Privacy Is The Law –

The privacy of your personal information is one of our top commitments and a legal requirement in certain countries where we do business. You may not use our Website if you are not yet 18 years old or are otherwise disallowed from giving your consent freely to these terms and conditions of access. We may not know where you are located or what laws apply in your location so you agree that we will apply the laws where we have our physical office or organizational addresses when we commit to protect your privacy. There are at the moment the following laws with which our Privacy Policy complies –

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) effective in the European Economic Association (EEA); Data Protection Act of 2018 in the United Kingdom (UK GDPR); California Consumer Privacy Act (CCPA) in the State of California (USA); Protection of Personal Information Act of 2013 in South Africa (POPI); Personal Information Protection and Electronic Documents Act in Canada (PIPEDA); Lei Geral de Proteção de Dados Pessoais (General Data Protection Law) of 2018 in Brazil (LGPD).

What Personal Information Do We Gather?

  • Your “data” as used in the Privacy Policy means “any information relating to an identified or identifiable natural person” namely – you. We receive and store any information you enter on the Website or give us in any other manner, such as personal or business details which you voluntarily give us in any other way. We collect your name, personal identifying features, business identifying features, phone number(s), email address, personal and business address, payment information, MAC and Internet Protocol (IP) address of the device used to connect to the Website, and browser or Internet cookie identification. Collectively this personal information is referred to as “data.” We do not gather nor do we control the collection of data by your Internet Service Provider (“ISP”) nor your browser of choice, all of which are controlled by others beyond our influence or control.  Data collection is purely minimal in scale and incidental in purpose and exclusively limited to that necessary to deliver our services.
  • In addition to the data you volunteer through your online interaction we receive and store certain types of information automatically whenever you interact with the Website. For example, like many websites, we use “cookies,” and we obtain certain types of information, like your IP address and your browser type and time zone, when your browser accesses the Website. When you visit our Website we maintain your history with us using Google Web Fonts, Google Analytics, Google Maps, Cookies, and Server Log Files. Tracking pixels or tags, web beacons, clear GIFs, API calls, SDKs, JavaScript and similar technologies are items that can function similarly to cookies or that otherwise assist tracking by collecting certain information about your interaction with us (e.g., counting users who open an HTML-formatted email message, distinguishing visitors and counting pages they visit and authenticating them, etc.,).
  • You may use the Website with or through Internet Service Providers (“ISP”) or a third-party service which links to or directs you to the Website (such as a payment portal, a hyper link on a search engine, or a navigation aid). Automatically we receive periodically some data from these third-party services. You can control what data these services collect from you though we are not organized to assist you in that effort.
  • If you provide your email address or mobile phone number to us then you are consenting to allow us to send information to you from time to time. If you do not want to receive “unsolicited communications” from us, you may manage your communications settings on your side or  we can manage the setting on our side to allow you to “opt out” from our “unsolicited emails”. If you want us to remove you from the “unsolicited communications” list, then please send an instruction to us through the Website “Contact Us” link with the reference line stating “Opt Out”. You will receive a confirming email for security purposes to which you must reply from the same outbound device or MAC address, and then within 24 hours you will no longer receive “unsolicited communications” from us.

Where Personal Information Is Stored?

  • Data is collected and stored in several formats including through in Client Relationship Management (“CRM”) data storage software (such as “Salesforce” https://www.salesforce.com/, Microsoft Dynamics 365 https://dynamics.microsoft.com/, or other CRM or client relationship software); Data is collected by ISP interactions such as Google Web Fonts, Google Analytics, Google Maps, Cookies, and Server Log Files. Data is collected and stored through employment and human resources platforms  (such as Shadowmatch for recruitment, Sage Cloud VIP Premier for payroll, and Microsoft Dynamics  365 Business Central for ERP) when you apply for employment or seek credit enhancements. These three principal sources of collection and storage do not exclude other sources which may become prevalent in the business over time.
  • Please note that you might have more than one “profile” with us if you have interacted with through one of its affiliates, or were “on boarded” to the Website using a different personal identifier(s), email address, or login. If you are seeking access to your data then you must provide the profile you used on the Website.
  • Your data is stored in the “cloud” which commonly means it is stored in one or more countries on storage devices connected to the World Wide Web though encrypted and accessed only through Multifactor Authentication (MFA) and other cyber security protocols. To the extent that your data is stored in a location outside the European Economic Area (“EEA”) there are laws offering different (in method and magnitude) protections for your data, and the EEA requires your express consent to that storage arrangement. In particular, the European Union General Data Protection Regulation (“GDPR”) requires us to inform you that “the United States of America does not protect your data in the same manner as that same data is protected inside the EEA.” Nonetheless, you expressly consent to the storage arrangement we have implemented when you provide data to us.

What Is the Purpose of Data Collection?

  • Data is required in order to transact in business and deliver services to you at your request. We use the data to provide and improve the Website, using technical information to help us identify your specific device, and link that device to your profile which aids in fraud prevention.
  • Data is required for law enforcement purposes. You must provide sufficient data to satisfy the “Know Your Customer” (“KYC”) and Financial Intelligence Center(re) Act (“FICA”) obligations of the Company as applicable under the relevant law enforcement and regulatory obligations. Unless otherwise excluded, then the data must be sufficient to comply with the European Union sanctions regimes https://www.eeas.europa.eu/eeas/european-union-sanctions_en including sanctions against persons, groups and entities, https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en . The United Kingdom sanctions regimes apply including the Sanctions and Anti-Money Laundering Act 2018 (the Sanctions Act) and under other UK legislation such as the Export Control Order 2008 and the Anti-Terrorism, Crime and Security Act 2001. https://www.gov.uk/government/collections/uk-sanctions-regimes-under-the-sanctions-act; S. Department of the Treasury, List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (the “CAPTA List” formerly the “Part 561” list); the U.S. Department of the Treasury Office of Foreign Assets Control (“OFAC”) which publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country specific. Collectively, such individuals and companies are called “Specially Designated Nationals” or “SDNs”; (including the Foreign Sanctions Evaders List, the List of Persons Identified as Blocked Solely Pursuant to E.O. 13599, the Non-SDN Iran Sanctions Act List, the Sectoral Sanctions Identifications List and the Non-SDN Palestinian Legislative Council List).

Do We Share the Data We Receive?

  • We do not sell or share your data except with our subsidiaries or implementing partners or third parties providing services at your request. Anyone with whom we share your data are either subject to this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy.
  • We employ other companies and individuals to perform functions on our behalf. Examples include delivering packages, providing marketing assistance, processing payments, and providing customer service. They have access to only that part of your data needed to perform their functions but may not use it for other purposes. As we continue to develop our business, we might change our business form, acquire subsidiaries, or develop other business units under our control. In such transactions, your data along with more broadly our general data is usually one of the business assets involved. We will require in any such transaction that your data remains subject to the terms and conditions of this Privacy Policy at all times. Occasionally, we release your data to third parties when we believe the release is appropriate to comply with the law; enforce or apply our GTCs, and to deliver the services you requested or to comply with other agreements with you. This discretionary release includes exchanging information with other companies for fraud protection and credit risk reduction.

How Secure Is Information About Me?

  • Your data is stored in the “cloud” on platform(s) maintained by reputable companies in the business of data storage, subject the national laws of the jurisdictions where the companies do business, and consistent with service contracts executed by us with these companies. That data is accessed by us using individual devices connected to the Internet and/or connected to a Local Area Network (LAN) which is connected to the Internet in turn providing access to your data on our workstations and our devices under the authority and control of us. Your data is encrypted when stored on the cloud, when moving to, from, and between the cloud and these data connections. All of our data access points are protected by Multifactor Authentication (MFA).
  • Professional information security companies manage and monitor our storage of your data, periodically upgrade our security protocols and tools, and alert us in the event of any type of data “loss” caused by a security failure. In the event of a “data breach” (a security failure causing the loss of control of your data by us) we will notify you within 72 hours of when we learn of our own data breach, advise you of our corrective actions, and recommend to you any appropriate course of reaction.
  • We have an Information Officer (reached through our “Contact Us” link) whose responsibilities include implementing our Privacy Policy and Cyber Security Policy. The ISO/IEC 29151 guidelines are the baseline for our technical and organizational measures used to safeguard your data. We use best practices and change our practices periodically to reflect the changing standards. We account for any workstations and portable devices where access to our data storage portals is taken, and we have the capacity to instantly prevent access from same if a threat of a security event arises. If you have reason to believe that your data has been subject to a “data breach” (regardless of how) then you have an obligation to notify us immediately so we may take steps to prevent or address a “data breach” even if you do not suspect that we are the cause of the event. Security is a team effort in the modern world of cybercrime and you must do your part.
  • You remain responsible for your own cyber security and the data which you store on your own devices, including your obligation to use best practices to safeguard your own devices.

Your Rights & Your Data?

  • You have several “rights” as it relates to your data and us. First, you have the right to know and inspect what “personal information” of yours we have in our data collection (such as your name, address, and email address). We may not be able to show you any types of data held by the online hosts, nor the data which is stored on your own devices (such as cookies). Second, you have the right to have us repair, correct, or remove any “inaccurate” data points. Third, you have the right to restrict how we use your data, object to being “profiled” using your data, or to have your data “forgotten” (erased) entirely by us (to the extent the law allows). We can remove your “personal information” but only to the extent that removal doesn’t impair our ability to comply with the applicable laws (such as retaining information to demonstrate to law enforcement our KYC). We can request our data security service to make anonymous any of your data that they can locate using your user identification, profile, or login details but cannot erase. Fourth, you have the right to receive your data which we hold in a “portable” format (such as on a USB stick in a machine readable format). Fifth, you may ask to be informed if we use your data to “profile” you and ask to be informed about what that profiling means, and to object to being “profiled.” We do not use artificial intelligence to profile you, make decisions which have an effect upon you, and if you suspect such conduct you may contact us directed (below) in order to address any such actions.

Contact Us About Privacy –  

 

(Last updated August 12, 2022)