TouchNet Information Systems, Inc. Safe Harbor and Web Site Privacy Statement
We self-certify compliance with SafeHarbor
This Statement describes how TouchNet Information Systems, Inc. ("TouchNet") collects, uses, and discloses certain personally identifiable information that it receives in the United States from European Union member countries and Switzerland ("Personal Data") whether (A) such Personal Data is acquired from persons accessing and/or browsing TouchNet's Web site located at www.touchnet.com ("Browser Users") or (B) by receipt from or access to data residing on servers of clients of TouchNet with whom TouchNet has one or more contractual relationships under which TouchNet-authored software processes the data of such clients ("Business Clients"), including the Personal Data of the personnel of such Business Clients ("Business Client Personnel") and the Personal Data of customers of such Business Clients ("Secondary Users"). In particular, TouchNet recognizes that the European Union has established strict protections regarding the handling of Personal Data, and TouchNet therefore has elected to adhere to the US-EU Safe Harbor Privacy Principles (the "Safe Harbor") with respect to such Personal Data that it receives in the United States. For further background and information about the Safe Harbor, and to see TouchNet's representation on the Safe Harbor List, please refer to the U.S. Department of Commerce's website at www.export.gov/safeharbor.
Categories of Individual Data Subjects
In general, TouchNet may obtain Personal Data in the United States about several different types of individuals, including (A) website visitors, referred to herein as "Browser Users"; (B) Business Clients; (C) personnel of such Business Clients, referred to herein as "Business Client Personnel"; and (D) Secondary Users. For purposes of this policy, Browser Users, Secondary Users, and Business Client Personnel will be referred to collectively as "End Users." TouchNet's practices with respect to each of these types of individual data subjects are described below.
In all instances, TouchNet will not share, sell, rent, or trade with third parties for promotional purposes any Personal Data processed by TouchNet, unless TouchNet is directed to do so by a Business Client or Secondary User who owns such personal data.
Business Clients and Strategic Partners
TouchNet may obtain various types of Personal Data about TouchNet's Business Clients and strategic partners and the personnel of each of them. Such data may include contact information (names, school names, employer names, business addresses, phone and fax numbers, and email addresses); information about products and services ordered or provided; financial and payment information; user IDs, passwords, information collected through Internet-based activities, and other transaction-related data.
TouchNet may use these types of Personal Data for business purposes, including to deliver or provide services; to establish or maintain client and business relationships; to deliver marketing or newsletter communications; to provide access to Internet-based activities; to perform accounting functions; and to conduct other activities as necessary or appropriate in connection with the servicing and development of the business relationship.
TouchNet's Business Clients or strategic partners may contact us if any of their Personal Data changes, or if they would like to access and correct or delete inaccuracies within the Personal Data that TouchNet maintains about them or about their customers (Secondary Users). TouchNet will respond within thirty (30) days to individual requests to access by Business Clients and strategic partners. Whether Secondary Users or Business Client Personnel may change, access, correct, or delete their Personal Data depends on the rights granted such Secondary Users and Business Client Personnel by the respective Business Clients or strategic partners, TouchNet being without either the relationship or the authority to grant such rights to Secondary Users or Business Client Personnel, who are the customers or employees, not of TouchNet, but rather of TouchNet's respective Business Clients or strategic partners, as the case may be.
TouchNet Marketplace uStores
Business Clients wishing to change, update, or delete inaccuracies within their Personal Data within this section of the TouchNet Website may do so by logging into their account, selecting "My Account," and clicking the information link to be changed, deleted, or updated. Provided that Business Clients have not opted to limit this functionality, Secondary Users and Business Client Personnel wishing to change, update, or delete inaccuracies within their Personal Data within this section of the TouchNet Website may also do so by logging into their account, selecting "My Account," and clicking the information link to be changed, deleted, or updated.
