Information Security Audit Summary
During each assessment, the ISA identified that Client Savvy has been proactive in addressing information security controls and processes. Interview sessions with key members of Client Savvy indicated a willingness and desire to continue strengthening the organization’s security posture.
Demonstrating good corporate governance puts an organization in a position of strength when managing stakeholder relationships, acquiring new business while maintaining customers. The principle of accountability provides trust through robust and transparent data protection activities. Upon the November 2020 follow-up assessment, it was determined Client Savvy has addressed gaps in the initial assessment. The firm will continue to engage with the ISA to address gaps that occur over time.
This policy covers any services being provided by the Company as a part of the online platform.
Privacy Principles we follow:
The company will ensure that all personal data that it holds will be:
2.1 Types of information we collect
When you visit our website(s), we may collect personal data from you in order to allow us to provide certain services to you such as responding to your questions or providing general marketing information to you and for you such as one and one-to-many marketing of products and events to your customers and prospects. We will use this data in connection with your visit to our website(s).
You may, for example, provide us with your personal data when you:
If we use your personal data for any other purposes, we will provide you with a separate notice.
The personal data we collect from you includes your name, email address, the company for whom you work, company address, telephone number, the country where you live, and dietary requirements for registrations to attend a Company hosted or sponsored event.
We may also automatically collect data about you, such as technical information about your computer or internet browser. Data may also be collected about you indirectly through monitoring activities that will be conducted by or on our behalf in accordance with relevant legislation or regulatory requirements (for example, monitoring e-mails that we receive from you or recording telephone calls when you contact us).
We will process your personal data for the purposes listed above on the basis of one or more of the following:
2.2 How we collect your information
Purposes of collection of personal information:
The company collects information in different ways. Directly from you or from your company. For example, when you:
2.2.1 Collection of personal data by automated means
Information that is passively collected:
Cookies and Similar Technologies
Mobile Device Unique Identifier
Strictly Necessary Cookies
Analytics or Performance Cookies
Targeting or Advertising Cookies
2.3 How we use your information
The following are the examples of how we may use your information for the legitimate interest of our business which includes:
2.4 How we share your information
We operate globally and, like many businesses, we operate back-office IT functions. From time to time, we may also need to transfer your personal data to third parties in other countries where we do business or have a service provider. Such countries may not have the same data protection laws like the USA or European Union or the country in which you reside.
When transferring your personal data, we will take all appropriate steps to provide an adequate level of protection for your personal data in accordance with relevant legislation. These steps may include exercising audit and inspection activities in respect of the actions of those third parties in connection with the use of your personal data.
If at any time you wish that we cease any activity that affects you, please contact us as indicated in the “How to Contact Us” section below.
We may disclose/share your information in the following ways:
2.5 How we store your information
Although we implement reasonable administrative, physical, and electronic security measures designed to protect your Personal Information from unauthorized access, we cannot ensure the security of any information you transmit to or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored Personal Information. To the extent the law of your jurisdiction allows for notification of a breach via e-mail or conspicuous posting on the Services, you agree to accept notice in that form.
How long we hold your personal data will vary. The retention period will be determined by various criteria including:
2.6 How we protect your information
While no data transmission over the internet is 100% secure, we are committed to protecting the information we receive from you. We take appropriate security measures to protect your information against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we maintain appropriate physical, electronic, and managerial procedures to safeguard and secure the information and data stored on our system.
While no computer system is completely secure; we believe the measures, we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
Our staff is trained in how to keep your information safe and secure. We use secure systems and buildings to hold your information. We aim to only keep your information for as long as we need it.
Here are some of the things we do to protect your information.
Staff trainingWe train our staff in how to keep your information safe and secure.Secure handling and storageWhen we send information overseas or use third parties that handle or store data, we put arrangements in place to protect your information.System securityWhen you log in to our websites or apps, we encrypt data sent from your computer to our systems so no one else can access it.
We have firewalls, intrusion detection, and virus scanning tools to stop viruses and unauthorized people from accessing our systems.
When we send your electronic data to other organizations, we use secure networks or encryption.
We use passwords and/or smart cards to stop unauthorized people from getting access.
Building securityWe use a mix of alarms, cameras, guards, and other controls in our buildings to prevent unauthorized access.Destroying or de-identifying data when no longer requiredWe aim to keep personal information only for as long as we need it – for example, for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.
We will maintain data security by protecting the confidentiality, integrity, and availability of Personal Data, defined as follows:
Confidentiality: Only people who are authorized to use the data can access them;
Integrity: Personal Data should be accurate and suitable for the purpose for which they are processed;
Availability: Authorized users should be able to access the data if they need it for authorized purposes.
2.7 How we dispose of your information
Our goal is to dispose of your information “no longer than necessary for the purposes that we collect and use data”; Upon the expiry of the data retention periods set out in data retention policy, or when a data subject exercises their right to have their personal data erased, personal data shall be deleted, destroyed, or otherwise securely disposed of as follows:
2.8 Individual’s rights (Data subject rights)
The EU General Data Protection Regulation (GDPR) grants individuals who are in the European Union and European Economic Area (EU/EEA) certain rights, with some limitations. The Data Protection Officer will establish a system to enable and facilitate the exercise of data subject rights related to:
The California Consumer Privacy Act (CCPA) provides California consumers with the right to request access to their personal data, additional details about our information practices, and deletion of their personal information (subject to certain exceptions). California consumers also have the right to opt-out of sales of personal information, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We will not discriminate against you if you choose to exercise your rights under the CCPA.
You may request, no more than twice in a 12-month period, access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for legitimate business or commercial purposes, and the categories of third parties with whom we share your personal information. You may make these requests by contacting using the contact information provided below in the “Contact Information” section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
You may request, no more than twice in a 12-month period, transportable copies of your personal information that we have collected about you in the last 12 months. You may make these requests by contacting using the contact information provided below in the “Contact Information” section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by contacting us using the contact information provided below in the “How to contact us” section below. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
If you would like to exercise the above EU General Data Protection Regulation (GDPR) rights about your Personal Information we hold about you or exercise any other data subject right available to you under California Consumer Privacy Act (CCPA), please submit a written request to Privacy@ClientSavvy.com or contact us using the information provided in the “How to Contact Us” section below. Our privacy team will examine your request and respond to you as quickly as possible.
Please note we may still use any aggregated and de-identified Personal Information that does not identify any individual and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties.
2.8.1 Children’s Privacy
The company does not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to register for the Services. The Services and their content are not directed at children under the age of 18. In the event that we learn that we have collected personal information from a child under age 18 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact Company at Privacy@ClientSavvy.com.
If you are an EU or California resident under the age of 16, do not share any personal information without parental consent. Contact us at Privacy@ClientSavvy.com. for assistance.
2.9 Your choices about your information
You may opt-out of receiving text messages by replying “STOP” to any text message received.
Mobile device unique identifier
Unless you choose to opt-out, we may also share your mobile phone number with certain select third parties. You can opt-out by changing the privacy settings on your profiles/devices.
2.10 International Data Transfers
Personal Information you submit on the Websites or through the Services may be sent to the other countries, on our service providers’ cloud servers. We will always protect your information in accordance with this Privacy Notice wherever it is processed. We are a US-based company and by accessing Our Site, you grant us expressed consent to transfer your Personal Information to US servers. If you do not wish for us to transfer your Personal Information to the US, please contact us using the information in the “How to Contact Us” section below.
This section sets out the privacy principles we follow with respect to transfers of Personal Information from the European Economic Area (EEA) to the United States, including Personal Information we receive from individuals residing in the EEA who visits our Websites and/or who may use of our Services or otherwise interact with us.
Please note that for users located in the EEA, the term Personal Information used in this privacy is equivalent to the term “personal data” under applicable European data protection laws.
3. CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CAN-SPAM Act, we agree to the following:
4. California Residents
Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California law requires that we disclose to users how we treat do-not-track requests. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals in response to California law.
6. Links to other sites
We may offer links to sites not operated by Client Savvy. If you visit one of these linked sites, you should review their privacy and other policies. We are not responsible for the policies and practices of other companies.
7. How to contact us
Feel free to contact us to update your information or complaints, please by telephone at 1-866-433-7322 or by email at answers@ClientSavvy.com.
If you want to get started on your CX journey, or even just explore what CX means at your firm, contact us today to schedule a video meet and greet so we can show you how we can empower your firm to make positive CX changes.