Our Commitment to Privacy
Information We Collect
The following are some examples of when Cority may require that you provide personally identifiable information: (1) To complete an online form for a product or service surveys (if you do not wish to complete an online form, we will always provide an option for you to complete an order by calling a phone number); (2) To request more information about new or current Cority products or services. We use the information to contact customers to further discuss customer interest in our company, the services that we provide, and to send information regarding our company. Cority does not sell, transfer or provide any personally identifiable information to third parties, except for data processors for our hosted product as noted below under the section titled “Third Parties”, and complies with the EU General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA).
Respect of the Rights of Individuals
Customers of Cority hosted software services will be using Cority-provided infrastructure to host data and information. Cority will not release such customer employee data except on the explicit written instructions of an approved officer of the Customer or as otherwise required by law. Individual records may at times be viewed or accessed by Cority to resolve a problem, provide user support, to investigate a customer’s compliance with our terms and conditions, or as may be required by law.
Customers are responsible for compliance with applicable privacy laws, including:
Obtaining employee’s informed and signed consent on the transmission of personal health data to Cority’s hosting services. This includes the process for handling user opt-out, requests for erasure (‘right to be forgotten’), their right to request access to a copy of their personal information stored by Cority, their right to request a correction to their personal information stored by Cority, and their right to request a record of uses and disclosures of their personal information stored by Cority.
Maintaining the confidentiality and security of their employee data, user registrations and passwords, and restricting access to their personal data.
Cority will not share personally identifiable information with third parties unless stated at the time of collection and except as follows: Cority may store customer data with third-party data centers or managed service platforms as part of Cority’s hosted software offering, but only with third parties that meet Cority’s information security standards, as evidenced by certifications for their information security management system (ISO 27001, SAS 70).
When you view one of our web sites or advertisements, we may store some information on your computer. This information will be in the form of a “Cookie” or similar file and will be used to determine ways to improve our Web sites, advertisements, products or services. For example, Cookies allow us to tailor a Web site to better match your interests and preferences.
Security of your Personal Data
Cority has achieved ISO 27001 certification for Information Security Management Systems. As part of its compliance with this rigorous information security system, Cority has implemented appropriate technical and organizational security measures to prevent (1) unauthorized or unlawful disclosure or access to personal data; (2) accidental or unlawful loss, destruction, alteration, or unauthorized disclosure of your personal data; and (3) accidental damage to your personal data. These measures ensure an appropriate level of security in relation to the risks inherent in the processing and the nature of the personal data to be protected. Your securely held personal data will only be accessible by select authorized members of staff within Cority.
Cority has also achieved ISO/IEC 27018 certification. ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
For European Union and Swiss – US data transfers, Cority adheres to the Privacy Shield Principles, which are available at: https://www.cority.com/privacy-shield-statement/
Who to Contact
Should you have other questions or concerns about these privacy policies, or any information privacy-related questions, please contact Cority’s Chief Privacy Officer at 416-863-6800 or firstname.lastname@example.org