TouchNet Bill+Payment Suite
Secondary Users who sign up for TouchNet's Bill+Payment Suite will be asked to furnish their name, email address, mobile number, and carrier. TouchNet, on behalf of each Secondary User's Related Institution, will use this information to create an account for each such Secondary User so that such Secondary User may make payments to his/her Related Institution directly. For purposes hereof, when referring to the Personal Data of a Secondary User that is obtained by TouchNet on behalf of one of TouchNet's Business Clients, that Business Client will be referred to as such Secondary User's Related Institution. Thus, the entity, when referenced in connection with its relationship with TouchNet, is referred to as a Business Client, but when referred to in connection with such entity's relationship with its End Users, will be referred to as such Secondary User's “Related Institution.” Each Secondary User who provides TouchNet with his/her mobile number will be sent text messages about new bills and upcoming payments, provided the Secondary User's Related Institution has not opted to disable this functionality. Regardless, each Secondary User may opt out of receiving these types of communications at any time by updating their user profile. If enabled by the Secondary User's Related Institution, Secondary Users also have the ability to store their credit card or checking account information on the TouchNet Website so that Secondary Users do not need to enter such information every time they log in to make a payment. Provided the Secondary User's Related Institution has not disabled this functionality, Secondary Users wishing to delete or update their personal or financial information may do so at any time by logging into their respective accounts and updating their user profile. Provided the Secondary User's Related Business Client has not disabled this functionality, Secondary Users may add authorized users to their account. Secondary Users wishing to do so will need to furnish to TouchNet such person's email address. Thereafter, the Secondary User is then able to set permissions for such authorized person as far as what such person is allowed to see within the Secondary User's account. Secondary Users may deactivate authorized users at any time by updating the Secondary User's profile.
TouchNet Marketplace uStores
Secondary Users who sign up for TouchNet Marketplace uStores will be asked to furnish their names, email addresses, and mailing addresses. TouchNet will also ask Secondary Users to create a username and password so that such Secondary Users may access the site at anytime, subject to limitations (if any) imposed by such Secondary User's Related Institution. TouchNet uses this information for the sole purpose of allowing such Secondary User to create an account and make purchases. Nothing stated herein, however, limits or restricts what a Secondary User's Related Institution may do with such Personal Data. For limitations (if any) on the Personal Data applicable to Secondary Users' Related Institutions, Secondary Users are directed to each Secondary User's Related Institution.
In each instance in which TouchNet obtains access to Personal Data Information about data subjects or Secondary Users, TouchNet is acting as a mere data processor on behalf of its Business Clients, and TouchNet therefore handles such Personal Data strictly in accordance with such Business Client's instructions and pursuant to TouchNet's contractual arrangements with them. Accordingly, at all times, with respect to each Secondary User, such Secondary User's Personal Data will always be subject to disclosure to such Secondary User's Related Institution (which is TouchNet's Business Client). Secondary Users with an existing relationship with one of TouchNet's Business Clients should refer to such Business Client's website to understand the privacy practices that apply to Personal Data that TouchNet may maintain about such Secondary Users. Moreover, Secondary Users wishing to access and review their Personal Data should contact their Related Institution (which is TouchNet's Business Client) with any such requests. TouchNet will cooperate as appropriate with requests from TouchNet's Business Clients to assist with such responses.
Personnel affiliated with TouchNet's Business Clients (“Business Client Personnel”) are entitled to use the TouchNet Client Community. TouchNet will request such Business Client Personnel's name and email address.
Business Client Personnel who use a bulletin board or forum on the TouchNet Website should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send unsolicited messages. TouchNet is not responsible for the Personal Data Business Client Personnel choose to submit in these forums. To request removal of your Personal Data from our bulletin board or forum, contact us at email@example.com. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
If you choose to use TouchNet's “contact us” form on the TouchNet Website, TouchNet will collect users' names, email addresses and phone numbers. TouchNet uses this information for the sole purpose of responding to the user's request.
TouchNet reserves the right to disclose Personal Data as required by law and when TouchNet believes that disclosure is necessary to protect its rights and/or comply with a judicial proceeding or court order.
TouchNet may disclose Personal Data to Business Clients and subcontractors as necessary in connection with the performance of requested services or solutions or as otherwise appropriate in connection with a legitimate business need. TouchNet may also disclose US and Personal Data as necessary in connection with the sale or transfer of all or part of its business. In these situations, TouchNet will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbor, or otherwise take steps to ensure that the Personal Data is appropriately protected. You will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data. TouchNet may also disclose Personal Data where required or permitted by law, or where TouchNet believes that such disclosures are appropriate in connection with a law enforcement request.
