Updated last on March 16, 2023
This policy establishes and communicates the key principles CypherCrescent Information Technology Services follows in protecting the personal information that it collects. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case CypherCrescent Information Technology Services will comply with the local legal requirements.
Data Subject is any individual about whom CypherCrescent Information Technology Services holds personal data.
Personal data is any information that allows an individual to be identified directly or indirectly (e.g., name, date of birth, title, address, telephone number and email address).
Sensitive personal data is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to a data subject (e.g., racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, and physical or mental health conditions). Personal data and sensitive personal data are collectively referred to as "personal information."
CypherCrescent Information Technology may referred to as CITS in this document
Collecting and Processing Personal Information
CypherCrescent Information Technology Services collects and processes personal information that is necessary for legitimate business purposes, which will be disclosed to the data subject at the time of collection. CypherCrescent Information Technology Services will use and process this information only for the purposes for which it was collected, retaining the personal information only for so long as is required for the specific purpose for which the information was collected.
CypherCrescent Information Technology Services will not collect sensitive personal data except when permitted or required to do so by law, and will do so only for legitimate business purposes. If in any other instance a need arises to collect sensitive personal data, CITS will do so only with the data subject's express consent, which can be withdrawn at any time.
CITS will not sell, disclose or rent personal information for direct marketing purposes.
Transfer of Personal Information
CITS may transfer the personal information outside the data subject's home country when:
- it has the consent of the data subject.
- it is necessary or appropriate as permitted by law to do so because it is relevant to CITS dealings with the data subject.
- it is required by law.
CITS will implement reasonable measures to protect the security and confidentiality of personal information and provide an adequate level of protection in each of the locations where the information is transferred.
In limited circumstances, CITS may disclose personal information to a third party who is providing a service to CypherCrescent. CITS will only disclose personal information if the third party has provided satisfactory assurances to CITS of its ability to provide appropriate and sufficient data privacy and security safeguards to protect the personal information from unauthorized disclosure, use or loss. Where CITS learns that a third party is using or disclosing personal information in a manner contrary to this policy, CITS will take reasonable steps to discontinue such use or disclosure.
Disclosures to third parties will be only for the purposes described in this policy, for a compatible purpose, or for a purpose authorized by the data subject.
Choice and Options
CITS gives data subjects the opportunity to choose not to have his or her personal information transferred to third parties for use in a manner incompatible with the purpose for which it was originally collected. An employee may not opt out of the transfer of his or her personal information to a third party if it is being conducted for the purpose of:
- meeting applicable legal requirements, or
- furthering the legitimate employment relationship with CITS. Prior to transferring sensitive personal data for use in a manner incompatible with the purpose for which it was originally collected, explicit (opt in) choice will be sought.
Security of Personal Information
Only authorized colleagues with a valid, work-related need may access a data subject's personal information. In the event of a data breach, CITS will issue breach notifications as may be required under applicable law.
Data Subject Rights
While personal information is maintained by CITS, a data subject may access the information pertaining to him/her to the extent required by local law to review, update and correct inaccuracies; To do so, the data subject should contact CITS. Additionally, a data subject may ask CITS to correct, update, supplement or delete personal information held on him/her.
CITS may, in its discretion, charge a reasonable, cost-based fee for access or photocopying of this information. For security purposes, CITS may require verification of identity before providing access to personal information.
Changes to this Policy