This Privacy Statement refers to two types of data:
- Visitor Data, which includes:
- Personal information we collect through the Website
- Personal information we collect about you in the course of interacting with you, such as when you engage with us as a customer, potential customer, vendor, service provider, potential partner, partner, applicant, consultant, contractor or other third party in relation to the operation of our business generally. This includes sales, marketing, business contact and/or registration activities conducted by VIZpin
- Account Data, which includes:
- Personal information that a Customer, a Customer’s Account Manager, or Partner, inputs, uploads, or otherwise captures in VIZpin;
- Activity and event data that is automatically collected by Customers using VIZpin; and
- Personal and business information captured about Customers and their users, Partners and/or applicants in order to establish or maintain their business relationship with VIZpin.
Manager refers to an individual account manager of VIZpin authorized by the Customer, which may, in the discretion of the Customer, include Customer’s employees, agents, and contractors. Customer is an end user of VIZpin. Partner refers to an authorized VIZpin reseller or technology partner from whom a Customer obtains access and use to VIZpin or related third-party services.
How VIZpin Collects and Uses Visitor Data
VIZpin only collects the personal information necessary to enable us to respond to your requests for our products and services. When you use our Website, Mobile Apps, complete forms, schedule a demo, respond to a survey, complete a partner application, contact us or otherwise interact with our business, we usually collect personal information such as your name, email address, postal address, company name, mobile phone number and any other information you choose to optionally provide that will enable us to respond to you as requested by you. You can opt out of providing personal information by not entering it to the Website or otherwise not providing it if asked.
Computer Information Collected
When you use our Website, we automatically collect certain computer information by the interaction of your mobile phone or web browser with our Website. Such information is typically considered Non Personal Information. We also collect the following:
Automatic Information & Log Files
We automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website to which you’re headed when you leave our website. This information also includes the IP address of your computer/proxy server that you use to access the Internet, your Internet Website provider name, web browser type, type of mobile device, and computer operating system. VIZpin may sometimes use IP addresses to analyze trends, administer the site, track user movement, and to gather broad demographic information for aggregate use. The IP addresses collected are not linked to Personal Identifiable Information (PII) unless a user specifically provides us that information during a session, such as by completing an inquiry form.
How We Use Visitor Data
We use the information we receive from you as follows:
Sharing Information with Affiliates and Other Third Parties
We do not sell, rent, or otherwise provide your Personally Identifiable Information to third parties for marketing purposes. We may provide your Personally Identifiable Information to affiliates that provide services to us with regards to our Website (i.e. payment processors, Website hosting companies, etc.); such affiliates will only receive information necessary to provide the respective services and will be bound by confidentiality agreements limiting the use of such information.
We retain the right to collect and use any Non Personal Information collected from your use of our Website and aggregate such data for internal analytics that improve our Website and Service as well as for use or resale to others. At no time is your Personally Identifiable Information included in such data aggregations.
Legally Required Releases of Information
We may be legally required to disclose your Personally Identifiable Information, if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our Legal Terms; (d) necessary to protect us from legal action or claims from third parties including you and/or other Members; and/or (e) necessary to protect the legal rights, personal/real property, or personal safety of VIZpin Inc, our Users, employees, and affiliates.
Links to Other Websites
We may occasionally request information from users via voluntary surveys. Information requested may include contact and demographic information. Survey data may be used to monitor or improve the use and satisfaction of our web site, products, or services. VIZpin will retain ownership to all data provided via these surveys.
How VIZpin Collects and Uses Account Data
VIZpin collects and processes all Account Data strictly on behalf of Customers and Partners in accordance with VIZpin’s contractual agreements with them and/or as defined in the Terms and Conditions and/or as required or permitted by law.
Customers and Partners are responsible for ensuring that Account Data is obtained and processed in accordance with all applicable laws. Since Account Data is managed by the Customer, the Customer is responsible for providing appropriate notice and choice regarding VIZpin’s processing of Account Data on behalf of the Customer. If an individual has any questions or concerns related to VIZpin’s handling of Account Data pertaining to them, they may contact us at Info@VIZpin.com and we will work with the applicable Customer to address the concern.
From Customers, VIZpin collects the personal information that is needed to properly manage VIZpin’s business relationship. Customers will receive login credentials to manage their VIZpin accounts.
Roles of Customers, Partners, and VIZpin in Protection of Account Data
VIZpin provides VIZpin to Customers directly and via its Partner channel. Partners selected by the Customer are responsible for the initial setup and configuration of the Customer’s VIZpin account.
