Datanetiix Privacy Policy Overview

Description

Our Privacy Policy explains data collection, usage, sharing, security, user rights, and compliance to protect your personal information.

Introduction

Welcome to our privacy policy.

This page provides a comprehensive overview of how we collect, use, and protect your personal information, ensuring our practices comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We are dedicated to handling your personal data with the highest level of care and only for the purposes outlined in this policy. We have strong security measures in place to protect your information from unauthorized access and misuse. For more details on our data practices and your rights, please review the full privacy policy or contact us directly.

Types of Personal Information We Collect

We gather various types of personal information to enhance your experience and provide you with personalized services that are tailored to your needs and requirements. Here’s a detailed breakdown of the categories of personal information we collect:

• Identifiers: This includes fundamental details like your name, email address, phone number, and technical data such as your IP address. We also track your interactions with our website, including page visits and views, to better understand your engagement with our content.
• Personal Information under California Law: In line with the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), we collect contact details (e.g., your name and email address) and payment information needed to process transactions.
• Commercial Information: We gather information about the products or services you purchase or consider, which helps us customize recommendations and offers to suit your interests.
• Internet and Electronic Network Activity Information: This covers your browsing history, website interactions, and other electronic activities, helping us analyze usage patterns and improve our website.
• Geolocation Data: We may collect data about your geographic location to provide location-based services and relevant content.
• Inferences: We may create a profile based on the collected data to better tailor our content and services to your preferences and characteristics.

We collect personal information for following purposes:

• To Provide and Personalize Our Services: We use your data to offer customized experiences and ensure our services align with your needs and preferences.
• To Communicate with You: We use your contact details to update you on news, offers, and other relevant information about our services.
• To Process Transactions: Your information is essential for securely completing and managing transactions.
• To Improve Our Website and Services: We analyze data to enhance our website’s functionality and user experience.
• To Comply with Legal Obligations: We use your data to meet applicable legal and regulatory requirements.

Disclosure of Personal Information

We may share your personal information with third parties for various business purposes, including:

• Service Providers: We disclose information to trusted partners who assist with website operations, transaction processing, and service delivery.
• Authorized Third Parties: We may share your information with third parties that you or your authorized agents have specifically allowed.
• Legal Entities: We may release information to comply with legal obligations, enforce our policies, or protect our rights.

Your Rights Under GDPR and CCPA

You have specific rights regarding your personal information under GDPR and CCPA:

• Right to Access: You can request access to the personal information we hold about you and understand how it is used.
• Right to Rectification: You may request corrections to any inaccurate or incomplete personal information.
• Right to Erasure: You can ask us to delete your personal information when it is no longer needed or if you withdraw your consent.
• Right to Data Portability: You can receive your personal information in a structured, commonly used format and transfer it to another organization, if possible.
• Right to Opt-Out (CCPA only): Under CCPA, you can opt-out of having your personal information sold to third parties.
• Right to Non-Discrimination (CCPA only): We ensure that exercising your CCPA rights will not result in unfair treatment or denial of services.

Exercising Your Rights

To exercise your GDPR or CCPA rights, please contact us using the details provided below.

Verification Process

For security reasons, we may need to verify your identity before processing your requests to ensure that personal information is only handled by authorized individuals.

Scope of Data

Data shall be considered to include: (a) any notes, analyses, compilations, studies, interpretations, memoranda, or other documents that are prepared by the Recipient or its Representatives, which contain, reflect, or are based upon, either wholly or partially, any data provided by the Disclosing Party; and (b) the existence or status of, and any information related to, discussions between the parties about potentially establishing a business relationship.

Data Handling

The Recipient and its Representatives are required to use the Disclosing Party’s data exclusively for the purposes outlined in this agreement. The data must not be used for any other purpose without the Disclosing Party’s prior written consent. The Recipient and its Representatives must maintain the confidentiality of the data and are prohibited from disclosing it, except in the following circumstances: (i) with the Disclosing Party’s prior written consent; and (ii) to Representatives who need access to the information for the stated purposes and are made aware of the confidential nature of the information and the terms of this agreement.

Incident Management

The Recipient bears responsibility for any breaches of this agreement by its Representatives. The Recipient agrees to take reasonable measures, at its own expense, to prevent unauthorized disclosure or misuse of the Data by its Representatives.

Policy Communication

Data disclosed orally or visually, or in writing without a designated proprietary stamp or legend, will still be considered as data if the Disclosing Party provides a written document within thirty (30) days of the disclosure. This document must describe the information, reference the location and date of the initial disclosure, and list the employees or officers of the Recipient to whom the information was disclosed.

Contact Us

For any questions, concerns, or requests related to our privacy policy or the processing of your personal information, please reach out to us at privacy@datanetiix.com.

Updates to Our Privacy Policy

We may periodically update this privacy policy to reflect changes in our data processing practices or legal requirements. Any significant changes will be communicated to you as required by law.

HR Data Privacy Policy

In the HR Data Privacy Policy, the term “Data” refers to all trade secrets, confidential information, or data explicitly designated as such by the Disclosing Party. This designation is typically made in writing, either through a formal letter or by using an appropriate proprietary stamp or legend at the time the information is disclosed. This encompasses various types of data, including personal data, sensitive data, and stakeholder data, among others. The purpose of defining such data is to establish clear boundaries and objectives for a data privacy framework, ensuring all parties involved understand what constitutes protected information and how it should be handled.

