LEGAL
Visionet Privacy Notice
Last Updated: 08/29/2024
Visionet Systems, Inc., along with its affiliates and subsidiaries (“Visionet,” “we,” “our,”
or
“us’), recognizes the importance of transparent and responsible use of your Personal Data.
This
Privacy Notice ("Notice") outlines how we collect, use and process your Personal
Data.
Who does this Notice apply to?
This Notice applies to you when you:
- Visit our website or any other website that links to this Notice
- Subscribe to receive sales and marketing information
- Communicate with us—whether over the phone, in person, or through email.
- Apply for a job at Visionet
- Are a client or prospective customer of our services
What is Personal Data?
For the purposes of the work that Visionet performs and the regulations that we need to comply with, Personal Data refers to any information that relates to an identified or identifiable individual such as but not limited to name, email, phone number, location and IP address.
What privacy regulations does Visionet comply with?
Because we provide services globally, we comply with different privacy laws worldwide
including, the General Data Protection Regulation (“GDPR”) in the European Union (“EU”), the
Data Protection Act of 2018 (“UK DPA”) in the United Kingdom (“UK”), the Personal
Information Protection and Electronic Documents Act (“PIPEDA”) in Canada, The Indian Digital
Personal Data Protection Act (DPDP) and U.S. state privacy laws including the California
Consumer Privacy Act (“CCPA”), among others.
We respect your privacy rights and take reasonable steps to protect your Personal Data
according to the expectations of the laws of where you are located.
Our responsibility to your Personal Data
Some privacy regulators classify organizations depending on the role they play in processing
Personal Data. A Data Controller is an organization that determines how they collect and
process Personal Data. A Data Processor is an organization that processes Personal Data on
behalf of a Data Controller.
Visionet is considered a Data Controller when we process Personal Data from visitors to our
website, or from prospective/active clients who are interested in our services.
Visionet is considered a Data Processor when we process Personal Data under the direction of
our clients.
What Personal Data do we collect and process?
Personal Data we collect as a Data Controller
As a Data Controller Visionet collects Personal Data from several different sources, including:
- Directly from you
- From service providers or other third parties; and
- Automatically through your activity on our website.
Personal Data we collect directly from you
Request for Contact
We collect Personal Data directly from you during communications you may have with any of our
employees or representatives, whether through phone, email, contact forms, or in-person
interactions. We collect your name, email address, organization, phone number and the reason
for your contact request.
We use your Personal Data to acknowledge and respond to your request.
Signing up for email communication
We collect your email address if you agree to sign up for email communications with
Visionet.
We send emails to the email address you have provided to keep you updated with information
about Visionet and the services we provide which we think you may be interested in.
When you interact with us in a professional capacity
We collect Personal Data when you interact with us in a professional capacity, such as when
you are a client or an employee of a company with which we do business. The Personal Data we
collect includes your name, employer's name, job title, phone number, email address and
other business contact details. Additionally, we record information about our interactions
with you.
We collect this data to effectively manage and develop our business relationship with you
and to improve our services. Additionally, we use your business contact details to share
information about Visionet and its services that we believe may be of interest to you.
When you apply for a job at Visionet
We collect your contact information and details related to your professional qualifications,
provided directly by you if you apply for a job or through referrals from current Visionet
employees to whom you have given consent to share your profile with us.
We use this Personal Data to determine if your expertise fulfills the requirements of the
role you are applying for and to contact you to continue the recruiting process.
Personal Data we obtain from others.
We collect your Personal Data from various third-party sources for specific purposes:
Visionet Subsidiaries and Affiliates:
We receive Personal Data from other businesses and partners within the same corporate group or those with whom Visionet has a business relationship. This data is collected to integrate our marketing efforts and provide seamless services across our corporate group.
Publicly Available Sources and Marketing Databases:
We collect Personal Data from publicly available sources, such as third-party social media
sites (e.g., LinkedIn), company websites and marketing lists acquired from third-party
marketing agencies. The Personal Data we collect includes your name, business contact
details, role, marketing preferences and business interests.
