Last Updated May 25, 2018
Entrust Datacard Corporation and its subsidiaries (“EDC”, “us” “we”, “our”) value our relationship with our customers and other users of our web sites (“Sites”), cloud services, applications, products (“Products”) and related technical (or other) services (“Services”). We are concerned about privacy and the security of personal data and we recognize that you may be concerned about our collection, storage, use, and disclosure of Personal Information we collect in the course of our business interactions with you. This information includes the information we may collect through your use of our Sites, Products, and Services. Accordingly, we have implemented this Privacy Statement to inform you of the Personal Information that we collect, how we collect this information, and what we do with it after we collect it.
For purposes of this Privacy Statement, “Personal Information” is information that identifies you personally, either alone or in combination with other information available to us. Examples of Personal Information include your name, contact details, credit card information, information you provide when you create an account with us on one of our Sites, or when you use our Products or Services.
What Personal Information do we Collect?
Information you provide to us:
When you use the Sites: We collect the Personal Information you provide to us when you visit our Sites. For example, when you complete a contact form in one of our Sites, we collect the information you include in such form (name, phone number, email address, etc.).
When you use or purchase Products or Services: We collect Personal Information provided directly to us in the course of a business transaction. This information may include your name, phone number, email address, postal address, job title, place of work, and transactional information in connection with the Product or Service.
We collect similar information when you contact us directly via email or telephone, or during any business related events, trade shows, sales or marketing activities hosted by us or by third parties.
From time to time, we may supplement the information you give us with information from other sources, such as information validating your address, information based on your zip code or location, or information about your business. We may also supplement the information you give us with information we collect from you through other Sites or other channels. For example, if you are an EDC customer, we may supplement the information you provide online with information you provide in your other business dealings with us.
Information we automatically collect:
When you visit our Sites, we collect certain information related to your visit that is sent to us by your Web browser or Product. This information typically includes your IP (Internet Protocol) address, the identity of your Internet Service Provider, the name and version of your operating system, the name and version of your browser, the date and time of your visit, and the pages you visit. Certain privacy and data protection laws may consider this information as Personal Information.
- Product Data and License Validation. Like most software providers and operators of cloud services, when our Products are used, we collect information relating to the access, usage, performance of our Products, including data generated in connection with your use of the Products (e.g., analytics data, statistics data and performance data) (“Product Data”). Certain privacy and data protection laws may consider Product Data as Personal Information. We also collect any Personal Information required to validate Product licenses.
- Logging. When our Sites, Products and Services are used, we may automatically log and collect certain information in electronic records (“Logs”). This may include who (e.g. name, user name) accessed the Sites, Products and Services, how the Sites, Products and Services were accessed, the dates and times Sites, Products and Services were accessed, the geographic location from which the Sites, Products and Services were accessed and results of the request. Certain privacy and data protection laws may consider Logs as Personal Information. Logs may be retained locally within the Product or may be transmitted to and stored in our infrastructure, which may include our hosted infrastructure.
- Geolocation Information. We may use geolocation technology together with third- party databases to determine the location of the computing device accessing Sites, Products, or Services. This location information allows us and our third-party service providers to provide certain functionality within our Sites, Services and/or Products. This location information will not be shared in a personally identifying form with persons other than you.
Information provided to us by third parties.
In the course of our business we receive Personal Information from third parties. This may happen if you attended a meeting or event and, consistently with privacy and data protection laws, the organizers of such meeting or event shared your Personal Information with us. In this case, you will receive a communication from us indicating we received your Personal Information.
How Do We Use The Information We Collect?
Generally, we use the Personal Information we collect in furtherance of our legitimate interests in operating our business, including providing our Sites, Products and Services. More specifically, EDC uses Personal Information:
- to provide, make available, and/or troubleshoot and maintain the Sites, Products, and Services;
- to set up a user account for our Products or Services;
- to process and complete transactions, and send related information, including transaction confirmations and invoices;
- to improve our marketing and promotional efforts and improve our Sites, Products, and Services, including the content, functionality and usability;
- to validate licenses;
- to investigate and prevent fraudulent activities, unauthorized access to the Products or Services, and other illegal activities;
- to provide you with effective customer service;
- to contact you with information and notices related to your use of our Sites, Products, and Services;
- to contact you with special offers and other information we believe will be of interest to you, if this is in accordance with your marketing preferences;
- to invite you to participate in surveys and provide feedback to us;
- to conduct internal research and development;
- to better understand your needs and interests;
- as required by applicable law or regulation.
Legal Basis for Processing Personal Information
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only (i) where we need the Personal Information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, (iii) where we have a legal obligation, or (iv) where we have your consent to do so.
- Performance of contract (under our terms of service) as a legal basis for processing is when we make any Site, Product or Service available to you or provide you with customer support.
- We process your personal data on the basis of our legitimate interests, which include but are not limited to, when we provide you the Site, Product or Service, serve advertisements to you (based on your Personal Information), perform a contract with an organization of whom you are an employee or representative, carry out marketing, keep our Site, Product or Service secure, for engineering purposes, or when we are analyzing users’ behavior across our Site, Product or Service.
- We process your Personal Information to comply with a legal obligation, such as the prevention of crime or fraud, or to maintain records relating to tax.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).
Do We Share and Disclose Personal Information?
We may share and disclose your Personal Information in the following limited circumstances:
Changes to EDC’s Business. We may disclose or transfer your Personal Information as part of a potential or actual company merger, acquisition or sale of a portion of us or our assets.
Corporate Affiliates. EDC may share Personal Information with other EDC affiliates. These EDC affiliates are permitted to use Personal Information in a manner consistent with this Privacy Statement.
Third-Party Service Providers. We may share Personal Information with third-party vendors, consultants, or other service providers or business partners who provide services to us. These third parties process your Personal Information pursuant to our instructions and solely for the purpose indicated in the agreements we have signed with them. Examples of third-party service providers include payment processing providers, website analytics companies, providers of services to operate, maintain and support our Sites, Products and Services. For a list of current services providers and partners, please contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com.
Aggregated Data. We may disclose Personal Information in aggregate form to potential strategic partners, advertisers, investors, customers, and others.
Protection of rights, prevention of fraud, and compliance with laws. We may disclose Personal Information to protect, enforce or defend our rights or those of others, or where we believe the disclosure is required by law. We may also disclose Personal Information to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of the Sites, Products, and Services; or to enforce or apply this Privacy Statement.
Other Disclosures with consent. We may disclose Personal Information to any other person with your consent to the disclosure.
How Long Do We Retain Personal Information?
We will only retain Personal Information as long as necessary for the purposes we collected it for as indicated in this Privacy Statement. Where information is necessary to provide a Site, Product or Service, we will retain it while we are providing you the Site, Product or Service (and may retain it for a reasonable time thereafter) unless we are required by law to dispose of it earlier or to keep it longer. We will also retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, pursue legitimate business interests, conduct audits, and protect or enforce our rights. For specific information on retention periods, please contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com.
How Do We Protect Your Personal Information?
We use appropriate technical, organizational and administrative security measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These security measures are designed to provide a level of security appropriate to the risk of processing your Personal Information.
Note that we cannot guarantee that the transmission of data or information (including communications by e-mail) over the Internet or other publicly accessible networks will be 100% secure or that it will not be subject to possible loss, interception or alteration while in transit.
International Data Transfers
Once collected or received, EDC may transfer your Personal Information to countries other than the one in which you live or in which your Personal Information was collected. Specifically, our Site servers are located in the United States, Canada and the United Kingdom, and our group companies and third party service providers and partners operate around the world. Certain privacy and data protection laws require data controllers to put in place safeguards to protect the Personal Information being transferred across borders. To comply with this requirement, EDC has put in place agreements that include the standard contractual clauses recommended by the European Commission to provide adequate safeguards for your Personal Information.
For questions about our safeguards, please contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com.
What rights do you have with respect to your Personal Information?
Subject to the privacy and data protection laws applicable to you, you may have rights in relation to Personal Information we hold about you.
In particular, if European data protection law applies, you will have the following rights:
- You can access, correct, update or request deletion of your Personal Information.
- In addition, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com.
- Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Other jurisdictions may have similar rights.
To exercise your rights, please contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com
We do not knowingly collect Personal Information of individuals under eighteen years of age in the course of our business transactions. Furthermore, our Sites, Products, and Services are not intended for users younger than eighteen years of age. Accordingly, we will delete any Personal Information that we know corresponds to an individual under the age of eighteen.
Changes Made To This Privacy Statement
EDC may change this Privacy Statement from time to time as our business, laws, regulations and industry standards evolve. Any changes to this Privacy Statement are effective immediately following the posting of such changes on the Sites. We encourage you to review this Privacy Statement from time to time to stay informed. Please note that any subsequent use of the Sites, Products or Services following changes to this Privacy Statement will constitute your acceptance of all such changes.
Who is the Data Controller?
EDC is a global company, with offices in all regions of the world. We serve companies that have offices across the world. To identify the EDC entity acting as the data controller of your Personal Information, you can contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com
Who Can You Contact?
If you have any questions or concerns about this Privacy Statement, please feel free to contact EDC’s Chief Legal and Compliance Officer at Privacy@entrustdatacard.com