Privacy policy

Privacy Policy

General Privacy Policy & Declaration of Self-Certification Under US – EU Safe Harbor Privacy Principles and Framework & US – Swiss Safe Harbor Privacy Principles and Framework

(Revised March, 2015)

Adoption and Declaration of General Privacy Policy

Critical Technologies, Inc. ("Critical") and AirVault® , a division of Critical Technologies, has adopted the following privacy policy (the "Privacy Policy") in order to allow the user (the "User") of various Critical Internet portals and Internet related services (the "Services") to make an informed decision on whether to provide Critical with the confidential personal data that may be requested of such User or that Critical may obtain as a result of the use of its Services.

About Our Services

Critical provides a robust, state-of-the art, fully web-based document management and workflow service for its business clients. Critical does not offer its Services to consumers. Critical’s clients are involved in a wide variety of industries including banking, credit unions, financial services, government, gaming, and aviation. Critical’s clients use our Services to store, manage, search, retrieve and route documents throughout their organizations, and to their industry affiliates, vendors, and regulatory agencies. The information we manage for our clients is highly confidential to our clients, and often contains highly confidential personal and business information about our clients’ customers and employees. Consequently, Critical uses the latest security and encryption technologies and best practices to prevent unauthorized disclosures of or access to this confidential information, and has adopted all legally required security measures for the protection of confidential information and has installed all the technical means and measures available to it in order to prevent the loss, incorrect use, alteration, unauthorized access and theft of confidential information provided to Critical. The User should nevertheless be conscious that Internet security measures are not impregnable.

Types of Information Collected & Uses of Information

(a) Traffic Data Collected. Critical automatically tracks and collects the following information when the User accesses the web sites and pages of the Services, including the User's: (i) IP address; (ii) domain server; (iii) type of computer; and, (iv) type of web browser (collectively "Traffic Data"). Traffic Data is anonymous information that does not personally identify a User but is helpful for maintaining system security, reliability, and for improving generally the User's experience with the Services. Critical may use cookies when a User browses the web sites and pages of the Services.

(b) Use of Cookies for System Login. A “cookie”, generally, is a computer/internet term for a small digital file that is stored on your computer after you visit a website that contains the address of the website and codes that your browser sends back to the website each time you visit a page there. Critical does not use cookies for website visits. However, Critical does use cookies to identify an authorized user of our Services for logging into our systems. These cookies make it possible for Critical to immediately recognize an authorized user without having to re-register that user on every login to our Service. The Critical cookies cannot read data from the hard disk or cookie files created by others. Critical encrypts the user's identifying data for increased security. The user has the option of configuring his/her browser to warn of the receipt of cookies and prevent their installation into his/her hard disk. The User should refer to the instructions and manuals of its browser for further information regarding cookies. Obstructing the installation of a Critical cookie will not prevent the use of the Services; however, the user will have to register each time he/she accesses a service requiring prior registration.

(c) Confidential Personal Information Collected. Critical does not collect for its own account or for its own purposes confidential information that would identify individual users. Moreover, Critical does not collect confidential personal information about Users such as age, income, account numbers, medical condition, financial condition, or government-issued identification numbers such as a social security number issued by the United States Government to its citizens and legal aliens. Such information may appear on data, images, or documents (e.g., a digital image of a canceled check sent to us by one of our bank clients) that are stored by our clients using our Services, but such information is not compiled by Critical independently of the specific data element, image or document containing such information, or for a purpose other than to enable our clients to search for and to retrieve the document for later business use.

The collection and use of confidential information will be limited to the following purposes: establishing and maintaining a contractual relationship between Critical and its clients; managing, administering, providing, expanding, and improving the Services to clients; customizing our Services to the User's tastes and preferences; analyzing and measuring the use of the Services; creating and marketing new features and services; sending updates of the Services to the User; sending, by traditional and electronic means, technical, operational and commercial information relating to the products and services offered by or through Critical; or sending the User voluntary surveys. Critical does not share confidential information with anyone outside Critical-client relationship or otherwise make available confidential information to third parties as a part of its Services.

(d) CAVEAT: User Information Collected May Be Used by Clients to Make Employment Decisions: Most Users of our Services are employees of direct and indirect (i.e., customers of resellers of our Services) clients. Our clients do use our Services to track, log, and report on all User activity such as (a) how long a User was logged on to the system, (b) the data or documents accessed, printed, downloaded, etc.; and, (c) how productive a particular User was in performing an employment task. Our clients use this logging and productivity information about Users, among other things, to maintain security and to make employment decisions regarding Users.

