Confidential data is typically the data that holds the most value to a company. Often, confidential data is valuable to others as well, and thus can carry greater risk than general company data. For these reasons, it is good practice to dictate security standards that relate specifically to confidential data.
The purpose of this
policy is to detail how confidential data should be handled. This policy lays
out standards for the use of confidential data and outlines specific security
controls to protect this data.
The scope of this policy covers all company-confidential data, regardless of location. Also covered by the policy are hard copies of company data, such as printouts, faxes, notes, etc.
In the course of a Client's engagement with our Services we will collect and/or receive the following types of information. You authorize us to collect and/or receive such information.
(a) Personal Information. We only receive or collect information that identifies you personally if you choose to provide such personally identifiable information to us via email or other means. When you sign up to become a client or contact us, you will be required to provide us with personal information about yourself (collectively, the "Personal Information"). Such Personal Information may include your name, e-mail address, physical address, and phone number. We do not collect any Personal Information from you when you become a Client unless you provide us with the Personal Information voluntarily.
(c) Automatically Collected Information: We automatically collect certain information about you and device with which you access the Site. For example, when you use the Site, we will log your IP address, operating system type, browser type, referring website, pages you viewed and the days/times when you accessed the Site. We may also collect information about actions you take when using the Site, such as links clicked.
(i) Cookies: We may log information using cookies, which are small data files stored on your browser by the Site. We may use both session cookies, which expire when you close your browser, and persistent cookies, which stay on your browser until deleted, to provide you with a more personalized experience on the Site.
(e) Other Information. In addition to the Personal Information and Payment Information, we may automatically collect or receive additional information regarding you and your use of the Services. Such Other Information may include:
(i) Additional information about yourself that you voluntarily provide to us, such as your gender and your product and service preferences.
(ii) List of Contacts for the following purposes, without limitation; retargeting, appointment setting, and email marketing
5.0 How Information is Used, Stored and Shared
(a) You authorize us to use the Personal Information, Log-In Information, Payment Information and the Other Information (collectively, the "Information") to:
(i) provide and improve our Services;
(ii) solicit your feedback; and
(iii) inform you about our products and Services.
(b) Information must be removed from desks, computer screens and common areas unless it is currently in use. Physical information should be stored under lock and key (or keycard/keypad), with the key, keycard or code secured. Digital information should be stored within Microsoft Teams and Hubspot under multi-factor authentication.
(c) Information must not be 1) transmitted outside the company network without the use of strong encryption, 2) left on voicemail systems, either inside or outside the company's network
(d) In addition to our direct collection of Information, our third-party service vendors (such as credit card companies, clearinghouses and banks) who may provide such services as credit, insurance and escrow services may collect this information from our Clients. We do not control how these third parties use such information, but we do ask them to disclose how they use personal information provided to them from Clients. Some of these third parties may be intermediaries that act solely as links in the distribution chain, and do not store, retain, or use the information given to them.
(e) Personal Information about Clients may be shared with other Clients who wish to evaluate potential transactions with other Clients, our affiliated agencies and third party vendors. We also offer the opportunity to "opt out" of receiving information or being contacted by us or by any agency acting on our behalf.
(g) Third-Party Use of Personal Information: We may share your information with third parties when you explicitly authorize us to share your information. As stated above, the Company may use third-party service providers to service various aspects of our Services. Each third-party service provider's use of your personal information is dictated by their respective privacy policies. The Company currently uses the following third-party service providers:
(ii) MailChimp, Constant Contact and HubSpot
(iv) JotForm and Google Forms
(v) LinkedHelper and DuxSoup
(vi) Microsoft Teams
(vii) Google Drive and DropBox
(x) Schedule Once/Once Hub
At this time, your Personal Information is not shared with any other third-party applications. This list may be amended from time to time in our sole discretion.
6. Accessing and Modifying Information and Communication Preferences. If you have provided us any Personal Information, you may access, remove, review, and/or make changes to the same by contacting us as set forth below. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any of our marketing e-mails. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. You cannot opt out of receiving transactional e-mails related to the Services (e.g., requests for support, recaps and reports).
7. How We Protect Your Information. We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such Information, nor can we guarantee that the Information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
(a) Information we receive about Contacts from our Clients: A Client may provide Personal Information about Contacts to us through our Services. Personal Information includes, without limitation, name, email address, address, or telephone number. Contacts may have the opportunity to update some of this information by electing to update or manage preferences via an email received from the Client
(b) For the purposes of our Ugly Leads Program if a Contact requests to not be contacted, the Company will remove the Contact from the Distribution List and notify the Client to remove the Contact from their Distribution Lists
(a) Compliance Measurement - The Hyperchat Social team will verify compliance to this policy through various methods, including but not limited to, business tool reports, and internal and external audits
(b) Exceptions - Any exception to the policy must be approved by the Hyperchat Social team in advance
(c) Non-Compliance - An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employement
"Client" is a person who has subscribed to and is paying for any of our Services
"Contact" is a person a Client may contact through our Services. In other words, a Contact is anyone on a Client's Distribution List about whom a Client has given us information or is anyone who has otherwise interacted with a Client via the Services. For example, if you are a Client, a subscriber to your email marketing campaigns or a visitor to your Website or Landing Page would be considered a Contact.
"Distribution List" is a list of Contacts a Client may upload or manage on our platform and all associated information related to those Contacts (for example, email addresses.)
"Personal Information" means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, email address, gender, occupation, or other demographic information