Privacy Notice
VectorVMS1 LLC (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. We provide this privacy notice (“Privacy Notice”) to explain how we collect, use and disclose certain personal information online via our websites, and our SaaS or Subscription Services (as listed below, collectively referred to as “Sites”), and how you can exercise your privacy rights. This Privacy Notice does not apply to Pixid, whose corresponding notice is available here Pixid Website and does not apply to other Pixid group companies or their products and services.
We recommend that you read the Privacy Notice carefully to understand our practices and to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant section below in the table of contents.
If you have any questions regarding our privacy practices or this Privacy Notice, please contact us using the contact details given below.
Table of contents:
- Who are “You”?
- Your Information
- Cookies and Other Tracking Technologies
- Your Rights
- Third Party Websites
- Corporate and Contact Details
- Changes to this Privacy Notice
Who are “You”?
This Privacy Notice describes how we use “your” information. To understand which of our uses of information are actually applicable to you and your information see the following useful definitions.
You may be a(n):
Customer or client – an entity, or person representing an entity that has an agreement in place with VectorVMS1 LLC under which we provide you with SaaS or Subscription Services.
End-User – a person with a user account to one of our Customer’s instances of our SaaS or Subscription Services. For example, you may be a user of your workplace’s Vendor Management System, of which we are the provider. Or you may be an applicant through your employer or prospective employers’ recruitment system which is integrated with our Vendor Management System.
Visitor – a person who is visiting our website, or has expressed an interest in our products or services by filling in a contact form or sign-up sheet in relation to an event or webinar, or has had conversations about our products with our sales team and provided them with your details.
Your Information
Please select the correct option based on the above definitions to access the information applicable to you and your information.
Customer Information
We process Customers’ and their users’ information for the purpose of providing SaaS or Subscription Services. Our agreement with you is the best source of information on which personal data we process for you and how we use and protect that personal data. We encourage you to familiarize yourself with the terms of our agreement and reach out to your account manager if you have any questions.
What Information do we collect and how do we collect your Information where you are a Customer?
We collect the contact information (name, title, company name, web address, physical address, phone number, fax number, and email address) of the customer representatives for billing, technical and account management during the customer onboarding process. We use the billing, technical, administration and account contact details you provide us with to administer your account, issue invoices and deal with general account queries. In respect of this information, we act as a ‘data controller’ as we determine the data that we need for this purpose. We keep this information in our secure CRM platform and VMS for as long as you have an account with us and for a certain amount of time afterwards to enable us to deal with accounting, financial or other queries and comply with our accounts responsibilities.
For more information about how we use your information where you are a customer, please contact us using the details below.
End-user information
We have been provided with your information and handle your information subject to an agreement with one of our customers. Our customer may be your employer (or an affiliate of your employer), a prospective employer to whom you have submitted a job application or resume, a customer to whom you or your company provide services as a vendor, or another company which has either given you or asked you to sign up for an account with one of our Sites. Our customer acts as ‘data controller’ for your information, and we act as ‘data processor’. This means that we do not determine how we collect or use your data. Our customer determines how we collect or use your data and provides us with instructions on what to do with it in our agreement with them. We only collect and use your data in accordance with the agreement between us and our client. Further to this, our client is responsible for the management of your account on our Site. If you have any questions or concerns regarding our use or collection of your data, or if you wish to make a request to exercise your rights as a data subject or a consumer (as explained below), please reach out to our client as they are best placed to assist you.
How do we collect your Information where you are an End User?
Your information will either have been provided to us by our client if they have set your account up for you, or provided to us by you where our client has invited you to set up an account or submit information such as your employment or payment details.
Which Types of Information Do We Collect where you are an End User?
This depends upon which of our Sites you are using, and how our client is using our Site to collect or process your information. Broadly, the types of data we collect or process which may identify you may include:
- Account details (username, password, log-in data, profile data)
- Contact details (name, work/institution phone or email, personal phone or email)
- Employment and performance related data (for workforce management, and D&I Sites) (job roles or descriptions, performance reviews, length of service, feedback, job title, division, development goals or plans, performance plans, salary data).
- Recruitment related data (home address, qualifications, work history, resume/CV data, job application data)
Where our client has purchased SaaS or Subscription Services which include DEI or SS services, we may also process information which includes diversity, ethnicity, race, gender or other special categories of data. The client may also submit this information for its internal business purposes.
If you require more information about which of your information we use, please contact our client as they can advise you on which of your information they have used our Site to collect.
