Last Update March 1, 2016
Personal Data Needs protection
Sometimes we will collect or you will store Personal Data in the Service. “Personal Data” means any of Your data relating to a natural identifiable person, whether the person identified is an employee, employee family member, applicant, consumer, customer, company, partner, potential partner, or other individual and expressly includes Your current and former customers and Your current or former personnel. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
We recognize that Personal Data is a different than other types of data and requires more rigorous protection practices.
Privacy Laws. We monitor and obey applicable laws, regulations and best industry practices, including those relative to privacy.
You Own Your Data. We do not acquire any ownership or other intellectual property rights to Your Personal Data, except only to the extent strictly necessary for us to perform Our obligations under the Agreement, or as otherwise required by law. We will not otherwise use or modify the Personal Data, merge it with other data or information, commercially exploit it, disclose it or take any other actions that may in any manner adversely affect the integrity, security or confidentiality of such Personal Data, other than for purposes of performance under the Agreement or as otherwise directed by You in writing. No systems or Personal Data may be reproduced in any form by any means, whether electronic, mechanical or otherwise, including information storage and retrieval systems, without prior written permission from You and then only for use for the purpose for which We are given access under your Service subscription.
Delineation and Identification of Personal Data. We will take all commercially reasonable steps and implement all appropriate processes to delineate and identify Personal Data for special handling within Our organization.
Restricted Access. We will ensure that Personal Data will be accessible only by authorized employees, officers, directors, agents, contract workers and others who have a legitimate business need to access such information, with suitable user authentication, sign-on and access controls.
Encryption of Personal Data – Transmission. When Processing Personal Data, connections to Your computing environments and any other transmission via data transmission services or using the Internet will be protected using any of the following cryptographic technologies: IPSec, SSL, SSH/SCP, PGP, or other technologies that provide substantially similar or greater levels of security. Encryption algorithms will be of sufficient strength to protect data to commercially reasonable security levels and We will utilize industry recognized hashing functions. Transmission may not use any cryptography algorithms developed internally by or for Us.
Encryption of Personal Data – Storage. Storage, back-up or other retention of Personal Data at rest will be protected using one or more of the encryption technologies approved for data transmission.
Data Segregation – Virtual. Maintaining capability to segregate and isolate Personal Data and disable functionality of applications using it, so it can be returned upon request by Your or in the event of a Security Incident.
Data Segregation – Physical. Physically and electronically segregating Your Personal Data by logically isolating it from third party and Our internal information, and deploying suitable application controls, firewalls, air-gaps or private circuits so that Personal Data will not be commingled or corrupted by data from other sources. Data Transfer to and From Third Parties Outside of Originating Country. We shall ensure that no Personal Data (or any other data if restricted by law) is transmitted or permitted to be accessed from outside the country of its origin without determining requirements of and complying with the Privacy Laws in the originating and destination countries.
Periodic Adjustment. We regularly monitor, evaluate, and adjust, as appropriate, its policies and process in light of any relevant changes in applicable law and regulations, technology, internal or external threats.
System Changes. We will not knowingly make any system change that may adversely affect the security of the system or the security of Your data.
Third Parties. We will contractually require all third parties, including subcontractors, with access to Your data to adhere to this and our other policies and terms and conditions regarding data handling and protection, including without limitation, the confidentiality obligations. Only third parties with a business need-to-know will be provided with access to Your Information.
Notification of possible breaches. Should you become aware of a security breach, or the possibility of one, in ConceptShare or a system you have integrated with ConceptShare, you must notify us immediately via firstname.lastname@example.org.
We will occasionally update this policy to reflect customer feedback, changes in Our Services, and updates to applicable laws and regulations. When we post changes to this policy, we will revise the “last updated” date at the top of the statement. Once published, the updated policy will be effective and become Our policy, replacing and superseding the old policy.