Your information security is paramount to us.
ITC Systems manages and maintains your institutions’ privilege credentialing system as a 3rd party Data Processor. As such, the main responsibility for data privacy compliance lies with your institution as the Data Controller. Therefore, your institution’s privacy statement governs the use of your personal information (instead of ours). Your institution determines what information we collect through our products and services and how it is used, and we process your information according to your institution’s instructions and the terms of our contracts with your institution.
Please refer to your institution’s privacy statement.
Information we collect
Our products and services integrate with your institution’s systems. This provides us with your information to set up and maintain your profile and account that enables us to provide the product or service. This includes information in the following data categories:
Account information: The exact data elements will depend on the product, but often we receive your name, phone number, email address, institutional ID, account credentials, and emergency contact when we initially set up the products and services for your institution. We will receive regular updated information to keep your account information accurate and up to date.
Credentials: Our products and services often integrate with your institution’s systems and rely on the credentials your institution uses. Where this is not the case, we will collect passwords, password hints, and similar security information that we use for authentication and account access.
Payment data: We collect data necessary to process your payments within our system, usage of our services including purchases on your institution’s credential, plans, attendance, and events. We collect payment history for your reference and made available to you. We do not store any credit card details.
Support: When you or your institution contacts us for support, we may collect limited information about you that you or a representative of your institution provides to us. We use this information only to assist with client support cases on behalf of your institution. When you contact us, your phone conversations or chat sessions with our client support teams may be monitored and recorded for training and quality purposes.
Indirectly from you
We collect information on how you use our products and services. Depending on which product or service you use, this may include the following data categories:
Location and events data: For some of our products and services, such as access cards and attendance, we will collect information about which premises and events you have visited and attended on behalf of your institution, as well as the time and date of such visits. Additionally, we may collect precise geolocation data when you use the mobile apps for some of our products. You will be asked if you want to enable location data before we collect such information from your device.
Device and usage. We collect device and usage information when you access and use our products and services, including information that your browser or the mobile app sends when you are using it. This data may include your unique device identifier, Internet Protocol address, your browser type and configuration, the date and time of your use of the product or service, language preferences, and cookie data.
How we use this information
On behalf of your institution, we use your information under the instruction of your institution, which is the data controller. We use the information in accordance with our agreement with your institution to operate, maintain, and provide the features and functionality of the products and services. Your institution determines how your information is used.