1. OBJECTIVE AND SCOPE OF POLICY
Vitrium Systems Inc. (“Vitrium” or “the Company”), www.vitrium.com, is committed to protecting the privacy of customers, readers of documents using our Vitrium technology (“Readers”), employees and others dealing with the Company. This policy informs you of the Company’s practices concerning the collection, use and disclosure of personal information and ensures compliance with Canadian privacy laws, including the Canadian Personal Information and Protection and Electronic Document Act (“PIPEDA”) and the British Columbia Personal Information Protection Act (“PIPA”). Any questions regarding compliance with other privacy laws should be directed to the Privacy Officer shown below.
Company employees, contractors or agents who provide services to the Company that entail dealing with personal information are required to comply with this policy.
Please note that Company customers who use Vitrium solutions in their PDF documents to collect personal information (“Publishers”) are responsible for their use and disclosure of such personal information and the Company declines all responsibility for such use and disclosure.
2. WHAT IS PERSONAL INFORMATION?
This policy applies to “personal information”. This is defined as any information about an identified or easily identifiable individual. Personal information does not include information about corporations or other entities or information about individuals not associated with their identity.
Personal information is very broadly defined and includes unrecorded information and information recorded in any form, including electronically. Personal information includes relatively obvious or publicly available information such as home or business telephone number or email address, through to more sensitive information such as credit card numbers or other financial information.
Personal information includes specific information about how a Reader used a document e.g. how many times it was opened, how long it remained open, whether it was printed (“Reader Use Data”), but only if associated with an identifiable individual.
One of Vitrium solutions’ core functions is to assemble aggregated Reader Use Data about a document (“Aggregated Data”) for Publishers in order to allow them to improve the effectiveness of their documents. While such information is compiled from personal information, because in aggregated form it cannot be attributed or related to a specific individual, it is not considered personal information.
3. THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION BY VITRIUM.
Vitrium collects only such personal information about individuals as is reasonably required to provide our products and services to them. Generally speaking, the Company will obtain your consent to the collection, use and disclosure to others of your personal information, subject only to exceptions permitted or required by law. In most situations when visiting the Vitrium websites and web-based applications (collectively, the “Website”) or otherwise dealing with Vitrium, you will be asked to voluntarily provide personal information about yourself or your organization and the use of the information will be obvious e.g. contact information to establish a customer account. In those situations, your voluntarily providing the information constitutes sufficient implied consent to such use.
We do not disclose to third parties the information provided. All financial and billing information that we collect through the Site is used solely to check the qualifications of prospective customers and to bill for the Service. Vitrium Systems uses a third-party intermediary to manage the credit card processing. This intermediary is solely a billing provider, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing. Other third parties, such as hosting providers, and web analytics are not permitted to use this information other than for Vitrium’s required uses.
Website Visitor Personal Information
Vitrium collects personal information from Website visitors who register for services including:
- Video Requests
- Demo Requests
- Trial Requests
- Contact Us Requests
- Webinar Registrations
When you select the “Remember me” option in forms on the Vitrium site, your information is stored in a cookie. This is provided as a convenience, so that you do not have to re-enter your information when requesting additional services.
The Vitrium site automatically logs other information from visitors including:
- URL and IP address
- browser type and language
- date and time of requests
Vitrium uses the personal information of site visitors to provide services and manage relationships with customers and prospective customers including, amongst other things:
- to provide visitors with customized services
- to audit, research and analyze how visitors interact with the site, in order to improve content
Like most websites, Vitrium’s Website places a “cookie” on the browser of visitors to the Website. The cookie only collects information about the visitor’s access to the Website and that information is only used to facilitate a visitor’s use of the website and improve the content and relevance of the Website. Visitors can remove cookies by adjusting settings on their browser, but this may impair the operation of Vitrium’s solutions or use of the Website for the user or visitor.
