This Privacy statement outlines how Personal Information of clients, prospective clients, former clients, visitors, vendors and other third parties we interact with (“External Individuals”) is collected, managed and processed by Vitrana. Vitrana is committed to handling the Personal Information of all External Individuals in an appropriate and lawful manner. This policy sets out the minimum requirements for ensuring that the Personal Information of External Individuals is collected, used, retained and disclosed in a secure and compliant manner.
The policy applies between you, as an External Individual, and the Vitrana company that you interact or engage with or that communicates with you in relation to services or solutions provided by Vitrana, or the Vitrana company to whom you provide or wish to provide your goods or services. If you are unsure as to which Vitrana company is applicable to you, please Contact Us (see Contact Us section below). The policy applies to all External Individuals with regards to your Personal Information.
- “External Individuals” means any clients, prospective clients, former clients, visitors, vendors and other third parties we interact with.
- “Associate” means any current, past and prospective employees, individual contractors or other members of personnel of Vitrana.
- “Vitrana” means
- Vitrana Inc. with a registered address at 2650 US Highway 130, Ste I, Cranbury, NJ, 08512
- Virtuous Transactional Analytics Pvt. Ltd. with a registered address at Graphix 2, Block A – 13, Industrial Area, Sector 62, Noida, Uttar Pradesh – 201309, India
- And its global affiliates and subsidiaries
- “Personal Information” is defined under applicable law but may include any information or combination of information, in any form or medium that can identify an External Individual. Examples include name, email address, physical address, phone number, date of birth, age, home address, personal preferences, behavioral information, government issued IDs, IP address, hardware identifiers, etc.
- “Sensitive Personal Information” means Personal Information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Examples of Sensitive Personal Information in various jurisdictions may include social security numbers, driver’s license numbers, passwords, passports, tax IDs, financial account and credit card numbers, health information (including Protected Health Information (PHI), biometric identifiers, racial or ethnic origin, and information about political opinions, religious beliefs, trade union membership, criminal history, sexual orientation or blood group , as well as any other information deemed sensitive under applicable data protection laws.
- “Process/Processed/Processing” means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collecting, recording, storing, deleting, viewing, accessing, amending, using or disclosing the Personal Information.
Note, where we have used words such as “include,” “including,” “for example,” or “such as” in this Notice, these are meant to be examples and not exhaustive lists
What we collect
Vitrana will only collect Personal Information a.k.a Personal Identifiable Information (PII) relating to External Individuals to the extent that it is required for a particular purpose or purposes, in the context of its business. Vitrana may collect or Process any or all of the following types of Personal Information about External Individuals as part of its business activities:
|Personal Information Category
|Examples of Personal Information we may collect within each category include:
|Title, full name, photograph, gender, date of birth.
|Employer details, job title, work address, phone number(s) and email address(es), emergency contact details and number, social media handles
|Languages and information that an External Individual volunteers in their course of dealings with Vitrana, such as through networking events (which could involve the disclosure of data about religion to facilitate prayer room access, ethnicity or sexual orientation).
|Contact history, interactions and communications with Vitrana, events attended, Vitrana information and materials (e.g., whitepapers) provided, contact preferences.
|Relationship management information
|Communication and meeting dates, education and qualifications, references, professional experience, membership of professional bodies, information about complaints and feedback.
|Data related to use of and access to facilities and corporate assets
|Time and location of entry and exit to premises, access to restricted zones and security camera footage data related to access to and usage of office equipment and corporate assets including fixed and mobile phones, computer systems, email and the intranet/internet, document management systems
|Background screening information
|Criminal history, Educational Qualifications
How we collect your personal information
We receive Personal Information about you directly from you via our websites and portals, at events you attend and when we contact you via post, email or phone and through your usage of Vitrana systems (such as client and vendor onboarding processes and internally developed applications). We may also receive Personal Information about you from other sources such as business networks and agencies, publicly available sources such as LinkedIn, media outlets, referrals, from the company that employs you, our past clients.
Personal Information of others provided by you. In certain situations, including visiting our offices, you may provide to us the Personal Information of others (e.g., your colleagues). It is your responsibility to inform the nominated individual about the Processing of their Personal Information for the described purposes and to confirm, if required by law, that they have given their permission.
By providing your Personal Information, you agree that, where it is permitted by local law or where you have agreed to receiving these communications from us, we may use the information.
Why we need to collect your Personal Information
Vitrana uses your Personal Information for a variety of purposes. The most common uses of Personal Information are:
- Managing client requests, projects and bidding for work;
- Marketing activities and market research;
- Managing vendor relationships and invoicing and determining eligibility of vendors including verification of references and qualifications and other background checks;
- Managing client relationships;
- Investigating complaints and issues;
- Organizing meetings and networking events;
- Business continuity management;
- Security and compliance with law, including health and safety requirements
- Developing resource plans to meet business demands
- To improve our level of service
- To improve the content of our communications
- To provide you with tips, helpful information, product news and updates
- To notify you of our new products and services
- To seek your views on our products and services
- To consider your application for employment
- For our own administrative and quality assurance purposes; and
- Or other purposes that may be detailed on the website
In order to comply with legal and regulatory obligations and to the extent permitted or required by local law, and specifically to ensure that we can comply with applicable trade control, anti-money laundering and/or anti-bribery and corruption laws, we may carry out background screening checks on current and prospective clients, vendors and business partners, both pre and post contract. In addition to screening individuals and legal entities with whom we enter into contracts, this screening may cover individuals such as directors, officers, sole traders, shareholders and other key stakeholders. The screening utilizes publicly available information, including government issued sanctions lists and media sources. The information obtained through background screening may include Personal Information regarding suspected or actual criminal behavior, criminal records or proceedings and unlawful behavior. An extensive list of the purposes for which we may collect your Personal Information is set out in the table below. Where Vitrana wishes to use Personal Information for a new purpose that has not been notified to the External Individual, where required by law, Vitrana will notify the External Individual of the new purpose.
How we protect your PII
Vitrana will take appropriate legal, organizational, and technical measures to protect your personal information consistent with applicable privacy and data security laws. When Vitrana uses a third-party service provider, that provider will be carefully selected and required to use appropriate measures to protect the confidentiality and security of personal information. We use a variety of security technologies and procedures to help protect your PII from unauthorized access, use or disclosure. Unfortunately, the transmission of information via the Internet or a mobile phone network connection is not completely secure. Although we will do our best to protect your PII, we cannot guarantee the security of the PII you transmit to our websites or mobile applications: any transmission is at your own risk. Each member of the project is responsible for upkeeping the confidentiality of PII. Access to the entire or limited PII is restricted and is based on the specific role in the project. While we cannot guarantee that loss, misuse, or alteration of data will not occur, once we have received your information, we will employ appropriate technical security measures to prevent such unfortunate occurrences.
Sharing PII with third parties
Vitrana may share your Personal Information:
- With clients and potential clients in the course of business and business development;
- With suppliers, subcontractors and service providers, to maintain an efficient and commercially viable business, including caterers and security contractors if you visit Vitrana’s premises;
- With professional advisers and consultants;
- With legal advisors and external auditors for legal advice and to conduct business audits;
- With credit reference agencies and background verification agencies, to conduct credit checks and background verification and reference checks;
- With service providers for business continuity management and contingency planning in the event of business disruptions; and
- With prospective sellers or buyers and their advisers in the event that Vitrana merges, acquires or sells any business or assets.
Disclosure without notification. There may be circumstances where Vitrana discloses Personal Information to third parties without notifying External Individuals. These circumstances could include:
- Where the information is publicly available
- Where Vitrana is required to do so by law or by order of a court or tribunal, or where Vitrana has a good faith belief that such disclosure is reasonably necessary to comply with a legal obligation, process or request;
- Where it is alleged by a law enforcement authority that an External Individual is guilty of a criminal offence, or is civilly liable in a legal action, and Vitrana has a good faith belief that any disclosure is necessary to comply with a legal process or request.
- Where Vitrana is legally required to, or has a good faith belief that such disclosure is reasonably necessary to protect the rights, property or safety of Vitrana, its employees, contractors, job applicants, vendors, clients, customers of clients, third parties or the public as required and permitted by law
Personal Information collected may be transferred to, stored and processed in your country of residence or any other country in which Vitrana (including its afﬁliates), subcontractors or agents maintain facilities, including the United States and countries outside the European Economic Area (EEA). This means that your information may be processed in countries with lower data protection standards than your country of residence. By using our websites and mobile applications, you consent to any transfer, processing or storing of information outside of your country of residence and outside the EEA. We will ensure that if information is transferred outside your country of residence, it will still be treated in accordance with this Privacy Statement.
How we monitor your activities
Where permitted by local law, Vitrana may monitor the activities of External Individuals at Vitrana or client facilities using CCTV. Where required, signage will indicate which areas are subject to such monitoring. Recorded images are destroyed in accordance with our retention policy, unless they are required f or criminal or other investigations (including circumstances where we are required to provide such information to clients for the purposes of their investigations).
In addition to the above and where permitted by local law, Vitrana may monitor its company assets, including computers, telephones, fax machines, voice mail systems, etc., and its networks, including intranet/internet access, email, applications, etc., and the activities of External Individuals while accessing or using such office equipment or networks as set out in our Acceptable Use Policy. If you have further questions, please contact us (see Contact Us section below).
