- Information collected to register Account Holders and End Users
Non-public personal information that Capsilon collects pertaining to Account Holders and End Users may be used and disclosed in the following ways:
- Used to create and administer the Account Holder’s account and End Users’ profile in using the Services.
- Used to fulfill requests, respond to inquiries, provide the Services, and complete transactions Account Holders and End Users have requested.
- Used to send Account Holders and End Users important information regarding the Services or Site, changes to our terms, conditions, and policies and/or other administrative information. Because this information may be important, Account Holders and End Users may not opt-out of receiving such communications.
- Used to inform Account Holders of services, promotions and programs that we believe may be of interest to them.
- Used to resolve problems or issues with the Services, Site or other End Users.
- For our internal business purposes, such as data analysis, audits, developing new products or services, enhancing our Site, improving our Services, identifying usage trends and determining the effectiveness of our promotional campaigns.
- Disclosed to our third party service providers who provide services such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer service, e-mail delivery services, and other similar services to enable them to provide services to us.
- Disclosed to an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).
- Used and disclosed as we believe to be necessary or appropriate: (a) in any manner permitted under applicable law, including laws outside the country of residence of Account Holders and End Users; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside the country of residence of Account Holders and End Users; (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users of the Services and Site; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
- Information submitted by Account Holders and End Users through and stored by the Services – Customer Data
In using the Services, we understand that you will be sending Customer Data, including but not limited to, non-public, personally identifiable information regarding your customers through the Services provided under this Agreement. While monitoring or repairing the Site or the Services, employees of Capsilon may gain access to Customer Data in order to maintain the Site and the Services. We restrict access to such information to those employees or agents of Capsilon who need access to maintain the Site or the Services. We also strive to follow generally accepted industry standards to protect Customer Data, both during transmission and once received. We strive to use commercially acceptable means to protect Customer Data, and we strive to ensure that the Services comply with the requirements of privacy laws in the United States. In recognition of responsibilities under the federal Gramm Leach Bliley Act and related interagency guidelines (the “Act”), Capsilon has implemented a comprehensive information security program, including administrative, technical, and physical safeguards, designed to (i) ensure the security and confidentiality of Customer Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Customer Data; and (iii) protect against unauthorized access to or use of Customer Data that could result in substantial harm or inconvenience to any customer.
The security program includes the following controls and processes : (a) access controls on information systems of the Services, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing your Customer Data to unauthorized individuals who may seek to obtain this information through fraudulent means; (b) access restrictions at physical locations containing your Customer Data, such as buildings, computer facilities, and records storage facilities to permit access only to authorized individuals; (c) encryption of electronic Customer Data, including while in transit or in storage on networks or systems to which unauthorized individuals may have access; (d) dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to Customer Data; (e) monitoring systems and procedures to detect actual and attempted attacks on or intrusions into information systems containing Customer Data; (f) response programs that specify actions to be taken when Capsilon or Capsilon suspects or detects that unauthorized individuals have gained access to the information systems, including appropriate reports to regulatory and law enforcement agencies; and (g) measures to protect against destruction, loss, or damage of Customer Data due to potential environmental hazards, such as fire and water damage or technological failures. Upon request, Capsilon will provide you with a copy of a SAS 70 type II audit report (or other similar report, as such reports are available) and an overview of its Information Technology policies and controls, as well as similar documentation that is reasonably requested to show that key security controls are in place.