1. OBJECTIVE AND SCOPE OF POLICY
Vitrium Systems Inc. (“Vitrium” or “Company”), www.vitrium.com, is committed to protecting the privacy of its customers (“Customers”), end users (“End Users” or “Users”, the people viewing the content that has been protected using Vitrium’s technology), employees and others dealing with Vitrium. This policy informs you of Vitrium’s practices concerning the collection, use and disclosure of personal information and ensures compliance with Canadian, US and international privacy laws, including the Canadian Personal Information and Protection and Electronic Document Act (“PIPEDA”), British Columbia Personal Information Protection Act (“PIPA”) and the General Data Protection Regulation (GDPR) in the European Union (EU). Any questions regarding compliance with other privacy laws should be directed to the Privacy Officer shown below.
Vitrium employees, contractors or agents who provide services to Vitrium that entail dealing with personal information are required to comply with this policy.
2. WHAT IS PERSONAL INFORMATION?
This policy applies to “Personal Information” which is defined as any information about an identified or easily identifiable individual. Personal information does not include information about corporations or other entities or information about individuals not associated with their identity.
Personal information is very broadly defined and includes unrecorded information and information recorded in any form, including electronically. Personal information includes relatively obvious or publicly available information such as home or business telephone number or email address, as well as more sensitive or confidential information such as credit card numbers or other financial information.
Personal information may also include specific information about how a User uses a file or content or from where a User accesses a file or content. For example, the IP address from which a file was opened from, how many times a file was opened, whether the file was printed, and so on. From herein, this will be referred to as “User Data”.
3. COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION BY VITRIUM
Vitrium only collects such personal information about individuals or Customers as is reasonably required in order to provide the appropriate products or services to that individual or Customer. Generally speaking, Vitrium will obtain the individual’s or Customer’s consent to the collection, use and disclosure of personal information, subject only to exceptions permitted or required by law. In most situations, when visiting the Vitrium website or web-based applications (collectively, “Websites”) or otherwise dealing with Vitrium, you will be asked to voluntarily provide personal information about yourself or your organization and the use of the information will be obvious, e.g. contact information to establish a Customer account, request a demonstration, watch a video, request a trial of the software, etc. In those situations, since you are voluntarily providing the information, this constitutes sufficient implied consent to such use.
Vitrium will not disclose or share any personal information that it collects to external third parties. All financial and billing information that Vitrium collects through its Websites, on the phone, or through other electronic means is used solely to check the qualifications of prospective customers and to bill for the appropriate product or service. Vitrium uses a third-party intermediary to manage the credit card processing. This intermediary is solely a billing provider, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing. Other third parties, such as hosting providers are not permitted to use this information other than for Vitrium’s required uses.
Personal Information Collected From The Vitrium Website
Vitrium has a number of different web forms on its website that may collect personal information from visitors who are requesting a demonstration, registering for a free trial, or requesting to be contacted. The types of information that Vitrium collects in these forms include:
• First & Last name
• Email address (preferably a business email address)
• Phone number
• Company name
Vitrium may use this information to contact individuals to discuss their interest in Vitrium’s products or services, or to send other information such as product literature (datasheets, video links, white papers), pricing information, trial information, webinar details, partner information, and other relevant information about the product. Vitrium consents that any personal information collected such as email address, phone number or other such personal information will not be distributed or shared with any third party.
In addition, the Vitrium Website automatically logs other information from Website visitors including, but not limited to:
• URL and IP address
• Browser type and language
• Date and time of requests
Vitrium consents to only use this information to research and analyze how Vitrium’s Website visitors interact with its Website in order to improve the content or relevance of the Website, or to improve the products or services Vitrium provides.
Like most websites, Vitrium’s Website places a “cookie” on the browser of visitors to the Website. The cookie only collects information about the visitor’s access to the Website and that information is only used to facilitate a visitor’s use of the website and improve the content and relevance of the Website. Visitors can remove cookies by adjusting settings on their browser.
Personal Information Collected From Customers
From time to time, Vitrium may collect and use personal information from its Customers for a variety of reasons including, but not limited to:
• Sending invoices or billing alerts
• Communicating planned server or service outages
• Promoting new features or new products
• Notifying of new product releases
• Sending monthly newsletters
These emails will originate from an email with the domain address @vitrium.com or @protectedpdf.com. Vitrium recommends adding these domains to your safe senders list to ensure they are not caught in your spam filter or junk folder. Any and all marketing-related emails will include a method to unsubscribe at the bottom of each email.