Customers are responsible for verifying that all individuals who are designated as Administrators are authorized by the Customer for the levels of access granted. In general, VIZpin recommends that the Customer designate an employee of the Customer to be the Manager. If the Customer chooses to permit an individual who is not an employee of the Customer (such as, for example, an employee of a Partner to have any administrative rights or other access or privileges to the Customer’s account or Account Data), the Customer is responsible for monitoring the third party’s access to and use of the account and Account Data. VIZpin is not responsible for any unauthorized use or misuse of the Customer’s account access, account privileges or Account Data by anyone using access provided by the Customer.
Certain VIZpin employees also will have access to Account Data, solely in connection with the provisioning of VIZpin and to respond to specific Customer and Partner requests for technical support. VIZpin will access Account Data only for the purposes of providing VIZpin services, preventing or addressing service or technical problems, in accordance with the provisions of any separate written agreement between VIZpin and Customer (such as, for example, the VIZpin Terms and Conditions applicable to VIZpin (as applicable, the “Terms and Conditions”), or as may be required by law.
Types of Account Data Collected Related to VIZpin
VIZpin collects the following types of Account Data:
Information provided by Customers: VIZpin provides the capability for Customers to store basic personal information such as an individual’s name, mobile phone number, credential number and email address. This information is used to correlate security events to the correct individual, as well as to enable notifications and mobile application functionality. The Customer is solely responsible for determining if storage of this data is appropriate in the context of applicable laws and regulations.
Information generated from events: VIZpin is used by the Customer to collect activity and event data. For example, the Customer can use VIZpin to record that a Smartkey was used at a particular door at a certain time. Through correlation with the information a Customer provides, VIZpin may be able to tie an access event to a particular individual’s Smartkey.
Log Information: VIZpin records the actions of Managers and Administrators, as well as the status and the settings of various devices that have been configured to operate with VIZpin. Log information may be used by the Customer to review the activity of Managers and Administrators.
Mobile Application: VIZpin provides a mobile application which can be used with VIZpin devices. The VIZpin Mobile App is a form of digital credential used to activate a VIZpin device. In order to use the VIZpin Mobile app, the user must provide personal data and enable certain permissions on the phone. We do not sell, rent or otherwise provide your personal data to third parties for marketing purposes.
Mobile Application Personal Data
First Name/Last Name – The VIZpin Mobile App requires you to enter a First Name and a Last Name. This data will only be used to generate a mobile credential for that user and correlate security events to the correct individual.
Phone Number – The VIZpin Mobile App requires you to provide a phone number capable of receiving a security SMS for the reasons listed below. We do not sell, rent or otherwise provide your personal data to third parties for marketing purposes.
- Allow multi-factor authentication via an SMS message
- to receive mobile credentials that will work with that phone
- to securely transfer mobile credentials to a new phone
Mobile Application Permissions
Location Data – In order for some features to work reliably, the VIZpin Mobile App requires that Location Services is enabled. We never collect your physical location or GPS information, and do not share or sell your data to third parties. The app doesn’t actually use your physical location, but rather Bluetooth Low Energy (BLE), which iOS and Android consider as part of their Location Services. Users can choose to only enable location permissions while using the app.
Bluetooth & Scanning Nearby Devices – The VIZpin Mobile App collects information about the location of the device and its proximity to certain available VIZpin devices within Bluetooth range of the VIZpin Mobile App solely for the purpose of activating the device. In order to provide these services, VIZpin collects various types of device and Bluetooth data. In order to use the VIZpin mobile app, various features such as location services and Bluetooth communication need to be enabled on the mobile device.
Notifications – This is an optional setting that can be allowed solely for the purpose of notifying the user when they are in proximity to a VIZpin device for which they have a mobile credential. If users do not want to enable notifications the can still use the app by tapping the OPEN icon on the Smartkeys.
Microphone – This is an optional permission and is not required to use the VIZpin mobile app. If enabled, this may allow the user to communicate with other VIZpin users who chose to enable plug-ins that require those permissions.
Camera – This is an optional permission and not required to use the VIZpin mobile app. If enabled, this may allow the user to communicate with other VIZpin users who chose to enable plug-ins that require those permissions.
Account Data may be used by VIZpin to:
- Enable event notifications and VIZpin Mobile App functionality.
- Contact the Customer to inform it of product and service enhancements that VIZpin thinks may be of interest to it.
- Provide important service notices regarding VIZpin and related devices. While Customers use VIZpin, it will not be possible to opt out of communications regarding VIZpin System service notices.
- Ask the Customer to participate in surveys that help VIZpin better understand the Customer’s needs in order to improve VIZpin products and services.
- VIZpin may share data with relevant third-party service providers when explicitly authorized by Manager in the relevant VIZpin account; for example, to enable integrations with Video Management Systems, Alarm Systems, or Directory Services such as Active Directory.
Compliance with General Data Protection Directive (GDPR)
In the context of GDPR, individuals residing in the European Economic Area with data stored in VIZpin or using VIZpin applications are considered “Data Subjects.” Customers (and in some cases Partners) are considered “Data Controllers.” VIZpin is a “Data Processor.”
In VIZpin’s role as a Data Processor, VIZpin is the responsible custodian of the Data Subject’s data, performing this role on behalf of the Data Controller. The Data Controller is completely responsible to determine what data is captured, stored and processed within VIZpin. VIZpin does not share, sell, rent, or trade personally identifiable information with third parties unless directed by a Data Controller.
Most VIZpin Data Subjects will have limited direct interaction with VIZpin applications that capture and store their data. This interaction by Data Subjects will primarily be via the VIZpin Mobile App. Most Data Subjects will be employees, visitors, or contractors of the Data Controller. Data is captured based on their relationship with the Data Controller. The Data Controller is responsible for gaining necessary consent from the Data Subject regarding the data to be stored. In cases where a Data Subject requests Account Data to be deleted from VIZpin, VIZpin will refer such request to the Data Controller for adjudication.
The GDPR includes provisions that grant Data Subjects portability rights in their personal data. VIZpin will coordinate with Data Controllers and, as applicable Data Subjects, when requested to delete, anonymize or port data. VIZpin provides for portability and is continually working to enhance its data export capabilities. VIZpin will continue to monitor the GDPR and evolve VIZpin’s systems and processes to ensure continued compliance.
GDPR Right of Individual Access and Limited Use
Those residing within the European Economic Area may request to access, correct, or limit the use of their personal information within VIZpin by submitting a request to their VIZpin Account Manager. Individuals may have the right to complain to a data protection authority in the country where they live, where they work or where they feel their rights were infringed if they have concerns about their rights.
VIZpin maintains a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Account Data.
Law Enforcement Requests
VIZpin may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including national security or law enforcement requirements.
Data Location & Transfer of Information
VIZpin stores all Visitor Data and Account Data in the continental United States. To facilitate Customers’ global operations, VIZpin transfers information to the United States and provides access to that information to Customers around the world.
VIZpin retains Visitor Data in accordance with our data retention policies and practices. The length of time we keep your information depends upon a number of factors, including the type of information. In general, we retain personal information for as long as we have an ongoing business need to retain it. Following that period, we will delete it.
If VIZpin becomes aware of any improper access, unauthorized use or disclosure of Account Data (a “Data Breach”), VIZpin will analyze the facts of the Data Breach in the context of applicable laws, regulations, policies and contractual obligations to determine the appropriate notification process. VIZpin will conduct notifications in a timely manner after becoming aware of a Data Breach and take reasonable steps to minimize harm and mitigate further risks to Visitor Data and Account Data.
Third Parties Who May Receive Personal Data
VIZpin works with a select number of third-party service providers to perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. VIZpin maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. VIZpin may be liable if they fail to meet those obligations, unless we prove that we are not responsible for the event giving rise to the damage.
U.S. Federal Trade Commission Enforcement
VIZpin’s commitments under Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
In compliance with the Privacy Shield Principles, VIZpin commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact VIZpin at info@VIZpin.com.
VIZpin is committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
In compliance with the Privacy Shield Principles, VIZpin commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact VIZpin at info@VIZpin.com.
Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information please go to the Privacy Shield website at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Other International Users
The Website is hosted in the U.S. If you are a consumer accessing the Website from Asia, or any other region with laws or regulations governing personal data collection, use and disclosure that differ from U.S. laws, your continued use of the Website, which is governed by U.S. law and these terms, indicates your consent to transfer of your information to the U.S.
We do not knowingly collect or maintain information from or about persons under 13 years of age. No part of our Website is structured to attract anyone under 13. If you are under 13, do not use or access the Website at any time or in any manner. If we learn that personal information of persons under 13 has been collected on the Website without verified parental consent, we will take appropriate steps to delete this information.
California Privacy Rights (For California Residents Only)
Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of customers’ personal information with third parties. These businesses are required to accept requests for disclosures of these policies from customers but are only required to honor one request per calendar year. Businesses have thirty (30) days to respond to each inquiry to the designated address. Each inquiring customer will receive an explanation of the categories of customer information shared and the names and addresses of any third-party businesses. In limited circumstances, customers’ failure to submit requests in the manner specified will not require a response from the business.
If you are a California resident, you may request such information from us by sending a letter to the address listed below. In your letter, please provide your name, address and email address, as well as a request that we provide such information to you, by using the following or similar language, “I request that VIZpin provides its third-party information sharing disclosures required by section 1798.83 of the California Civil Code.”
Changes to This Privacy Statement