How Do We Use Your Information where you are an End User?
We only use your information to provide our services to our client in accordance with the agreement between us and our client. Our services to our client include the routine activities of providing cloud-based services such as hosting, support, and maintenance. The services may also allow you to participate in interactive features of our services, when you choose to do. The majority of the time we have no need to access any individual’s information to provide these Services. There are only certain scenarios in which we would ever need to access your information. These scenarios largely are based around providing technical support to you or our client, in which case we may need to access your information to identify or resolve a technical issue. We will only ever access your information to the extent required, and with the permission of our client.
For more information about how we or our client use your information, please contact our client as they are best placed to provide you with this information.
Where We Store Your Information and for How Long Where you are an End User?
All of your information is stored on secure servers, with layers of security to keep your information protected. The location of the server on which your information is stored depends on which of our Sites you are using, and also on what we have agreed with our customer. The length of time for which we store your information is also determined by our agreement with our customer. Our customer as the ‘data controller’ is responsible for determining both of these things.
For more information about where and for how long we store your information, please contact our customer as they are best placed to provide you with this information.
Visitor information
How Do We Collect Your Information where you are a Visitor?
You directly provide us with the data that we collect. We collect data and process data when you:
- Complete a form on our website or via online advertising.
- Provide us with your personal data at an event.
- Sign up to a newsletter, contest, webinar, event, or other service.
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our Sites or via email.
- Use or view our website via your browser’s cookies.
Data collected via online forms will advise which fields are mandatory and which are optional.
Which Types of Information Do We Collect Where you are a Visitor?
The types of information we may collect through our Sites includes:
- Contact Details (e.g. name, address, email address, phone and fax numbers, institution, title or job position),
- Your interest in VectorVMS1 LLC products or services,
- Information about your interest in newsletters, webinars, events, or other services that we provide (solely or jointly with others), and
- Any other data you provide.
A visitor to our Sites who is not seeking employment or expressing interest in purchasing products or services is not required to reveal any personal information, however the applicable Site Cookie policy applies to all visitors. See below for more information on how we use cookies.
How Do We Use Your Information where you are a Visitor?
We use information in the following ways:
- To provide you with information via post, email or phone about products or services you requested, or we feel may interest you;
- To manage any query you have raised;
- To administrate our newsletters, surveys, and contests;
- To arrange and manage events and webinars;
- To administer our Site, and for internal operations (including troubleshooting, data analysis, testing, research, statistical purposes, and as part of our efforts to maintain the safety and security of our Sites)
In respect of this information, we act as a ‘data controller’ as we determine the data that we need for this purpose. Where you are a prospect or have signed up to newsletters, we will store your information in our secure CRM or marketing database. We will retain your information for as long as is necessary to carry out the above purposes. You have the right to request us to delete your information at any time and the right to unsubscribe from our marketing communications. Please contact us using the contact details below if you wish to find out more.
General Information Applicable to All
Once we receive your information, it is subject to strict security measures in accordance with applicable law. We may transfer personal information to companies that help us to provide our Services and that we believe offer a secure solution that improves our Service delivery. We may also transfer personal data to our affiliates and partners.
If you are a system user of one of our customers and have questions regarding the processing of your personal information, please contact our respective customer directly as they control the handling of your data.
Cookies and Other Tracking Technologies
Our site uses cookies to distinguish you from other visitors to provide you with a better experience and to help us improve our site. A cookie is a small data file placed on the hard drive of your computer when you visit a website.
Types of Cookies
Our site may use session cookies, persistent cookies, and web beacons. A “session cookie” expires when you end your session (i.e. close your browser). A “persistent cookie” stores information on your hard drive so when you end your session and return to the same website at a later date, the cookie information is still available. A “web beacon” is a small string of code that represents a clear graphic image, a redirect URL or JavaScript and is used in conjunction with a cookie. The cookies we place on our server are readable only by us, and cookies cannot access, read or modify any other data on your computer. We may use web beacons alone or in conjunction with cookies to compile information about your usage of our site and interaction with emails from us. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to our site, in order to improve our site and email communications.
Purposes of Cookie use
We use Cookies for several purposes. Please see information below on each of these purposes.
Preference Cookies
We use preference cookies to collect information about your choices and preferences, and to allow us to remember language or other local settings and customize our site accordingly.
