Effective on April 25, 2011
Overview
Zerion Software, Inc. (“Zerion” or the “company”) has adopted this personal data privacy protection policy (“policy”) to establish and maintain an adequate level of personal data privacy protection. This policy is applicable to all records collected on the site www.iformbuilder.com electronically that contain personal data. This policy constitutes the written information security plan required under 201 CMR 17.00 of the Massachusetts Data Protection regulations. This policy also governs the treatment of information received from European Union Member Countries, and discusses the company’s participation in the Safe Harbor program. As discussed herein, Zerion adheres to all of the Safe Harbor principles.
This privacy statement describes how Zerion collects and uses the personal information you provide on our Web site: www.iformbuilder.com. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
Zerion Software Inc. has been awarded TRUSTe’s Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe’s program requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program does not cover information that may be collected through downloadable software or information collected behind the client log in section of the site. TRUSTe’s mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at Zerion Software Inc, 610 Herndon Pkwy, Suite: 600-A, Herndon, VA 20170. If you are not satisfied with our response you can contact TRUSTe here.
Zerion Software Inc. complies with the EU Safe Harbor framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union
Collection and Use of Personal Information
Zerion informs customers about the purposes for which it collects information about them at the time of the collection. In general, Zerion gathers, processes, and stores personal data (name, address and credit card number) for the purpose of providing services to customers, including billing and account maintenance; and legal requirements and obligations, including, but not limited to, statutory requirements and contractual requirements and obligations.
Information Sharing
Zerion will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell, rent, share or trade your personal information to third parties for their promotional purposes.
- We may provide your personal information to companies that provide services to help us with our business activities such as shipping your order or offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us
- We may also disclose your personal information
- as required by law, such as to comply with a subpoena, or similar legal process
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
- if Zerion Software Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
- to any other third party with your prior consent to do so.
Zerion maintains both a wiki at http://wiki.iformbuilder.com/iformbuilder-user-guide/ and a community forum http://getsatisfaction.com/exzact, and a blog where customers can provide comments about Zerion’s product offerings. To the extent that there is any personal information contained in these postings, Zerion’s use of such personal information will be solely to provide feedback to the company about its product offerings and will not be traced back to the source consumer account. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
Zerion will notify customers, employees, and plan participants if it intends to use personal data for any purpose other than that for which Zerion originally collected the data.
Cookies and Other Tracking Technologies
A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.
We may use cookies, for example, to keep track of your preferences and profile information. Cookies are also used to collect general usage and volume statistical information that does not include personal information.
As is true of most Web sites, we automatically gather information about your computer such as your IP address, browser type, referring/exit pages, and operating system.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, will be limited.
Third Party Cookies
Our privacy statement does not cover the use of cookies by our vendors. We do not have access or control over these cookies. Our vendors use session ID cookies to make it easier for you to navigate to our wiki multi-media site content.
Web Beacons
Our Web pages contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
Widgets
Our Web site includes Widgets, which are interactive mini-programs that run on our site to provide specific services from another company (e.g. displaying the news, opinions, music, etc). Personal information, such as your email address, may be collected through the Widget. Cookies may also be set by the Widget to enable it to function properly. Information collected by this Widget is governed by the privacy policy of the company that created it.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
Links to Other Web Sites
Our Site includes links to other Web sites whose privacy practices may differ from those of Zerion Software. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Web site you visit.
Service-related Announcements
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to close your account. To close your account, log into https://www.iFormbuilder.com, select the Company tab; Billing option. Once there, select the Update Billing Info button, then the Close Account icon. It will ask you to confirm your account closure request.
Network Security/Safeguards
Zerion has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Zerion has implemented secure authentication protocols. Among other measures, Zerion encrypts data and has implemented strong password protection. Zerion maintains up-to-date firewall and malware protection and operates system security patches. Data owned by each customer is logically isolated from the data of other customers and from Zerion’s corporate environment to prevent unauthorized access. Once a customer relationship ends, Zerion will remove all customer data from Zerion’s network storage facilities and all media used to store such customer data will be cleaned using industry best practices or destroyed.
When a staff person leaves, Zerion immediately blocks the employee’s physical and electronic access to the network and the facilities upon termination. Among other measures, Zerion will deactivate passwords and user names and collect building entry keys.
Notification of Privacy Statement Changes
If we decide to change our privacy practices, we will post those changes to this privacy statement, the home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we change how we use your personally identifiable information, we will notify you here, by email, or by means of a notice on our home page.
