At ITC, we are committed to providing our customers with exceptional service. As providing this service involves the collection and storage of our customers’ and their clients’ social media and/or SMS interactions, protecting their personal information is one of our highest priorities.
ITC complies with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). We inform our customers of why and how we collect and use their social media and SMS interactions, obtain their consent where required, and collect, use or disclose personal information only for purposes that a reasonable person would consider appropriate under the circumstances.
ITC follows the 10 principles outlined in Schedule 1 of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA): 1) Accountability, 2) Identifying Purposes, 3) Consent, 4) Limiting collection, 5) Limiting, use, disclosure, and retention, 6) Accuracy, 7) Safeguards, 8) Openness, 9) Individual access, and 10) Challenging compliance.
ITC has rigorously documented our policies and procedures concerning the protection of personal information. These policies and procedures were created based on current legislation, industry best practices, and our customers’ need for information security.
ITC appoints both a Privacy Officer and a Security Officer to ensure compliance with laws, best practices, and internal policies and procedures concerning the protection of personal information.
Additionally, ITC employees undergo training to ensure adherence to best practices when handling private communications. Our employees are also subject to non-disclosure agreements to ensure the protection of personal information.
The The ITC Enterprise Portal allows our Customers to interact with their clients via social media and SMS channels. Interactions between Customer and Client that are either Direct Messages (Twitter), Private Messages (Facebook) or any SMS interaction are considered private to the ITC customer and will not be reported, released or reproduced except in the process of supporting that customer’s engagement and reporting requirements.
We will only collect customer information that is necessary to fulfill the following purpose:
Consent to collect customer/client conversation information is implicit in the contract between ITC and our customers. At no time will private interactions be displayed, exported or released to parties other than the customer or their agents.
Consent for access to the customer’s social channels (Facebook, Twitter) is required to engage with clients through direct (Twitter) or private (Facebook) messages. The authorization for Twitter/Facebook messaging is managed within the ITC Enterprise Portal, but at no time is the password saved inside the infrastructure.
Customers may revoke their consent at any time. Thirty days from the end of the contract, it is assumed that the customer consent has been revoked and any authorization tokens will be removed from the ITC Enterprise Portal.
We will only use or disclose customer/client interaction information where necessary to fulfill the purposes of customer/client engagements. Only customers will have visibility of direct/private interaction information between customer and client.
We will not use or disclose personal or private information for any additional purpose unless we obtain consent to do so.
We will not sell customer lists or private information to other parties.
ITC limits its collection of personal data to what is necessary for the purpose for which it was collected.
ITC customers’ personal information is only used for the purpose for which it was collected.
It is necessary for ITC employees to have access to the Customer Portals to provide support and to ensure service-level agreements (SLAs) are being met. However, to limit the exposure of customer data the following access guidelines are in place:
ITC does not disclose customers’ information without their consent, except as required by law or for safety purposes.
ITC employees are also subject to a non-disclosure agreement to ensure the protection of personal information.
We will retain customer private interaction information only as long as necessary to fulfill the identified purposes or a legal or business purpose. All personal information is disposed of in a secure manner.
ITC offers its customers appropriate means for destroying personal information, including “redaction” capabilities so that customers can erase sensitive information.
ITC will make reasonable efforts to ensure that customers’ private interaction information is accurate and complete.
All customer/client interactions via social media or SMS channels will follow the customer’s respective guidelines for delivering interaction information between customer and client.
ITC does not disclose personal information to third parties without first obtaining consent. When disclosing personal information, we will ensure that the information is accurate and current.
We are committed to ensuring the security of our customers’ private interaction information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
These safeguards are documented in our Account Management Policy and Procedures and Application Security Policy. The former regulates access to ITC technological resources and the latter regulates access to ITC applications (the ITC portals). The Security Officer is responsible for ensuring compliance to these policies.
ITC will continually review and update our security policies and controls as technology changes to ensure ongoing information security.