Vitrium considers that it has express consent from its Customers and from those individuals who have provided their contact information when visiting the Vitrium Website for the company to forward the occasional marketing email. Recipients who do not wish to receive such communications can request to be removed from the email list by following the unsubscribe instructions at the bottom of the email.
The choice to provide us with personal information is always the individual’s. Upon request, we will explain the individual’s options of refusing or withholding consent of the collection, use or release of his/her personal information, and we will record and respect the individual’s written choices. However, an individual’s decision to withhold particular details may limit the services we are able to offer.
From time to time, the Vitrium Website or its affiliated social media pages including but not limited to LinkedIn, Facebook, or Twitter, may offer publicly accessible blogs, community forums, or other such communication vehicle. As a visitor to one of these sites or pages, you should be aware that any information you provide in these areas may be read, collected, and used by others who can access them. To request the removal of your personal information from any of these sites or pages, please send an email to firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Collection, Disclosure or Use Without Consent
There are circumstances permitted under applicable privacy laws where the collection, use, or disclosure of personal information may be done without consent and other situations where collection, use or disclosure is required by other legislation. Such situations include:
1. Where disclosure of information is required by applicable legislation or by order of an authorized court, tribunal, or regulatory or law-enforcement agency;
2. Where the Company believes, on reasonable grounds that it is necessary to protect the health or safety of you or another;
3. Where it is necessary to collect monies owing to the Company or respond to proceedings against the Company; and
4. As part of an investigation into possible breach of an individual’s obligations to the Company or proceeding involving the Company.
4. COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION BY CUSTOMERS UTILIZING VITRIUM SOFTWARE
Vitrium offers two different types of hosting environments for its software. If a Customer chooses to host the Vitrium software themselves (known as ‘Vitrium Security Enterprise Installed’), Vitrium is not responsible for the collection, use and disclosure of personal information by the Customer since the Customer has access to all the data on their own servers or environment. If a Customer chooses to subscribe to Vitrium’s hosted software (known as ‘Vitrium Security Standard Edition, Vitrium Security Professional Edition, or Vitrium Security Enterprise Hosted’), Vitrium has access to the data that is collected. The data is stored on Vitrium’s hosting provider’s servers, Dimension Data, which are highly secure, tightly controlled and managed 24/7. Dimension Data is an ISO 27001 certified company and regularly has SOC 2 audits done. Vitrium has full control over its hosted server environment and commits that it will not use or disclose any personal information to external third parties. Any information that is collected will only be used by Vitrium authorized personnel to assist with functions related to the software such as supporting the Customer or their End Users.
Customers who choose Vitrium’s content security and DRM software often use it to protect confidential, sensitive or revenue-generating content. This content gets uploaded into the Vitrium software and processed into a protected format. That protected format is then distributed via a number of different methods: as a link or attachment in an email, as a link on a website, portal or other 3rd party system. Regardless of which method is used, there are different types of personal information that could be collected and used by the Customer in the Vitrium software. These are described in further detail below.
Login & Tracking Information
Customers who distribute content that has been protected with Vitrium technology can also track various User activity related to that content such as what content the person opened, on what date and time, which IP address they accessed the content from, as well as more granular information such as how much time the person spent viewing the content. This kind of tracking information is similar to the types of information that are gathered by cookies in a website.
Personal Information Contained within Content Uploaded to Vitrium
Customers may also track personal information that is contained within the content or files that are uploaded and protected in Vitrium. If a Customer chooses to host the Vitrium software themselves (known as ‘Vitrium Security Enterprise Installed’), Vitrium is not responsible for the collection, use and disclosure of personal information by the Customer since the Customer has access to all the data on their own servers or environment. If a Customer chooses to subscribe to Vitrium’s hosted software (known as ‘Vitrium Security Standard Edition, Vitrium Security Professional Edition, or Vitrium Security Enterprise Hosted’), Vitrium has access to the data that is collected. The data is stored on Vitrium’s hosting provider’s servers, Dimension Data, which are highly secure, tightly controlled and managed 24/7. Dimension Data is an ISO 27001 certified company and regularly has SOC 2 audits done. Vitrium has full control over its hosted server environment and commits that it will not use or disclose any personal information to external third parties. Any information that is collected will only be used by Vitrium authorized personnel to assist with functions related to the software such as supporting the Customer or their End Users.