We use this information to advertise, market and provide announcements about our products or
services that may be of interest to you.
Third-Party Recruiters:
These entities provide us with Personal Data of potential candidates, including resumes, contact details, employment history and professional qualifications, to identify and evaluate potential candidates for employment, ensuring they possess the necessary qualifications.
Background Check Services:
To verify the qualifications and backgrounds of potential hires, we collect employment history, criminal records (where permissible under law) and educational background.
Personal Data we collect automatically (Cookies)
Our website uses cookies primarily to track information such as the browser software and
operating system you are using, the date and time you accessed our website, the pages you
visited, the duration of your visit on each page, the country from which you are accessing
our website and the language settings of your computer. We use this information to gain
insights into how our visitors navigate our website and to provide you with a better web
experience.
If you prefer not to have cookies installed on your browser, you can opt out through our
cookie consent tool, located at the bottom left-hand side of our website.
Personal Data we collect as a Data Processor
As a Data Processor, we collect and process Personal Data from the end users of our registered clients solely according to the client's requirements. Although we do not make decisions about how Personal Data is processed, we ensure that reasonable steps are taken at all times to protect the Personal Data we collect on our client’s behalf.
Our legal basis for processing your Personal Data
To comply with different privacy laws worldwide, specifically with the GDPR in the EU and the UK DPA, we are required to provide a legal basis for the processing of your Personal Data. Visionet will not process your Personal Data unless we have legal justification to do so. We will only process your Personal Data if:
- We have obtained your explicit consent prior to processing your Personal Data.
- We need your Personal Data to perform a contractual obligation.
- We need your Personal Data to fulfill our legal and regulatory obligations.
- We have a legitimate interest that will not put your rights and freedoms at risk.
Who has access to your Personal Data?
We will not disclose your Personal Data to any party not authorized to process it. To manage
our relationship with you, we will share your Personal Data internally with members of our
management team, business units and technical support staff on a need-to-know basis.
We will only disclose your Personal Data to the following parties under specific
circumstances:
- Subsidiaries and Affiliates: We share Personal Data with our affiliates and subsidiaries, where it is reasonably necessary or desirable for us to carry out our identified data processing purposes.
- Service Providers: We partner with various service providers to support our business operations. These providers offer services that include, but are not limited to, hosting and maintenance, data storage and management, marketing and analytics.
- Professional Advisors: We share your Personal Data with our professional advisors such as our auditors, accountants, insurers and legal or financial advisers as necessary for the professional services they provide to us.
- Legal Processes and Obligations:We disclose your Personal Data in response to lawful requests by regulators, government authorities, public authorities (e.g., tax authority), courts, or law enforcement.
- Business Transfers: We also disclose your Personal Data in the event of a contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets.
How do we keep your Personal Data safe?
Visionet is committed to protecting the Personal Data we collect, process and disclose about
you. We maintain appropriate safeguards and take reasonable steps to protect your Personal
Data. Some of the security measures we have implemented includes physical security, access
controls, IT security, SSL encryption and authentication protocols. We also restrict access
to Personal Data to employees and third parties that have a legitimate reason to have access
to it.
We ensure that all the parties that we disclose your Personal Data to, both internal and
external to Visionet, have contractual obligations to protect the security and the
confidentiality of your Personal Data.
Where is your Personal Data stored?
As a global organization with offices and operations worldwide, the Personal Data we collect
from you may be transferred to or accessed by our partners, subsidiaries and affiliates
across different locations globally. We will take appropriate steps to ensure that transfers
of Personal Data across borders comply with applicable laws. We only transfer Personal Data
to partners and other third-party organizations when we are satisfied that adequate levels
of protection are in place to safeguard your data.
For Personal Data transferred out of the EU or the UK to countries that are not considered
to have an adequate level of data protection, we obtain contractual commitments from
third-party organizations to protect your Personal Data. These commitments include the use
of standard contractual clauses and the International Data Transfer Agreement approved by
the EU Commission and the UK Information Commissioner's Office, respectively, to ensure that
a valid data transfer mechanism is in place.