Analytics Cookies
We also use analytics cookies to collect information about your use of our site, and to enable us to improve the way our site works. For example, analytics cookies show us which are the most frequently visited pages on our site, help us record any difficulties you have with our site, and show us whether our advertising is effective or not. This allows us to see the overall patterns of usage on our site, rather than the usage of a single person. We use the information to analyze the site traffic, but we do not examine this information for individually identifying information.
Marketing Cookies
We use Remarketing with Google Analytics to advertise online. Third-party vendors, including Google, may show our ads on sites across the internet.
We, and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website. Remarketing cookies used by us expire after 30 days. To opt out of Remarketing or to control your ad preferences, please click here.
Controlling Cookies
Most web browsers have a “help” menu where you can review how to prevent your browser from accepting new cookies, how to have your browser alert you when you receive a new cookie or how to fully disable cookies on your browser. You can learn more about cookies at sites like www.aboutcookies.org. If you use your browser settings to block all cookies, you may not be able to access all or parts of our site.
Third-Party Cookie providers
In addition to the cookies that we own, we may also use third-parties cookies on our Sites for the purposes detailed above.
As the owners of these cookies, you are entitled to information from these third parties regarding their privacy and security policies, and on how to opt-out from their cookies. You can find more information on our third-party cookie providers below:
Name of provider | Link |
---|---|
Google services: Google tag manager, Google Analytics, DoubleClick, Google Optimize, etc. | https://policies.google.com/privacy?hl=en |
HotJar | https://www.hotjar.com/policies/do-not-track/ |
https://www.linkedin.com/legal/privacy-policy | |
Pardot | https://www.salesforce.com/company/privacy/full_privacy/ |
StatCounter | https://statcounter.com/about/cookies/ |
VWO [Wingify Software Private Ltd] | https://vwo.com/privacy-policy/ |
X (previously Twitter) | https://twitter.com/en/privacy |
Unbounce | https://unbounce.com/privacy/ |
CookieYes | https://www.cookieyes.com/privacy-policy/ |
What are your choices regarding cookies?
Necessary cookies, which are required for the core functionality of the website, are enabled by default automatically when you access the Site.
For all other categories of cookies used, which are not necessary for the site to operate, you can expressly consent to their use by clicking “accept” on the cookie banner which is set on the Site. If you do not wish to consent to the use of these cookies, you can opt out by returning to the Site and changing your cookie settings.
Additionally, you can also decide whether or not to accept cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can also delete all cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.
By continuing to browse our Site, you are agreeing to our use of cookies.
Security
We understand that the security of any data we collect is of great importance. We therefore make sure it is well protected. We have appropriate physical, electronic, and managerial procedures to safeguard and secure the personal information we process. We follow generally accepted industry standards to protect personal information submitted to us both during transmission and once received. While we strive to protect your personal information, we cannot guarantee its absolute security, and any transmission of personal information is therefore at your own risk.
If you are a Customer, and you require more information regarding our security measures, please refer to our agreement. If you are an End-User, please reach out to our client who controls your account. If you are a Visitor, please contact us using the methods detailed below for more information.
Disclosure of Your Information
Personal information may be disclosed to our ultimate holding company and its direct and indirect subsidiaries. Our employees are responsible for the internal security of confidential or proprietary information and are only given access in accordance with the principle of least privilege, meaning they are only given access to your information when necessary and to the extent necessary for our operations to continue. Employees receive regular data protection and cyber security training and are subject to VectorVMS1 LLC’s data protection and security policies. Employees who violate the data protection and security policies are subject to disciplinary action including, but not limited to termination.
Our general policy is not to disclose your personal information to any third party without your prior consent. However, we may disclose your personal information to third parties in the following scenarios:
- We may use third-party vendors and hosting partners to provide the necessary hardware, software, networking, and other technology and services required to operate and maintain our Sites. As part of this, we may be required to transfer some of your personal information to these vendors and partners. Where we use third-party service providers, we choose vendors that enhance our services or practices and follow any legal requirements that apply to securing your data.
- If we sell or buy any business or assets in which case your personal information may be disclosed to the prospective seller or buyer.
- If we, or substantially all of our assets, are acquired by a third party, personal information held by us will be transferred as assets.
- We also reserve the right to disclose your personal data as required by law or in the good faith that disclosure is necessary to protect our rights. This may include exchanging information with other organizations for the purposes of fraud protection and credit risk reduction.
We do not share, sell, rent, or trade personal information with third parties for their promotional or other purposes. If this practice should change, we will update this policy to identify how individuals can opt-out.
Your Rights
Please see the sections below for further information about your rights in accordance with applicable law.
