Irth Solutions, LLC (“Irth”, “we”, “us” and similar terms) is committed to protecting your privacy and developing technology that gives you a powerful and safe online experience. This Statement of Privacy (“Statement”) governs our collection, usage, sharing and other handling of personal information. By using Irth’s Website or Platforms (as described further below), or otherwise providing us with your personal information, you consent to the data practices described in this Statement.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect your personal information in the following circumstances:
- When you visit or use our website at www.irthsolutions.com (the “Website”), generally through the use of cookies;
- When you subscribe to, request a demo of or use our damage prevention, asset protection or risk management activities, services, features, resources or solutions on our platforms (the “Platforms”);
- When you complete our surveys to conduct research about your opinion of our current services or potential new services that may be offered;
- When you register for and/or attend events that we host, such as our annual User Summit (collectively, “Events”); or
- When you communicate with us by telephone, through call recording of inbound and outbound telephone calls.
We may also have access to personal information about individuals who own or serve as contacts with respect to parcels of land (“Parcel Owners”), which is input into the Platform by users of the Platform.
TYPES OF PERSONAL INFORMATION WE COLLECT
Website
When you visit or use the Website, we may collect information about your computer hardware and software. This information can include: your IP address, browser type, domain names, access times, pages visited on the Website, and referring website addresses. We also collect any personal information that you input into the chat function on the Website.
Platform
When you request a demo of the Platform, we may collect your full name, phone number, fax number, email address, state/province, country or region, company name and job title.
When you subscribe to or use the Platform, we may collect your full name, phone number, email address, state/province, country or region, company name, company address, job title, and username. We may also collect any personal information that you input into the Platform, including any personal information that you post on Irth’s public message boards, photos that you upload to the Platform, as well as any feedback and survey responses that you provide to us. We may also collect information about your computer hardware and software when you use the Platforms, including: your IP address, browser type, domain names, access times and pages visited on the Platforms.
Events
When you register for and/or attend events that we host, we may collect your full name, email address, company name, job title and preferences (such as your learning objectives for the Event and whether you would like to bring a guest).
Telephone Calls
When you communicate with us by telephone, we may collect your full name, a recording of your voice, and any other personal information that you share with us during the telephone call.
Parcel Owners
Users may input into the Platform information about Parcel Owners, including (without limitation) their full names, addresses, telephone numbers, email addresses, their land location (longitude and latitude), the location where a dig will occur on their land, the type of work that is being undertaken on their land, and photos of their land.
PURPOSES FOR COLLECTING, USING AND SHARING YOUR PERSONAL INFORMATION
Website
Irth collects and uses the personal information of individuals who visit or use the Website to operate, monitor, maintain and improve the Website, deliver the services you have requested (such as the chat function), generate and analyze general statistics regarding use of the Website, and gauge the popularity of our Website content and services.
Platform
When you request a demo of or use a Platform, we may use your personal information to schedule and provide you with a demo of that Platform.
When you subscribe to or use a Platform, or complete one of our surveys, we may use your personal information to:
- Provide you with the solutions you have requested, including contacting you with respect to search results, sending confirmations of tickets, displaying content on the Platform, and shipping products you purchase;
- Provide you with customer service, including responding to your inquiries, questions and requests, contacting you to resolve any questions or issues that arise in relation to your use of the Platform, and improving our customer service;
- Provide technical support;
- Operate, monitor, maintain, develop and ensure the proper functioning of the Platforms;
- Perform name and address matching to identify and eliminate or merge duplicate users or contacts within the Platforms;
- Improve our products and services, including the Platforms, and develop new products and services;
- Generate and analyze general statistics regarding use of the Platforms, and gauge the utilization of our Platforms’ content and services;
- Provide you with information and updates about the Platforms; and
- If you agree, send you information about topics that we think may be of interest to you, including details, news, updates and marketing information about our products and services and those of our affiliates and select third parties.