Limits of Privacy Policy

The Services contain links to other websites and URLs. Critical is not responsible for the privacy practices or the content of such websites. Critical also makes chat rooms, forums, message boards, and news groups available to the User. The User acknowledges that any information that is disclosed in these areas becomes public information. Users are therefore urged to exercise caution when deciding to disclose confidential personal information in such digital forums.

User Ability to Access, Update and Correct Confidential Personal Information

In order to ensure that all confidential personal information is correct and up-to-date, at any time the User may contact Critical’s President, Patrick Castleberry, via e-mail at or, to access, update, or correct his/her confidential personal information; provided, however, if the User contacting Critical for this purpose is an employee, former employee, authorized user, or former authorized User of our Services by virtue of a contract for Services between Critical and a client, no modification of any confidential personal information will occur without the prior written consent of the associated client.

Non-Disclosure and Security of User Information, confidential personal information and Traffic Data

Except as otherwise provided in this Privacy Policy, Critical will keep all User information, confidential personal information, and Traffic Data private to Critical and its associated client, and will not share it with third parties, unless such disclosure is necessary to: (a) comply with a court order or other legal process; (b) protect Critical's rights or property after consultation with the associated client; (c) enforce Critical's terms of Service; or (d) transfer possession of such data to a business that acquires substantially all of Critical’s stock or assets provided that such acquirer agrees in writing to protect such data from unauthorized disclosure pursuant to policies and procedures that provide equal or greater protection for such information.


Critical is based in the United States of America, and receives and stores in the United States confidential information and Personal Information pertaining to persons residing in and businesses located in the European Union (“EU”) and Switzerland. Such personal or business information is received from Critical clients or from our clients’ authorized Users of our Services through the clients’ voluntary submission in writing, electronic submission via our Services, or from a client in connection with requests for compilations and reports of a client’s use of our Services.

The US Department of Commerce, acting through the U.S. Federal Trade Commission, has negotiated treaties with the European Union and with the Republic of Switzerland to enable US companies such as Critical to comply with the various data security laws of the EU, its member states, and with Switzerland by “self-certifying” their compliance with such laws through the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework. Critical hereby certifies that it adheres to the seven Safe Harbor Privacy Principles common to both frameworks of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement, so that persons impacted by data, images and documents we receive from EU-based clients and Switzerland-based clients have a means to correct and protect their Personal Information from unauthorized disclosure. To learn more about these Safe Harbor programs, and to view Critical’s certifications under each program, please visit

For the purpose of this US-EU Safe Harbor Privacy Policy and the US-Swiss Safe Harbor Privacy Policy, the following definitions apply:

  • “Personal Information” means information:
    • Transferred from the EU or Switzerland to the United States, and
    • Pertains to a specific individual, or which can be linked to the individual, and identifies or can be used to identify an individual.
  • “Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sexual orientation.
  • “Traffic Data” refers to the following information Critical captures when a User accesses our websites and Services, including the: (i) User’s IP address; (ii) the domain server; (iii) the type of computer; and, (iv) type of web browser.

Declaration of Safe Harbor Privacy Principles

1. Notice

Critical receives Personal Information about consumers and Users of its Services from its clients in providing its Services to its clients. Critical’s clients are solely responsible for obtaining the consumer’s and User’s consent to share this information with Critical. Critical, however, does not collect Personal Information about consumers or Users of its Services independently of its clients. All such information is received by Critical from its clients through use of the Services and pursuant to the terms and conditions of Critical’s written Services contracts with its clients.

As part of its Services provided to clients, Critical may provide to its clients, reports and compilations of data, images and documents stored by Critical in its databases, and reports and compilations of User Traffic Data and user logging/tracking data. The information that is collected, reported and compiled may include User productivity information, User security information, and overall system use by a User. Our clients may use such reports and compilations to make employment decisions which may have an adverse impact on a particular User. However, Critical Services generally do not collect Sensitive Personal Information as defined above; provided, however, if any such Sensitive Personal Information is sent to us by an EU-based or Swiss-based client, the person to which such Sensitive Personal Information relates will have all of the rights set forth herein to correct and protect such information.

2. Choice

Critical may collect Personal Information about consumers only if, in a particular case, Critical’s client has, to the extent required by applicable law, certified to Critical that the consumer has affirmatively consented to such collection. Any consumers who wish to revoke their consent to Critical’s collection of information about them can do so at any time by sending written notification to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, ; provided, however, if the particular consumer wishing to revoke his/her consent is an employee of Critical’s EU-based or Swiss-based client and Critical has obtained the underlying Personal Information by virtue of providing its Services to the associated EU-based or Swiss-based client-employer, then Critical must also have the prior written consent of such client before agreeing to allow such revocation of consent.

