(Revised March, 2015)
About Our Services
Critical provides a robust, state-of-the art, fully web-based document management and workflow service for its business clients. Critical does not offer its Services to consumers. Critical’s clients are involved in a wide variety of industries including banking, credit unions, financial services, government, gaming, and aviation. Critical’s clients use our Services to store, manage, search, retrieve and route documents throughout their organizations, and to their industry affiliates, vendors, and regulatory agencies. The information we manage for our clients is highly confidential to our clients, and often contains highly confidential personal and business information about our clients’ customers and employees. Consequently, Critical uses the latest security and encryption technologies and best practices to prevent unauthorized disclosures of or access to this confidential information, and has adopted all legally required security measures for the protection of confidential information and has installed all the technical means and measures available to it in order to prevent the loss, incorrect use, alteration, unauthorized access and theft of confidential information provided to Critical. The User should nevertheless be conscious that Internet security measures are not impregnable.
Types of Information Collected & Uses of Information
(c) Confidential Personal Information Collected. Critical does not collect for its own account or for its own purposes confidential information that would identify individual users. Moreover, Critical does not collect confidential personal information about Users such as age, income, account numbers, medical condition, financial condition, or government-issued identification numbers such as a social security number issued by the United States Government to its citizens and legal aliens. Such information may appear on data, images, or documents (e.g., a digital image of a canceled check sent to us by one of our bank clients) that are stored by our clients using our Services, but such information is not compiled by Critical independently of the specific data element, image or document containing such information, or for a purpose other than to enable our clients to search for and to retrieve the document for later business use.
The collection and use of confidential information will be limited to the following purposes: establishing and maintaining a contractual relationship between Critical and its clients; managing, administering, providing, expanding, and improving the Services to clients; customizing our Services to the User's tastes and preferences; analyzing and measuring the use of the Services; creating and marketing new features and services; sending updates of the Services to the User; sending, by traditional and electronic means, technical, operational and commercial information relating to the products and services offered by or through Critical; or sending the User voluntary surveys. Critical does not share confidential information with anyone outside Critical-client relationship or otherwise make available confidential information to third parties as a part of its Services.
(d) CAVEAT: User Information Collected May Be Used by Clients to Make Employment Decisions: Most Users of our Services are employees of direct and indirect (i.e., customers of resellers of our Services) clients. Our clients do use our Services to track, log, and report on all User activity such as (a) how long a User was logged on to the system, (b) the data or documents accessed, printed, downloaded, etc.; and, (c) how productive a particular User was in performing an employment task. Our clients use this logging and productivity information about Users, among other things, to maintain security and to make employment decisions regarding Users.
The Services contain links to other websites and URLs. Critical is not responsible for the privacy practices or the content of such websites. Critical also makes chat rooms, forums, message boards, and news groups available to the User. The User acknowledges that any information that is disclosed in these areas becomes public information. Users are therefore urged to exercise caution when deciding to disclose confidential personal information in such digital forums.
User Ability to Access, Update and Correct Confidential Personal Information
In order to ensure that all confidential personal information is correct and up-to-date, at any time the User may contact Critical’s President, Patrick Castleberry, via e-mail at email@example.com or firstname.lastname@example.org, to access, update, or correct his/her confidential personal information; provided, however, if the User contacting Critical for this purpose is an employee, former employee, authorized user, or former authorized User of our Services by virtue of a contract for Services between Critical and a client, no modification of any confidential personal information will occur without the prior written consent of the associated client.
Non-Disclosure and Security of User Information, confidential personal information and Traffic Data
Critical is based in the United States of America, and receives and stores in the United States confidential information and Personal Information pertaining to persons residing in and businesses located in the European Union (“EU”) and Switzerland. Such personal or business information is received from Critical clients or from our clients’ authorized Users of our Services through the clients’ voluntary submission in writing, electronic submission via our Services, or from a client in connection with requests for compilations and reports of a client’s use of our Services.
The US Department of Commerce, acting through the U.S. Federal Trade Commission, has negotiated treaties with the European Union and with the Republic of Switzerland to enable US companies such as Critical to comply with the various data security laws of the EU, its member states, and with Switzerland by “self-certifying” their compliance with such laws through the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework. Critical hereby certifies that it adheres to the seven Safe Harbor Privacy Principles common to both frameworks of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement, so that persons impacted by data, images and documents we receive from EU-based clients and Switzerland-based clients have a means to correct and protect their Personal Information from unauthorized disclosure. To learn more about these Safe Harbor programs, and to view Critical’s certifications under each program, please visit http://www.export.gov/safeharbor/
“Personal Information” means information:
- Transferred from the EU or Switzerland to the United States, and
- Pertains to a specific individual, or which can be linked to the individual, and identifies or can be used to identify an individual.
- “Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sexual orientation.
- “Traffic Data” refers to the following information Critical captures when a User accesses our websites and Services, including the: (i) User’s IP address; (ii) the domain server; (iii) the type of computer; and, (iv) type of web browser.
Declaration of Safe Harbor Privacy Principles
Critical receives Personal Information about consumers and Users of its Services from its clients in providing its Services to its clients. Critical’s clients are solely responsible for obtaining the consumer’s and User’s consent to share this information with Critical. Critical, however, does not collect Personal Information about consumers or Users of its Services independently of its clients. All such information is received by Critical from its clients through use of the Services and pursuant to the terms and conditions of Critical’s written Services contracts with its clients.
As part of its Services provided to clients, Critical may provide to its clients, reports and compilations of data, images and documents stored by Critical in its databases, and reports and compilations of User Traffic Data and user logging/tracking data. The information that is collected, reported and compiled may include User productivity information, User security information, and overall system use by a User. Our clients may use such reports and compilations to make employment decisions which may have an adverse impact on a particular User. However, Critical Services generally do not collect Sensitive Personal Information as defined above; provided, however, if any such Sensitive Personal Information is sent to us by an EU-based or Swiss-based client, the person to which such Sensitive Personal Information relates will have all of the rights set forth herein to correct and protect such information.
Critical may collect Personal Information about consumers only if, in a particular case, Critical’s client has, to the extent required by applicable law, certified to Critical that the consumer has affirmatively consented to such collection. Any consumers who wish to revoke their consent to Critical’s collection of information about them can do so at any time by sending written notification to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, email@example.com ; provided, however, if the particular consumer wishing to revoke his/her consent is an employee of Critical’s EU-based or Swiss-based client and Critical has obtained the underlying Personal Information by virtue of providing its Services to the associated EU-based or Swiss-based client-employer, then Critical must also have the prior written consent of such client before agreeing to allow such revocation of consent.
The revocation does not mean that information already collected will be deleted or modified in any way, and in no event would any such deletion or modification occur without the prior written consent of the associated EU-based client or Swiss-based. Various laws, compliance obligations, and contracts require that Critical maintain data, images, and documents on file for a period of time. However, except in the case of the consumer-employee, the consumer’s data will not be further disclosed after Critical receives a revocation, and will not be used for any purpose other than maintaining an internal record for legal or contractual compliance purposes.
3. Onward Transfer (Transfers to Third Parties)
Critical permits all consumers to inspect, and/or to receive a copy of, the Personal Information that Critical has collected about them in accordance with applicable law. Consumers also may request that Critical correct, amend or delete inaccurate information about them. Consumers who wish to exercise these rights may contact Critical by sending written notice to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, firstname.lastname@example.org . For security purposes, Critical will require verification of the consumer’s identity.
Critical is committed to protecting the Personal Information that it receives about consumers. While we cannot guarantee the security of that information in all events, we have implemented a comprehensive, state-of-the-art, independently-audited and tested, information security program that includes a combination of administrative, technical, training, and physical safeguards designed to protect against loss, misuse, and unauthorized access, disclosure, alteration and destruction of consumer Personal Information.
6. Data Integrity
In accordance with our Services contracts and applicable law, Critical takes reasonable steps to ensure that the information it receives from clients, and information that it reports or compiles for clients, is accurate, complete, current, and reliable for its intended use. Critical is not responsible for errors that exist within data, images, or documents received from clients, or within reports or compilations derived from such received items, and therefore cannot act as a guarantor of the information. Consumers who wish to dispute the accuracy of information that Critical maintains about them can do so by by sending written notice to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, email@example.com .
Critical conducts in-house verifications of its compliance with these Safe Harbor Privacy Principles. As part of our participation in the US-EU Safe Harbor Program and the Swiss Safe Harbor Program, we have designated the American Arbitration Association (specifically, the International Centre for Dispute Resolution of the American Arbitration Association) as our independent recourse mechanism for investigation of unresolved complaints relating to our compliance with both Safe Harbor Privacy Frameworks. For any complaints regarding our compliance with either Safe Harbor Framework, please contact Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, firstname.lastname@example.org . If contacting Critical does not resolve the complaint to the affected person’s satisfaction, the person may at any time seek relief with the American Arbitration Association using the following information:
If you would like to file a case by mail or fax, please complete the appropriate form(s) and forward to:International Centre for Dispute Resolution
A Division of the American Arbitration Association
Case Filing Services
1101 Laurel Oak Road, Suite 100
Voorhees, NJ 08043
Toll free number in the US 877-495-4185
Fax number 877-304-8457
Fax number outside the US: 212-484-4178
Email box: email@example.com
Further information about these Rules can be secured by contacting the International Centre for Dispute Resolution at 212.484.4181 or by visiting the ICDR’s Web site at www.icdr.org.
Complaints involving human resources data as defined by these Safe Harbor Frameworks may alternatively be submitted to the European Union Data Protection Authorities or Swiss Data Protection Authorities (as the case may be), and Critical hereby agrees to comply and cooperate fully with any investigation or inquiry instituted by any such authorities.
User's Acceptance of These Terms
- firstname.lastname@example.org or email@example.com
- Patrick M. Castleberry, President; Critical Technologies, Inc.; 3601 South Broadway, Suite 1400; Edmond, Oklahoma (USA) 73013; Office: 405-478-8181, x120; Fax: 405-478-0198 (not to be used for solicitations or advertising); Email: firstname.lastname@example.org