External Privacy Statement
Effective Date: 28April2017
Review Date: 28April2018
This privacy statement applies to all personal and client information received by Secure-24, whether in electronic, paper or verbal format, and does not apply to the data collection practices of any third parties, Secure-24 customers, or any entities affiliated with Secure-24. Also, please note that use of Secure-24’s website constitutes acceptance of this Privacy Statement.
Secure-24 Privacy Statement
Protecting privacy is important to Secure-24. Secure-24 its affiliated United States subsidiaries and its wholly owned India subsidiary, (hereinafter collectively referred to as the “Secure-24,” “we,” “us” or “our”) comply with various laws/regulations regarding the protections financial, Personal Information (PI), Personally Identifiable Information (PII) and Protected Health Information (PHI) data.
Secure-24 Land LLC
Secure-24 Subsidiaries LLC
Secure-24, LLC acts in compliance with Federal and applicable state privacy laws, as well as HIPAA, HITECH, Omnibus rule to Protect the Privacy of Personal Health Information (PHI), and the recognized European Union (“EU”)-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Secure-24, LLC is the sole covered entity for the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework.
This privacy statement outlines Secure-24’s general policy and practices, including the types of information gathered, how it is used and the notice of choice affected individuals have regarding our use of and their ability to correct that information. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Data collected by Secure-24:
Secure-24, LLC as a corporate entity handles, stores, protects personnel and human resources data for the purposes of administering and carrying out the employment or personnel relationship for Secure-24 employees and contractors. Human Resources / Personnel Data, may include Personal Identifiable Information (PII), and/or Protected Health Information (PHI), as well as Personal Data / Personal Information (PI).
Secure-24, LLC as a service provider handles, stores, and protects client data, which varies according to the purposes of the business services provided to potential and current clients but often include; marketing and sales client contact data to improve services and / or maintain marketing / client relationship as well as other pertinent business contact data.
Furthermore, Secure-24, LLC as part of the client service relationship, acquires, stores, and transmits customer communications and client information, which clients may regard as confidential, private or sensitive. This client classified data may or may not include, Private Information (PI), Personally Identifiable Information (PII) and/or Protected Health Information PHI. Secure-24 will treat client data according to the client assigned classification.
Personal Information Collected and Methods of Collection-Customers and Prospective Customers
Secure-24 collects the following minimum personal information from individuals authorized by companies, who are our customers, to access and use our services:
• First Name
• Last Name
• Company Name
• Business Email Address
• Business Phone
In addition to the above information, Secure-24 may also collect additional information from either the individual or their employer in order to facilitate communication (e.g. additional phone numbers, time zone the individual is in, etc.) and to identify and provide proof of identity (e.g. PIN numbers, pass phrases, manager’s name, etc.) for the individual.
This information is collected from either the individual themselves or provided to us by their employer.
From prospective customers, Secure-24 collects the following information:
• First Name
• Last Name
• Phone Number
• Title (optional)
During the sales process, Secure-24 may also collect additional information from either the individual or their employer in order to facilitate communication (e.g. additional phone numbers, addresses, etc.). This information is collected from the individual themselves either through the “Contact Us” feature of the Secure-24 web site or correspondence such as a phone call or e-mail.
Secure-24 may also collect additional information from the individual in order to satisfy Export Controls and other regulatory items. Regular scans for employees and Ad Hoc scans of visitors will be conducted to ensure they are not from a Specially Designated Embargoed Nation, a Denied Person or Debarred Party, prior to the individual entering Secure-24 Head Quarters or Data Centers. This information will be collected from the individual or the employer.
Visitors, in accordance to the Secure-24 visitor policy, accessing Secure-24’s offices or Data Centers will have the following information collected:
• First Name
• Last Name
• Country of Residency
During the scanning process the individual may be asked to provide additional information if the above information reveals a match to a person on a watch list such as but not limited to; Specially Designated Embargoed Nation, Denied Persons, Debarred Parties, etc. This information includes:
Data collected will be ephemeral for visitors and is removed from the system after the scanning process is complete. Visitors that will be returning regularly may be entered on a semi-permanent basis into the scan system for a reoccurring scan. This data will be removed if client / visitor requests or if Secure-24 no longer has a business reason to continue the scan for the individual.
Types of Personal Information that may be Collected and Methods of Collection – Vendors, Contractors, and Suppliers
Secure-24 collects the following minimum personal information from individuals who are not Secure-24 employees but require a badge for unescorted access to Secure-24 headquarters (e.g. customers, contractors, vendors, suppliers, etc.) via the “Non-Employee Headquarters Access Form”:
• First Name, Last Name, Middle Initial
• Company Name
• Government Issued ID #
• Company Name
• Company Address
• Company City, State, and Zip Code
• Supervisor or Human Resources Contact
• Supervisor’s Phone
• Supervisor’s E-mail
In addition to the above information, Secure-24 may also collect additional information from either the individual or their employer in order to facilitate communication (e.g. additional phone numbers, time zone the individual is in, etc.) and to identify and provide proof of identity (e.g. PIN numbers, pass phrases, manager’s name, etc.) for the individual. To comply with Export Controls, Secure-24 may retain the information outlined in the above section to facilitate regular scans for Vendors, Contractors, and Suppliers.
The Secure-24 customer portal uses “Session” cookies for storing information about user activities during that browser session so the server can keep track of options the user chose, decide what page they should see next, and otherwise help make the site useful to the user. These session cookies are destroyed when the browser is closed.