Datanetiix - Data Privacy Framework

A Data Privacy Framework (DPF) establishes guidelines for the collection, storage, and handling of personal information. It guarantees compliance and adherence to legal requirements, safeguards user privacy, and reduces risks. Elements include data management, user consent, security protocols, and transparency to reconcile operational demands with individual rights.

1. Introduction

This Data Privacy Framework outlines the principles and practices for managing personal information within our organization. It aims to ensure the responsible handling of data, protect individual privacy rights, and comply with all relevant data protection laws and regulations.

2. Scope

This framework is applicable to all employees, contractors, partners, and third parties who access, process, or handle personal data on behalf of the organization. It covers all activities related to data collection, processing, storage, and disposal.

3. Data Collection

• Purpose Limitation: Personal data will be collected solely for specific and legitimate purposes. The goals of data collection will be clearly defined and communicated to individuals prior to data collection.
• Transparency: Individuals will be informed about what data is being collected, the purpose of collection, and how it will be used. Clear, understandable, and accessible privacy notices will be provided.
• Consent: Explicit consent will be obtained from individuals before collecting their data, as required by law. The consent process will be transparent, and individuals will have the right to withdraw their consent at any time.

4. Data Usage

• Data Processing: Personal data will be processed in a fair, lawful, and transparent manner. It will be used only for the purposes for which it was collected and in line with individuals' expectations.
• Access Control: Access to personal data will be limited to authorized personnel who need it for their roles. Access rights will be assigned based on job responsibilities and reviewed regularly.
• Data Sharing: Personal data will be shared with third parties only when necessary for business purposes. Safeguards, such as data protection agreements or contracts, will be in place to ensure third parties adhere to our data privacy standards.

5. Data Storage and Security

• Data Protection: Personal data will be secured through appropriate technical and organizational measures, including encryption, secure servers, firewalls, and regular security updates to prevent unauthorized access, breaches, and data loss.
• Data Retention: Personal data will be retained only as long as necessary to fulfill the purpose for which it was collected or as mandated by law. Procedures for the secure deletion or anonymization of data will be implemented once it is no longer needed.

6. Data Access and Correction

• Individual Rights: Individuals have the right to access their personal data, request corrections, and, where applicable, request the deletion or restriction of their data.
• Request Procedures: A clear procedure will be established for submitting and handling requests for data access and correction. Requests will be processed promptly and in compliance with legal requirements.

7. Compliance and Monitoring

• Audits and Assessments: Regular audits and risk assessments will be conducted to ensure adherence to this framework and relevant data protection laws. Any identified issues will be addressed promptly to mitigate risks.
• Training and Awareness: Ongoing training will be provided to all employees and relevant stakeholders, covering data protection principles, security practices, and legal obligations related to data privacy.

8. Review and Updates

• Framework Review: This framework will be reviewed periodically to ensure its continued effectiveness and relevance. Changes in laws, technology, and business practices will be considered in the review process.
• Continuous Improvement: Mechanisms for gathering feedback from employees and stakeholders will be established. The framework will be updated based on feedback and evolving best practices to continuously enhance data privacy practices.

9. Accountability and Governance

• Data Privacy Officer (DPO): A Data Privacy Officer or equivalent role will be appointed to oversee compliance with this framework. The DPO will be the point of contact for data privacy issues and will ensure consistent application of data protection practices across the organization.
• Responsibility: All employees, contractors, and third parties are responsible for understanding and adhering to this framework. Managers and supervisors are accountable for ensuring their teams comply with data privacy policies and procedures.

10. Incident Management

• Breach Response: Procedures for managing data breaches will be established, including protocols for detection, reporting, and response. Affected individuals and relevant authorities will be notified as required by law in the event of a breach.
• Incident Documentation: All data breaches and incidents will be documented, analyzed, and reviewed to prevent recurrence and improve response measures.

This Data Privacy Framework is designed to protect personal data, ensure legal compliance, and uphold the trust of individuals and stakeholders. It reflects our commitment to data privacy and serves as the foundation for our data protection practices.

Datanetiix Solutions, Inc. (Datanetiix) complies with the HR and Non-HR data / Personal data EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Datanetiix has certified to the U.S. Department of Commerce that it adheres to the HR and Non-HR data / Personal data EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Datanetiix has certified with the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov .

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Datanetiix commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to PrivacyTrust, an alternative dispute resolution provider based in the United Kingdom. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://privacytrust.com/services/data-privacy-framework/dispute-resolution/ for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.

Datanetiix is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC). We are committed to addressing any concerns about how we collect or use your personal information. If you are an EU or UK individual with questions or complaints about our handling of personal data under the EU-U.S. and Swiss-U.S. DPF and its UK extension, please contact us at privacy@datanetiix.com. We will strive to resolve your issue promptly.

As a final option, and in specific circumstances, EU, Swiss, and UK individuals may seek redress through the DPF Panel, a binding arbitration alternative.

When transferring data of EU, Swiss, and UK individuals to third parties under the EU-U.S. DPF and the UK extension, Datanetiix remains accountable.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Datanetiix commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources and personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship. Individuals from the EU and UK have the right to access their personal data. Upon request, we will provide access to your personal information and take reasonable steps to correct, amend, or delete any inaccurate or incomplete data.

Datanetiix offers individuals the choice to opt-out of having their personal information disclosed to third parties or used for purposes other than those for which it was originally collected or authorized. To exercise these rights, please contact us, via email, at privacy@datanetiix.com.

We will retain personal data processed on behalf of our customers, if necessary, to provide our services. Additionally, we will retain and use this data as needed to meet legal obligations, resolve disputes, and enforce agreements.