Information collected from our site are, date and time of access to the site, services used (ie: downloaded videos, webinars, etc) and IP address. We may use this information to contact customers to further discuss customer interest in our company, the Service that we provide, and to send information regarding our company or partners, such as promotions and events. Customer email addresses and any personal customer information will not be distributed or shared with third parties.
Publisher/Customer Personal Information
Vitrium collects and uses personal information in order to provide Publishers/customers with customized services. For instance, Vitrium may send out automated emails to notify Publishers of:
- Billing alerts
- Planned service outages
- New Features
- New product releases
These emails will originate from email@example.com or firstname.lastname@example.org. When customers create an account, they will be asked whether they would like to receive emails regarding system updates, helpful tips and upcoming user events. Please add these addresses to your spam filter white lists. Please do not respond to these emails or send emails to them.
Users who wish to update or have PII deleted must email a request to email@example.com. The email should include the information they wish to update or have removed.
Vitrium considers that it has the implied consent of individuals who have provided contact information when visiting the Website or as customers to forward occasional email marketing communications. Recipients who do not wish to receive such communications can request to be removed from the email list by following the instructions on the email
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Collection, Disclosure or Use Without Consent
There are circumstances permitted under applicable privacy laws where the collection, use, or disclosure of personal information may be done without consent and other situations where collection, use or disclosure is required by other legislation. Such situations include:
- Where disclosure of information is required by applicable legislation or by order of an authorized court, tribunal, or regulatory or law-enforcement agency;
- Where the Company believes, on reasonable grounds that it is necessary to protect the health or safety of you or another;
- Where it is necessary to collect monies owing to the Company or respond to proceedings against the Company; and
- As part of an investigation into possible breach of an individual’s obligations to the Company or proceeding involving the Company.
4. COLLECTION, USE AND DISCLOSURE OF READER PERSONAL INFORMATION
Publishers can configure Vitrium’s solutions to provide Aggregated Data on Reader access and use of a subject document without providing any associated personal information about the Reader’s identity.
PUBLISHERS CAN ALSO CONFIGURE VITRIUM SOLUTIONS TO REQUEST PERSONAL INFORMATION ABOUT READERS. WHEN A VITRIUM SOLUTION’S PDF SO CONFIGURED IS OPENED, THE READER IS PRESENTED WITH A VITRIUM PRIVACY NOTE AND, IN MOST CONFIGURATIONS, ACCESS TO A PUBLISHER PRIVACY STATEMENT. THE READER IS ASKED TO ACCEPT (“Submit”) OR REJECT COMMUNICATION BETWEEN THE DOCUMENT AND AN EXTERNAL SERVER. IF THE READER OPTS OUT OF SUBMITTING DATA, NO PERSONAL INFORMATION IS TRANSMITTED TO THE VITRIUM SOLUTION’S SERVERS, ALTHOUGH LIMITED ANONYMOUS USE DATA MAY STILL BE COLLECTED IN SOME CONFIGURATIONS.
WHILE PUBLISHERS ARE ENCOURAGED TO INCLUDE A PRIVACY DISCLOSURE STATEMENT FOR READERS, PUBLISHERS MAY DELETE OR EDIT THE DISCLOSURE STATEMENT. THEY MAY ALSO CHOOSE WHETHER OR NOT TO ALLOW FULL ACCESS TO CONTENT FOR READERS WHO DO NOT AGREE TO SUBMIT INFORMATION REQUESTED ON THE FORM.
Because Vitrium does not control the content of Publisher disclosure statements in Vitrium’s solutions or how Publishers handle any personal information collected through protectedpdf, Vitrium is not responsible for Publisher privacy practices. Readers with concerns about Publisher privacy practices should address them to the applicable Publisher.
Reader Use Data is only shared with the Publisher of the applicable document. Vitrium itself may review Reader Use Data and responses to survey forms, but only for the purpose of evaluating and improving Vitrium’s solutions and reporting to the Publisher.
5. DISCLOSURE OF PERSONAL INFORMATION
The Company does not sell, trade, barter or exchange for consideration any personal information it has obtained, including Reader Use Data (except to the Publisher of the document). The Company does use contractual service providers (“Service Providers”) to assist in providing services which entails sharing personal information about customers. Service Providers are involved in, amongst other things:
- Storing and providing access to customer information, including information needed for billing and accounting;
- Providing webinars and other services; and
- Storing and providing access to Vitrium’s solutions data.
The Company selects reputable Service Providers and generally endeavours to ensure they comply with the principles outlined in this policy and maintain the security of the data. The Company only discloses personal information to Service Providers to the extent necessary to allow them to assist in performing the contracted services.
As set out above, there are a limited number of situations where disclosure of personal information collected by the Company is either required by law, (e.g. legislation entitling law-enforcement agencies to obtain information) or disclosure without consent is permitted by law (e.g. an emergency where your consent cannot be obtained).
6. ACCURACY AND SECURITY OF PERSONAL INFORMATION
The Company endeavors to ensure that all personal information in its possession is as accurate, current and complete as possible for the purposes for which it is used by the Company. You can assist us by advising us of any changes in your personal information, e.g. changes in your address, phone number or email address.
The Company takes appropriate security measures to ensure that both paper and electronic records containing personal information are secure from loss, unauthorized use, access or copying, disclosure or modification. Security measures include encryption of both customer and Reader personal information transmitted electronically, password protection for access to customer account information, locking areas containing sensitive special personal information and general security of our offices. Our computer systems include passwords to gain access to sensitive personal information. The Company also limits access to personal information to those who “need to know” to provide you with products or services.
7. ACCESSING AND UPDATING PERSONAL INFORMATION
Publishers are responsible for Reader Use Data and providing access to it. Vitrium is unable to do so. The Company allows individuals to have reasonable access to their personal information kept by Vitrium and will endeavor to provide requested information within reasonable time and generally within 30 days following a written request. Individuals may request:
- Information about what types of personal information are collected, how it is used, and to whom it is disclosed; or
- To review some or all personal information about them kept by the Company.
upon written request to the appropriate manager or to the Privacy Officer identified below.
Although the Company will generally comply with such requests, the Company may decline access to personal information on grounds permitted or required under applicable legislation, including the following situations:
- Where the requested personal information does not exist, is not recorded or cannot be located;
- Where the cost of assembling, retrieving and providing access to the personal information would be disproportionate to the benefits of access;
- Where such disclosure would entail disclosing personal information about another person, e.g. a person who made a comment or observation about the individual making the access request;
- Where the information was collected without consent for the purpose of an investigation or proceeding and the investigation or proceeding has not been completed.
Individuals may request that the Company correct records of personal information. If the Company concludes the requested change is unwarranted, it will so advise the requesting person, but will append the requested change to the record kept by the Company.
8. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
The Company endeavors to only retain personal information for so long as it is either:
- required to be retained by law e.g. for tax purposes; or
- reasonably necessary for Company business needs,
subject to any specific requirement under applicable privacy laws.
When personal information is no longer needed, it will be destroyed in a suitably secure manner, e.g. shredding of paper records containing personal information.
In the event Vitrium intends to materially change its privacy policies or practices or to materially change its use of personal information previously collected, it will publish notice on the Website prior to the change becoming effective.
COMPLAINTS OR QUESTIONS
If you wish to access your personal information or have a question or concern about this policy or Vitrium’s privacy practices, you may contact the Privacy Officer for the Company
Call us: 1-866-403-1500 or 1.604.677.1500 (press 0 and ask to speak to our Privacy Officer)
Alternatively, just send an email to the address below or send mail to our offices; a privacy specialist will be in touch with you as s0on as possible.
Effective March 3, 2008
Updated June 6, 2012
Vitrium Systems Inc.
550 – 409 Granville Street
Vancouver, BC Canada V6C 1T2