Last updated: April 2023
This policy DOES NOT apply to information that is collected by any third party.
If you have any questions or concerns, please contact us at firstname.lastname@example.org
Veriforce LLC https://veriforce.com/ (‘we’ or ‘our’ or ‘us’) is a US registered company with headquarters in Houston, TX and offices in Covington, LA and Calgary and Toronto, Canada, as well as in Pretoria, South Africa and Merton, UK. Our “Affiliate(s)” are companies that are under Veriforce common ownership.
We provide easy-to-use global online compliance, management and training platforms (“Applications”) and associated services for businesses of all sizes that require end-to-end supply chain risk and compliance management solutions. If you want to find out more about what we do, see the What We Do – Veriforce page.
Our Application and associated services may be contracted by:
Clients, Suppliers and End Users altogether referred to as ‘Customers’.
How the Compliance Applications Work
The Applications’ functionality allows Clients to promote their business profile to Suppliers within the Applications as solely decided by the Clients.
We collect information by fair and lawful means and limit the collection to the personal information that is necessary for us to provide our contracted services. We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and services, when you participate in activities on the services, or otherwise when you contact us, in particular:
We collect information directly from you when:
We may collect information about you from other parties, for example your employer, when information is manually entered or uploaded to the Applications sites. The personal information always collected is:
Other information is also collected which may relate to the business that has contracted our services. If the business is a sole trader or an incorporated business, the information may be considered personal information:
We collect personal information from Suppliers who require us to invite their existing suppliers/subcontractors to contract our services. You may be one of these subcontractors (‘End Users’). The personal information received from Suppliers may include:
When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
We may collect data necessary to process your payment if you make a purchase, such as your payment instrument number and the security code associated with your payment instrument.
Clients, Suppliers and End Users are responsible to ensure the submission of any personal information to the Applications and to Veriforce, is compliant with all applicable privacy laws, regardless of jurisdiction. Clients are also responsible to ensure compliance with applicable privacy laws when deciding to share their account profiles with other Suppliers.
All privacy information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
We collect Information automatically
We automatically collect certain information when you visit, use, or navigate through our services, including system log files. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your Internet Protocol addresses, browser and device characteristics, internet service provider, operating system, language preferences, pages visited within our Applications, referring/exit pages, search terms, operating system, date/time stamp, and clickstream data, device name, country, location, information about how and when you use our services, and other technical information.
We collect and track information automatically (“System data”) when you visit our Applications:
For purposes of clarity, Usage Data excludes all data processed on the Applications. Veriforce will own and retain all right, title, and interest in and to the Usage Data and may use Usage Data during and after the term of the contracted services for the purposes of implementing, operating, maintaining and improving the Applications and fulfilling its obligations hereunder.
This information is used to:
Some of this information may also be collected using cookies; see Cookies section below.
The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our services and which we record in log files. Depending on how you interact with us, this log data may include your Internet Protocol addresses, device information, browser type, and settings and information about your activity in the services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
Device Data. We collect device data such as information about your computer, phone, table, or other device you use to access the services. Depending on the device used, this device data may include information such as your Internet Protocol address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect location data such as information about your devices/location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your Internet Protocol address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the services.
Interest-Based Online Advertising and Google Analytics. We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
We use the personal information for the following purposes:
We may use your personal information we collect for one or more of the following purposes:
We do not generally share your personal information but if we need to, we will only disclose your personal information to:
Veriforce does not sell personal information.
Your personal information is stored on the Applications servers in Canada and the USA.
Some of our third party service providers are based in the USA and other international jurisdictions. We conduct Risk assessments on all suppliers and have Data Processing agreements in place with all to ensure private data is processed appropriately and safely.
The length of time we keep your personal information depends on whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested, to comply with applicable legal, tax or accounting requirements or to comply with our contractual obligations with Clients and Suppliers).
We’ll retain your personal information for as long as we have an ongoing relationship with you and for a period of time afterwards where there is an ongoing business need to retain it. Following that period, we’ll make sure it’s deleted or anonymized.
Security and confidentiality
Veriforce has implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect the personal information from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access during the processing to meet the requirements of applicable legislation.
It’s your personal information and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time by following the unsubscribe instructions contained in the marketing communications.
Based on the country you live in, you may also have the following rights:
Your right of access – You have the right to ask us for copies of your personal information. You may also access your personal information by logging into the Applications.
Your right to correct or rectify – You have the right to request us to correct, update or rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure/deletion/to be forgotten – You have the right to request erasure/deletion of your personal information, subject to our regulatory and contractual obligations.
Your right to restriction of processing – You have the right to request us to restrict the processing of your personal information under certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information under certain circumstances.
Your right to data portability – You have the right to request that we transfer the personal information you provided us, to another organisation, or to you, under certain circumstances.
Your right to withdraw consent – You have the right to withdraw consent regarding our collection and use of any of your personal information that was collected based on your previous consent at any time.
You are not required to pay any fees for exercising your rights. If you make a request, we have a fixed period of time, depending on the applicable privacy legislation, within which to respond to you. We will keep you updated of the progress of your request, as well as of the final result.
If you are a resident of the USA, you may be granted specific rights regarding access to and use of your personal information depending on the state you are a resident of.
California privacy legislation requires us to provide specific language and form, and since other state-specific privacy regulations have the same level of protection, but do not require the specific language or form, all other US jurisdictions are covered by CCPA Privacy Notice.
CCPA Privacy Notice
Veriforce has operations in California and is subject to California privacy laws.
Veriforce collects the following categories of personal information.
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|Category||Data that may be collected||Collected|
|Identifiers||Name, contact information, online identifiers, Social Security Numbers and other government-issued ID numbers, telephone numbers, email address, Internet Protocol address, account name, unique personal identifier. (on clients’ instructions)||Yes|
|Personal Information, as defined in the California consumer records law||Name, contact information, insurance policy number, education, employment, employment history||Yes|
|Protected classification characteristics under California or federal law||Sex, age, race, color, religion or creed, ancestry, national origin, disability, medical conditions, genetic information AIDS/HIV status, marital status, sexual orientation, gender identity, amd expression, citizenship, primary language, immigration status, military/veteran status, political affiliation/activities, domestic violence victim status, and request for leave.||Yes (to the extent the data is requested to be collected by the customer)|
|Commercial information||Transaction information, purchase history and financial details||Yes|
|Biometric information||Fingerprints and voiceprints||No|
|Internet or other similar network activity||Browsing history, search history, online behavior, interest data, interactions with our websites, applications, systems, advertisements||Yes|
|Geolocation data||Device location||Yes|
|Audio, electronic, visual, thermal, olfactory, or similar information||Images and audio, video or call recordings created in connection with our business activities||No (Unless the individuals participate in recorded meetings or calls)|
|Professional or employment-related information||Business contact details, work history, prior employments, human resources data and data necessary for benefits and related administrative services, professional qualifications, job titles||Yes|
|Education Information||Student records and directory information||No|
|Inferences drawn from other personal information||Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example and individual’s preferences, abilities, aptitudes and characteristics||Yes|
|Sensitive Personal Information||Social security numbers, account login information, contents of email or text messages, debit or credit card numbers, drivers’ licenses, precise geolocation and state ID card numbers||Yes (to the extent the data is requested to be collected by the customer)|
We will use and retain the collected personal information as needed to provide the services or for Categories A, B, C, D, F, G, H, I, K, L for 7 years.
Category L information may be used or disclosed to a service provider or contractor, for additional, specified purposes. You have the right to limit the use or disclosure of your sensitive personal information.
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
Use of personal information
We may use your personal information we collect for one or more of the following purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sources of personal information
Veriforce collects this personal information actively (e.g. direct input from you) or passively (e.g. website cookies). Additionally, we may also collect personal information from our Customers, Employers, business partners and vendors, where applicable.
More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at email@example.com, by calling toll-free at 1 (800) 673-1283, by visiting California Consumer Rights Request Form, or by referring to the contact details in the “How to Contact Us” Section.
Sharing personal information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except in compliance with the contract.
