Your information security is paramount to us.
ITC Systems manages and maintains your institutions’ privilege credentialing system as a 3rd party Data Processor. As such, the main responsibility for data privacy compliance lies with your institution as the Data Controller. Therefore, your institution’s privacy statement governs the use of your personal information (instead of ours). Your institution determines what information we collect through our products and services and how it is used, and we process your information according to your institution’s instructions and the terms of our contracts with your institution. Please refer to your institution’s privacy statement.
Information we collect
Our products and services integrate with your institution’s systems. This provides us with your information to set up and maintain your profile and account that enables us to provide the product or service. This includes information in the following data categories:
Account information: The exact data elements will depend on the product, but often we receive your name, phone number, email address, institutional ID, account credentials, and emergency contact when we initially set up the products and services for your institution. We will receive regular updated information to keep your account information accurate and up to date.
Palm Biometrics: ITC Systems offers a palm vein biometric solution (AVRO Palm) that replaces or is associated with an existing physical credential. AVRO Palm is designed to be anonymous in that your palm biometric is associated only with the access card credential used at the time of enrollment and, when used, scans your palm and outputs only the associated credential number registered at the time of enrollment. The AVRO Palm database is independent, does not contain any personal identifiable information (PII), and does not share data with or interface to any other systems. AVRO Palm does not analyze your biometric data for secondary purposes or share any data external to the service. Retained biometric data is revoked either on a set calendar date or on a real time revocation request from the credential issuer as defined by them.
Credentials: Our products and services often integrate with your institution’s systems and rely on the credentials your institution uses. Where this is not the case, we will collect passwords, password hints, and similar security information that we use for authentication and account access.
Payment data: We collect data necessary to process your payments within our system, usage of our services including purchases on your institution’s credential, plans, attendance, and events. We collect payment history for your reference and made available to you. We do not store any credit card details.
Support: When you or your institution contacts us for support, we may collect limited information about you that you or a representative of your institution provides to us. We use this information only to assist with client support cases on behalf of your institution. When you contact us, your phone conversations or chat sessions with our client support teams may be monitored and recorded for training and quality purposes.
Indirectly from you
We collect information on how you use our products and services. Depending on which product or service you use, this may include the following data categories:
Location and events data: For some of our products and services, such as access cards and attendance, we will collect information about which premises and events you have visited and attended on behalf of your institution, as well as the time and date of such visits. We do not collect geolocation data when you use AVRO Mobile. You may be asked if you want to enable location data while using AVRO Mobile, however, this is only used to determine proximity to valid door access readers and does not record your location data.
Device and usage. We collect device and usage information when you access and use our products and services, including information that your browser or mobile app sends when you are using it. This data may include your unique device identifier, IP address, your browser type and configuration, the date and time of your use of the product or service, language preferences, and cookie data.
How we use this information
On behalf of your institution, we use your information under the instruction of your institution, which is the data controller. We use the information in accordance with our agreement with your institution to operate, maintain, and provide the features and functionality of the products and services. Your institution determines how your information is used.