ITC is committed to informing our customers and their clients about our policies and practices concerning personal information management. For more information, please contact our Privacy Officer or Security Officer.
Customers have the right to access their private interactions, subject to the terms of their contract with ITC. To access personal information, please contact our Privacy Officer.
Customers’ private interaction information will be retained for at least one year so that the customer has a reasonable opportunity to request access to it. Our customers in Mexico will have access for two years, in accordance with their Ley Federal de Telecomunicaciones (LFTR)(2014).
ITC offers its customers “redaction” capabilities, allowing them to erase sensitive information. In the event of redaction, once confirmed, the redacted information will not be available anywhere in the ITC Enterprise portal, nor will it be recoverable.
ITC customers are responsible for ensuring their agents’ adherence to privacy and personal information protection laws.
ITC takes our customers’ complaints seriously and is committed to fulfilling our responsibilities concerning the documentation, investigation, and resolution of issues concerning personal information protection. For more information about lodging a complaint, please contact our Privacy Officer.
Children under the age of 13 are not permitted to use ITC SMS services and we do not intentionally collect or maintain personal information from those under 13 years old. Protecting the privacy of children is very important to us. Thus, if we obtain actual knowledge that a user is under 13, we will take steps to remove that user’s personal information from our databases. We recommend that children between the ages of 13 and 18 obtain their parent’s permission before submitting information through SMS services. By using ITC SMS messaging services, you are representing that you are at least 18 years old, or that you are at least 13 years old and have your parents’ permission to send texts to the ITC short code.
In general, we collect any information that you submit to us voluntarily through ITC SMS messaging services. As we make it our mission to protect your personal information, this information is never shared with third parties and is never used for marketing purposes. Our treatment of the information complies with the standards of Canada’s PIPEDA legislation.
We do not receive personal information about you from other sources.
If you send an e-mail to us, we will collect your e-mail address and the full content of your e-mail, including attached files and any other information you provide. We will not use your e-mail address to contact you for marketing purposes and we will never share your e-mail with third parties.
ITC does not collect information about you via other technologies, i.e. cookies, IP Address tracking, web beacons, and navigational data, such as Uniform Resource Locators (URL); nor do we allow third parties to collect information about you via the previously mentioned technologies.
ITC does not sell, trade, rent, or share the personal information that we collect, unless you ask or authorize us to do so. When you send your information by SMS to a company that uses ITC SMS messaging platform, that company may collect your information according to its corporate policy and according to relevant legislation. ITC does not use or disclose this information, unless required to by law or for the purpose of safety.
Helping you to protect your information is a vital part of our mission. It is up to you to make sure you are comfortable with the information you choose to provide through ITC. SMS is a private mode of communication and ITC will not disclose your communications, unless required to by law or for the purpose of safety. Because SMS is not a completely secure channel, please avoid sending sensitive information by text message. This includes credit card numbers, social insurance/security numbers, and other sensitive data. While agents using ITC services have the ability to permanently delete sensitive information that enters the ITC system, note that this information will still be saved in your phone and should be deleted for security and privacy purposes.
ITC does not provide links to third-party sites. Companies using the ITC platform (our customers) may provide links to third-party sites. Please be aware that we are not responsible for the privacy practices or the content of such other websites. We encourage users to read the privacy statements of each and every website they visit.
When receiving SMS messages through ITC, you will have the opportunity to “opt-out” by texting STOP to 898482. After texting STOP, you will be unsubscribed from this service. At ITC we follow Canada’s anti-spam legislation (CASL) and only send e-mails to people with whom we have a pre-existing relationship (implicit or explicit). All mass e-mails include an unsubscribe link. ITC is not responsible for e-mails sent by our customers.
As we do not use your personal information, we do not store it in a database where it can be changed or updated. If you are dealing with a company that uses ITC services, you may ask that company’s agents to change or delete your information from their database.
We are committed to protecting the security of your personal information. We use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. Even though we have taken significant steps to protect your personal information, no company, including us, can fully eliminate security risks associated with personal information.
For more information, please contact: