Last updated December 14, 2016.
Entrust Datacard Corporation and its affiliates (“EDC”, “we”, “our”) value our relationship with our customers and other users of our web sites (“Sites”), cloud services, applications, products (“Products”) and related technical (or other) support ( “Support Services”). We are concerned about privacy and the security of data and we recognize that you, or the entity you represent (your “Organization”), may be concerned about our collection, use, and disclosure of information which we may collect through use of our Sites, Products and Support Services. Accordingly, we have implemented this Privacy Statement to inform you and your Organization of the information that we collect, how we collect this information, and what we do with it after we collect it. The terms of this Privacy Statement reflect our general privacy practices across our suite of Sites, Products and Support Services. Certain practices in this Privacy Statement may be overridden by the terms and conditions governing a Site, Product or Support Service (each the “Applicable Terms”) or (ii) specific documentation (e.g. ACS Security White Paper) relating to a Site, Product or Support Service (“Documentation”).
By using the Site(s), Product(s) or Support Service(s), you and your Organization, if any, (“You”) are consenting to the collection, use, disclosure, and transfer of the information as described in this Privacy Statement, the Applicable Terms, and Documentation. If You do not consent to such collection, use, disclosure and transfer, You and Your Organizational Users (as defined in the next sentence) may not use the applicable Site(s), Product(s), or Support Service(s). If You are an Organization then it is your responsibility to bring this Privacy Statement, the Applicable Terms, and the Documentation to the attention of each employee, contractor, customer or other participant (an “Organization User”) for which You set up a Site, Product or Support Service account (or user profile) or give access thereto.
Are Changes Made To This Privacy Statement?
EDC reserves and has the right, at its sole discretion, to modify, add or remove any terms or conditions of this Privacy Statement without notice or being liable to You or your Organization Users. Any changes to this Privacy Statement shall be effective immediately following the posting of such changes on the Sites. The most recent version of this Privacy Statement will always be found on the Sites. You agree to review this Privacy Statement from time to time and agree that any subsequent use by You or your Organizational Users of the Sites, Products or Support Services following changes to this Privacy Statement shall constitute Your acceptance of all such changes.
What Type of Information Do We Collect?
The specific information we collect depends on what Sites, Products and Support Services You are using and may be required for us to provide such Sites, Products and Support Services. For purposes of this Privacy Statement, “Personal Information” means information about an identified or identifiable individual protected under the privacy and/or data protection legislation applicable in the individual’s jurisdiction.
How And When Do We Collect This Information?
Providing Information to Us. We collect Personal Information as it is provided to us by You or your Organizational Users. For example, when Products or Support Services are sold through our Sites or otherwise, we may collect a name, mailing address, telephone number, credit card number, and/or email address. If You or your Organizational Users sign up to receive a newsletter, we may collect a name and/or an email address. If You provide us employment related information, we may collect your name, address, phone number, email address, resume and possibly equal employment opportunity data. If You or your Organizational Users purchase digital certificates from our Sites we may collect identity information (including Personal Information) that is required to issue digital certificates. Information required for the digital certificates is either voluntarily submitted by You, or your Organization Users, or is obtained from a third party database during the validation process. If You, or your Organization Users, enroll in Support Services or configure a Product for use, we may collect information necessary to provide that Product or Support Services, such as Your, or Your Organization Users’, names, emails, and user names.
When Site, Product or Support Service is used, we may collect information (including Personal Information) by prompting You or your Organization Users. We may also automatically collect Personal information as required to make available the Sites and Products. For example, each time our Products receive a request from a computing device, we may automatically receive the IP address and/or other device identifying technical data associated with the computing device from which the request was received.
Communications with Us. If You or your Organizational Users communicate with us regarding our Sites, Products or Support Services, we will collect any information (which may include Personal Information) that is provided to us in any such communication.
Analytic and Reporting Technologies. Like the operators of most web sites and services, we may use analytic and reporting technologies to record information (which may include Personal Information) such as Internet domain and host names, browser software and operating system types, clickstream patterns, and the dates and times that the Sites, Products and Support Services are accessed.