Much of TouchNet's business involves Web-enabling of the functionality of its Business ERP and other business computer applications and enabling e-commerce functionality for its Business Clients. In that way, certain Websites may have the appearance of a TouchNet site, when, in fact, the data gathered thereunder, including Personal Data, is controlled not by TouchNet, but rather by TouchNet's Business Clients. To the extent TouchNet collects and stores Personal Data on behalf of Business Clients, TouchNet will maintain such data in accordance with policy and its agreements with its Business Clients. Secondary Users should be aware that all such TouchNet-gathered data is open to inspection and use by its Business Clients; however, TouchNet will make the Personal Data of a Secondary User available, not to all TouchNet Business Clients, but rather only to the TouchNet Client that constitutes the particular Secondary User's Related Institution. It is therefore important for Secondary Users to be familiar both with TouchNet's policy and such Business User's Related Institution's policy.
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. TouchNet's computer programs employ cookies. TouchNet, however, does not link the information stored in cookies to any Personal Data.
TouchNet uses session cookies to make it easier for Secondary Users to navigate the TouchNet site. A session ID cookie expires when the user closes his/her browser.
When Secondary Users and/or Business Client Personnel sign up for the various services offered on TouchNet authored and/or controlled Websites, such users are automatically opted-in to receive marketing emails. Such users may at any time unsubscribe from receiving these types of email communications by following the unsubscribe instructions within each email communication.
Toughey Talks Email
When users sign up to receive these types of email communications such user's name, email address, phone number, and mailing address may be requested. Information gathered in this way will be used only to send such users the monthly email. Such users may at any time unsubscribe from receiving these types of email communications by following the unsubscribe instructions within each email communication.
TouchNet may send Business Client Personnel service-related announcements and TouchNet's Business Clients, using TouchNet-authored software and may send similar announcements to Secondary Users when it is necessary to do so. For instance, if TouchNet's service or the service offered by a TouchNet Business Client is temporarily suspended for maintenance, TouchNet and/or its Business Client might send Secondary Users an email notification.
Generally, End Users may not opt-out of these communications, which are not promotional in nature.
When appropriate, TouchNet and/or its Business Client, as applicable, will communicate with End Users in response to their inquiries, to provide the relevant services, and to manage such users' accounts. TouchNet and/or its Business Clients will ordinarily communicate with Business Client Personnel or Secondary Users, as the case may be, by email or telephone, in accordance with the expressed wishes of such End Users.
Links to Other Sites
If, while on a TouchNet Site, the End User clicks on a link to a third party site, such user will leave TouchNet’s Site and go to the selected site. Because TouchNet cannot control the activities of third parties, TouchNet cannot and does not accept responsibility for any use of any person's Personal Data by such third parties, and TouchNet cannot and does not guarantee that such third parties will adhere to the same privacy practices as does TouchNet or as do TouchNet's Business Clients. End Users are encouraged to review the privacy statements of any other service provider from whom services are requested.
Data Security and Integrity
TouchNet utilizes hosting centers that store and process Personal Data in various locations in the United States. TouchNet takes reasonable precautions to protect Personal Data in these centers and in other locations in the United States from loss, misuse and unauthorized access, disclosure, alteration, and destruction. TouchNet also makes reasonable efforts to keep Personal Data reliable for its intended use, accurate, current, and complete.
The security of individuals' personal information is important to TouchNet. When sensitive information (such as a credit card number or username and password) is entered on our site, TouchNet encrypts that information during transmission using transport layer security (TLS) technology.
TouchNet uses commercially reasonable efforts to follow generally-accepted industry standards to protect the Personal Data submitted or otherwise furnished to or accessed by TouchNet both during transmission and once received. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although TouchNet strives to use commercially acceptable means to protect Personal Data, neither TouchNet nor anyone else can guarantee its absolute security.
If there are any questions about security, individuals are invited to contact TouchNet at firstname.lastname@example.org.
We will use Personal Data only for the purpose for which it was first collected or subsequently authorized by the individual or for other compatible purposes.
We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete and current.
We will retain our Business Clients’ and End Users' Personal Data we process on behalf of our Business Clients for as long as the account is active or as needed to provide services to our Business Clients and their End Users. TouchNet will retain these Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Persons with questions about this Safe Harbor Privacy Statement, or persons wishing to request access to Personal Data that TouchNet maintains, are invited to contact TouchNet as follows and we will respond in a reasonable timeframe:
TouchNet Information Systems, Inc.
Attention: Privacy Office
15520 College Blvd.
Lenexa, Kansas 66219USA
TouchNet complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. TouchNet has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view TouchNet's certification, please visit http://www.export.gov/safeharbor/.
Changes in this Privacy Statement or Our Privacy Practices
If we decide to change our privacy statement or practices, we will post those changes to this privacy statement, the home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Effective Date: 0/12/2013