Information Protection Policy
This Information Protection Policy outlines our commitments to our employees, customers, and to our future regarding how we will handle this information. CTI adheres to personal information protection standards that encompass, without limitation, notice, transparency, purposes, consent, transfer, security, disclosure, access and accountability. Information can be sensitive by its nature (e.g., financial, health, religion or sexual orientation). Certain information may be deemed sensitive due to regulations and industry standards, e.g., geopolitical data protection standards, federal guidelines, or state-based frameworks, such as data breach notice laws or driver’s license privacy acts. Types of sensitive information can include:
- Client information, including, without limitation, business records and employee data
- Government issued identification numbers, financial information, including, without limitation credit cards, salaries, banking, and transactions
- Medical or healthcare information of all types
- Company patents, business plans, and other intellectual property
- Company and client business records and planning materials, including, without limitation, customer list, marketing and sales efforts, and product line plans
- Intellectual property or other proprietary materials, both which our company creates and those which we obtain under license from others
Most of this information resides within our computing infrastructure, including internal computer systems and paper files, as well as within the computing and storage infrastructure of our third-party services providers. Regardless of where the information is located, this information must be properly protected against unauthorized access and disclosure at all times.
The rules by which information is handled are determined by the regulations, our business requirements, and company commitments relating to that type of information and the purposes for which it is collected and maintained. Every employee, vendor, contractor, supplier or vendor, agent or representative of our company must be aware of the significance of the information being handled, and ensure that proper controls are applied to prevent copying, disclosure, or other misuse of the information.
Our company relies upon employees and business partners to properly develop, maintain, and operate our systems, networks, and processes which keep our sensitive information safe and properly used. This means that every person and organization handling our information has the responsibility to keep the information safe, no matter where the information is located. This includes computing systems, networks, paper copies, business processes, and verbal transmission of information.
CTI complies with the US-EU Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. CTI has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/.
These principals include:
CHOICE: CTI will offer individuals the opportunity to choose (opt-out) whether their personal information is: (a) to be disclosed to a third party, or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. CTI will provide individuals with clear and conspicuous, readily available, and affordable mechanisms to exercise choice.
For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), individuals must be given affirmative or explicit (opt-in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt-in choice. CTI will treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.
ONWARD TRANSFER: If CTI wishes to transfer information to a third party that is acting as an agent, it will do so only if it first either ascertains that the third party subscribes to the Principles or is subject to the Directive or another adequacy finding, or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Principles.
SECURITY: CTI Information Security Policies regarding the creation, maintenance, use or dissemination of personal information reflect CTI’s reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY: CTI will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, CTI will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
ACCESS: CTI complies with the U.S.-EU Safe Harbor Framework in connection with individual access rights to personal information. Where applicable, CTI will honor such rights in connection with personal information that CTI holds. Individuals will be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
ENFORCEMENT: CTI designates the ICDR/AAA Safe Harbor program dispute resolution forum. CTI provides this mechanism as recourse for individuals to whom the data relate and are affected by potential non-compliance with the Principles. At a minimum, this mechanism includes: (a) readily available and affordable independent recourse mechanism by which each individual’s complaints and disputes are investigated and resolved by reference to the Principles and damages awarded where the applicable law or private sector initiatives so provide; (b) follow-up procedures for verifying that the attestations and assertions that CTI makes about its privacy practices are true and that privacy practices have been implemented as presented; and (c) obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. For more information regarding the dispute resolution process, click this link: http://www.adr.org.
Commercium Technology, Inc.
Safe Harbor Disputes
Attn: Security Manager
148 Ave. of Two Rivers
Rumson, NJ, USA
CTI has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent dispute resolution mechanism, the ICDR/AAA EU SAFE HARBOR, operated by the International Center for Dispute Resolution. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by CTI, please visit the ICDR/AAA EU SAFE HARBOR web site at www.adr.org for more information and to file a complaint.
We have included a hyperlink to the Safe Harbor website or the corresponding URL (e.g., http://export.gov/safeharbor/).