Use of Audio, Video, Image, and Teleconference Recording
During the course of business, Secure-24 may create and retain digital recordings or images for specific use cases such as phone calls to the service desk, images for entrance to an office or data center, video recordings of people in the offices or data centers, and teleconference meetings. Secure-24 creates recordings of audio and / or visual information during these events for business purposes of quality assurance, record-keeping / documentation, protection of assets, incident prevention, and / or security / legal / contractual obligations. Data subjects are informed of audio recording in the automated greeting for calls to the service desk. Data subjects are notified of video surveillance and recording through signs posted at the entrances to Secure-24 offices and data centers. Data subjects are notified of teleconference meeting recordings through a flashing “recording in progress” icon, audio announcements, system announcements, or meeting invite messages.
Personal information will be:
1. Used only for the purposes identified in the notice and only if the individual has provided implicit or explicit consent, unless a law or regulation specifically requires otherwise.
2. Retained for no longer than necessary to fulfill the stated purposes, or for a period specifically required by law or regulation. Disposed of in a manner that prevents loss, theft, misuse, or unauthorized access.
Secure-24 acknowledges that individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to PrivacyNotice@secure-24.com. If requested to remove data, we will respond within a reasonable timeframe.
Choice and Consent
Secure-24 shall offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, Secure-24 will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Secure-24 shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. The consequences of not providing consent is the inability of the requestor to access certain information and a lack of exchange of appropriate services between Secure-24 and the requester, which is also subject to terms of any existing agreements between the parties. If there are any additional consequences for refusing to provide personal information or of denying or withdrawing consent to use personal information known to Secure-24, individuals will be informed of this when the personal information is collected.
Onward Transfers / Disclosures to Third Parties
Personal information collected by Secure-24 shall be disclosed to third parties only for the purposes described in the notice, and for which the individual has provided implicit or explicit consent, unless a law or regulation specifically requires or allows otherwise. Secure-24 shall ensure that any third party vendor / sub-contractor for which Personal Information may be disclosed subscribes to the EU-US and Swiss-US Privacy Shield, and third parties who have legal agreements with Secure-24 protect personal information in a manner consistent with the relevant aspects of Secure-24 privacy policies or other specific instructions or requirements and are subject to law providing the same level of privacy protection as is required by the EU-US and Swiss-US Privacy Shield. Secure-24 shall take remedial action in response to misuse of personal information by a third party vendor / sub-contractor to whom the Secure-24 has disclosed such information. Prior to disclosing Personal Information to a third party vendor / subcontractor, Secure-24 shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. In cases of onward transfer to third parties (vendors/subcontractors) of data of EU and Swiss individuals received pursuant to EU-US and Swiss-US Privacy Shield, Secure-24 is potentially liable.
Law Enforcement and National Security Requests
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Secure-24 shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Secure-24 has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Further, Secure-24 requires that employees keep customer information confidential. Secure-24 cautions its customers and website visitors that no medium of communication, including the Internet, is entirely secure. Accordingly, Secure-24 cannot guarantee the security of Information on or transmitted via the Internet and is not responsible for loss, corruption or unauthorized acquisition and use of personal information provided to our website, or for any damages resulting from such loss, corruption, unauthorized acquisition or unauthorized use.
Individuals are responsible for providing Secure-24 with accurate and complete personal information, and for contacting Secure-24 if correction of such information is required. Secure-24 shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Secure-24 shall take reasonable steps to ensure that Personal Information is collected and maintained so that it is accurate, complete, current and reliable for its intended use.
Access to Personal Information (PI, PII, ePHI)
Understandable Personal Information, Time Frame, and Cost
Secure-24 shall, upon request, allow an individual access to their Personal Information for data that is collected by Secure-24. Personal information will be provided to the individual in an understandable form, in a reasonable timeframe, and at a reasonable cost, if any. Requests for Personal Information that is owned by a client will be routed to the appropriate client.
Updating or Correcting Personal Information
Secure-24 shall, upon request, allow individuals to update, correct, amend or delete personal information held and controlled by Secure-24 except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. If practical and economically feasible to do so, Secure-24 shall provide such updated or corrected information to third parties that previously were provided with the individual’s personal information.
Secure-24 shall authenticate the identity of individuals who request access to their personal information before they are given access to that information.
Denial of Access
Secure-24 shall inform individuals, in writing, of the reason a request for access to their personal information was denied, the source of the entity’s legal right to deny such access, if applicable, and the individual’s right, if any, to challenge such denial, as specifically permitted or required by law or regulation.
Statement of Disagreement
Secure-24 shall inform individuals, in writing, about the reason a request for correction of personal information was denied, and how they may appeal.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resource mechanism) as a third party resolution provider.
Secure-24, LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
EU-U.S. and Swiss-US Privacy Shield Framework
Attn: Brian Herr, Chief Security Officer / Privacy Officer
Brian Kaetz, Governance, Controls & Privacy Manager
26955 Northwestern Highway, Suite 200
Southfield, MI 48033
26955 Northwestern Highway
Southfield, MI 48033
Phone: 248-784-1021 ext. 5545
Secure-24 has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
For all types of inquiries or complaints, please click here to download our Privacy Inquiry/Complaint Form, which has convenient fillable fields and further instructions on how to contact us regarding privacy.
Human Resources Data Complaints
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Secure-24, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA and Swiss Data Subjects, a panel established by the EU and Swiss data protection authorities “DPA Panel”. To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Secure-24 agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel.