iVenuto.com Corporation Privacy Statement
The purpose of this Privacy Statement is to inform Individuals about the types of Personal Information that iVenuto.com Software Corporation (“ZAP IN”) receives, holds and processes in its capacity as a service provider on behalf of ZAP IN’s Clients.
ZAP IN is proud to demonstrate our commitment to protecting the Personal Information we receive from its Clients by complying with applicable privacy laws in Canada, including the Personal Information Protection and Electronic Documents Act, and the European Union's newly enacted 2018 General Data Protection Regulations (GDPR).
In order to fulfill this commitment, ZAP IN has policies and practices intended to appropriately safeguard ZAP IN’s facilities, information systems and data.
This Privacy Statement may be revised periodically to maintain its currency and compliance with evolving law and policy.
1. TO WHOM DOES THIS PRIVACY STATEMENT APPLY?
This Privacy Statement applies to the iVenuto.com Corporation (ZAP IN) and it's clients (Users). The Company contracts with Clients to provide them with the opportunity to outsource their business processing functions. Specifically, ZAP IN provides its Clients with electronic visitor registry services. ZAP IN’s “Clients” are various entities such as corporations, partnerships, trusts, schools, military suppliers, governmental agencies and offices, or other organizations that receive our services: both for and not for profit. The Personal Information ZAP IN receives from its Clients relates to a variety of Individuals. An “Individual” is any person directly or indirectly designated by a Client to be covered by the services to which this Privacy Statement applies.
2. WHAT IS PERSONAL INFORMATION?
“Personal Information” is generally any information about an identifiable Individual. The type of information that a Client may collect from an Individual and transfer to ZAP IN in order for us to provide the Client with our business process outsourcing services may include an Individual’s name, residential contact information, annual gross revenue, bank account information, family support payment obligations and tax filing information, as well as additional information that an Individual may choose to disclose. Personal Information may not, however, include an employee’s business title, business address or business telephone number.
3. WHAT ARE ZAP IN’S OBLIGATIONS AS A PROCESSOR OF PERSONAL INFORMATION?
As a service provider, ZAP IN does not independently use or disclose Personal Information transferred to ZAP IN by, or on behalf of, a Client or an Individual for any purpose other than to process that information in order to fulfill our contractual business processing functions, except as required or permitted by law.
Furthermore, ZAP IN takes all commercially reasonable steps to safeguard the Personal Information we hold against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the Personal Information is held. The precise nature of the safeguards ZAP IN employs will vary depending on (i) the sensitivity of the Personal Information at issue, (ii) the format in which it is held, and (iii) the manner in which it is stored.
4. HOW DOES ZAP IN TRAIN AND MANAGE OUR ASSOCIATES?
ZAP IN’s Human Resources Department is responsible for associate management and training.
ZAP IN educates our associates about our information security policies and practices, and uses reasonable efforts to help ensure that our associates comply with these policies and practices. These efforts include:
- Conducting appropriate background checks of all newly-hired associates;
- Including information on ZAP IN’s policies in our associate orientation process;
- Requiring associates to execute appropriate non-disclosure agreements;
- Including information on ZAP IN’s policies and practices on the ZAP IN associate intranet site;
- Disseminating information on ZAP IN’s policies and procedures to associates at appropriate intervals;
- Limiting access to Personal Information to associates with a business need for seeing it;
- Promptly ending associate access to systems and facilities upon termination of associate employment;
- Monitoring associates for compliance with policies; and
- Imposing appropriate disciplinary measures for breaches of policies and procedures.
5. HOW DOES ZAP IN ENSURE THE SECURITY OF OUR FACILITIES?
The Director of Facilities is responsible for the security of ZAP IN’s facilities.
ZAP IN utilizes reasonable security measures at all of our facilities. Such security measures include:
- Using access control devices, such as card keys; computerized access control, and/or receptionist verification of identification badges for all associates;
- Requiring that visitors to our facilities check-in at a reception desk and obtain a visitor badge;
- Utilizing enhanced security measures at all data centers, including limiting access to specially authorized associates (controlled by computerized access control) and limiting visitors to pre-cleared individuals who must be escorted at all times;
- Maintaining secured areas for storage of materials containing confidential information; and
- Implementing other appropriate security measures including security patrols and security cameras, where such measures are judged to be necessary and reasonably appropriate.
6. HOW DOES ZAP IN ENSURE THE SECURITY OF OUR INFORMATION SYSTEMS?
The Chief Information Officer (“CIO”) is responsible for the overall security of ZAP IN’s information systems. Information systems include network and software design, as well as information processing, storage, transmission, retrieval and disposal. ZAP IN employs policies and practices to protect Personal Information throughout its life cycle – from data entry to data disposal. These policies and practices include, among other things:
- Requiring use of virus protection software on all computer systems attached to ZAP IN networks;
- Encrypting all client information transmitted over the Internet;
- Limiting all access to ZAP IN computer resources and networks to approved configurations and utilizing appropriate identification and authentication methods;
- Utilizing firewalls (which are configured and maintained in accordance with ZAP IN and industry-standard procedures and specifications);
- Requiring appropriate disposal of all documents and electronic media containing Personal Information;
- Employing appropriate intrusion detection, monitoring, and logging capabilities to enable detecting and responding to potential security breaches;
- Maintaining appropriate incident handling procedures for responding to any breaches;
- Regularly obtaining and installing patches to address software vulnerabilities;
- Developing Client applications utilizing appropriate security methods including multiple-factor authentication, strong passwords, session time-outs, and access controls; and
- Maintaining adequate disaster recovery and business continuity plans for all core functions.
- The CIO is also responsible for maintaining current documentation of our information systems security procedures. These procedures are disclosed to individuals on a need-to-know basis.
7. HOW DOES ZAP IN ENSURE THE PRIVACY OF PERSONAL INFORMATION WHEN DEALING WITH THIRD PARTY SERVICE PROVIDERS?
In connection with providing our services to our Clients, ZAP IN may from time to time grant certain third party service providers access to the Personal Information ZAP IN holds for the purposes of storing or destroying that information, or for the purpose of physically transporting that information to the Client. ZAP IN requires any third party granted such access to execute contracts mandating many of these same polices and practices with regard to the training and management of their employees, and with regard to the security of their information systems and data.
Further information about the third party service providers that ZAP IN permits to access the Personal Information it holds is available upon request.
8. WHAT ADDITIONAL SAFEGUARDS DOES ZAP IN HAVE IN PLACE TO PROTECT PERSONAL INFORMATION?
Due to the constantly changing nature of technologies and security concerns, ZAP IN conducts appropriate, periodic reviews of our security policies and practices. Additionally, periodic assessments are conducted as appropriate. All allegations of system or data misuse (by associates, contractors or any third parties) are thoroughly investigated by ZAP IN in accordance with our policies, and reported to law enforcement authorities where appropriate.
9. HOW LONG WILL ZAP IN RETAIN PERSONAL INFORMATION?
ZAP IN may keep a record of an Individual’s Personal Information, correspondence or comments in a file specific to the Client, to which access by ZAP IN’s associates and by any third parties with whom ZAP IN contracts will be strictly limited on a business need-to-know basis. ZAP IN will retain an Individual’s Personal Information for as long as necessary to fulfill the purposes for which it was transferred to ZAP IN, or as required or permitted by law. ZAP IN has established minimum and maximum retention periods, as well as appropriate procedures for the destruction and disposal of Personal Information.
10. HOW DOES ZAP IN UPDATE PERSONAL INFORMATION SUCH THAT IT IS SUFFICIENTLY ACCURATE FOR PROCESSING PURPOSES?
As a service provider of business processing functions, ZAP IN relies on its Clients to provide SIGN IN with updated Personal Information on an ongoing basis, as necessary in relation to our provision of the services.
In certain cases, Individuals may not be able to update their Personal Information through the Client. Where this is the case, and where ZAP IN can adequately authenticate the Individual’s identity, ZAP IN will rely on the Individual to provide ZAP IN with the necessary updated information.
Upon receipt of updated Personal Information, ZAP IN will amend the Individual’s Personal Information that ZAP IN’s holds where such amendment is reasonably necessary to enable ZAP IN to continue providing the services to the Client in accordance with ZAP IN’s contractual obligations as a service provider.
11. HOW CAN INDIVIDUALS ACCESS AND CORRECT THEIR PERSONAL INFORMATION THAT HAS BEEN TRANSFERRED TO ZAP IN FOR PROCESSING?
In light of the fact that ZAP IN acts at all times on behalf of ZAP IN’s Clients, any request by an Individual to access and/or correct his or her Personal Information in our possession should be directed to the Client rather than to ZAP IN.
ZAP IN recognizes, however, that there are circumstances where the Client may not be able to respond to an access request (e.g., where the Client no longer exists). Where an Individual successfully demonstrates to us that the access request cannot be addressed by the Client and authenticates his or her identity, ZAP IN will make available to the individual, on written request and to the extent permitted by law, the requested Personal Information, as well as information about the manner in which ZAP IN has handled that information. ZAP IN will make such information available to the Individual in a form that is generally understandable, and will explain any abbreviations or codes or use an alternative format, if required. Furthermore, where ZAP IN provides access under these limited circumstances, and where the Individual successfully demonstrates that the Personal Information we hold is incomplete or inaccurate, ZAP IN will amend the information as required.
Access requests to ZAP IN should be directed to the Privacy Officer listed below.
12. HOW DOES ZAP IN AUTHENTICATE AN INDIVIDUAL’S IDENTITY?
Where ZAP IN receives an access request or an update request from an Individual under the limited circumstances noted above, ZAP IN may request that the Individual provide sufficient identification prior to providing such access. Any such identification information shall be used only for the purpose of authenticating the identity of the Individual. ZAP IN reserves the right to deny an access request or an update request where an Individual is unwilling or unable to authenticate his or her identity.
13. CONTACT ZAP IN REGARDING OUR PRIVACY POLICIES AND PRACTICES.
Any inquiries or complaints regarding SIGN IN’s privacy policies and practices should be forwarded to ZAP IN’s Privacy Officer as follows:
Attn: Privacy Officer
F - 85 Bathurst Drive,
Waterloo, Ontario N2V 1N2
Via email: email@example.com