Visionet also complies with the requirements of the EU-US Data Privacy Framework, the UK
Extension to the EU-US DPF, and Swiss-US Data Privacy Framework. For more information
regarding our adherence to these frameworks, refer to the EU-US – EU-UK – Swiss-US Data
Privacy Framework section.
How long do we retain your Personal Data?
We are expected to retain your Personal Data for an established period for regulatory, legal,
tax or business requirements.
We retain your Personal Data for no longer than reasonably necessary to fulfill the purposes
for which it was collected, to comply with the law, to prevent fraud, to facilitate an
investigation, to defend against legal claims or to exercise our legal rights.
Personal Data from minors
We do not knowingly collect Personal Data from anyone under the age of 16. If you are a
parent/guardian of a minor and you are aware that your child has provided us with Personal
Data, please contact us at DPO@Visionet.com.
If we become aware that we have collected Personal Data from children without the
verification of parental consent, we will take necessary steps to remove that information
from our servers.
What rights do you have regarding your Personal Data?
Privacy regulations, such as the GDPR grant you rights concerning the Personal Data that Visionet collects and manages about you. To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your Personal Data:
- Access the Personal Data we hold about you.
- Request an update or correction of your Personal Data so that it is always accurate.
- Receive your Personal Data in a structured, commonly used and machine-readable format.
- Request the deletion of your Personal Data if you believe that retention is no longer necessary for the purposes indicated above.
- Restrict the processing of your Personal Data.
- Withdraw your consent at any time if your Personal Data is processed with your consent.
- Object to the processing of your Personal Data on grounds specific to your particular situation.
For each case, we will inform you of the consequences of your request and if there are any exemptions to honoring your requests based on legal or contractual requirements. To submit any request about your Personal Data, you may contact us via email at DPO@Visionet.com.
United States (US) Residents
This section of the Notice describes the practices that we follow regarding the collection, use and disclosure of Personal Data of individuals in US states that have enacted privacy laws including but not limited to California, Colorado, Virginia, Utah and Connecticut collectively referred to as “US State Privacy Laws”
Categories of Personal Data collected and disclosed
For the purpose of our business or for the purpose of your interactions with our website, the
categories of Personal Data we have collected and used in the past twelve months include
identifiers, characteristics of protected class, commercial information, Professional or
employment information, customer records information, Internet or other electronic network
activity information, sensitive Personal Data and inferences drawn from such
information.
For examples of specific pieces of Personal Data collected, please see the “How we
collect and process your Personal Data” section above.
Visionet has shared Personal Data in the last twelve months on all the categories identified
above for the purposes described in the “Who has access to your Personal Data” section of
this Notice.
U.S Privacy Rights
Individuals residing in states with US State Privacy Laws have certain rights regarding the collection, use and disclosure of their Personal Data. These rights vary by state. If the state in which you reside mandates it, we will provide you with the following rights:
- Right to opt-out of sharing your Personal Data for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
- Right to data portability, which means that you may request that we provide you a copy of specific pieces of Personal Data we have collected about you in the past 12 months in an electronic format;
- Right to request to know about the Personal Data we process about you or acknowledge the processing of your Personal Data;
- Right to request that we correct your Personal Data;
- Right to request that we delete your Personal Data;
- Right to request that we limit the processing of your Sensitive Personal Data;
- Right to opt-out of the processing of your Sensitive Personal Data;
- Right to appeal the denial of a request; and
- Right to lodge a complaint with the privacy authority or attorney-general in your jurisdiction.
For Individuals in California, once we receive your request to disclose how Visionet has collected, used and shared your Personal Data in the last twelve months, we will verify your identity and provide the following information:
- Categories of Personal Data collected about you by Visionet.
- Sources from which we obtained your Personal Data.
- Purposes for using your Personal Data.
- Third parties with whom we shared your Personal Data.
- Whether we sold or shared your Personal Data for the benefit of Visionet.
We will not discriminate against you for exercising your Personal Data rights.