Where permitted by applicable law, we may also generate and use aggregated, de-identified or anonymized information about subscribers to and users of the Platforms to understand how individuals use the Platforms and resources provided on the Platforms, to evaluate the effectiveness of the Platforms, and to assess the effectiveness of our marketing and business efforts.
Irth does not sell, rent or lease its customer lists to third parties. Irth may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your personal information (e.g., e-mail address, name, address, telephone number) is not transferred to the third party.
Events
When you register for and/or attend events that we host, we may use your personal information to process your registration, facilitate your attendance at the Event, contact you to provide you with updates and Event information, ask you questions about your registration or attendance, and send you updates and information about our other Events.
Telephone Calls
When you communicate with us by telephone, we may use your personal information to:
- Provide you with customer service, including responding to your inquiries, questions and request and contacting you to resolve any questions or issues that arise in relation to your use of the Platforms;
- Monitor and improve our customer service, including conducting employee evaluations and training; and
- Maintain business records, including maintaining records of conversations with actual and prospective customers and other third parties.
Parcel Owners
We may use information about Parcel Owners that is input into the Platform for the purposes of
- Confirming ownership of parcels of land;
- Generating communication letters to Parcel owners or designated contacts;
- Generating land agreements;
- Logging verbal, mail, email and other communications with Parcel Owners; and
- Providing notifications prior to access to designated contacts, as requested by Parcel Owners
Other Purposes
We may also use and share any personal information we collect or have access to for other purposes with individuals’ knowledge and consent (express or implied, as permitted by applicable law) and for such other purposes as are permitted or required by applicable law. Depending upon applicable law, such purposes may include (without limitation):
- Facilitating a business transaction, such as the sale of all or part of our business;
- Complying with legal and regulatory obligations (including record retention obligations, tax filing obligations or responding to a court order, warrant, summons or subpoena);
- Defending, establishing or exercising legal claims;
- Collecting a debt;
- Detecting and preventing fraud; and
- For technical administration or security.
WHEN WE SHARE PERSONAL INFORMATION
Employees
Your personal information may be accessed by or disclosed to Irth employees who have a need to know such information, including members of our information technology, marketing, product, sales/customer success, finance and accounting, support and software services departments, depending upon the information they each require in order to perform their job duties and responsibilities.
Service Providers
There are certain services supplied to us by third parties. Currently, the third party service providers who may have access to or handle personal information on our behalf include third party datacentres (such as Amazon Web Services, Microsoft Azure, Expedient and Google Cloud), Twilio, and Documo, located in Canada and the United States, which house the personal information we collect and the personal information that is input into the Platforms.
All such third parties are prohibited from using your personal information except to provide these services to Irth, and they are required to maintain the confidentiality of your information.
We may change or add third party service providers at any time, in our sole discretion. We encourage you to review this Statement periodically to obtain updated information about our service providers.
Other Sharing
We may disclose your personal information to third parties in connection with financing that we seek or a prospective or completed business transaction, including a merger, sale or transfer involving all or part of Irth’s business, or a corporate reorganization or other change in legal form or corporate control.
There are circumstances where we may disclose personal information without notice or consent, when required to do so by law or lawful authority. For example, from time to time, we may be compelled by legal action to disclose personal information in connection with statutory reporting obligations, search warrants, court orders, subpoenas, summonses or bankruptcy, insolvency or other legal proceedings, edicts or processes.
Where permitted by applicable law, we may also disclose personal information without notice or consent to investigate a potential breach of law or contract, to collect on a debt, in certain emergency situations that threaten the life, health or security of an individual, or to protect or defend our rights or property.
USE OF COOKIES
The Website and Platforms use “cookies”. A cookie is a text file that is placed on your device by a webpage server. The cookies used on the Website and Platforms may collect information about you or the device you use to browse the Website or navigate the Platforms, including device type, browser, IP address, domains from which you are referred to the Website and technical information about your means of connecting to the Website or Platforms, such as your operating system, Internet service provider and other similar information.
We may use the information collected via cookies in order to analyze traffic to and use of the Website and Platforms, to generate and analyze general statistics regarding use of the Website and Platforms, and to gauge the utilization of the Website and Platforms’ content and services. We may also use such information to operate, monitor, maintain, develop, improve and ensure the proper functioning of the Website and Platforms.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience certain features of the Website.
Google Analytics
Google Analytics provides us with certain data regarding visitors to the Website, as well as statistical data about the number of people visiting the Website. The data collected by Google Analytics on the Website includes: page views, clicks, device and browser information, geolocation information (country or region, province/city, state, longitude & latitude) traffic sources, IP address and demographic data, such as presumptions about Website visitors’ gender or age based on their behaviours.
You can learn more about Google Analytics and how it collects and processes data (including how to control the information sent to Google) by visiting: www.google.com/policies/privacy/partners/ and https://support.google.com/analytics/answer/6004245. You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout/ or downloading the Google Analytics Opt-out Browser Add-on (located at https://support.google.com/analytics/answer/181881?hl=en).
SECURITY OF YOUR PERSONAL INFORMATION
Irth implements technical, organizational and physical safeguards to secure your personal information from loss, theft, and unauthorized access, use, copying, modification or disclosure. Irth secures the personal information you provide us on computer servers in a controlled environment. Personal information that we share with third party service providers is encrypted in transit. Other security safeguards that we implement include firewalls, network segmentation, multi-factor authentication, antivirus and malware agents, regular patching and firmware updates, regular penetration testing and vulnerability scans, phishing awareness campaigns, and personnel training regarding privacy and cybersecurity.
Although we take the above steps to safeguard the personal information under our control, “perfect security” does not exist. In particular, please note that no method of transmitting or storing personal information online or by electronic means is completely secure. As a result, while we strive to protect your personal information, you should be aware that:
- There are security and privacy limitations of the Internet which are beyond our control;
- The security, integrity and privacy of any and all personal information exchanged between you and Irth using electronic means (including, without limitation, the Website and Platforms) cannot be guaranteed; and
- Any such information may be viewed or tampered with by an unauthorized third party.
If you register for or are granted an account on a Platform, or are otherwise provided with access to one of our electronic systems, you are responsible for maintaining the security of your password at all times and for any activity occurring while logged into your account.
Please keep in mind that if you share any personal information through Irth’s public message boards, this information may be viewed, collected, used and/or republished by others for any purpose anywhere in the world.
If you are located in Quebec, please note that our person is charge of the protection of personal information is Sean Vaden, Director of IT Security, who can be reached at svaden@irthsolutions.com. Our governance policies and practices regarding personal information, including a framework for the keeping and destruction of personal information, the roles and responsibilities of our personnel throughout the lifecycle of personal information, and our process for dealing with complaints regarding the protection of personal information, can be viewed below.
DATA RESIDENCY
If you are located in Canada, please note that we or our service providers may collect, use, disclose, transfer or store your personal information outside of Canada, including to or in the United States. Personal information transferred or stored outside of Canada will be subject to the laws of the jurisdiction(s) where it is transferred or stored, and may be accessible to foreign courts, law enforcement and national security authorities in the jurisdiction(s) where it is transferred or stored.
If you are located in Quebec, please note that your personal information may be stored in electronic or physical form in Quebec City, Toronto and throughout the Unites States (including, without limitation, in Oregon, Virginia, Iowa, Ohio and South Carolina), and therefore may be communicated outside of Quebec.
You may contact our Director of IT Security at privacysupport@irthsolutions.com to obtain access to written information about our policies and practices with respect to service providers outside of Canada, or to ask questions about the collection, use, disclosure or storage of personal information by such service providers outside of Canada for or on behalf of Irth.