Use of IP addresses
An IP address is a set of numbers that is automatically assigned to your computer whenever you log on to your Internet service provider or through your organization’s local area network (LAN) or wide area network (WAN). Web servers automatically identify your computer by the IP address assigned to it during your session online.
Our websites and mobile applications may use technology called “cookies.” A cookie is a small text ﬁle that is placed on your hard disk by a server. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to a website.
Storing your Preferences and Settings – Settings that enable our website to operate correctly or that maintain your preferences over time may be stored on your device.
“Do Not Track”: Some newer Internet browsers have incorporated Do Not Track features, and when turned on, they send a signal to the websites you visit, telling the website that you do not want to be tracked while browsing. Websites differ in how they respond to these Do Not Track signals, as there is not yet a common understanding of how to interpret the Do Not Track signal. Because of this lack of clarity, our website does not respond to the browser Do Not Track signal. Thus, most cookies will continue to be stored until you choose to delete them.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer. Please refer to your Internet browser’s instructions or help screen to learn more about these functions and to specify your cookie preferences.
If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit.
Information from outside sources
Where permitted by local law, we may also collect legally obtained information from third parties to add to our existing user databases. Some of this information may be PII. We do this to better target information offerings and promotional campaigns in which we think you would be interested. Such PII will only be collected and used by us in accordance with the basis on which it was originally provided by the subject, or as otherwise permitted by local law.
How long we retain your Personal Information
We will retain your information only for the period necessary to fulﬁl the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. You may contact us in writing to request the updating, correcting or removal of PII that you have provided to us at any time using the contact information provided at the end of this Privacy Statement. Your local laws may also give you the right to access information that you have provided to us. In some countries, you may need to pay a reasonable fee to meet our costs in providing you with this information.
Links to other websites
Our websites and mobile applications may from time to time provide links to or embed third party websites. This Privacy Statement doesn’t apply to those websites. If you choose to enter such a linked site, you agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:
- how these websites treat your PII
- the content of such websites
- the use that others make of these websites.
Please ensure you check the legal and privacy statements posted on each website or mobile application you access before entering any PII.
What are your rights
Certain Vitrana systems may allow External Individuals to check and update certain Personal Information. Where applicable, it is the responsibility of all External Individuals to ensure that their Personal Information is kept up-to-date. Where permitted under applicable laws, External Individuals have the right to access their Personal Information, verify and challenge the accuracy and completeness of their Personal Information and have it corrected, amended or deleted if inaccurate and, in limited circumstances, object to Processing of their Personal Information or ask for Processing to be restricted. Vitrana may require External Individuals to provide reasons or evidence to justify the amendment of Personal Information held by Vitrana. In addition, where applicable, External Individuals can ask for their data to be moved to another controller. Where Vitrana is Processing Personal Information on the basis of consent, External Individuals can withdraw that consent at any time. However, please note that if you withdraw your consent, you might not be able to use service or feature that require collection or use of such Personal Information. External Individuals can exercise these rights by contacting us per the Contact Us section below. External Individuals can also unsubscribe from marketing sent by Vitrana at any time by following the instructions received in the relevant marketing communication.
We may occasionally update this Privacy Statement. If the changes we make are material, we also may post a notice regarding the changes on our websites or mobile applications and related licensing agreements. We encourage you to periodically review this Privacy Statement to stay informed about how we are helping to protect the PII we collect. Your continued use of our websites and mobile applications constitutes your agreement to the Privacy Statement and any updates. Subsequent changes in this Privacy Statement will not apply to data that were collected before the change is made.
Data Retention and Destruction
Vitrana will retain the PII as per the project agreement. On the completion of the agreed period, the data shall be archived/destroyed/transmitted to client according to the regulatory norms. If the client wishes to retain PII, the client’s employee identified in the statement of work or service agreement should request the data in writing.
Below is list of commonly processed PII with indicative retention periods:
|Indicative Retention Schedule
|Indicative Retention Schedule
|Client Provided Data/Agency Provided Data
|As per the terms of Data Privacy Agreement or Agency terms or Regulatory requirements.
|Human Resource Data
|As per regional Regulatory requirements.
|Data collected from Visitors (Such as CCTV Footage, visitor register, movement registers, temporary ID cards etc.)
|As per IT Infrastructure and Information Security Procedure
|Data collected by marketing or business development for the purposes of disseminating information on Vitrana products, services and promotions.
|Retention period will be limited by business requirement.
References to “Vitrana,” “we,” “us” and “our” are references to Vitrana Inc. and its afﬁliates. Please address any questions, comments and requests regarding this Privacy Statement to your local Vitrana afﬁliate using the contact information below. If you contact us, please note the name of the websites you have visited, as well as how we may contact you.