GDPR and the Data Protection Act 2018 for EU/UK Residents
The General Data Protection Regulation (GDPR) is a regulation in the European Union (EU) and EEA on data protection and privacy and is applicable to all EEA residents. The Data Protection Act 2018 is the UK’s enactment of the GDPR, and this, together with UK GDPR, is applicable to all UK residents. You have the right to contact your local data protection authority and can request details of how to do this by contacting us at privacy@vectorvms.com.
Legal basis for processing your personal data
Where we act as a controller we process your personal data on the following legal bases:
Type of Processing | Lawful Basis |
---|---|
Sending marketing information (to you as an individual) | Consent |
Carrying out our contractual obligations to our Clients | Our clients’ legitimate interests in us performing the services under the agreement we have with them |
Setting non-necessary cookies | Consent |
Sending marketing information to existing customers and business prospects and responding to your communications with us | Legitimate interests (to promote our services) |
Ensure the operation and performance of the Sites and to improve the functionality of the Sites (please also see cookies above) | Legitimate interests (to ensure the Sites function correctly and to improve their functionality for the benefit of users) |
Where we act as a processor on behalf of our customers, you should contact them for information about the legal basis they rely on.
Data Subject Rights – EU and UK residents
VectorVMS1 LLC is a Delaware corporation located in Raleigh, United States. As a EU or UK data subject, being a person resident in the EEA or UK, you are entitled to the following rights in regard to your personal data:
The right to access – You have the right to request that we provide you with copies of your personal data which we hold on record. In some scenarios, as permitted by law, we may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information we have on record that you believe is inaccurate. You also have the right to request that we complete any information we have on record that you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
You can verify whether we hold any of your personal data, or make a data subject request by submitting a request via the Data Subject Request Form. We may need to verify your identity before we are able to respond to the inquiry.
Data Privacy Framework – For EU, UK and Swiss Individuals Whose Data is Transferred Into The US
As applicable, VectorVMS1 LLC complies with the EU-US Data Privacy Framework program (EU-U.S. DPF), UK Extension to E.U.-U.S. DPF (UK-US DPF), and Swiss-US Data Privacy Framework program (Swiss-U.S. DPF) as developed by the United States Department of Commerce, European Commission, UK Government and Swiss Federal Administration. VectorVMS1 LLC has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regards to transfers to the US of personal data received from the European Union, in reliance on the EU-U.S. DPF and with regard to transfers to the US from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We certify adherence to the Swiss-U.S. DPF Principles with transfers to the US of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If any conflict shall arise, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification page, please visit www.dataprivacyframework.gov/.
Pursuant to the Data Privacy Framework Principles, we are obligated to inform EU, UK, and Swiss individuals whose data is transferred to the United States that we may be required to release that information in response to lawful requests by public authorities including to meet national security and law enforcement requirements. We remain responsible and liable under the Data Privacy Framework Principles if third-party agents that we engage with process the personal data in a manner inconsistent with the Data Privacy Framework Principles, unless we can prove we are not responsible for the event giving rise to the damage.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to Pixid 53-55 rue du Capitaine Guynemer, 92400 Courbevoie, France.
We are committed to cooperate with EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office and comply with the advice given by such authorities with regard to human resources data transferred from the EU and the UK in the context of the employment relationship. EU individuals with HR complaints should refer to https://edpb.europa.eu/about-edpb/board/members_en for the list of Data Protection Authorities.
We are committed to complying with the Swiss-US DPF as approved by the Swiss Federal Administration as a lawful data transfer mechanism for transfers of personal data from Switzerland to the United States and have self-certified for Switzerland under the Data Privacy Framework.
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-US Data Privacy Framework, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. EU/EEA, Swiss and United Kingdom individuals with Data Privacy Framework inquiries or complaints should first contact us via the methods detailed below under the heading “Exercising Your Rights”.
We have further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
You may request a copy of, correct or amend incorrect data or request deletion of personal information that has been processed in violation of the Data Privacy Framework Principles. To seek access, correct, amend, or delete inaccurate data transferred to the United States under Data Privacy Framework, please complete this Data Subject Request Form. We will respond to the inquiry within 30 days.
Individuals with general Data Privacy Framework inquiries or complaints should contact us via the methods detailed below under the heading “Exercising Your Rights”.
Enforcement by the Federal Trade Commission – United States
The Federal Trade Commission is the statutory body with jurisdiction to investigate any claims regarding possible unfair or deceptive practices, including violations of laws or regulations covering privacy in the United States.