Product Data and License Validation. Like most software providers and operators of cloud services, when our Products are used, we may collect information (which may include Personal Information) relating to the access, usage, health and/or performance of our Products, including data generated in connection with Your and your Organizational Users’ use of the Products (e.g., analytics data, statistics data and performance data) (“Product Data”). We may also collect any Personal Information required to validate Your and Your Organization Users’ Product licenses.
User and Device Profiles. When certain Products are used, we may use Your, and Your Organization Users’, usage patterns together with Your, and Your Organization Users’ information (which may include Personal Information) to construct a profile on You, and Your Organization Users’, and/or the device(s) from which You, and Your Organization Users’, access the Product (each a “Profile”).
Logging. When our Sites, Products and Support Services are used, we may automatically log and collect certain information (which may include Personal Information) in electronic records (“Logs”). This may include who (e.g. name, user name) accessed the Sites, Products and Support Services, how the Sites, Products and Support Services were accessed, the dates and times Sites, Products and Support Services were accessed, the geographic location from which the Sites, Products and Support Services were accessed and results of the request. Logs may be retained locally within the Product or may be transmitted to and stored in our infrastructure, which may include our hosted infrastructure.
How Do We Use The Information We Collect?
Generally, we use the information we collect through the Sites, Products and Support Services:
- to provide, make available, and/or troubleshoot the Sites, Products, and Support Services;
- to improve our marketing and promotional efforts and improve our Sites, Products, and Support Services including the content, functionality and usability;
- to validate licenses;
- to provide You and your Organizational Users with effective customer service;
- to contact You and your Organizational Users with information and notices related to Your use of our Sites, Products, and Support Services;
- to contact You with special offers and other information we believe will be of interest to You;
- to invite You to participate in surveys and provide feedback to us;
- to conduct internal research and development;
- to better understand Your needs and interests;
- for any other purpose identified in an applicable notice, communication, click-through agreement or other agreement between You and us.
When Do We Disclose Your Information to Third Parties?
Generally speaking, with the exception of our service providers who are helping us operate our Sites, Products, and Support Services, we do not disclose Your or Your Organization Users’ information to third parties. In some instances, however, we reserve the right to disclosure to other third parties because it is necessary to the operation and continued growth of our business or to protect the rights of You, us and/or others. You understand and agree that we are not required to provide You with advance notice and do not require your consent to make such disclosure. These instances include:
Disclosure to Unaffiliated Third Parties. We (or our service providers) may disclose information (including Personal Information) to prevent an emergency, to protect or enforce our rights or the rights of a third party, or as required by law (including, without limitation, to comply with a subpoena or court order). We (or our service providers) may also disclose information (including Personal Information) to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of the Sites, Products, and Support Services; or to enforce or apply this Privacy Statement, the Applicable Terms and/or Documentation.
Disclosure to Third-Party Service Providers. We may contract with various third parties such as third party service providers who, pursuant to our instructions, provide services for us which are required to operate and maintain the Sites, Products, and Support Services and provide related support. We may provide information (including Personal Information) to those parties. For example, we use a third-party to process payments made to us, and may subcontract out manufacturing, fulfillment, or other operations. Also, we use Amazon Web Services (“AWS”) to host certain cloud infrastructure. We will use commercially reasonable efforts to contractually prevent such third parties from disclosing information (including Personal Information), except for the purpose of providing the services in question and complying with legal obligations.
Geolocation Information. We and our third party service providers may use geolocation technology together with third party databases to determine the location of the computing device accessing Sites or Products. This location information allows us and our third party service providers to provide certain functionality within our Sites and/or Products. This location information will not be shared in a personally identifying form with persons other than You and Your Organizational Users, if any.
Disclosure of Personal Information. We may disclose Personal Information in aggregate form, to potential strategic partners, advertisers, investors, customers, and others. You may not “opt out” of the sharing of this information.
Disclosure to Affiliates. EDC may share Personal Information with other EDC affiliates. These EDC affiliates are permitted to use Personal Information in a manner consistent with this Privacy Statement.
Disclosure to Successors. We may disclose Personal Information to any successor-in-interest of ours, such as, but not limited to, a company that acquires us or any part of our business.
Security Establishments. In order to promote awareness, detection and prevention of Internet security risks, we may share statistics derived from information (which may include Personal Information) with research organizations and other security software vendors. For example, to track and publish reports on security risk trends.
Where Do We Host And Process Your Information?
We may host and process information (which may include Personal Information), in the United States and/or any other country (including through our affiliates and third parties we use to operate and manage the Sites, Products and Support Services). You agree that we and our third party service providers may move and process such information as reasonably necessary to operate our Sites, Products and Support Services as may be required by applicable laws, rules or regulations or by legal or governmental authority.
How Long Do We Retain Your Information?
We will only retain Personal Information as long as necessary for the purpose we collected it for. Where information is necessary to provide a Site, Product or Support Service we will retain it while we are providing You or your Organizational Users the Site, Product or Support Service (and may retain it for a reasonable time thereafter) unless we are required by law to dispose of it earlier or to keep it longer. We will also retain and use information (which may include Personal Information) as necessary to comply with our legal obligations, resolve disputes, and protect or enforce our rights, to protect or enforce the rights of a third party.
What Is Our Role As Data Processor?
In our provision of Products, we will be acting as a conduit, processor and/or storage host for Personal Information provided to us. Our Products are standardized offerings that are not designed for specific industries. If You are an Organization providing us with information about Organization Users (“Your Controlled Data“), then You are the data controller of Your Controlled Data under applicable privacy and data protection laws. You (and not we) are responsible for compliance with any privacy and data protection laws, sector-specific security obligations and other laws and regulations applicable to the provision, transfer or use of Your Controlled Data, or to the deployment and use of the Service in your industry. This includes obtaining and complying with any required filings, registrations, licenses, approvals or consents. We may direct any regulator, enforcement body or other interested persons to You for information regarding how Your Controlled Data is handled and sector-specific obligations, and as part of that we may provide your contact information to the third party requestor. If You are an Organization User, you acknowledge that the Organization (and not us) is responsible to You under applicable law.
What About Cookies And Do Not Track Flags?
We currently employ cookies in our Sites.
The information we collect using cookies and similar technologies is not, in and of itself, personally identifiable, but we may link it to Personal Information. If You do not wish to receive cookies or to have your Organization Users receive cookies, You may set your and Your Organization Users’ browsers to reject cookies or perform an alert when a cookie is placed on a computer.
How Do We Protect Your Personal Information?
We use commercially reasonable efforts to protect Personal Information from unauthorized access or disclosure. The transmission of data or information (including communications by e-mail) over the Internet or other publicly accessible networks cannot be guaranteed to be 100% secure, and/or may be subject to possible loss, interception or alteration while in transit. In no event will the information You or Your Organizational Users provide to us be deemed to be confidential.
How Do You Opt Out Of Receiving Marketing And Promotional Messages From Us?
You may opt out of receiving future marketing and promotional emails by following the instructions in the footer of any marketing and promotional email You may receive from us or by sending an email to email@example.com.
How Do You Update Personal Information In Our Possession?
Upon written request from You, we will provide You with (or update) any Personal Information we have about You or Your Organizational Users. Notwithstanding the prior sentence, if Your Organization provided us with Organizational User information, You will need to contact Your Organization to review or update the associated Personal Information.
What About Children’s Privacy?
Our EDC Sites and Products are not intended for users younger than eighteen years of age. Accordingly, we will not knowingly collect or use any Personal Information from children that we know to be under the age of eighteen. In addition, we will delete any information in our database that we know originates from a child under the age of eighteen.
Who Can You Contact?
If You have any questions or concerns about this Privacy Statement, please feel free to contact us at firstname.lastname@example.org