- The personally identifiable information Ivalu collects and how it is used.
- With whom Ivalu may share information.
- The types of security procedures that are in place to protect against the loss, misuse, or alteration of information under Ivalu's control.
- The options available to users regarding collection, use, and distribution of the information.
- How users can correct any inaccuracies in their information.
Information Collection and Use
Ivalu is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. Ivalu collects information from our users at several different points on our Web site:
- Order Checkout and Customer Account Setup
We request information from the user on our order form (checkout), and in the new customer setup page. Here, a user must provide contact information (like name and shipping address). This information is used for billing purposes and to fill customer's orders. If we have trouble processing an order, the contact information is used to get in touch with the user.
Customer account information is retained by our system to provide our customers with faster service the next time they log in. It also allows an Ivalu employee to quickly find any information they need regarding a customer or an order so we can provide fast and reliable customer service. The information is kept confidential and secure, and is only accessible by the customer, or an employee of Ivalu that has been granted system access for the purpose of handling online orders. All Web pages involving private customer information, including our back store Web page, are secured using 128-bit SSL encryption. See below under "Sharing and Disclosure" for more information about SSL security encryption.
- Session Cookies
A cookie is a piece of data stored on the users computer containing information about the user. A session cookie, unlike any other cookie, only stores an ID number on the user's computer that is linked to information stored on the server when a user is connected. This information might be the items in your shopping cart, your user name and password, and other information that is needed to keep track of what you do while you are connected to our site. The cookie itself contains no personally identifiable information and is only linked to personally identifiable information on our server during an individual login session. The session cookie's id number is hidden during all transactions between the user and the server, and a secure connection is also used for those transactions. Each user connected is assigned a unique session cookie that only they can access. This makes it impossible for an external entity to gain access to the personally identifiable information through use of the session cookie. The session cookie only lasts as long as the user is viewing our site. Upon logging out or closing your web browser, the session cookie is removed.
- Log Files
Like most standard Web site servers we use log files to track user information. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer the site, track user movements in the aggregate, and gather broad demographic information for aggregate use. The information collected, including the IP address, is not linked to personally identifiable information.
- Alternate Methods of Collection
For users who are particularly concerned about Internet security, we offer an alternative to placing an order using our secure online checkout. Orders can be placed by phone or fax, and this contact information is provided on the order form as well as on the contact page of our Web site
Sharing, Disclosure, and Security
Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order, or legal process served on our Web site. We reserve the right to release the information to a law enforcement agency without the user's permission if we believe the information to be fraudulent. Any information requested by a third party for any other reason will not be disclosed without the user's permission.
Clients who transmit personal information to us using insecure methods (namely email) do so at their own risk. We cannot and will not take responsibility for any damages incurred to the customer if their personal information is intercepted by a person with malicious intent while being transmitted insecurely. We can only warrant the protection of personal information if it is transmitted using secure methods, which include our secure order page and fax or telephone.
The checkout on our Web site stores users' personal information, including names, addresses, contact information, and credit card numbers on the servers of our Web site host, clic.net. This information is held on a secure server so it can then be retrieved for processing by a Ivalu representative. clic.net does not have access to this information without our express permission wherein we believe it is absolutely necessary for them to have access to our account in order to provide technical support. The Security section below outlines how the transmission of your information is protected.
Our users' names and addresses are shared with Canada Post for the purpose of delivering orders. The use of users' personally identifiable information by these shipping agents is governed by their individual privacy policies. See www.canadapost.ca for more information on Canada Post's privacy practices.
This web site contains links to other sites. Please be aware that Ivalu is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.
- Third Party Intermediaries
For added security, any user may request the use of a third party intermediary known as an escrow service to handle the financial transaction where the value of the transaction is significantly high (in excess of $5,000 CAD). An escrow service operates by taking the users payment without releasing any financial information (including credit card number and expiry date) to Ivalu. The users payment is then held until the user confirms receipt of their order, at which time the escrow service releases the payment to Ivalu. For more information visit www.escrow.com.
- Business Transitions
In the event that Ivalu goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users personal information will, in most instances, be part of the assets transferred. Users will be notified via prominent notice on our Web site for 30 days prior to a change of ownership or control of their personal information. If, as a result of the business transition, the users personally identifiable information will be used in a manner different from that stated at the time of collection, they will be given a choice consistent with our notification of changes section.
Our Web site takes every precaution to protect our users information. When users submit sensitive information via the Web site, their information is protected both online and off-line.
When our order checkout asks users to enter sensitive information (such as credit card number), it is protected during transmission with 256-bit SSL encryption, the best encryption software in the industry. The security certificate information can be viewed by clicking the locked icon that appears in your browser, or selecting the appropriate menu option in your Web browser. All areas of the site that involve personally identifiable information, including our back-store area, make use of SSL encryption to ensure our customers information is kept safe at every level.
While we use SSL encryption and user access restrictions to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users information, not just the sensitive information mentioned above, is restricted Ivalu's offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. At year end, all records are stored in a locked storage room and rarely referred to again. Credit card information is always destroyed.
All employees of Ivalu and any third parties with access to the information on the server are kept up-to-date on our security and privacy practices. Any time new policies are added or changed, our employees and partners are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers information is protected.
If you have any questions about the security at our Web site, please feel free to contact us.
Supplementation of Information
- Correcting/Updating/Deleting/Deactivating Personal Information
If a users personally identifiable information changes before we have finished processing an order, or if a user decides to cancel their order or make changes to the shipping address or credit card information, this can be done by contacting our Customer Service department by email, phone, or fax. Contact information is provided on the Contact Page of our Web site. When we receive a request to cancel an order, the order will be deleted from our electronic online database, and any documents and computer records pertaining to the order containing the users personally identifiable information will also be destroyed. Information from previous orders will be retained unless the user requests that we destroy it. Email correspondence will always be retained for future reference.
- Notification of Changes
Communications From The Site
We communicate with users on a regular basis to provide requested services and in regards to issues relating to their order. We reply via email or phone in accordance with the users wishes.