PERSONAL INFORMATION THAT WE COLLECT:
Vitality has developed an online subscription service (the “Subscription Service”) and related software that provides utility billing and energy management services to property owners and managers, as well as for the tenants and other occupants of such properties. In connection with our business, we collect and process the following categories of Personal Information of individuals:
- contact information (which may include name, physical address, telephone, and email address)
- other individual identifiers, including passwords, password hints, and similar security information used for identification and account access
- payment information, such as credit card type or number, bank account number, etc. Please note that we do not store credit card numbers or payment information. All credit card processing is done by a third party payment processing platform (currently Stripe). Vitality collects this payment data on a Vitality web form and passes it to the payment processor. This payment data is only in Vitality’s possession during this transit process
- purchasing history, such as historical purchase records; order numbers; identification of products and quantities purchased
- information regarding your electronic device(s) and IP address
- information regarding your use of our Subscription Service or other services
- internet use information
- regulatory information (to satisfy regulatory obligations such as tax and other reporting obligations)
California Consumer Privacy Act Notice: Pursuant to the § 1798.110 of the California Consumer Privacy Act (“CCPA”), the categories of personal information that we have collected about individual consumers in the preceding twelve months are:
- Identifiers, such as name, email address, social security number, IP address, etc.
- Some categories of personal information listed in the California Customer Records Statute: name, signature, social security number, address, telephone number, driver’s license or state, bank account number, credit card number, debit card number
- Commercial information
- Internet activity: IP address and Vitality web page usage analytics
- Geolocation data
- Inferences about personal preferences and attributes drawn from profiling (e.g., using cookies)
HOW WE COLLECT YOUR DATA:
General. Vitality collects Personal Information when you or your landlord, employer or organization register an account with us, when you visit our website, when you use our Subscription Service or other services, participate in a feature of our website that requests or requires your Personal Information, and when you otherwise transact business with or communicate with Vitality.
Sources of Personal Information include online submission forms, purchase orders, emails, instant messages, chat window communications, social media, in addition to the sources discussed below.
Data received from Subscription Service users. Our business customers who license our Subscription Service have employees who are granted administration rights to create accounts for other employees and for property tenants and occupants. Tenants and other occupants of the properties owned or managed by these customers may also set up their own accounts in the Subscription Service for utility billing purposes. These business customers act as data controllers (“Controllers”) in the use of the Subscription Service and the collection and processing of Personal Information to be able to effectively operate the Subscription Service. In such cases, our role in processing the Personal Information provided by our customers (or by their tenants or property occupants) is as a “Processor,” since we are processing data on behalf of the Controller (who is the customer). As a Processor, we are obligated to process this Personal Information as part of our license agreement entered with the customer. The Personal Information collected in this scenario generally includes the name, physical address and phone number of each assigned user, but may also include information related to employment, such as job title and role, scheduling information assigned to an individual and maintenance tasks performed by an individual. Processing of this Personal Information is performed on behalf of the customer and for the purpose of providing the services requested by the customer. If a tenant or property occupant sets up an account in the Subscription Service, Processing of their Personal Information is also performed by Vitality on behalf of such tenant or property occupant.
Data obtained for marketing purposes for potential customers or others. We obtain marketing data from third parties, such as marketing affiliates and web analytic services, that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Information collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our products and services, which may include marketing our products and services.
Cookies and Other Tracking Technologies: Vitality uses tracking technologies such as cookies to collect information from your web browser through our servers or filtering systems when you visit our website(s).
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, our website may not function properly for you, and you may not be able to use some sections or functions of our websites.
To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
Vitality uses additional web user tracking technologies such as clear GIFs, pixel tags, and web beacons.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites.
Information from Third Party Platforms. We may obtain Personal Information from and process it through third party connected services/plug-ins for online transactions, communications and digitization services. These third party services include: Intercom (chat), Google (email and calendar), Stripe (payment processing), Comcast (internet service), AWS (database services), Salesforce (customer relationship management or CRM), Zendesk (service ticket management), Jira (project management), Zoho Books and Quickbooks (accounts payable and receivable).
The information you post or provide to third parties, as well as the controls surrounding these disclosures, are governed by the policies of these third parties.
Special categories of data not collected. We do not actively collect or otherwise process Personal Information from minors and include in our Subscription Service agreements a condition that the customer will not provide any Personal Information of minors to us. The age of a minor varies by jurisdiction. For the purposes of Personal Information collected from the European Union, the age of a minor is under age sixteen (16). For purposes of the Children’s Online Privacy Protection Act (COPPA) in the U.S., the age of a minor protected by such law is under age thirteen (13).