Please note that we do not sell personal information for any monetary consideration, and we do not engage in any cross-context behavioral advertising towards any consumers. We use B2B marketing strategies (such as account-based marketing) to generate sales leads; however, the use of personal information in connection with these marketing efforts, based on our analysis, does not qualify as a “sell” or “share” under the CCPA.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
|Personal Information Category||Business Purpose of Disclosure|
|A. Identifiers||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance platformCommunication tool providersData analytics providersID verification providersCRM providersMarketing service providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|B. Personal Information, as defined in the California consumer records law||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesID verification providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|C. Protected classification characteristics under California or federal law||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance platformID verification providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|D. Commercial information||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance platformID verification providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|E. Biometric information||Not collected|
|F. Internet or other similar network activity||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance platformCommunication tool providersData analytics providersID verification providersCRM providersMarketing service providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|G. Geolocation data||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance tool providersCommunication tool providersData analytics providersID verification providersCRM providersMarketing service providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|H. Audio, electronic, visual, thermal, olfactory, or similar information||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCommunication tool providers|
|I. Professional or employment-related information||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance tool providersID verification providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
|J. Education Information||Not collected|
|K. Inferences drawn from other personal information||Not collected|
|L. Sensitive Personal Information||Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional servicesCompliance tool providersCommunication tool providersID verification providersCRM providersSuppliers and Customers in the network of the Services who you work with or seek to work with through our Services|
We disclose your personal information for a business purpose to the following categories of third parties:
In the preceding twelve (12) months, we have not sold any personal information.
Retention of personal information:
Veriforce retains the personal information during the duration of the contractual relationship under which the personal information was collected and for a fixed period of time afterwards. The retention period is determined by contractual obligations and regulatory requirements applicable to each type of personal information. We will retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the purposes for which we process your personal information and applicable legal, contractual and regulatory requirements. In some circumstances we will anonymize your personal information for statistical purposes, in which case we may use this information indefinitely without further notice to you.
Disclosures related to sensitive personal information:
Veriforce may collect the following types of personal sensitive information from its individual Customers:
The sensitive personal information is shared with Veriforce Affiliates for the purpose of maintenance of the data and Applications, and fulfilling our contractual obligations.
Veriforce does not sell sensitive personal information.
California Privacy Rights
If you are a California resident and are engaged in a business relationship directly with Veriforce for the provision of Veriforce services or products, you may request the following information from Veriforce.
(1) Right to Know – You may request that we disclose to you the categories of, and specific pieces of personal information that we collected about you for the 12-month period preceding your request, including:
(2) Right to Request Deletion of your personal information – You may request that we delete your personal information that we have collected from you or maintain about you, subject to certain regulatory exceptions (e.g. if we are required by law to retain the information).
(3) Right to Opt-Out of Sale of personal information Veriforce does not sell the personal information it collects from its Customers, Employers and End Users.
(4) Right to Non-Discrimination – We will not discriminate against any consumer who has chosen to exercise their rights under the CCPA (i.e. deny you or charge you different prices/rate for products or services, or provide you different levels of quality of service).
(5) Right to limit the use of sensitive personal information – Veriforce does not use your sensitive personal information for purposes that are not necessary to perform the services contracted to deliver to you.
(6) Right to correct inaccurate information – You have the right to ask us to correct or modify the personal information we have about you.
(7) Right to opt-out of automated decision-making technology – Veriforce does not use automated decision making technologies.
Limit the Use of Sensitive Personal Information
You have the right to direct that we limit the use of your sensitive personal information to that use which is necessary to perform the services.
Once we receive your request, we are no longer allowed to use or disclose your personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.
Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about you is not covered by these rights, as well as the publicly available information.
To exercise these rights, you can contact us by email at firstname.lastname@example.org, by calling toll-free at 1 (800) 673-1283, by visiting California Consumer Rights Request Form, or by referring to the contact details in the “How to Contact Us” Section.
Sale of Personal Information
Please refer to California Consumer Rights Request Form if you want to exercise any of your rights under the CCPA, including the right to opt-out of the “sale” of your personal information and limit the use of sensitive personal information.
How to submit a California Rights Request
If this Privacy Statement applies to you, you may make a request for the disclosures described above or make a request to delete personal information we collected from you. See section “How to contact us” below for further details.
