PERSONAL INFORMATION THAT WE COLLECT:
In connection with our business, we collect and process the following categories of Personal Information of individuals:
- contact information (which may include name, physical address, telephone, and email address)
- payment information, such as credit card type and number, bank account number, etc. However, please note that CaseWorthy and its employees will not have access to payment data or store such data on CaseWorthy’s servers, other than minimal information such as the last four digits of a credit card or bank account. Additional payment information is accessed and collected only by CaseWorthy’s payment processor, as explained further below.
- purchasing history, such as historical purchase records; order numbers; identification of products and quantities purchased.
- information regarding your electronic device(s) and IP address
- information regarding your use of our subscription service or other services
- internet use information
- personal health information as defined by the Health Insurance Portability and Accountability Act (“HIPAA”).
HOW WE COLLECT YOUR PERSONAL INFORMATION:
General. We collect Personal Information when you or your employer or organization register an account with us, when you visit our website, when you use our services or software, participate in a feature of our website that requests or requires your Personal Information, and when you otherwise transact business with or communicate with CaseWorthy.
Data received from software/subscription service users. Our customers who license our software/subscription service have employees who are granted administration rights to create user accounts for other employees and designated persons. These customers act as data controllers (“Controllers”) in the use of the software and the collection and processing of Personal Information, including personal health information, in connection with our software. In such cases, our role in processing the Personal Information provided by our customers is as a “Processor,” since we are processing data on behalf of the Controller (who is the customer). As a Processor, we are obligated to process this Personal Information as part of our license agreement entered with the customer. The Personal Information collected in this scenario generally includes the name, physical address and phone number of each assigned user, but may also include information related to employment, such as job title and role, scheduling information assigned to an individual and maintenance tasks performed by an individual. Processing of this Personal Information is performed on behalf of the customer and for the purpose of providing the services requested by the customer. Our collection and processing of personal health information is subject to our obligations under a business associate agreement with the applicable customer, which protects your personal health information in accordance with HIPAA and other applicable laws.
Data obtained for marketing purposes for potential customers or others. We obtain marketing data from third parties that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Information collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our products and services, which may include marketing our products and services.
Cookies and Other Tracking Technologies: CaseWorthy uses tracking technologies such as cookies to collect information from your web browser through our servers or filtering systems when you visit our website(s).
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, our website may not function properly for you, and you may not be able to use some sections or functions of our websites.
To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites.
Information from Third Party Platforms. If you access our website or communicate with us using your account or account credentials from a third-party owned or operated platform/service (e.g., Amazon, Apple, AWS, Facebook, Google, Shopify, Twitter, etc.), post content from our website to a social network, or use various social media features (e.g., “Like” button), we may process certain information from the third parties, such as your username, “likes”, location, birthday, comments and reviews, preferences, network reach and influence, and any other information you provided to the third parties in connection with your account. Depending on your account and privacy settings, we may also be able to see information that you post when using these third parties whether or not you are an active customer. We may also collect Personal Information about you from our third party service providers who provide us with e-commerce and/or technical services related to the website. The information you post or provide to third parties, as well as the controls surrounding these disclosures, are governed by the policies of these third parties.
Special categories of data not collected. We do not actively collect or otherwise process Personal Information from minors and include in our license and subscription agreement a condition that the customer will not provide any Personal Information of minors to us. The age of a minor varies by jurisdiction. For the purposes of Personal Information collected from the European Union, the age of a minor is under age sixteen (16). For purposes of the Children’s Online Privacy Protection Act (COPPA) in the U.S., the age of a minor protected by such law is under age thirteen (13).
We also do not actively collect or otherwise process special categories of Personal Information, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We do not actively collect or otherwise process Personal Information relating to criminal convictions and offences.
HOW WE USE YOUR PERSONAL INFORMATION:
These purposes include:
- Our business purposes, including addressing customer service issues; processing quotes, invoices and payments; collecting debts; planning and conducting marketing activities, tradeshows, trials, consultations, seminars, webinars, and demonstrations; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
- Purposes related to our software products, including SaaS or cloud-based software. These purposes include licensing and operation of the software, remote management, education and information services, training, webinars, communication, customer service, system monitoring and data security. We use Personal Information to enable use of software features and related services, including through use of third-party service providers. We also use Personal Information to communicate with our users to inform them of software updates and enhancements, educational information, available software features and modules, and other information that may helpful or informative for our users.
- For the Protection of CaseWorthy and Others. If CaseWorthy, in good faith, determines that you have used the service to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way in violation of law. Simply, if you attempt to use the website or purchase or use a product for any unlawful means, you have no expectation of privacy and we may use and disclose any and all information for the protection of CaseWorthy and others.
- Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, CaseWorthy believes that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend CaseWorthy’s rights and property or prevent fraud; (3) protect CaseWorthy against abuse, misuse or unauthorized use of CaseWorthy’s products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then CaseWorthy may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
- Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Such de-identified data may be retained and used by CaseWorthy to improve its products and services and for other proper purposes, provided that such retention and use is permitted by applicable laws.
Legal basis. We base our processing of Personal Information on the need to perform our contractual obligations under our license agreements and our legitimate activities as a provider of software and related services. We also process Personal Information to comply with applicable law and to exercise our legal rights. We may also use your Personal Information for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
HOW WE SHARE OR DISCLOSE YOUR PERSONAL INFORMATION:
No sale of Personal Information. We never sell or rent Personal Information to third parties.
