‘Non-personal data’ (NPD) is information that is in no way personally identifiable.
‘Personal data’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data is in many ways the same as Personally Identifiable Information (PII). However, Personal Data is broader in scope and covers more data.
A “visitor” is someone who merely browses our website or login pages. A “user” is someone who has registered with us to use or buy our services and products.
Information We Collect
Generally, you control the amount and type of information that you provide to us when using our application.
OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA (EEA Individuals Only)
If you are a visitor from the European Economic Area (EEA), our legal basis for processing your personal data will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process personal data about you to protect your vital interests or the vital interests of the party who provided you with user access rights to the application.
If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our application and communicate with you as necessary to provide our products and services to you and for our legitimate commercial interest. These legitimate interests include, for example, responding to your queries, improving our platform, undertaking marketing, or detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided above.
We Collect Your Personal Data in the Following Ways
We automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website or VCA. We use all this information to analyze trends among our users to help improve VCA.
WHEN ENTERING AND USING VCA
When you enter and use VCA you accept cookies, some of these cookies may contain your Personal Data. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text contained in the cookie generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well.
- Identifying the areas of VCA that you have visited.
- Personalizing content that you see on VCA.
- Our application analytics.
- Remembering your preferences, settings, and login details.
- Allowing you to post updates.
- Allowing you to share content with others within the organization.
DO NOT TRACK SETTINGS
You may modify and control how and when cookies are set through your browser settings. If you choose to reject cookies, several of the functions and conveniences of VCA may not work properly, and you may be unable to use some of our services that require registration in order to participate, or you will have to re-register each time you visit our site.
AT USER REGISTRATION, LOGIN, OR WHEN USING VCA
When you are registering for VCA, during the purchasing process, or when using VCA, we may collect some or all of the following information: your name, email address, physical location, company name, phone number, user name, password, and other information listed.
We may also use a technology called web beacons and other technologies, such as pixels and ad tags, to collect general information about your use of our website and your use of special promotions or newsletters. The information we collect by web beacons allows us to statistically monitor the number of people who open our emails. Web beacons also help us to understand the behavior of our customers, members, and visitors.
When you use a location-enabled device, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We also may use various locations to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
As new technologies emerge, we may be able to improve our services or provide you with new ones, which means that we may create new ways to collect information on the site and our services. If we offer a new service or new features to our existing site, for example, these changes may result in our collecting new information in order to improve your user experience.
Our website uses Google Analytics to collect information about the use of our website. Google Analytics collects information from users such as age, gender, interests, demographics, how often they visit our public website or application, what pages they visit, and what other websites they have used before coming to our website. We use the information we get from Google Analytics to analyze traffic, remarket our products and services to users, improve our marketing, advertising, and to improve our website. We have enabled Google Analytics advertising features such as remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. Google Analytics collects only the IP address assigned to you on the date you visit our website, not your name or other identifying information. We do not combine the information collected using Google Analytics with Personal Data. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our website, the cookie cannot be used by anyone but Google. Google also uses specific identifiers to help collect information about the use of our website. For more information on how Google collects and processes your data, visit www.google.com/policies/privacy/partners
You can prevent Google Analytics from using your information by opting out at this link: tools.google.com/dlpage/gaoptout
HOW YOUR INFORMATION IS USED
We use your information for our legitimate interests including:
- Provide our products and services you have requested or purchased from us.
- Respond to your questions and provide you support.
- Personalize and customize our content.
- Make improvements to our product.
- Contact you with updates to our product.
- Resolve problems and disputes.
- Contact you with marketing and advertising that we believe may be of interest to you.
COMMUNICATIONS AND EMAILS
From time to time VCA (and our partners, affiliates, and resellers) may email you electronic newsletters, announcements, surveys or other information. If you prefer not to receive any or all of these communications, you may opt out by following the unsubscribe directions provided within the electronic newsletters and announcements. While you may opt-out of receiving promotional emails from VCA, you may not opt out of receiving product related transactional emails from us relating to your active VCA account.
SHARING INFORMATION WITH AFFILIATES AND OTHER THIRD PARTIES
We do not sell or rent your Personal Data to third parties for marketing purposes. We do, however, engage third party companies and individuals to perform services on our behalf. The types of services and providers may include:
- Order Management, Billing, and Payment processors (Adobe Sign, Zuora, Vantiv, DocuSign).
- Analytics services (Google Analytics, Geckoboards, Hotjar, SpyFu, Profitwell, Tableau or MaxMind).
- Advertising networks (Google, Facebook, Bing, or Amazon).
- Data management services (Marketo, Salesforce, HubSpot, or Mintigo).
- Communication services (GoToMeeting, TimeTrade, Snapengage).
- Product management services (FullStory, AWS, AppCues, PaperTrail, or Mixpanel).
- Customer success services (Gainsight or GetFeedback).
- Security services (BAE Systems, SilverSky, Detectify, Qualys).
These third parties have access to your information so that they may perform these tasks on our behalf and they are prohibited by us from using or disclosing your information for any purpose other than to provide this assistance, except to the extent required by law. We may permit our service providers to use aggregate information which does not identify you or de-identified data for other purposes.