We also do not actively collect or otherwise process special categories of Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
We do not actively collect or otherwise process Personal Information relating to criminal convictions and offences.
HOW WE USE YOUR DATA:
These purposes include:
- Our business purposes, including addressing customer service issues and warranty claims; processing sales leads, quotes, invoices and payments; collecting debts; planning and conducting marketing activities, tradeshows, trials, consultations, seminars, webinars, and demonstrations; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
- Purposes related to our Subscription Service. These purposes include licensing and operation of the Subscription Service, remote management, education and information services, training, webinars, communication, customer service, system monitoring and data security. We use Personal Information to enable use of system features and related services, including through use of third-party service providers. We also use Personal Information to communicate with our users to inform them of Subscription Service updates and enhancements, educational information, available features and modules, and other information that may helpful or informative for our users.
- For the Protection of Vitality and Others. If Vitality, in good faith, determines that you have used the service to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way in violation of law. Simply, if you attempt to use the website or purchase or use a product for any unlawful means, you have no expectation of privacy and we may use and disclose any and all information for the protection of Vitality and others.
- Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, Vitality believes that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend Vitality’s rights and property or prevent fraud; (3) protect Vitality against abuse, misuse or unauthorized use of Vitality’s products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then Vitality may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
- Subscription Service usage data. Vitality’s Subscription Service tracks energy usage information and data for properties (“Energy Data”) that is uploaded from meters on each property, and shares such data with Vitality and the property owner and/or manager that is Vitality’s customer. Energy Data is owned by such customer, which has granted Vitality a royalty-free, worldwide, irrevocable, perpetual license to collect, aggregate, use, distribute and sell Energy Data for any legal purpose, including without limitation for the purposes of providing the Subscription Service and other services, managing energy usage, and improving the Subscription Service and Vitality’s products and services generally. Vitality may retain and use Energy Data permanently. Property occupants are also granted a perpetual, royalty-free license to the Energy Data for the property that they are occupying, and that is generated for the period of time the occupant occupies that property, to export such Energy Data from the Subscription Service upon request, copy and use it for any legal purpose.
To the extent such Energy Data contains any Personal Information, Vitality and its business customer are not permitted to sell or otherwise provide such Energy Data to any third party unless the data been anonymized (e.g., no name or address attached to the particular data) and/or aggregated with other property occupants’ data, so that it is not identifiable as to any particular person. Notwithstanding the foregoing, Vitality and its customers may share Energy Data in its original form as necessary or appropriate to provide services to the property occupant (for example, using a third party to process payments) or to comply with their legal obligations. Such de-identified data may be retained and used by Vitality to improve its products and services and for other proper purposes, provided that such retention and use is permitted by applicable laws.
- Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Such de-identified data may be retained and used by Vitality to improve its products and services and for other proper purposes, provided that such retention and use is permitted by applicable laws.
Legal basis. We base our processing of Personal Information on the need to perform our contractual obligations under our license agreements and our legitimate activities as a provider of cloud-based software and related services. We also process Personal Information to comply with applicable law and to exercise our legal rights. We may also use your Personal Information for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
HOW WE SHARE OR DISCLOSE YOUR DATA:
No sale of Personal Information. We never sell or rent Personal Information to third parties.
Disclosures of Personal Information. We may disclose or share your Personal Information with other parties in the following circumstances:
- Third-party service providers. We use third-party service providers (or subprocessors) to process Personal Information to facilitate your use of our products and services and in the operation of our business. This includes providing Personal Information to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR DATA” section. These functions include processing payments, collecting debts, hosting software, performing security services, analyzing data, performing surveys, administering our website(s), and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Information from additional processing (including for marketing purposes) and transfer in accordance with applicable laws. Under certain data protection laws, we may be liable if a third party subprocessor that we have engaged to process Personal Information fails to fulfill its data protection obligations.
- Marketing partners and resellers. We use third-party companies to market and resell our Subscription Service to property owners, managers and occupants. Such companies may also assist in providing customer support or other services. Vitality discloses Energy Data and Personal Information to such third-party companies to facilitate use of Vitality’s products and services, including marketing or suggesting additional products and services that might interest you, providing services to customers and property tenants and occupants, and managing energy usage of properties in connection with the operation of the Subscription Service and our business.
