Product Privacy Statement
Effective as of 5th February 2020.
Vault Platform, Inc. and its affiliates (collectively, “Vault Platform”, “we”, “us”, or “our”) provide a solution for misconduct reporting for workplace personnel.
Table of contents:
- Information We Collect on Your Employer’s Behalf
- How We Use Information
- How We Share Information
- Your Choices
- Security Practices
- Data Retention
- International data transfers
- Age Limitations
- Changes to this Product Privacy Statement
- How to Contact Us
This “Product Privacy Statement” explains how we collect, use, disclose or otherwise process the information of an employee, contractor, or other personnel (each an “End User”) on behalf of our business clients in connection with our products and services, including the Vault Platform mobile application and online case management application (collectively, the “Services”). If you are an End User using our Services on behalf of, or as allowed by, one of our business clients that has engaged us to provide the Services to them and their workforce (“Employer”), Vault Platform is the data processor and Vault Platform customers are the data controllers with respect to your personal information.
Because your Employer is the data controller, it is primarily your Employer who must undertake efforts regarding how your information is collected and processed in accordance with data protection laws. Therefore, if you have questions or concerns about the processing of your information, you should contact your Employer directly or refer to its separate privacy policies.
Vault Platform’s processing of your information in connection with the Services is governed by this Product Privacy Statement and the applicable client agreement. In the event of any conflict between this Product Privacy Statement and a client agreement, the client agreement will control to the extent permitted by applicable law.
This Product Privacy Statement is not a substitute for any privacy notice that Vault Platform’s clients are required to provide to End Users.
Information We Collect on Your Employer’s Behalf
The type of information that Vault Platform may collect on your employer’s behalf and the timing of when it may be shared with your employer is explained in this section. In summary, the Vault Platform may collect information on your employer’s behalf (as detailed below) but it would not be shared with your employer until you, the End User, instruct to do so through the use of Vault Platform, by submitting your record through one of the reporting options.
Information End Users provide to us. In using the Services, you may provide certain information, including personal information about yourself. The information you provide to us through the Services (and which we collect on behalf of your Employer) may include:
- Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title, work location, personnel identifying number, and Employer name.
- Content you choose to upload to the Services, such as text, images, audio, and video, along with the metadata associated with the files you upload. Incidental to this content, you may include your demographic and medical information.
- Profile information, such as your username and password that you may set to establish an online account through your Employer.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, and information you provide when you use any interactive features of the Services.
- Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Product Privacy Statement, your Employer’s instructions to us or as otherwise disclosed at the time of collection. Such information may include work history, skills and experience.
Information we obtain from other third parties. We may receive information about you from third-party sources. For example, your co-workers or your Employer may share its messages, files or other content in response to investigating and analyzing personnel complaints.
Cookies and Other Information Collected by Automated Means
We and our service providers may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, general location information such as city, state or geographic area; and information about your use of and actions on the Services such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.
In our mobile application, we and our service providers may collect this information directly or through our use of third-party software development kits (“SDKs”).
How We Use Information
We use the information we collect at the instruction of the relevant customer (your Employer) and in accordance with the agreement we have with the relevant customer (your Employer). As such, we may use your information to provide the Services and for related internal purposes, including to:
- enable End Users to report workplace misconduct;
- improve the Services;
- establish and maintain your user profile on the Services;
- communicate with you about the Services, including by sending you announcements, updates, new features, security alerts, and support and administrative messages;
- provide support and maintenance for the Services; and
- respond to your requests, questions and feedback.
In accordance with the agreement we have with your Employer, we may also use your information as we believe necessary or appropriate to (i) comply with applicable law; (ii) enforce the terms and conditions that govern the Services; (iii) protect our rights, safety or property and/or that of you or others; (iv) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and (v) create anonymous or aggregate data from your information and others and use that information for our lawful business purposes.
How We Share Information
This section describes how Vault Platform may share and disclose your information. Customers determine their own policies and practices for the sharing and disclosure of Information. Vault Platform does not control how they or any other third parties choose to share or disclose Information.
We do not share your information with third parties other than in accordance with the agreement with your Employer. Our agreement with your Employer allows you to retain certain information (such as a workplace misconduct report) confidential until you authorize the disclosure to your Employer.
Your settings within the Services determines when we may share certain of your information — for example, a workplace misconduct report — with your Employer or others. We may share your information with the other following entities and individuals as permitted by your Employer’s instructions:
- Vault Platform’s corporate affiliates and subsidiaries;
- Vault Platform’s service providers that help or enable us to provide the Services (such as customer support, hosting, analytics, email delivery, and database management services).
We may also share your information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (i) comply with applicable law; (ii ) enforce the terms and conditions that govern the Services; (iii) protect our rights, privacy, safety or property, and/or that of you or others; and (iv) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We may sell, transfer or otherwise share some or all of Vault Platform’s business or assets, including information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Vault Platform’s clients are the data controllers of End User’s personal information. As the data controllers, Vault Platform’s clients are responsible for receiving and responding to End User’s requests to exercise any rights afforded to them under applicable data protection law. Vault Platform will assist the client in responding to such requests as set forth in the applicable client contract.
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Our App currently does not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Choosing not to share your information. Where we are required by law to collect your information, or where we need your information in order to provide the Services to your Employer, if you do not provide this information when requested (or you later ask to remove it), we may not be able to provide your Employer with our Services. We will tell you what information you must provide to use the Services by designating it as required at the time of collection or through other appropriate means.
Vault Platform takes security of information very seriously. Vault Platform works hard to protect information you provide from loss, misuse and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology. Vault Platform has received internationally recognised security certifications such as the ISO 27001 (information security management system). [To learn more about Vault Platform’s current practices and policies regarding security and confidentiality of the Services, please see our Security practices.] However, given the nature of communications and information processing technology, Vault Platform cannot guarantee that your information, during transmission through the internet or while stored on our systems or otherwise in our care, will be absolutely secure.
Vault Platform retains your information for as long as necessary to (i) provide the Services; (ii) comply with legal and accounting obligations; (iii) resolve disputes; and (iv) enforce the terms of client agreements. See the applicable customer contract for additional information regarding Vault Platform’s data retention practices.
International data transfers
Vault Platform is headquartered in the United States and may have service providers in other countries. Vault Platform may transfer your information outside of the country in which you reside, including to the United States.
See the relevant customer contract for additional information regarding how Vault Platform safeguards your information that Vault Platform may transfer across borders.
Vault Platform does not allow use of our Services by anyone younger than 16 years old. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact the Employer. We will take steps to delete such information from our files as soon as reasonably practicable. We encourage parents with concerns to first to contact the Employer and then, if necessary, contact us.
Changes to this Product Privacy Statement
Any modifications to this Product Privacy Statement will be effective upon our posting the new terms and/or upon implementation of the new changes on the Services (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Product Privacy Statement indicates your acceptance of the modified Product Privacy Statement.
How to Contact Us
Please direct any questions or comments about this Product Privacy Statement or privacy practices to [email protected]
For EU Residents: Please contact our EU Representative at [email protected]. Alternatively, they can be reached by post (The DPO Centre, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2) or +353 1 631 9460. www.dpocentre.com