Privacy Policy on the Collection and Use of Information

Protection of Personal Information

We take every precaution to protect our users' and customers' information. When users submit personal information via the website or when buying our services, their information is protected both online and offline.

Access to the personal information we store is restricted. Only employees who need the information to perform a specific task (for example, billing clerks or a customer service representative) are granted access to personally identifiable information. Our employees must use proper measures to secure their work environment (strong authentication methods, locked offices, locked storage systems, etc.). Furthermore, all employees are kept up to date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance of privacy and what they can do to ensure our customers' information is protected. Finally, the servers that we store and/or process personally identifiable information on are kept in a logically and physically secure environment.

Requests from competent authorities to divulge personal information will be duly verified and authenticated, but will not be recorded nor disclosed.

Unused data is destroyed after 126 months; data destruction is performed according to our documented procedures.

If you have any questions about the privacy and security policies at our website, you can send an email to privacy@carillon.ca or contact us by phone.

Accessing your Personal Information

If a user wishes to access her or his own personally identifiable information stored by Carillon, we will endeavour to provide a way to view this data appropriate to the user's resources and capabilities. This can be done by emailing our Privacy Officer at privacy@carillon.ca.

Personal Information Corrections and Updates

If a user's personally identifiable information changes (such as a postal code), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user's personal data provided to us. This can be done by emailing our Customer Support department at customer_service@carillon.ca.

Notification of Changes

If we decide to change our privacy policy, we will post those changes on our homepage so our users are always aware of what information we collect, how we use it, and under which circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Personal Information Collected

Carillon collects personally identifiable information from our web visitors and customers only in the following cases:

Downloads

In the event that a visitor would like to download a document or tool that we provide, we provide an optional feedback form that collects name, affiliation and email address information. This information is for review by our product development and sales teams, both to identify potential customers, as well as to fine-tune our product lines. This information will never be shared with any third party.

Contact form

On our "Contact us" page, there is a form to be filled out by individuals and companies desiring to be contacted by Carillon. This information is exclusively used for the purposes of our internal marketing and sales team and will never be shared with any third party.

Purchase of Basic Assurance Certificates

For customers desiring to purchase Basic Assurance Certificates, we collect information as required to create and maintain a PKI Subscriber record, as well as information necessary to perform credit card billing and tax assessment. All information collected is stored according to the dictates outlined in the Carillon Certificate Policy, PIPEDA, and the requirements of the PCI-DSS.

Purchase of PIV-I credentials

For customers desiring to purchase PIV-I credentials, we collect information as required to create and maintain a PKI Subscriber record and log such issuance, as well as information necessary to perform credit card billing and tax assessment. Subscriber record information is stored within our PKI secured facility. Further information regarding our privacy policy, as well as details of the uses of this Subscriber record can be found in the terms and conditions of the credentials in question. All other information collected for this service is stored according to the requirements of the PCI-DSS.

Managed PKI services

For Subscribers of one of our Managed PKI services, we collect information as required to issue the appropriate digital credentials, and log such issuance. Subscriber record information is stored within our PKI secured facility. Further information regarding our privacy policy, as well as details of the uses of this Subscriber record can be found in the terms and conditions of the digital credentials in question.

Web site data

Carillon Information Security Inc. is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement.

Cookies

A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. Once the user closes their browser, the cookie simply terminates. For instance, by setting a cookie on our site, the user would not have to log in a password more than once, thereby saving time while on our site. If a user rejects the cookie, they may still use our site.

Log Files

We use IP addresses to analyze trends, administer the site, track usage of the web site, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that we (Carillon Information Security Inc.) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.