Transfer of Data/Oversight of Service Providers
Within Zerion, personal data in the databases may be processed outside the country in which it was collected, for legitimate business activities as described under national and/or regional law in the country in which Zerion collected the data. For example, certain types of personal data may be accessed, for legitimate business purposes in any country in which Zerion operates. In addition, Zerion may store personal data in the facilities operated by the company and/or third parties on behalf of the company outside the country in which Zerion collected the data, so long as such third parties have agreed by contract to maintain an adequate level of data protection. Accordingly, personal data may be processed for legitimate business purposes in countries in which the data protection laws of the country in which Zerion collected the data do not apply.
When Zerion engages a service provider/vendor to perform activities that may require access to personal data, it will take steps to ensure that the service provider acts in accordance with our existing policies and procedures. At a minimum, Zerion will enter into a written agreement with the third party requiring the third party (1) to comply with applicable federal and state laws, and (2) to maintain secure systems in the transmission of information to and from Zerion.
If personal data to be transferred, processed, or otherwise shared with a third party is personal data subject to the Safe Harbor (data received from an EU Member Country), then Zerion will ensure that the third party subscribes to the Safe Harbor principles or that it is subject to the Directive or another adequacy finding, as is applicable, and Zerion will proactively notify the individuals that the data will be held or processed by a third-party if it did not do so at the time of collection of such data. As an alternative, Zerion may enter into a written agreement with the third party requiring the third party to maintain at least the same level of privacy protection as is required by the relevant principles.
Data Collection
While Zerion services business customers and therefore does not collect information from consumers or individuals as a regular part of its business, Zerion may process certain personal data from individuals who own or work at customer businesses. Zerion’s collection of personal data is limited to the personal information provided at the time a customer registers on the website and creates a customer profile. Zerion limits the collection of employee and individual customer information to the amount reasonably necessary to accomplish its business objectives and in accordance with relevant United States and international law. No data is being processed for purposes beyond or incompatible with these limited business functions.
Data Retention
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account, log into https://www.iFormbuilder.com, select the Company tab; Billing option. Once there, select the Update Billing Info button, then the Close account icon. It will ask you to confirm your account closure request. Once you confirm your account closure request, your personal and collected data will be removed from the server.
Access to Personal Data; Modifications and Corrections
Access to Personal Data. Zerion personnel may access and use personal data only if they are authorized to do so and only for the purpose for which they are authorized. Zerion can make available, upon request, a copy of this policy to its employees. Zerion also describes the rights of its customers in its privacy policy, which can be found at http://www.iformbuilder.com/privacy-policy.
Modifications and Corrections. Data subjects have the right to know what information about them is included in the databases and to ensure that such information is accurate and relevant to the purposes for which Zerion collected the data. Data subjects may review their own personal data stored in the databases and correct, erase, or block any data that is incorrect.
Requests sent to privacy@zerionsoftware.com to aid in personal data access, modification or correction requests, will be responded to immediately.
Data Breaches
Notwithstanding any other legal obligations Zerion may have, Zerion will promptly notify Customers in writing upon Zerion’s discovery of a breach of security of its systems or site where any data or materials containing personally identifiable information, including but not limited to Users’ IDs or passwords, have been acquired by an unauthorized person or Zerion reasonably believes that such a breach of security may have occurred. Zerion Software will also provide immediate feedback about any impact this possible or actual breach may or will have on its Customers. Zerion will use commercially reasonable efforts to promptly notify its Customers of the possible or actual security breach upon detecting the possible or actual breach.
The management of Zerion will track the accidental or unauthorized access to personal data described herein, and will provide notice to the appropriate parties under law and contract.
Zerion personnel have an obligation to be vigilant in safeguarding customer and personnel privacy. Zerion personnel must immediately report a data breach or suspected data breach to the Designated Employee via email at shunter@zerionsoftware.com.
Contact Information
You can contact us about this privacy statement by writing or email us at the address below:
Zerion Software
610 Herndon Parkway Suite 600-A
Herndon, VA, United States 20170
Email: privacy@zerionsoftware.com
Phone: 866-937-4661
Definitions
“Personal data” or “personally identifiable information” is defined as data from which Zerion customers can be identified. Personal data includes a person’s first name and last name or first initial and last initial in combination with any one or more of the following data elements that relate to the person: (a) mailing address; (b) email address; or (c) credit or debit card number, with or without the security code, access code, personal identification number or password, that would permit access to a person’s financial account; provided, however, that “personal data” shall not include information that is lawfully obtained from publicly available information, or from federal, state, or local government records lawfully made available to the general public. The databases containing personal data do not contain any “sensitive information” as defined under European Union Directive 95/46/EC (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal convictions, or personal data concerning health), other than as provided by Zerion personnel pursuant to their express, informed consent. Zerion will explicitly request and receive permission from any individual to further process or otherwise use that individual’s sensitive information.
“Massachusetts Data Protection Law” means the law codified at 200 CMR 17.00.
