Effective Date: February 20, 2020, Last updated: January 20, 2020
EdiNation is a cloud EDI platform that provides software developers with building blocks to add EDI translation and validation to web and mobile applications or edit EDI files online through our Webpad product.
We at EdiNation, Inc. (here “EdiNation”, “we” or “us”) take your privacy seriously. We understand that when you use EdiNation’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end-users. Please read the following to learn more about how we collect, use, and handle your Personal Information when you use our websites, software, and other services (“Services”).
You can contact us regarding privacy matters at firstname.lastname@example.org
EdiNation processes two broad categories of personal information when you use our products and services: Your personal information as a customer (or potential customer) of EdiNation’s services - information that we refer to as Customer Account Data, and The personal information of your end users who use or interact with your application that you’ve built on EdiNation’s platform, like the people you communicate by way of that application - this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).
EdiNation processes these categories of personal information differently because of the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end-users. How EdiNation Processes Your Personal Information Data protection laws and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.
A processor processes personal information on behalf of a controller based on the controller’s instructions. When EdiNation processes your Customer Account Data, the EdiNation entity with whom you are contracting is acting as a controller.
Broadly speaking, we use Customer Account Data to further our legitimate interests to: understand who our customers and potential customers are and their interests in EdiNation’s product and services, manage our relationship with you and other customers, carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations and help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
While we’re on the subject of Customer Account Data and Customer Usage Data, we’d like to give you a brief summary of the categories of personal information that might be found in the Customer Account Data and Customer Usage Data that we collect from our customers and their end-users, so you can know at a glance what we’re talking about.
We collect and process your personal information: When you visit an EdiNation public-facing website like edination.com, or make a request to receive information about EdiNation or our products; When you contact our Sales Team or Customer Support Team; and When you sign up for an EdiNation account and use our products and services.
We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you send or receive communications through your use of our services. This data might take different forms, and we might use it for different purposes.
Depending on your interactions with us, we might collect the following categories of personal information, and for the following reasons: We collect Identifiers, like your name and contact information (Customer Account Data), when you sign up or use our products or services and to do things like allowing you, user, our products, verify your identity, and communicate with you. We collect Commercial information when we keep track of the services that you purchase from us and our communications history about those services. We collect Financial information, such as your payment information, when you pay for our services. We collect Internet and other electronic activity information, such as communications metadata, as you browse our website or use our services. This metadata may be information about how you browse our websites and what features you use on our service, or it may be your Customer Usage Data as you send communications over the service. We collect Geolocation information when you use our products or services. Depending on the product or service, this could be location based on your IP address, or, based on the cell tower to which a mobile device is connected, or Wi-Fi triangulation,. We collect Professional or employment information, such as your company or employer or your role at your company. If you attend an event or fill out a form or survey with us, we might collect your age, your gender, or other information that counts as characteristics of protected classifications; however, we will only collect those with your knowledge and opt-in consent.
Information You Share Directly: In some places on EdiNation’s public-facing websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, register for an EdiNation event, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your EdiNation use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from EdiNation, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from us. You can also contact our Customer Support Team to communicate your choice to opt-out.
Information We Collect Automatically: When you visit EdiNation websites, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track the performance of our advertisements. In addition, we use tracking technologies to help improve the navigation experience on EdiNation’s websites. We don’t sell this information to third parties, though.
If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.
Information You Share Directly: When you sign up for an EdiNation account with us, you’ll be asked to give us your name, email address, and optionally, your company name, and to create a password. You can also name your account (or accounts, if you have more than one). We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise.
We also use your email address to send you information about other EdiNation products, services or events in which we think you may be interested. You can opt-out of further marketing communications by contacting our Customer Support Team to communicate your choice to opt-out.
When you upgrade your free account, we’ll ask you to provide our payment processor with your payment method information like a credit card or your Paypal account, and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with EdiNation. Your billing address may also be used by EdiNation for tax calculation and audit purposes.
Information We Generate or Collect Automatically. When you sign up for an account with EdiNation, we’ll automatically assign you and your account(s) unique IDs called SIDs and we’ll automatically generate an API token for each of your accounts. These are used as a username and password to make API requests. Instead of using these API tokens, you can provision API Keys, and use your API key for authentication when making requests to our APIs. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.
In addition, when you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.
Note that we also collect the IP address of your devices or servers when you make requests to our APIs. When you use our APIs, we do not collect the information contained in those interactions, only process it.
All information we collect when you sign up for an EdiNation account and interact with the EdiNation account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services. We will also use it, and share it with our service providers, as needed for our operational purposes - such as to do things to function as a business and provide our services to you.
We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third-party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.
EdiNation will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask EdiNation to delete specific personal information from your Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your EdiNation account. Any other requests about your data you cannot make through these self-service tools, you can request by emailing email@example.com or contacting Customer Support.
For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request.
Your end-users’ personal information typically shows up on EdiNation’s platform when contained in the content of communications you (or your end-users) send or receive using EdiNation’s products and services. We refer to this information as Customer Content.
EdiNation Processes and Why We use Customer Usage Data and Customer Content to provide services to you and to carry out the necessary functions of our business as an EDI service provider. We do not sell your end-users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
We do not store any records of your Customer Content in general, unless it is required for debugging or troubleshooting purposes or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse.
Customer Content may also be anonymized, as allowed by law, and we may use data that can no longer identify you or relate to you for our legitimate business needs.
If you later instruct us to delete those records, we will do so. Please note that it may take up to 30 days for the data to be completely removed from all systems.
In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized if the law allows.
We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes unless you ask us to do this or give us your consent to do this. Further, we do not sell your end-users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.
Below are the different scenarios under which we may share your data with third parties.
Sub-processors. We may share Customer Content with sub-processors who assist in providing the EdiNation services, like our infrastructure provider Microsoft.
Compliance with Legal Obligations. We may disclose your or your end-users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If EdiNation is required by law to disclose any personal information of you or your end-user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly.
Other EdiNation Entities. We may share your personal information or your end-users’ personal information within the EdiNation company.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we’ll let you know ahead of time, and any acquirer or successor of EdiNation may continue to process data consistent with this notice.
Aggregated or de-identified data. We might also share data with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your end-users.
When you interact with our Services, you may choose to provide personal health information or health information on behalf of health care providers and related healthcare specialists, professionals, or organizations (“Providers”). We are committed to maintaining the confidentiality of your personal health information, and under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we must take measures to protect the privacy of the protected health information (“PHI”) that we receive from Providers.
HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We may only use and disclose your PHI in compliance with HIPAA and the agreements that we have in place with Providers and others. Please refer to our Business Associate Agreement for more details.
When you use our account portal, or our other products and services, personal information of you and your end-users processed by EdiNation may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.
We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. To protect the confidentiality of your account and protect from unauthorized use of your account, we recommend enabling two-factor authentication for your account. Additionally, you must keep your account password and Auth Token confidential and not disclose them publicly or to unauthorized individuals - this includes accidentally distributing them in a binary or checking them into source control.
Please let us know right away if you think your password or Auth Token was compromised or misused. Similarly, if you provision an API Key, you should keep your secret, well... secret. You should store your API Key Account SID and secret in a secure location.
We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for an EdiNation account. If we discover someone who is underage has signed up for an EdiNation account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for an EdiNation account, please contact us at firstname.lastname@example.org.
We may change our Privacy Notice from time to time. If we make changes, we’ll revise the “Effective” date at the top of this notice, and we may provide additional notice such as on the EdiNation website homepage, account portal sign-in page, or via the email address we have on file for you.
We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.