CCPA
The California Consumer Privacy Act (CCPA) is a law in the State of California on data protection and privacy and is applicable to all California residents.
Notice of collection and processing activities
Under the CCPA, you are entitled to certain information so that you are informed about how we collect your data, and how and why we use that data after collection. We encourage you to read this policy in full to get the clearest understanding, but we have summarized this information here:
Categories of personal information collected | As listed under the heading “Which Types of Data Do We Collect?” above |
How personal information is collected | As listed under the heading “How Do We Collect Your Data” above. |
Categories of sources from which the personal information is collected | We only collect personal information provided by you to us, either directly (e.g. by contact form, by email) or indirectly (e.g. via cookies). We may also collect your personal information from our partners when running joint webinars or events which you have signed up to. We do not collect personal information from any other sources. |
Purpose of collection | For our legitimate and lawful sales and marketing operations, and as further detailed under the heading “How Do We Use Your Data?” above |
Categories of third parties with whom the data has been shared | Your personal data may be shared with our group companies and associated businesses, our third-party providers (e.g. our hosting and analytics providers), and where we host a joint event with a partner which you sign up to, we may share you data with that partner. |
Specific pieces of information | We can provide this information on request, in accordance with the procedure set out below. |
Consumer Rights – California residents
As a Consumer, being a person resident in California, you are entitled to the following rights regarding your personal data:
Right to Opt-out – You have the right to opt out of an organization selling your information to third parties. We do not sell information to third parties at this time, but should this change, we would update this policy to provide further information on our practices and the exercising of this right.
Right of notice – You have the right to be notified of which personal data we are collecting from you, the reasons why, and how it would be used. This policy provides you with this information.
Right of Disclosure – You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
Right of Deletion – You have the right to request that we delete any personal information we have collected from you in the last 12 months, in certain circumstances.
Right to Equal Services and Prices – You have the right to exercise your rights under the CCPA free of discrimination, and we will never deny you goods or services, charge you a different price, provide you with a different level or quality of goods or services based on your exercising your rights to your data.
You may only make a request to exercise your rights of disclosure within a twelve (12) month period.
COPPA
In accordance with the Children’s Online Privacy Protection Act (“COPPA”) and the GDPR, our Sites are not intended for use by children. We do not knowingly request, solicit, access, or receive personally identifiable information from anyone under the age of 13 and 16 respectively.
Where we are aware of any personal information submitted through our Sites belonging to a child, we will delete this data from our records.
Exercising your Rights
To exercise your rights under the GDPR, the Data Protection Act 2018 and UK GDPR, or the CCPA, you may make a request via the Data Subject Request Form, or by calling +44 333 005 1685.
To enable us to process your request, we may require you to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Please note that we would be unable to respond to your request or provide you with any personal data if we are unable to verify your identity or authority to make the request and confirm the personal information relates to you.
We endeavor to respond to a request within thirty (30) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive or onerous, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
UK and EU representatives
Our representative in the UK for data protection matters is: Pixid VMS, 154 Bishopsgate, Londo EC2M 4LN +44 333 005 1685
Our representative in the EU for data protection matters is: Pixid 53-55 rue du Capitaine Guynemer, 92400 Courbevoie, France +33 1 41 16 3400
Third Party Websites
Our Sites may contain links to and from websites of our partner networks, clients, and/or affiliates. Please note that these websites are subject to their own privacy policies, and we do not accept any liability for these sites and policies. Please check these policies before you submit any personal data to these websites.
Corporate and Contact Details
Our global privacy team act as our main point of contact for all privacy matters. You can contact them by submitting a request via Data Subject Access Form, or by emailing privacy@vectorvms.com or using the address below.
Site | Company with responsibility for the Site | Address |
---|---|---|
www.vectorvms.com | VectorVMS1 LLC | 434 Fayetteville St. Suite 900 Raleigh, NC 27601 |
privacy@vectorvms.com, or at:
VectorVMS1 LLC
434 Fayetteville St.
Suite 900
Raleigh, NC 27601
Phone: ++ 1 877 820 4400
Alternatively you can use the contact details of our UK or EU representatives above.
Changes to this Privacy Notice
We reserve the right to modify this Privacy Notice at any time, so review it frequently. If material changes are made, it will be reposted and made available from our homepage so you are aware of what personal information we collect, how we use it, and under what circumstances (if any) we disclose it.
Last Updated: December 2024