- Property Owners and Managers and HOAs. Vitality shares Personal Data generated by the Subscription Service with property owners and managers, such as Energy Data (as defined above), to assist them in managing the energy usage of such properties. Home owner association (“HOA”) personnel may also have the right to access Energy Data and other Personal Information for the occupants of properties managed by the HOA, if permitted by the HOA’s bylaws or other rules or guidelines.
- Compliance with law and protecting our legal rights. We may disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Information required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Information in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of Vitality or any individual or third party; to maintain and protect the security and integrity of our information system; to protect Vitality against fraudulent, abusive, or unlawful acts; or to investigate and defend Vitality against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, Vitality whether by merger, acquisition, reorganization or otherwise, Vitality may transfer its database, including all Personal Information contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective partners, licensees, advertisers, and other third parties.
STORAGE OF PERSONAL INFORMATION:
However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and Vitality will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.
To offer our website, products and services to you, Vitality relies on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors, and third party data storage, as listed above. To the extent these providers have access to your Personal Information, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through the website, you assume the risk inherent in transacting business online.
Our cloud-based software and mobile apps are stored in and run from the cloud. Where third parties are used to host such products, we use third parties who meet required privacy and security standards.
PERSONAL INFORMATION SECURITY:
Vitality uses technical and organizational measures to protect the Personal Information that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- User access restrictions
- Role-based security is applied to system access to databases containing personal data
- Data encryption at rest and/or in transit
- Testing of third party software updates and patches before installation
- Regular system backups
- Regular maintenance is performed on systems
- Data requiring a higher level of protection, such as payment card account numbers, are processed via a third-party vendor that specializes in the payment processing and is PCI DSS-compliant
- Confidentiality obligations relating to personal data in employee and contractor agreements
- Security and privacy training for employees
RETENTION OF PERSONAL INFORMATION:
Vitality processes Personal Information for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Information is then archived for time periods as required or necessitated by law or legal considerations. Vitality reserves the right to delete a customer’s data, including Personal Information provided by that customer, from its system after 30 days from the date of termination of its agreement with the applicable customer. Vitality also deletes Personal Information in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
Vitality reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Information collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policy.
YOUR RIGHTS RELATING TO YOUR DATA:
Vitality does not discriminate against those who opt-out. However, opting out may prevent us from conveniently and efficiently providing further, product support services and information to you.
Unsubscribing to marketing communications: In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “VITALITY’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
Your Canadian privacy rights. This section applies to Canada residents only.
Your Personal Information may be transferred outside of Canada for processing and storage. Vitality and its service providers may store Personal Information on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Information may be accessed by law enforcement authorities or the courts in such jurisdictions. If you wish to:
- find out if we have your Personal Information and how we have used it,
- access your Personal Information that is in our possession,
- request that your Personal Information be corrected or deleted from our database, or
- obtain a list of any other organizations to which your Personal Information has been disclosed,
you may contact our privacy officer at the contact information set forth below. We will respond to your request relating to your Personal Information within 30 days. We may be unable to remove information to the extent that it is permitted or required to be retained by applicable law or document retention and data backup policies, or if removal is not practicable due to technological reasons. Please note that removal of your Personal Information may prevent or hinder us from providing further services and information to you.
Vitality may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Information. The information provided shall only be used for this purpose.
Your California privacy rights. This section applies to California residents only.
- Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. Vitality does not presently share any information with third parties for direct marketing purposes. However, to submit such a request, you can contact us as set forth below.
- California Consumer Privacy Act (CCPA). Pursuant to the CCPA (Section 1798.100 et seq. of the California Civil Code), residents of California have the following rights:
- Right of access to your personal information, up to twice a year at no charge, including:
- The categories of personal information Vitality collects about the consumer,
- The categories of sources of the consumer’s personal information,
- The business or commercial purpose for collecting or selling the consumer’s personal information,
- The categories of any third parties with whom the business shares the consumer’s personal information, and
- The specific pieces of personal information collected about the consumer.
- Right to request deletion of data, subject to certain exceptions, such as where the information is needed to provide services to the consumer, or for security or legal reasons.
- Right to not be discriminated against for exercising your rights under the CCPA, such as denial of services or higher pricing.
- Right to opt out of having your personal information sold.
You can exercise your rights under the CCPA by calling our toll-free number set forth in the contact information below.
PRIVACY POLICIES OF OTHER WEBSITES:
VITALITY’S CONTACT INFORMATION:
Contact: Christopher Atkins
5286 Commerce Dr., Suite A-186
Salt Lake City, UT 84107
Phone: (855) 915-3313
If you wish to report a complaint or if you feel that Vitality has not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority.
Last updated: April 9, 2020