOCUMENT SECURITY SOLUTIONS TO REQUEST PERSONAL INFORMATION ABOUT READERS. WHEN A PDF DOCUMENT CONFIGURED WITH VITRIUM DRM TECHNOLOGY IS OPENED, THE READER IS PRESENTED WITH A VITRIUM PRIVACY NOTE AND, IN MOST CONFIGURATIONS, ACCESS TO A PUBLISHER PRIVACY STATEMENT. THE READER IS ASKED TO ACCEPT (“Submit”) OR REJECT COMMUNICATION BETWEEN THE DOCUMENT AND AN EXTERNAL SERVER. IF THE READER OPTS OUT OF SUBMITTING DATA, NO PERSONAL INFORMATION IS TRANSMITTED TO THE VITRIUM SERVERS, ALTHOUGH LIMITED ANONYMOUS USE DATA MAY STILL BE COLLECTED IN SOME CONFIGURATIONS.
WHILE CUSTOMERS ARE ENCOURAGED TO INCLUDE A PRIVACY DISCLOSURE STATEMENT FOR READERS, CUSTOMERS MAY DELETE OR EDIT THE DISCLOSURE STATEMENT. THEY MAY ALSO CHOOSE WHETHER OR NOT TO ALLOW FULL ACCESS TO CONTENT FOR READERS WHO DO NOT AGREE TO SUBMIT INFORMATION REQUESTED ON THE FORM.
Because Vitrium does not control the content of Customer disclosure statements in Vitrium’s document security solutions or how Customers handle any personal information collected through Vitrium’s document security solutions, Vitrium is not responsible for Customer privacy practices. Readers with concerns about Customer privacy practices should address them directly with the Customer.
Reader Use Data is only shared with the Customer of the applicable document. Vitrium may review Reader Use Data and responses to survey forms, but only for the purpose of evaluating and improving Vitrium’s solutions and reporting to the Customer.
5. DISCLOSURE OF PERSONAL INFORMATION
Vitrium does not sell, trade, barter or exchange for consideration any personal information it has obtained, including Reader Use Data (except to the Customer of the document). Vitrium does use contractual service providers (“Service Providers”) to assist in providing services which entails sharing personal information about Customers. Service Providers are involved in, among other things:
- Storing and providing access to Customer information, including information needed for billing and accounting;
- Providing webinars and other services; and
- Storing and providing access to Vitrium’s document security solutions’ data.
Vitrium only selects reputable Service Providers and generally endeavours to ensure they comply with the principles outlined in this policy and maintain the security of the data. Vitrium only discloses personal information to Service Providers to the extent necessary to allow them to assist in performing the contracted services.
As set out above, there are a limited number of situations where disclosure of personal information collected byVitrium is either required by law, (e.g. legislation entitling law-enforcement agencies to obtain information) or disclosure without consent is permitted by law (e.g. an emergency where your consent cannot be obtained).
6. ACCURACY AND SECURITY OF PERSONAL INFORMATION
Vitrium endeavors to ensure that all personal information in its possession is as accurate, current and complete as possible for the purposes for which it is used by Vitrium. You can assist us by advising us of any changes in your personal information, e.g. changes in your address, phone number or email address.
Vitrium takes appropriate security measures to ensure that both paper and electronic records containing personal information are secure from loss, unauthorized use, access or copying, disclosure or modification. Security measures include encryption of both customer and Reader personal information transmitted electronically, password protection for access to Customer account information, locking areas containing sensitive special personal information and general security of Vitrium’s offices. Vitrium’s computer systems include passwords to gain access to sensitive personal information. Vitrium also limits access to personal information to those who “need to know” in order to provide the appropriate level of products or services to its Customers.
7. ACCESSING AND UPDATING PERSONAL INFORMATION
Customers are responsible for Reader Use Data and providing access to it. Vitrium is unable to do so. The Company allows individuals to have reasonable access to their personal information kept by Vitrium and will endeavor to provide requested information within reasonable time and generally within 30 days following a written request. Individuals may request:
- Information about what types of personal information are collected, how it is used, and to whom it is disclosed; or
- To review some or all personal information about them kept by Vitrium upon written request to the appropriate manager or to the Privacy Officer identified below.
Although Vitrium will generally comply with such requests, the Company may decline access to personal information on grounds permitted or required under applicable legislation, including the following situations:
- Where the requested personal information does not exist, is not recorded or cannot be located;
- Where the cost of assembling, retrieving and providing access to the personal information would be disproportionate to the benefits of access;
- Where such disclosure would entail disclosing personal information about another person, e.g. a person who made a comment or observation about the individual making the access request;
- Where the information was collected without consent for the purpose of an investigation or proceeding and the investigation or proceeding has not been completed.
Individuals may request that Vitrium correct records of personal information. If the Company concludes the requested change is unwarranted, it will so advise the requesting person, but will append the requested change to the record kept by the Company.
8. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
Vitrium endeavours to only retain personal information for so long as it is either:
- Required to be retained by law e.g. for tax purposes; or
- Reasonably necessary for Company business needs, subject to any specific requirement under applicable privacy laws.
When personal information is no longer needed, it will be destroyed in a suitably secure manner, e.g. shredding of paper records containing personal information.
In the event Vitrium intends to materially change its privacy policies or practices or to materially change its use of personal information previously collected, it will publish notice on the Website prior to the change becoming effective.
COMPLAINTS OR QUESTIONS
If you wish to access your personal information or have a question or concern about this policy or Vitrium’s privacy practices, you may contact the Privacy Officer for the Company through one of the following methods:
Phone: 1-866-403-1500 or 1.604.677.1500 (press 0 and ask to speak to our Privacy Officer).
Vitrium Systems Inc.
550 – 409 Granville Street
Vancouver, BC Canada V6C 1T2
Effective March 3, 2008
Updated July 8, 2014