Sale of Personal Data
Visionet does not sell or share Personal Data with third parties for monetary value. However,
US State Privacy Laws broadly define “sale” and “sharing.” In this regard, we provide
certain categories of Personal Data to third parties to receive targeted advertising-related
services. We share browsing information with third-party analytics providers to enhance our
websites and improve your user experience. These disclosures may fall under the categories
of "sale", "sharing" of Personal Data or "targeted advertising" as per the applicable US
State Privacy Laws.
Opting out: Residents of California, Colorado, and Connecticut have the
right to opt out of such "sales". Additionally, residents of Colorado, Connecticut, Nevada,
and Virginia can opt out of targeted advertising. To opt out of these activities, please use
the cookie settings page on the bottom left-hand side of the Visionet website or contact us
using the details in the “How to contact our Data Protection Officer” section of this
Notice.
Addressing your data protection concerns
If you encounter any issues or have concerns regarding the way Visionet processes your Personal Data, it is your right to make a complaint with the regulator in your jurisdiction.
EU/UK individuals
If you reside in the EU, or the UK, and want to lodge a complaint with a Data Protection
Authority, you may do so in the country where you reside, where you work, or where you may
have experienced an issue with the processing of your Personal Data.
For a list of all Data Protection Authorities in the EU, please visit the following:
Data Protection Authorities
If you reside in the UK, you can contact the Information Commissioner's Office (ICO)
here:
Make a Complaint
U.S. individuals
If you reside in the U.S. and have complaints regarding how your Personal Data is managed by Visionet, you may contact the Attorney General of your state. The Attorney General's office can provide guidance on your rights and assist you in filing a complaint if you believe your Personal Data has been mishandled.
Canadian individuals
If you are located in Canada, you have the right to file a complaint with the relevant
privacy authority in your province or with the Office of the Privacy Commissioner of Canada.
Additionally, you have the right to request a file review by the Office of the Privacy
Commissioner of Canada. To exercise your rights, please submit your complaint using the link
provided below:
Office of the Privacy Commissioner of Canada
While we recognise that you have the right to make a complaint with the local regulator, we
would, however, appreciate the opportunity to address your concerns before you approach the
regulator. We do encourage you to do so by contacting us using the details in the
“How to contact our Data Protection Officer” section below.
How to contact our Data Protection Officer
If you have any further questions regarding the Personal Data that Visionet collects and processes or if you have feedback regarding this Notice, you may contact us at DPO@Visionet.com.
Changes and Updates to this Notice
This Notice may be updated from time to time to reflect changes in our Personal Data processing practices. We will make a reasonable effort to notify you of any significant changes and indicate the date of the latest revision using the “Last Updated” legend at the top of the Notice.
Data Privacy Framework Compliance
Visionet complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Visionet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Visionet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework.
The Federal Trade Commission has jurisdiction over Visionet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Data Privacy Framework Complaint Resolution Mechanism
In compliance with the EU-US Data Privacy Framework Principles, the UK Extension to the EU-US DPF and the Swiss-US DPF, Visionet commits to resolve DPF Principles-related complaints about your privacy and our collection and use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF should first contact Visionet at DPO@Visionet.com.
Visionet has further committed to refer unresolved privacy complaints under the DPF Principles concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF to an independent dispute resolution mechanism based in the United States, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if your complaint is not satisfactorily addressed, please visit BBB Programs - DPF Complaints for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the European Union, [the United Kingdom, or Switzerland] in the context of the employment relationship, and Visionet does not address it satisfactorily, Visionet commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable] with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB NATIONAL PROGRAMS.
In compliance with the EU-US Data Privacy Framework Principles, the UK Extension to the EU-US DPF and the Swiss-US DPF, Visionet commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-U.S. DPF in the context of the employment relationship.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Data Privacy Framework - Annex I
Onward Transfers to Third Parties
Visionet’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Visionet remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Visionet proves that it is not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Choices and Rights Over Your Personal Data
Pursuant to the Data Privacy Frameworks, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to DPO@Visionet.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to DPO@Visionet.com.