Upon receipt of your request we will provide directions on identity verification requirements which may include your name, email address and/or information Veriforce maintains on you, where appropriate. Your request will not be processed until your identity has been verified.
These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us with. For instance, depending on the type of request you submit, we may ask you to provide certain information so we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request you provide additional information for the purposes of verifying your identity and for security of fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
Once your identity has been confirmed, your request will be processed in accordance with the CCPA.
Authorized Agents Submitting a Rights Request on Behalf of a Consumer
You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Once a request has been submitted by an authorized agent, we may require additional information (i.e. your written authorization) to confirm the authorized agent’s authority.
Other Privacy rights
Under the CCPA, any business that processes the personal information of 10 million or more California residents annually, is required to disclose metrics about data subject access requests from California residents for the previous calendar year.
We do not process the personal information of 10 million or more California residents annually.
We have implemented a Vendor Management Procedure and perform risk assessments on all new and existing vendors to ensure the vendors meet the information security and privacy requirements. A list of all vendors and third parties that are engaged in data sub-processing is kept updated and are available to Customers at Veriforce Subprocessors and Affiliates.
All subprocessors are contractually bound to uphold the same level of information security and data privacy as we have in place.
How to Contact Us
Please contact us for more information or if you have questions or comments about our general privacy practices at email@example.com. You may also reach us by mail at the address below. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaint and relationship with us.
1575 Sawdust Road, Suite 600,
The Woodlands, Texas 77380, US
1 (800) 673-1283 (Toll-free 24/7 privacy line)
For listing of which countries are in the EU or EEA see https://europa.eu/european-union/about-eu/countries_en#other-european-countries and https://ec.europa.eu/eurostat/statistics-explained/index.php/Glossary:European_Economic_Area_(EEA).
Veriforce acts as a processor of your personal data collected for the purpose of providing the functionality of the Applications and associated services to Customers and Employers. We only process personal data as instructed or permitted by our Customers and Employers. The Customers and Employers are controllers of the personal data.
We have appointed an EU and UK representative, DataRep, which you may contact, should you have a complaint, comment or request:
International Data Transfers
We collect and process your personal data in the USA and Canada. We also share your personal data with service providers, affiliates and other third parties based in the USA and other jurisdictions without adequacy status. See section “How we share your information” above.
For data processing in USA and other non adequacy countries, we have implemented an approved transfer mechanism in place to protect your personal data through the use of contractual agreements incorporating the European Commission’s Standard Contractual Clauses.
We have implemented a Vendor Management Procedure and perform risk assessments on all new and existing vendors to ensure the vendors meet the information security and privacy requirements. A list of all vendors and third parties that are engaged in data sub-processing is kept updated and are available to Customers at https://veriforce.com/subprocessors.
How to contact us
If you would like to get in touch with us with any privacy related questions/comments or if you would like to exercise your rights, we have appointed and EU and UK representative, DataRep, which you may contact, should you have a complaint, comment or request:
contact us at firstname.lastname@example.org or write to our Data Protection Representative at:
We will get back to you within regulatory timelines.
If you are located in the EU, you also have a right to contact your local data protection authority as related to any of our privacy practices. Here is a list of EU data protection authorities and their addresses https://ec.europa.eu/info/law/law-topic//reform/what-are-_en.
We process your personal information as per requirements of the federal Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta PIPA.
Your rights to your personal information are:
Right to access
Right to be informed
Right to rectification
Right to deletion
How to contact us
If you would like to get in touch with us with any privacy related questions/comments or if you would like to exercise your rights, contact us at email@example.com or write to us at:
4838 Richard Rd SW Suite 200,
Calgary, AB T3E 6L1, Canada
You also have the right to complain to the federal or provincial Privacy Commissioners.
Here are the details:
Privacy Commissioner of Canada, 112 Kent Street, Ottawa, Ontario, K1A 1H3 -or- to the Office of the Information
For contact information for all provincial privacy commissioners or ombudsman, see https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/provincial-and-territorial-privacy-laws-and-oversight/
Cookies are small text files that are placed on your computer by websites that you visit.
See the Cookies banner for more information.
For privacy questions or concerns please contact us at firstname.lastname@example.org or 1 (800) 673-1283.