Disclosures of Personal Information. We may disclose or share your Personal Information with other parties in the following circumstances:
- Third-party service providers. We use third-party service providers (or subprocessors) to process Personal Information to facilitate your use of our products and services and in the operation of our business. This includes providing Personal Information to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR PERSONAL INFORMATION” section. These functions include processing payments, collecting debts, hosting software, performing security services, analyzing data, performing surveys, administering our website(s), and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Information from additional processing (including for marketing purposes) and transfer in accordance with applicable laws. Under certain data protection laws, including the GDPR, if applicable, we may be liable if a third party subprocessor that we have engaged to process Personal Information fails to fulfill its data protection obligations.
- Compliance with law and protecting our legal rights. We may disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Information required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Information in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of CaseWorthy or any individual or third party; to maintain and protect the security and integrity of our information system; to protect CaseWorthy against fraudulent, abusive, or unlawful acts; or to investigate and defend CaseWorthy against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, CaseWorthy whether by merger, acquisition, reorganization or otherwise, CaseWorthy may transfer its database, including all Personal Information contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective partners, licensees, advertisers, and other third parties.
STORAGE OF PERSONAL INFORMATION:
CaseWorthy stores all information in state of the art physical storage facilities and cloud storage. In doing so, CaseWorthy uses appropriate physical, organizational and technological measures to protect the Personal Information you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis. Where third parties are used to host our products, we use third parties who meet required privacy and security standards.
However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and CaseWorthy will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.
To offer our website, products and services to you, CaseWorthy relies on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors, and third party data storage. To the extent these providers have access to your Personal Information, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through our website, you assume the risk inherent in transacting business online.
PERSONAL INFORMATION SECURITY:
CaseWorthy uses technical and organizational measures to protect the Personal Information that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- Web and database servers are protected using firewalls;
- Passwords used for account registration require minimum password strength attributes;
- User access is tracked;
- Role-based security is applied to system access;
- Data encryption is used where appropriate;
- Industry-standard security measures are used to protect the security of Subscriber data while traversing public networks;
- Regular maintenance is performed on systems;
- Systems are monitored for security;
- Payment card information, such as account numbers, is processed via a third-party vendor that specializes in payment processing and has committed to PCI DSS compliance; and
- All CaseWorthy employees are contractually obligated to maintain the confidentiality of Personal Information accessible through their employment; and
- All CaseWorthy employees are required to attend regular security and awareness training.
RETENTION OF PERSONAL INFORMATION:
CaseWorthy processes Personal Information for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Information is then archived for time periods as required or necessitated by law or legal considerations. CaseWorthy reserves the right to delete a customer’s data, including Personal Information provided by that customer, from its system after 30 days from the date of termination of its agreement with the applicable customer. CaseWorthy also deletes Personal Information in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION” section below.
CaseWorthy reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Information collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policy.
YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION:
Unsubscribing to marketing communications: In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “COMPANY’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
Your Canadian Privacy rights. This section applies to Canada residents only. Under the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), we are required to comply with certain principles with respect to your Personal Information. These principles are:
- Accountability: We are accountable for the Personal Information we collect from you. We have developed a data protection policy for your business and appointed the data privacy officer to help you with any concerns related to your Personal Information.
- Obtain valid, informed consent: We require your consent to the ways in which we collect, use and disclose your Personal Information, except is some limited, specific situations and as permitted by law (for example, to comply with laws and regulations, to protect our legitimate business interests, and to cooperate with law enforcement and governmental agencies’ requests). If we add a new use, we will request and obtain your consent for that new use before using your Personal Information in that new way. You may withdraw your consent by notifying us as specified below.
- Accuracy: We seek to keep your Personal Information correct and up-to-date. However, we will assume that the information we are supplied is accurate unless we are notified otherwise. You may contact us at any time to correct your Personal Information in our systems.
- Safeguards: We use reasonable and appropriate safeguards to keep Personal Information secure and private and guard against unauthorized access, loss, and theft.
- Openness: We make our privacy policies and practices easily available. If you have any questions, you may contact us at any time as set forth in the Contact Information section below.
- Access: If you request access to your Personal Information that is in our system, by contacting us as set forth below, we will provide you with a copy of that information within 30 days. Upon your request, we will also inform you if we have any of your Personal Information, explain how we’ve you’re your Personal Information, and provide a list of any other organizations to which your Personal Information has been disclosed.
- Recourse for complaints: You have the right to challenge our compliance with these guidelines. We commit to investigate all complaints and to modify our privacy practices if necessary.
If you wish to exercise any of your rights relating to your Personal Information or data under the principles outlined above, you may contact our Data Privacy Officer at the contact information set forth below. We may be unable to remove Personal Information to the extent that it is permitted or required to be retained by applicable law or document retention and data backup policies, or if removal is not practicable due to technological reasons. Please note that removal of your Personal Information may prevent or hinder us from providing further services and information to you.
Company may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Information. The information provided shall only be used for this purpose.
Transfer of Data. Your Personal Information may be transferred outside of Canada for processing and storage. Company and its service providers may store Personal Information on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Information may be accessed by law enforcement authorities or the courts in such jurisdictions.
PRIVACY POLICIES OF OTHER WEBSITES:
COMPANY’S CONTACT INFORMATION:
Address: PO Box 70837, West Valley City, UT 84170
If you wish to report a complaint or if you feel that CaseWorthy has not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority.
Last updated and Effective as of: July 06, 2022