Privacy Policy

At Carleton Technologies Inc (CTI), protecting your personal data is our top priority. The following document outlines how Carleton Technologies handles personal data.

As a Canadian company, CTI’s products and services are in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the various Freedom of Information and Protection of Privacy Acts (FOIPPA) which apply in each province and territory.

Definitions

  • Personal data - Personal data is any information that relates to an identified or identifiable individual.

  • Our Software - Our Software encompasses all software and services developed and delivered by Carleton Technologies.

  • Merchant - The Merchant is a business that uses Our Software to run their business.

  • User - A User is an employee of the Merchant that accesses and uses Our Software.

  • Customer - A Customer is a customer of the Merchant that may access Our Software.

  • Vendor - A Vendor is a vendor of the Merchant that supplies some product or service.

  • Partner - A Partner is a third party company that provides an integrated product or service for Our Software.

  • Visitor - A Visitor is any individual that accesses Carleton Technologies' web sites or contacts Carleton Technologies support.

Overview

All personal data which is collected is accessible only by users with the appropriate access level to Our Software. Data can be retained as long as the Merchant desires and is never deleted from the system without specific user action.

All personal information in Our Software can be easily accessed (by authorized users), should a customer want to see their own personal information, and the personal information can be edited at any time, should any data need to be changed to improve its accuracy. All personal information in Our Software is stored in a single table in the database.

Data Sovereignty

The cloud servers provided by Carleton Technologies are located in Canada; all data resides in Canada and is subject to Canadian law.

Who owns Customer personal data?

Customer personal data collected by Our Software is owned by the Merchant. Customers who would like access to their information, or would like their information deleted, should contact the Merchant directly.

Customer Privacy

The following details Carleton Technologies' privacy policy when handling personal data collected, processed, and stored from a Customer by a Merchant using Our Software. Note that depending on the Software configuration, not all of this information is necessarily collected from Customers by Merchants.

Customer personal data collected by Our Software is owned by the Merchant. Customers who would like access to their information, or would like their information deleted, should contact the Merchant directly.

What information is collected?

How is it used?

Information that Customers submit about themselves:

  • Name
  • Address
  • Phone number
  • Email address
  • Single Sign On unique identifier

This information is collected by the Merchant to complete and deliver a Customer order and communicate regarding an order.

Order History:

  • Items purchased
  • Method of payment (no sensitive card holder data is transmitted, processed or stored at any time)
This information is retained in order to provide Customer service.

Usage Data, including:

  • IP address
  • Web browser
  • Other data submitted automatically by the Customer's web browser

Logs of when Our Software is used by a Customer are collected to meet legal and compliance requirements and are used to improve Our Software.

 

Merchant Privacy

The following details Carleton Technologies' privacy policy when handling personal data collected, processed, and stored by a Merchant using Our Software. Note that depending on the Software configuration, not all of this information is necessarily collected.

What is collected?

How is it used?

Information that the Merchant collects about Customers:

  • Name
  • Address
  • Phone number
  • Email address
  • Single Sign On unique identifier

This information is collected by the Merchant to complete and deliver Customer orders and communicate regarding orders.

This information is required for efficient follow up with Customer on their order.

Order History:

  • Items purchased
  • Method of payment (no sensitive card holder data is transmitted, processed or stored at any time)
This information is retained in order to provide Customer service.

Usage Data, including:

  • IP address
  • Web browser
  • Other data submitted automatically by the Customer's web browser
Logs of when Our Software is used by a Customer are collected to meet legal and compliance requirements and are used to improve Our Software.
Information that the Merchant collects about Customers who are Sponsored Students:
  • Student number
  • Name
  • Address
  • Phone number
  • Email address
  • Single Sign On unique identifier
  • Sponsor
  • Sponsorship amounts

Student numbers are collected by some Merchants to provide the ability to bill a third party who sponsors a student.

This information is required for efficient follow up with Customer on their order.

Information that the Merchant collects about their Vendors:

  • Vendor name
  • Contact name
  • Address
  • Phone number
  • Fax number
  • Email address
  • Web address

This information is collected by the Merchant to enable the Merchant to place purchase orders and communicate with the Vendor.

Information that the Merchant collect about their Users, including faculty and staff: 

  • Name
  • Address
  • Phone number
  • Email address
  • Single Sign On unique identifier

This information is collected by the Merchant to add functionality to Our Software such as delivering scheduled reports.

This information is also stored to identify who is accessing Our Software to meet legal and compliance requirements.

 

Partners and Integrations

Carleton Technologies integrates with several third-party platforms and on-campus systems to provide a seamless user experience. Partners include: PCI-compliant payment gateways, in-store payment solutions, external finance systems, external e-commerce systems, campus one card systems, external digital delivery systems, identity management systems, and other on-campus systems. Our Software often receives data from these systems.

Note that depending on the Software configuration, not all of this information is necessarily collected.

What information is received?

How is it used?

Non-Sensitive Card Holder Information such as:

  • Name 
  • Masked card number
  • Address verification.
This information is collected by Our Software for fraud prevention, legal, and compliance requirements.

Identity Information:

  • Name
  • Email address
  • Single Sign On unique identifier
  • Student number
  • Faculty number

This information is collected to identify and correlate an individual to specific courses.

Depending on the integration, the email address, the Single Sign On unique identifier and/or the Student number may be required for CTI to provide adequate level of business service.

 

Visitor Privacy

The following details how Carleton Technologies handles the personal data of Visitors to any of our web sites including our support channel.

What is collected?

How is it used?

Information that Visitors submit about themselves:

  • Name
  • Address
  • Phone number
  • Email address

This information is collected by Carleton Technologies to complete a sales or support request submitted by the Visitor. It is also used to communicate with the Visitor regarding Our Software.

Some or all of this information may be needed depending on the request type and the urgency of the situation.

Usage Data, including:

  • IP address
  • Web browser
  • Other data submitted automatically by the Visitor's web browser

Logs of when Our Software is used by a Visitor are collected to meet legal and compliance requirements and are used to improve Our Software.

 

How personal information is protected

Protecting personal information is Carleton Technologies' highest priority. To ensure that personal information is protected, Carleton Technologies follows industry best practices and maintains PCI-DSS compliance to secure the processing of credit card data with our Partners and protect personal data.

Who owns the data and who is it shared with?

All data collected by Our Software is owned by the Merchant. Carleton Technologies does not share data with any party other than the Merchant who owns the data unless legally required to by an enforceable court order, subpoena, or search warrant. Carleton Technologies will notify the Merchant before disclosing information unless Carleton Technologies is legally prohibited from doing so.

Carleton Technologies is a "data processor" and "service provider" and will never sell or share Merchant data.

How "cookies" are used

Our software uses "cookies" to track Customer, Visitor, and User sessions. This enables Our Software to authenticate and identify a Customer/Visitor/User throughout the duration of a website visit, such as throught the checkout process. 

How long is data stored?

Data retention is defined by the Merchant; Carleton Technologies will delete data only on the request of the Merchant who owns the data.

How you can contact us

If you have any questions related to privacy, please contact us at privacy@bookware3000.ca.