We may monitor or record any of your telephone conversations, emails, or chats with us for quality control purposes, for purposes of training our employees, and for our own protection.
LEGALLY REQUIRED RELEASES OF INFORMATION
- We may be legally required to disclose your Personal Data if such disclosure is required by subpoena, law, or other legal process.
- necessary to assist law enforcement officials or government enforcement agencies.
- necessary to investigate violations of or otherwise enforce our Legal Terms.
- necessary to protect us from legal action or claims from third parties, including you and/or other users or members.
- necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
VCA takes data security very seriously and implements the industry’s best practices and policies. We take all reasonable measures to protect your information, and to prevent any kind of unauthorized access, misuse, loss, or disclosure.
The third-party service providers that we use for our infrastructure and data processing are ISO certified, PCI compliant, EU Privacy Shield compliant, and they adhere to the same privacy and security principles as we do.
We conduct regular, manual and automated security audits. We also participate in voluntary penetration tests performed by third parties; these test are followed by concrete, internal security policy updates and actionable engineering items for our development team. When possible, your data is also stored in anonymised form.
While no system is infallible, we strive to keep our systems secure and constantly updated.
VCA stores your information for as long as your account is active, and for a reasonable period thereafter, in case you decide to use our services again. VCA may also retain certain information for as long as necessary in order to support business operations, or as required by law.
DISCLOSURES TO SUCCESSORS
We also retain the right to transfer your Personal Data if our company files for bankruptcy and some or all of our assets are sold to another individual or business.
Retaining Your Personal Data
We retain Personal Data that you provide us as long as we consider it potentially useful in contacting you about our product or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete the data once your VCA contract expires and a Data Destruction Document is issued. We will delete this data from the servers at an earlier date if you so request, as described in “Reviewing, Correcting, and Removing Your Personal Data” below.
REVIEWING, CORRECTING, AND REMOVING YOUR PERSONAL DATA
Upon request VCA will provide you with information about whether we hold any of your Personal Data. If you provide us with your Personal Data, you have the following rights with respect to that information:
- To review the user information that you have supplied to us
- To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us
- To request that your user information not be used to contact you
- To request that your user information be removed from any solicitation list that we use
- To request that your user information be deleted from our records
- To opt out of being solicited by VCA or third parties
To exercise any of these rights, please contact us at [email protected] or by mail to Virtual Claims Adjuster Inc., 2425 Matheson Boulevard East, Suite 800, Mississauga, ON. Canada, L4W 5K4, Attn: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
LINKS TO OTHER WEBSITES
PROTECTING CHILDREN’S PRIVACY
Even though our website is not designed for use by anyone under the age of 16, we realize that a child under the age of 16 may attempt to access our website. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe that your child is using our website, please contact us at [email protected]. Before we remove any information, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within 30 days. You acknowledge that we do not verify the age of our users nor do we have any liability to do so.
OUR EMAIL POLICY
You can always opt out of receiving further email correspondence from us. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.
OUR SECURITY POLICY
We have built our website and products using industry-standard security measures and authentication tools to protect the security of your Personal Data. We and the third parties who provide services for us, also maintain technical and physical safeguards to protect your Personal Data. We also periodically monitor our system for possible vulnerabilities and attacks, consistent with industry standards. Unfortunately, we cannot guarantee against the loss or misuse of your Personal Data or secure data transmission over the Internet because of its nature.
We strongly urge you to protect any password you may have for VCA and to not share it with anyone. You should always log out by closing the browser window of our product when you finish using it, especially if you are sharing or using a computer in a public place. Please note that emails, messaging, and similar means of communication with other VCA users, if any, are not encrypted, so you should not communicate any confidential information through these means.
USE OF YOUR CREDIT CARD
You may have to provide a credit card to buy products and services from our website. We use third-party billing services. We use our commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.
DATA TRANSFERS AND PRIVACY SHIELD
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this privacy notice.
VCA’s datacenters participate in the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union (EU) to the United States, respectively. VCA’s datacenters have certified to the Department of Commerce that it adheres to the Privacy Shield Principles, and commits to comply with the Privacy Shield Principles as they apply to the personal data of EU residents. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
VCA commits to resolve complaints about our collection or use of your personal data in accordance with the Privacy Shield Principles. Individuals in the EU may submit queries related to the processing of personal data under the Privacy Shield framework by contacting us directly at [email protected], or by mail to Virtual Claims Adjuster Inc., 2425 Matheson Boulevard East, Suite 800, Mississauga, ON. Canada, L4W 5K4, Attn: Privacy.
VCA has further committed to cooperate with the European data protection authorities (the “DPAs”) , as applicable. If we have not been able to successfully resolve your query or complaint and you are based in the EEA, you may raise your query or complaint directly to the DPA. The services of the DPAs and Commissioner are provided at no cost to you. You can find details of the relevant DPA at ec.europa.eu/ VCA will comply with any advice given by the DPAs and/or Commissioner, and take necessary actions to remediate any non-compliance with the Privacy Shield Principles.