LINKS TO OTHER WEBSITES
Our Website may contain links to other websites that we do not own or operate, including our partners’ websites and social media websites like LinkedIn, X (formerly Twitter), YouTube and Facebook. We provide links to third party websites as a convenience to Website visitors. These links are not intended as an endorsement of or referral to the linked websites. This Statement does not address the privacy and data security practices of any third parties, including third party website operators. The linked websites have separate and independent privacy statements, notices and terms of use, which we recommend you read carefully. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use, share, secure and otherwise handle your personal information.
CHILDREN’S PERSONAL INFORMATION
We do not intentionally collect personal information from or about children under the age of sixteen, and if we discover that we have inadvertently collected or received personal information from or about anyone younger than the age of sixteen, we will delete that information. Please contact our CFO by telephone at 614-784-8000, by email at finance@irthsolutions.com or by mail at 5009 Horizons Drive, Columbus, OH, United States of America, 43220, if you believe that we have collected personal information from or about a child under the age of sixteen.
CHANGES TO THIS STATEMENT
This Statement was last updated in September 2023.
Irth will occasionally update this Statement to reflect company and customer feedback, to reflect changes to Irth’s personal information handling practices, business needs or legal requirements, and otherwise at our discretion. When we do, we will let you know by appropriate means, such as by posting the revised Statement on this page with a new “last updated” date above.
Irth encourages you to periodically review this Statement to be informed of how Irth handles your personal information. Any changes to this Statement will become effective when posted, unless indicated otherwise, and your subsequent provision of your personal information to us and/or use of the Website or a Platform constitutes your agreement to the collection, use, disclosure and other handling of your personal information in accordance with the updated Statement.
DATA SUBJECT RIGHTS
If you are a resident of Canada, depending on the jurisdiction where you are located, you may have certain rights under applicable privacy and data protection legislation. Such rights may include:
-
Right to withdraw your consent: You may have the right to withdraw your consent to our continued collection, use or disclosure of your personal information, subject to any permitted restrictions and notice requirements. However, please note that withdrawing your consent may limit your ability to use the Website and/or the Platforms, and/or for us to otherwise fulfill the purposes described above. If you would like to opt out of receiving our marketing emails, please refer to the unsubscribe instructions at the bottom of each email or contact us via the contact information listed below.
-
Right to request access to your personal information: You may have the right to access personal information about you that we hold, subject to certain exceptions and limitations pursuant to applicable law. This right may include: the right to be informed of whether or not we hold personal information about you; the right to be informed of the existence, use, and disclosure of your personal information; the right to review and/or obtain a copy of your personal information; the right to be informed of the means by which your personal information was collected; where your personal information is collected from a third party, the right to be informed of the source of that personal information; the right to be informed of the period of time your personal information will be kept; the right to obtain an account of the use that has been made or is being made of your personal information and the third parties to which it has been disclosed; the right to receive a list of organizations to which we have, or may have, disclosed information about you; and/or the right to be informed when we use personal information to render a decision based exclusively on the automated processing of such information.
-
Right to request rectification of your personal information: You may have the right to challenge the accuracy and/or completeness of personal information about you that we hold, and have it amended or rectified as appropriate. Depending on the purposes for which your personal information is collected, used and disclosed, you may have the right to correct, delete or add information.
To request to exercise any of the above rights, please contact our Director of IT by telephone at 614-784-8000, by email at privacysupport@irthsolutions.com or by mail at 5009 Horizons Drive, Columbus, OH, United States of America, 43220.
CONTACT INFORMATION
Irth welcomes your comments regarding this Statement. Please contact our CFO by telephone at 614-784-8000, by email at privacysupport@irthsolutions.com or by mail at 5009 Horizons Drive, Columbus, OH, United States of America, 43220 if:
- You believe that Irth has not adhered to this Statement; or
- You have a question, concern or complaint about this Statement or about our collection, use, sharing or other handling of your personal information.
Roles and Responsibilities of Our Personnel Throughout the Lifecycle of Personal Information
Irth Solutions, LLC (“Irth”, “we”, “our” and similar terms) personnel will have the following roles and responsibilities with respect to handling personal information throughout its lifecycle within our organization:
1. Chief Executive Officer
- Overall responsibility for ensuring that Irth complies with applicable privacy and data protection legislation, including the Act respecting the protection of personal information in the private sector (Quebec).
- Delegating necessary functions to ensure Irth’s compliance with applicable privacy and data protection legislation, including the Act respecting the protection of personal information in the private sector (Quebec).
2. Chief Financial Officer
- Receiving and responding to questions, concerns and complaints about our Statement of Privacy, our inadvertent collection or receipt of the personal information of anyone younger than the age of sixteen, or otherwise related to our collection, use, sharing or other handling of personal information.
3. Director of IT Security
- Promoting privacy and data protection within Irth’s organization.
- Developing policies, standards, and procedures to appropriately manage and safeguard personal information in accordance with applicable laws and contractual requirements.
- Developing appropriate consent processes for the collection, use and disclosure of personal information.
- Confirming that appropriate security controls are developed, implemented and maintained to protect personal information in a manner that is consistent with the sensitivity of the information.
- Managing and responding to demands or requests for access and rectification of personal information, and other data subject requests.
- Directing and managing compliance with court orders and other legal processes requiring disclosure of personal information.
- Developing appropriate data retention schedules.
- Communicating with privacy regulators, including in the event of a complaint or investigation.
- Managing and maintaining the security and reliability of Irth’s SaaS applications and infrastructure, including researching relevant technologies and trends.
- Developing, designing, implementing, operating and monitoring Irth’s information technology security and risk management program and cybersecurity architecture.
- Negotiating contracts with security vendors and partners.
- Establishing and enforcing information technology security policies, standards, guidelines, and best practices.
- Conducting information technology security audits, assessments, tests, and reviews, including penetration testing and threat hunting exercises.
- Identifying, monitoring, analyzing, and responding to confidentiality incidents, breaches, vulnerabilities, and threats.
- Developing and providing information technology security training, awareness, and education to Irth personnel and customers
- Managing information technology security staff, contractors, consultants, and vendors.
- Designing and overseeing the implementation and maintenance of computing hardware, software, processes and controls, as needed to support the management of records throughout their lifecycle.
- Developing data back-up policies and procedures, and regularly testing back-ups.
- Identifying and classifying vulnerabilities in applications and information technology infrastructure, and overseeing vulnerability remediation and mitigation and ongoing patching.
4. Other Personnel
All Irth personnel who have access to personal information, including members of our information technology, finance, accounting, support, customer success, software services, sales and marketing departments, are responsible for:
- Reviewing and acting in compliance with this policy and related policies, standards and procedures.
- Notifying individuals of the purposes for which their personal information will be collected, used and disclosed, and obtaining consents in accordance with Irth’s policies and procedures, where applicable.
- Limiting collection of personal information to what is needed to accomplish the purposes identified to individuals, in accordance with Irth’s policies, standards and procedures.
- Refraining from accessing, using, or disclosing personal information unless required for performance of their job duties and permitted by applicable policies, standards and procedures.
- Taking reasonable steps to confirm that information is accurate and up-to-date before using personal information, where appropriate.
- Regularly identifying and disposing of transitory information, which is no longer needed to support business activities, in a secure manner and in accordance with Irth’s retention and destruction policies and procedures.
- Seeking guidance from the Director of IT Security if they are unsure of their obligations under Irth’s policies, standards and procedures or applicable law.
- Promptly notifying the Director of IT Security of any confidentiality incident or other loss or theft of, or unauthorized access to, use or disclosure of, personal information.
- Promptly notifying the Director of IT Security of any access request, privacy enquiry, or complaint.
Irth will take steps to communicate to personnel their roles and responsibilities in connection with processing personal information, as described above.
Record Retention and Destruction Framework
I. Retention of Records
Irth will retain records containing personal information (“Records”) as long as necessary to accomplish the purposes for which such information was collected and to meet any applicable statutory, fiscal, contractual, administrative, and operational requirements.
Irth undertakes to ensure that Records are accurate, complete, and are retained for the periods of time required pursuant to applicable laws, regulations and contracts.
The Records will be handled in accordance with Irth’s Data Retention Policy and Data Disposal Policy, which includes the following components:
- Identification of the types of Records containing personal information;
- Distinguishing the types of media to associate an appropriate method of retention and destruction for different types of Records;
- Determining and implementing a retention schedule for different types of Records that meets legal requirements;
- Destroying or anonymizing (where permitted by applicable law) personal information that does not fulfill a specific purpose or is no longer required to fulfill an identified purpose or for legal compliance;
- Ensuring that all personal information is completely deleted before recycling or disposing of electronic devices;
- Using effective processes to destroy, erase or anonymize personal information; and
- Developing guidelines and implementing procedures for secure retention of personal information.
II. Destruction of Records
1. Types of Records
Irth will determine the appropriate destruction method for each Record, depending (without limitation) on whether it is stored or held on electronic-based media (e.g., hand-held, networking or memory devices, office equipment, magnetic disks/tapes, optical disks) or paper-based media (e.g., hard copies).
2. Destruction Techniques That May Be Used
Irth will use the following destruction techniques so that the personal information contained in such Records cannot be recovered:
- sanitization or purging, in which data is removed from or overwritten on a device or media to prevent its recovery, including before re-issuing a device or media, donating equipment or returning leased equipment to the lending company;
- completely destroying the media, whether hard or electronic copy, so that the information stored on it can never be recovered. This can be accomplished using a variety of methods, including disintegration, incineration, pulverization, or shredding;
- deleting information using methods that resist simple data recovery or reconstitution methods; and/or
- degaussing, in which magnetic media are exposed to a strong magnetic field to make data unrecoverable and render the media permanently unusable.
Without limiting the above, any paper-based Records (i) may not be placed in unsecured garbage or recycling bins, and must instead be placed in secure shred bins, and (ii) must be shredded using a cross-cut shredder, to ensure that the information in each Record is obliterated.
Process for Handling Inquiries & Complaints
Irth employees who receive or are made aware of an inquiry or complaint about the collection, use, disclosure, communication or other processing of personal information by Irth, or otherwise regarding Irth’s compliance with applicable privacy and data protection laws, must:
- Record the date on which the inquiry or complaint is received, together with its nature; and
- Immediately refer or forward the inquiry or complaint to Sean Vaden, Director of IT Security or Joe Pardi, CFO COO at privacysupport@irthsolutions.com.
The Director of IT Security shall be responsible for undertaking a reasonable investigation into and responding, in writing, to all such inquiries and complaints. In particular, the Director of IT Security shall:
- Acknowledge receipt of the inquiry or complaint;
- Validate/confirm the identity of the individual/claimant, as needed;
- Seek clarification regarding the inquiry or complaint, as needed;
- Fairly and impartially evaluate the validity of a complaint, having regard to all relevant factors;
- Notify the individual of the response to their inquiry or outcome of their complaint, together with any steps taken as a result of the inquiry or complaint, within the time period required by applicable law;
- If a complaint is found to be justified, take appropriate measures to address and rectify the substance of the complaint and to ensure compliance with the applicable laws, including, if necessary, correcting (or instructing other Irth personnel to correct) any inaccurate personal information and/or amending Irth’s policies and procedures concerning the processing of personal information; and
- Ensure that relevant Irth employees are aware of any changes to Irth’s policies and procedures as a result of an inquiry or complaint, including arranging for necessary training to implement and give effect to such changes.
Records of decisions made with respect to an inquiry or complaint, and any personal information that is the subject of an access request or a request for rectification, will be maintained for as long as necessary to allow the relevant individual(s) to exhaust any recourse they may have under applicable laws. The Director of IT Security will approve an override of Irth’s regular retention and deletion schedule/practices where necessary to permit such retention.
