IT Security protects information assets which, like other important business assets, have value to an organization and consequently need to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. Information security is characterized here as the preservation of:
- Confidentiality: Ensuring that information is accessible only to those authorized to have access.
- Integrity: Safeguarding the accuracy and completeness of information and processing methods.
- Availability: Ensuring that authorized users have access to information and associated assets when required.
Many forms of internal, client and partner proprietary information are stored within Flexware information processing facilities and must be considered confidential. Flexware staff will have access to systems and resources that will potentially have access to proprietary information. Flexware staff are responsible for ensuring that all proprietary information is protected from disclosure or modification.
When dealing with proprietary information, Flexware uses the following guidelines:
- Ensure appropriate measures are in place for protecting proprietary information.
- Do not attempt to access proprietary information for which you have not been given authorization.
- Do not make copies of proprietary information unless specifically permitted by the owner of the information.
- Refrain from disclosing to third parties the types of proprietary information that can be accessed.
Client data is shared with Flexware staff and must be considered confidential unless otherwise specified. In the course of supporting a client, viewing client data may be required but not obvious to the client. In such cases, the client must be advised and their consent must be first obtained. Specific client agreements and contracts override this global policy and should be controlled by appointed account management resources.
When assisting clients, Flexware uses the following guidelines:
- Use and disclose the client’s data only to the extent necessary to perform the work required to assist the client. Particular emphasis should be placed on restricting disclosure of the data to those persons who have a definite need for the data in order to perform their work in assisting the client.
- Do not reproduce the client’s data unless specifically permitted by the client.
- Refrain from disclosing a client’s data to third parties unless written consent is provided by the client.
- Return or deliver to the client, when requested, all data or copies thereof to the client.
Vendors, Consultants, and Other Third-Party Service Providers
We may share your data with third-party vendors, service providers, contractors or agents who perform services with us or for us or on our behalf and require access to such information to do that work. Examples include but are not limited to: payment processing, data analysis, email delivery, hosting services, customer service, event coordination, and marketing efforts.
To maintain the integrity and availability of information processing and communication services, routine procedures shall be established for carrying out a backup strategy. Monitoring the equipment environment, logging events and faults, and routine assessments of the backup strategy are expected functions of the strategy.
Backup copies of essential business information and software shall be taken regularly. Adequate backup facilities shall be provided to ensure that all essential business information and software can be recovered following a disaster or media failure. Backup arrangements for individual systems must be regularly tested to ensure that they meet the requirements of business continuity plans.
Flexware has or will continue to implement the following controls:
- Regular backups must be performed.
- Backup schedules and retention periods shall be sufficient to meet business needs for recovery.
- Backups must minimally allow for recovery in the event of a disaster.
- Backups must be periodically tested. Backup strategy must be in compliance with the Disaster Recovery policy.
In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
(a) the right to access; (b) the right to rectification; (c) the right to erasure; (d)the right to restrict processing; (e)the right to object to processing; (f) the right to data portability; (g)the right to complain to a supervisory authority; and (h)the right to withdraw consent.
You have the right to confirmation whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can obtain a copy of your personal data retained by us by emailing BUSINESS.MANAGER@FLEXWAREINNOVATION.COM.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can request correction of your personal data retained by us by emailing BUSINESS.MANAGER@FLEXWAREINNOVATION.COM.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. You can request erasure of your personal data by emailing BUSINESS.MANAGER@FLEXWAREINNOVATION.COM.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
To the extent that the legal basis for our processing of your personal data is:
(a)consent; or (b)that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us at BUSINESS.MANAGER@FLEXWAREINNOVATION.COM.