SalesNOW’s Web sites may contain links to other Web sites. SalesNOW is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the Privacy Policies of other Web sites to understand their information practices.
SalesNOW offers a variety of applications and services that are collectively referred to as the “Services.” SalesNOW collects information from individuals who visit the Company’s Web sites (“Visitors”) and individuals who register to use the Services (“Customers”).
When expressing an interest in obtaining additional information about the Services or registering to use the Services, SalesNOW requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, SalesNOW requires you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”). SalesNOW may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information are referred to collectively as “Data About SalesNOW Customers.”
As you navigate the Company’s Web sites, SalesNOW may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web sites (such as the Web pages viewed and the links clicked).
The Company uses Data About SalesNOW Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services.
The Company may also use Data About SalesNOW Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events.
SalesNOW uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Services.
SalesNOW uses Web Site Navigational Information to operate and improve the Company’s Web sites. The Company may also use Web Site Navigational Information alone or in combination with Data About SalesNOW Customers to provide personalized information about the Company.
SalesNOW uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on the Company’s Web sites and how this information may be used.
If you have chosen to identify yourself to SalesNOW, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services.
SalesNOW uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company’s Web sites. When you purchase the Services or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web sites, but you will not be able to successfully use the Services.
SalesNOW may use information from session and persistent cookies in combination with Data About SalesNOW Customers to provide you with information about the Company and the Services.
To the extent that you do provide us with Personal Information, INTERCHANGE wishes to maintain accurate Personal Information. Where we collect Personal Information from you on the Web, our goal is to provide a means of contacting INTERCHANGE should you need to update or correct that Information. If for any reason those means are unavailable or inaccessible, you may send updates and corrections about your Personal Information to support@ServicesNOW.com and we will make reasonable efforts to incorporate the changes in your Personal Information that we hold as soon as practicable.
SalesNOW uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, SalesNOW may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web sites. SalesNOW uses Web beacons to operate and improve the Company’s Web sites and email communications.
SalesNOW may use information from Web beacons in combination with Data About SalesNOW Customers to provide you with information about the Company and the Services.
SalesNOW uses local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our site to personalize your visit. Third parties, with whom the Company partners to provide certain features on our site or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information.
Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies.
When you visit SalesNOW’s Web sites, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, SalesNOW uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web sites.
SalesNOW also collects IP addresses from Customers whey they log into the Services as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.
SalesNOW may provide bulletin boards, blogs, or chat rooms on the Company’s Web sites. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. SalesNOW is not responsible for the personal information you choose to submit in these forums.
SalesNOW posts a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. SalesNOW obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
From time to time, SalesNOW may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from SalesNOW, the Company may share Data About SalesNOW Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). SalesNOW does not control our business partners’ use of the Data About SalesNOW Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
SalesNOW uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.
SalesNOW reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
SalesNOW offers Customers and Visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may send a request specifying your communications preferences to support@SalesNOW.com. Customers cannot opt out of receiving transactional emails related to their account with SalesNOW or the Services.
Customers may update or change their registration information by editing their user or organization record. To update a user or organization profile, please login to https://www.SalesNOW.com with your SalesNOW username and password and click “Setup” and then “Account Administration”. To update Billing Information or have your registration information deleted, please email support@SalesNOW.com or call (646) 558-3755. To discontinue your account and to have information you maintained in the Services returned to you, please email support@SalesNOW.com or call (646) 558-3755. Requests to access, change, or delete your information will be handled within 30 days.
SalesNOW Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). SalesNOW will not review, share, distribute, or reference any such Customer Data except as provided in the SalesNOW Master Subscription Agreement, or as may be required by law. SalesNOW may access Customer Data only for the purpose of providing the Services, preventing or addressing service or technical problems, at a Customer’s request in connection with customer support matters, or as may be required by law.
SalesNOW uses robust security measures to protect Customer Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Services are accessed using Internet Explorer version 6.0 or later, Firefox version 2.0 or later, or Safari version 3.0 or later, Secure Socket Layer (.SSL.) technology protects Customer Data using both server authentication and data encryption. These technologies help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. SalesNOW also implements an advanced security method based on dynamic data and encoded session identifications, and the Company hosts its Web sites in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. SalesNOW also offers enhanced security features within the Services that permit Customers to configure security settings to the level they deem necessary. Customers are responsible for maintaining the security and confidentiality of their SalesNOW usernames and passwords.
Because the Company uses the Services to maintain Data About SalesNOW Customers, this information is secured in the same manner as described above for Customer Data.
SalesNOW’s Corporate Privacy Office
Attn: Mark Durst
Suite 100, 8966 Woodbine Avenue
Markham, Ontario, Canada, L3R 0J7
In certain cases, you may have the ability to view or edit your personal information online. In the event your information is not accessible online, and you wish to obtain a copy of particular information you provided to SalesNOW, or if you become aware the information is incorrect and you would like us to correct it, please contact us.
Before SalesNOW is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will contact you within 30 days of your request.
A privacy breach is an incident involving the unauthorized disclosure of personal information in the custody or control of Interchange Solutions Inc. (“SalesNOW”). This would include personal information being lost, stolen, or accessed by unauthorized persons. This plan outlines the best practices for responding to a privacy breach in four steps:
STEP 1 RESPOND AND CONTAIN
STEP 2 NOTIFY
STEP 3 INVESTIGATE
STEP 4 IMPLEMENT CHANGE
For each of the four steps identified, this document outlines what procedural steps must be taken.
There’s been a possible breach…what next?
In the event of a possible breach of privacy, the first step is to respond to the potential breach. Once you respond and determine whether an actual breach has occurred, containment of the situation must follow. In order to accomplish STEP 1 efficiently, there are five critical actions that need to be taken as soon as possible following the discovery of a possible incident:
If reporting internally, a privacy breach or suspected breach needs to be reported to the Privacy Officer. Be sure to provide as much information as possible when providing notification. Some points that should be included are: what happened, in which department, when the incident occurred, how the breach was discovered, and whether any corrective action has already been taken. Any additional information you have on the incident should be included (i.e. did you have to involve law enforcement?)
Once you have reported the situation to the appropriate people, an assessment of the situation will be carried out to determine whether a privacy breach has indeed occurred. Two important questions are asked during an assessment, so be sure to have as much information available that can help.
Not all data in the custody or control of SalesNOW is personal information. Therefore, the first part of your assessment is to identify the type of information affected by the incident in order to determine whether a breach has occurred.
Personal information is recorded information about an identifiable individual (i.e., natural person) and includes, but is not limited to: race, nationality, religion, age, sex, marital status, education, medical or criminal history, financial information, identifying numbers, address, telephone number, fingerprints, blood type, and opinions. This list is not exhaustive – SalesNOW may have other types of personal information in its custody or control which may include information that is not recorded (e.g., a verbal disclosure). Also, if there is a reasonable expectation that an individual can be identified from the information disclosed (either alone or when combined with other information), such information will likely qualify as personal information.
Once it has been determined that a privacy breach has occurred, containment must follow. This involves taking corrective action such as retrieving the personal information that has been released if the breach involved a hard copy, or isolating/suspending the activity, process or system if it was an electronic breach, etc. The main goal is to alleviate any consequences for both the individual(s) whose personal information was involved and SalesNOW.
Documenting the details of a privacy breach and your containment strategy allows the Privacy Officer and Security Office to assist with the implementation of correct remedial measures, respond to any investigations, and evaluate your response so areas for possible improvement may be identified.
If you find yourself in a breach situation, here are some things you should document:
What happened (e.g., staff disclosed personal information without authority, intruder, third party service provider alert, equipment containing personal information lost or stolen, etc.), when and how the breach was discovered, and what corrective action was taken. If the breach was identified by an external source (e.g., individual or third party service provider), document the information provided, including contact information for follow-ups, and any instructions given to the reporting party (e.g., asking caller to mail back documents sent to wrong address).
The following information will be included when the Privacy Officer files its report:
- The nature and scope of the privacy breach (e.g., how many people are affected, what type of personal information is involved, the extent to which you have contained the breach) or, if the nature and scope are not known at the time of the briefing, that they are still to be determined.
- What steps you have already taken, or will be taking, to manage the privacy breach.
- Your plans to notify the individuals affected by the privacy breach and, if appropriate, other parties.
Ok, so we definitely have a breach…now what?
Following a full response and containment of the situation as outlined in STEP 1, you must now notify the individual(s) whose personal information was affected by the privacy breach, except in situations when notice is not appropriate or possible (e.g. identities of individuals affected by the breach are unknown, contact information is unavailable, or if notice would interfere with a law enforcement investigation).
The purpose of providing notice of a privacy breach to the affected individual(s) is to provide them with sufficient information about:
- what happened and when;
- if possible, a generic description of the types of personal information involved in the breach, including whether any unique identifiers or sensitive personal information were involved in the breach;
- the nature of potential or actual risks of harm;
- what action we have taken to address the situation; and
- what appropriate action the individual(s) should take to protect themselves against harm (i.e. tracking credit cards, monitoring bank accounts, etc.)
The Privacy Officer will try and notify the individual(s) as soon as reasonably possible. During the notification process, there are many factors and details to be considered, some of which will be situation specific. Examples include;
- ensuring that we only provide notification when the facts of the situation have been confirmed and well documented to avoid passing on faulty information and making the situation worse;
- making sure notice is being provided to the right person;
- determining if a personal representative or other authorized parties need to be notified if the individual(s) in question cannot receive the notification for any reason (capacity, age, language, etc.);
- if notifying by telephone create a script so the same information is always given ensuring accuracy and consistency and be sure to clearly identify the university and contact information (toll-free number, website address, postal, etc.); or
- if notifying in writing, make the letter clear and concise, use SalesNOW’s letter head and envelopes, and send by mail to the last known mailing address, deliver it personally, or send by means that can prove receipt of mail such as requiring a “signature upon receipt”
What went wrong?
After we have responded to and contained the breach, an investigation is the next step. In most circumstances SalesNOW will be responsible for investigating its own privacy breaches. An internal investigation must:
- identify and analyze the events that led to the privacy breach;
- evaluate what we did to contain it; and
- recommend remedial action to help prevent future breaches.
The Privacy Officer will handle the documentation at this point.
We know what went wrong…now how can we fix it?
The most vital outcome of any privacy breach should be an understanding of what went wrong and how to prevent and avoid breaches in the future. The Privacy Officer will take part in this process.
A meeting with all parties involved in the breach process will follow any breach once it has been fully contained, documented, and investigated. This will help the Privacy Officer evaluate our existing privacy/security measures and our incident-handling process, while identifying areas and conduct needing change and improvement.
When determining what changes and remedial action needs to be implemented, some improvements may require you to:
- amend or reinforce our existing policies and practices for managing and safeguarding personal information;
- develop and implement new security or privacy measures;
- train your staff on legislative requirements, security and privacy
In addition, whether the notice provided to the affected individual(s) was effective will also be evaluated. The Privacy Officer will discuss whether the notice was done in a reasonably timely manner, whether the tone and content of the notice was appropriate, and if there was sufficient support provided to data subjects
Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:
Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
Numerous state breach notification laws
Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
Numerous provincial privacy laws affecting the public and private sectors
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive)
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications (EU E-Privacy Directive)
Japan Law on Protection of Personal Information of 2003
Asia-Pacific Economic Cooperation (APEC) Privacy Framework
Although the requirements of these laws and frameworks vary greatly, some common themes have emerged, such as notice, choice, access, and security:
What information must be provided to individuals about how their data may be used and who it may be shared with? When must this notice be provided to individuals? In what manner must this notice be provided?
What choices are individuals offered in terms of what information about them is collected and how such information is used?
Are individuals given the opportunity to access information maintained about them? Can individuals request that their information be amended or deleted?
Are organizations that handle personal information required to protect such information using administrative, technical, and physical safeguards?
SalesNOW.com's customers solely determine what data is submitted to the SalesNOW.com service as customer data. With respect to such data, SalesNOW.com acts as a data processor. In our role as a processor of customer data, SalesNOW.com addresses the general privacy principles described above in the following ways:
SalesNOW.com generally does not have a direct relationship with individuals whose personal data is submitted by customers to the SalesNOW.com service as customer data. SalesNOW.com does not collect personal information on behalf of our customers, and SalesNOW.com does not determine how our customers use such data. Additionally, SalesNOW.com's customer contracts generally prohibit SalesNOW.com from accessing customer data except under limited circumstances.
Compliance with the Notice, Choice, and Access principles is based on cooperation between SalesNOW.com and our customers. For example, SalesNOW.com's contracts with our customers state that customers are responsible for the accuracy, quality, integrity, reliability, and appropriateness of data submitted to the SalesNOW.com service and that customers must comply with applicable laws in using the SalesNOW.com service.
SalesNOW.com maintains appropriate administrative, physical, and technical safeguards to help protect the security, confidentiality, and integrity of data our customers submit to the SalesNOW.com service as customer data. SalesNOW.com's customers are responsible for ensuring the security of their customer data in their use of the service.