The revocation does not mean that information already collected will be deleted or modified in any way, and in no event would any such deletion or modification occur without the prior written consent of the associated EU-based client or Swiss-based. Various laws, compliance obligations, and contracts require that Critical maintain data, images, and documents on file for a period of time. However, except in the case of the consumer-employee, the consumer’s data will not be further disclosed after Critical receives a revocation, and will not be used for any purpose other than maintaining an internal record for legal or contractual compliance purposes.

3. Onward Transfer (Transfers to Third Parties)

Critical will disclose the information obtained on a consumer only to Critical client’s and their authorized Users of our Services, and will deviate from this limitation only in the following cases, and then only in the minimal and limited amount reasonably or legally necessary under the circumstances: (i) to respond to subpoenas, court orders, or other legal process; (ii) to enforce Critical’s legal rights; (iii) otherwise to comply with applicable law; or, (iv) as part of a process of Critical’s acquiring another business or of a process of Critical’s being acquired, and in such case, Critical will not permit a third party to examine the information Critical has collected without a written confidentiality agreement and only to the extent permitted by law. Critical will not transfer the information it has collected unless the recipient agrees in writing to provide privacy protections equal to or exceeding those established by this Privacy Policy.

4. Access

Critical permits all consumers to inspect, and/or to receive a copy of, the Personal Information that Critical has collected about them in accordance with applicable law. Consumers also may request that Critical correct, amend or delete inaccurate information about them. Consumers who wish to exercise these rights may contact Critical by sending written notice to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, . For security purposes, Critical will require verification of the consumer’s identity.

5. Security

Critical is committed to protecting the Personal Information that it receives about consumers. While we cannot guarantee the security of that information in all events, we have implemented a comprehensive, state-of-the-art, independently-audited and tested, information security program that includes a combination of administrative, technical, training, and physical safeguards designed to protect against loss, misuse, and unauthorized access, disclosure, alteration and destruction of consumer Personal Information.

6. Data Integrity

In accordance with our Services contracts and applicable law, Critical takes reasonable steps to ensure that the information it receives from clients, and information that it reports or compiles for clients, is accurate, complete, current, and reliable for its intended use. Critical is not responsible for errors that exist within data, images, or documents received from clients, or within reports or compilations derived from such received items, and therefore cannot act as a guarantor of the information. Consumers who wish to dispute the accuracy of information that Critical maintains about them can do so by by sending written notice to Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, .

7. Enforcement

Critical conducts in-house verifications of its compliance with these Safe Harbor Privacy Principles. As part of our participation in the US-EU Safe Harbor Program and the Swiss Safe Harbor Program, we have designated the American Arbitration Association (specifically, the International Centre for Dispute Resolution of the American Arbitration Association) as our independent recourse mechanism for investigation of unresolved complaints relating to our compliance with both Safe Harbor Privacy Frameworks. For any complaints regarding our compliance with either Safe Harbor Framework, please contact Patrick M. Castleberry, President, Critical Technologies, Inc., 3601 South Broadway, Suite 1400, Edmond, Oklahoma (USA) 73003, . If contacting Critical does not resolve the complaint to the affected person’s satisfaction, the person may at any time seek relief with the American Arbitration Association using the following information:

If you would like to file a case by mail or fax, please complete the appropriate form(s) and forward to:

International Centre for Dispute Resolution
A Division of the American Arbitration Association
Case Filing Services
1101 Laurel Oak Road, Suite 100
Voorhees, NJ 08043

Phone: 856-435-6401
Toll free number in the US 877-495-4185
Fax number 877-304-8457
Fax number outside the US: 212-484-4178
Email box:

Further information about these Rules can be secured by contacting the International Centre for Dispute Resolution at 212.484.4181 or by visiting the ICDR’s Web site at

Complaints involving human resources data as defined by these Safe Harbor Frameworks may alternatively be submitted to the European Union Data Protection Authorities or Swiss Data Protection Authorities (as the case may be), and Critical hereby agrees to comply and cooperate fully with any investigation or inquiry instituted by any such authorities.

User's Acceptance of These Terms

By using the Services, the User signifies his/her assent to the Critical Privacy Policy. If the User does not agree to this Privacy Policy, the User should cease all use of the Services. The User's continued use of the Services following the posting of updates, changes or modifications to these terms will mean the User accepts these changes.

Updates and Changes to Privacy Policy

Critical reserves the right, at any time and without notice, to modify, change, add to or update this Privacy Policy, simply by posting such change, update, or modification on the Critical web sites,, (the "Sites"). Any such change, update or modification will be effective immediately upon posting on the Site. Have questions? Please contact us at: