Cloud Security of Personal Information
We maintain appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. We have implemented the following security technical measures to protect personal information:
- Access controls: We limit access to personal information to only those employees, agents, and service providers who have a need to know and are subject to confidentiality obligations. We also use access controls such as passwords, multi-factor authentication, and role-based permissions to further restrict access.
- Encryption: We encrypt personal information in transit and at rest using industry-standard encryption algorithms.
- Network security: We use firewalls and intrusion detection and prevention systems to protect against unauthorized access to our networks and systems.
- Monitoring: We monitor our systems and networks for security incidents and respond appropriately to mitigate any such incidents.
- Training: We provide regular training to our employees and contractors on information security and privacy best practices.
Physical Security of Personal Information
Physical security measures are an essential component of our commitment to protecting the confidentiality, integrity, and availability of our customers’ information. We have implemented the following measures to ensure the physical security of our facilities and equipment:
- Physical Access controls: Our facilities are equipped with access control systems that restrict entry to authorized personnel only. Visitors must sign in and be escorted by an authorized employee.
- Video surveillance: Our facilities are equipped with video surveillance systems that monitor all areas of the facility, including entrances, exits, and server rooms.
- Environmental controls: We have implemented environmental controls such as fire suppression systems, temperature controls, and humidity controls to ensure that our equipment is kept in optimal operating condition.
- Data center security: We use third-party data centers that provide additional physical security measures, including 24/7 security guards, biometric access controls, and secure cages for our servers.
- Equipment disposal: We have established procedures for the secure disposal of equipment that is no longer in use, including the use of data wiping tools and secure disposal services.
We regularly review and update our physical security measures to ensure that they remain effective and compliant with applicable laws and regulations. If you have any questions or concerns about our physical security measures, please contact us at firstname.lastname@example.org
Retention of Personal Information
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal or regulatory requirements. We have established retention periods for several types of personal information and regularly review and update our retention policies to ensure that we do not retain personal information for longer than necessary.
We may transfer personal information to countries outside the European Economic Area (EEA) and other countries that have not been determined by the European Commission to provide adequate levels of protection for personal information. In such cases, we respond appropriately to ensure that the personal information is adequately protected, such as:
- Standard contractual clauses: We use the European Commission’s standard contractual clauses for data transfers to third countries, which include contractual obligations on the recipient to protect personal information in accordance with EU data protection laws.
- Privacy Shield: For transfers to the United States, we may rely on the Privacy Shield framework, which is a self-certification program that requires participating organizations to meet certain privacy and security standards.
- Other safeguards: We may use other safeguards recognized by relevant data protection authorities, such as binding corporate rules or certification mechanisms.
Data Protection Officer
PRIVAON acts as our Data Protection Officer (DPO) representative in the EU. You can contact the DPO by email at email@example.com or by mail at:
Attn: Incorta Data Protection Officer
00180 Helsinki, Finland
Global Data Rights
- The right to access, update or delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you cannot perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction of processing. In certain cases, you have the right to request that we restrict the processing of your personal information. In this case we will limit our processing of your personal data to only storing it.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time, where Incorta relies on your consent to process your personal information. Note, however, that removing your consent will not undermine the processing of personal data carried out before the consent was withdrawn.
- The right to request a human review. You have the right to request human intervention and review of the decision impacting you in a significant way, and which was made by automated means. Currently there is no automated decision making involved in the processing of your personal data.
California Privacy Rights
Indian Privacy Laws
We comply with the Indian Personal Data Protection Bill (PDPB), which is currently in the process of being enacted. We will update our privacy practices and policies to ensure compliance with the PDPB once it becomes law.
Australia and New Zealand Privacy Laws
We comply with the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020, which regulate the handling of personal information in Australia and New Zealand, respectively. We protect personal information according to the principles set out in these laws.
Saudi Arabia Privacy Laws
We comply with the Saudi Arabian Data Protection Regulations, which were issued by the Saudi Data and Artificial Intelligence Authority in July 2021. We protect personal information according to the principles set out in these regulations.
China Privacy Laws
We comply with the Chinese Cybersecurity Law and the Chinese Personal Information Protection Law, which regulate the processing of personal information in China. We protect personal information according to the principles set out in these laws.
To ensure that our customers have full control over their personal information, we have implemented an opt-in policy for the collection and use of their data. This means we will only collect and use your data for the specific purposes you have agreed to.
When you sign up for our services, we will provide you with clear and concise information about the data that we collect and the purposes for which we will use it. We will ask for your explicit consent to collect and use your data for these purposes and will provide you with the option to opt out at any time.
If you choose to opt out of any data collection or use, we will respect your decision and will not collect or use your data for that purpose. You can change your preferences or withdraw your consent at any time by contacting us at firstname.lastname@example.org
You can further opt-out in our opt-out center here.
Cookies and Similar Technologies
Links to Third-Party Websites
Our website and online recruitment portals may contain links to third-party websites or applications that are not under our control. We are not responsible for the privacy practices or content of such third-party websites or applications. We encourage you to review the privacy policies of those third parties before providing any personal information.
Our website and online recruitment portals are not directed at children under the age of 18. We do not knowingly collect personal information from children under the age of 18. If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us at email@example.com.
Changes to this Privacy Notice
We may update this Employment & Recruitment Privacy Notice from time to time to reflect changes in our privacy practices or legal obligations. We will notify job applicants and employees of any material changes to this notice by email or other means of communication.
If you have any questions, comments, or concerns about this Employment & Recruitment Privacy Notice, or if you would like to exercise your privacy rights, please contact us at firstname.lastname@example.org or submit a DSAR (Data Subject Access Rights) access request by clicking on this form or by mail at:
Attn: Data/Privacy Officer
20813 Stevens Creek Blvd.
Cupertino, CA 95014