5. DISCLOSURE OF PERSONAL INFORMATION
Vitrium does not sell, trade, barter or exchange for consideration any personal information it has obtained, including User Data (except to the Customer of the document). Vitrium does use contractual service providers (“Service Providers”) to assist in providing services which entails sharing personal information about Customers. Service Providers are involved in, among other things:
1. Storing and providing access to Customer information, including information needed for billing and accounting;
2. Providing webinars and other services; and
3. Storing and providing access to Vitrium’s solutions.
Vitrium only selects reputable Service Providers and generally endeavours to ensure they comply with the principles outlined in this policy and maintain the security of the data. Vitrium only discloses personal information to Service Providers to the extent necessary to allow them to assist in performing the contracted services.
As set out above, there are a limited number of situations where disclosure of personal information collected by Vitrium is either required by law, (e.g. legislation entitling law-enforcement agencies to obtain information) or disclosure without consent is permitted by law (e.g. an emergency where your consent cannot be obtained).
6. ACCURACY AND SECURITY OF PERSONAL INFORMATION
Vitrium endeavors to ensure that all personal information in its possession is as accurate, current and complete as possible for the purposes for which it is used by Vitrium. You can assist us by advising us of any changes in your personal information, e.g. changes in your address, phone number or email address.
Vitrium takes appropriate security measures to ensure that both paper and electronic records containing personal information are secure from loss, unauthorized use, access or copying, disclosure or modification. Security measures include encryption of both Customer and User personal information transmitted electronically, password protection for access to Customer account information, locking areas containing sensitive special personal information and general security of Vitrium’s offices. Vitrium’s computer systems include passwords to gain access to sensitive personal information. Vitrium also limits access to personal information to those who “need to know” in order to provide the appropriate level of products or services to its Customers.
7. ACCESSING AND UPDATING PERSONAL INFORMATION
Customers are responsible for User Data and providing access to it. Vitrium is unable to do so. The Company allows individuals to have reasonable access to their personal information kept by Vitrium and will endeavor to provide requested information within reasonable time and generally within 30 days following a written request. Individuals may request:
1. Information about what types of personal information are collected, how it is used, and to whom it is disclosed; or
2. To review some or all personal information about them kept by Vitrium upon written request to the appropriate manager or to the Privacy Officer identified below.
Although Vitrium will generally comply with such requests, the Company may decline access to personal information on grounds permitted or required under applicable legislation, including the following situations:
1. Where the requested personal information does not exist, is not recorded or cannot be located;
2. Where the cost of assembling, retrieving and providing access to the personal information would be disproportionate to the benefits of access;
3. Where such disclosure would entail disclosing personal information about another person, e.g. a person who made a comment or observation about the individual making the access request;
4. Where the information was collected without consent for the purpose of an investigation or proceeding and the investigation or proceeding has not been completed.
Individuals may request that Vitrium correct records of personal information. If the Company concludes the requested change is unwarranted, it will so advise the requesting person, but will append the requested change to the record kept by the Company.
8. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
Vitrium endeavours to only retain personal information for so long as it is either:
1. Required to be retained by law e.g. for tax purposes; or
2. Reasonably necessary for Company business needs, subject to any specific requirement under applicable privacy laws.
When personal information is no longer needed, it will be destroyed in a suitably secure manner, e.g. shredding of paper records containing personal information.
In the event Vitrium intends to materially change its privacy policies or practices or to materially change its use of personal information previously collected, it will publish notice on the Website prior to the change becoming effective.
COMPLAINTS OR QUESTIONS
If you wish to access your personal information or have a question or concern about this policy or Vitrium’s privacy practices, you may contact the Privacy Officer for the Company through one of the following methods:
Phone: 1-866-403-1500 or 1.604.677.1500
Email: click here to contact us
Vitrium Systems Inc.
550 – 409 Granville Street
Vancouver, BC Canada V6C 1T2
Effective March 3, 2008
Updated October 1, 2018