|
Introduction:
This document represents the published privacy policy of Network
Standard Corporation, doing business as NetDiligence®.
We reserve the right to change the terms of this policy at
any time without prior notice, so please check back to this
location frequently for published updates. Your use of any
NetDiligence®Web site or service constitutes your consent
to be governed by the terms of this policy.
We value your personal and professional privacy in your dealings
with NetDiligence®, and recognize that your willingness to
do business with us in your capacity as an organizational
representative grants us only a limited license to use your
company credentials and/or private information for our mutual
benefit. This privacy policy attempts to explain in layman’s
terms how we approach the gathering, storage, security and
use of personal information that you provide to us.
What Personal
Information Do We Collect and What Do We Do With It?
We think it is most useful to answer this question by looking
at the functional components of our business and describing
our practices in each case:
| 1. |
Our
www.NetDiligence.com Web site:
Currently, we do not gather contact information through
our information-only Web site beyond the routine Internet
traffic statistics provided to us by our Web hosting company.
This means we have access to source IP address and referral
URL information that you leave with us during your visits.
Where necessary for the function of the Web site, we use
session cookies. Because we do not provide retail e-commerce
services from this site, this data provides little to
us in terms of useful information beyond what we need
to keep the Web site operating and (if necessary) track
down bad actors who wish to do us harm. |
| |
|
| 2. |
Our Online Survey Services,
such as NetDiligence®Online: Because
your organization has either contemplated, or entered
into, a contractual relationship with NetDiligence®(or
with one of our partners who have called upon us in a
“perform” role), we may gather your professional
credentials (name, organizational title, telephone/e-mail
contact information, and related data) in order to provide
your organization with authorized cybersecurity or records
information management (RIM) assessment surveys. Because
we may be called upon by your organization or other parties
due to our contractual relationship to provide required
assessment regarding your organization’s activities
and cybersecurity practices, we may retain your professional
credentials for a period of at least two years following
our most recent interaction with your organization. When
you supply us with information as part of your completion
of these assessment surveys, we retain your responses
for at least two years. Our fulfillment of certain regulatory
requirements (e.g., GLBA 501b, HIPAA) for our clients
may optionally require a retention period that is substantially
longer than our stated two-year minimum.
We use the information
gathered to prepare contractually required assessment
deliverables that are shared with your organization
and/or identified third parties in strict adherence
with the terms specified in the contractual agreements
(statement of work contracts) that define our roles
and responsibilities with respect to your organization.
We retain the unilateral right to conduct and publish
research based on statistical analysis of any/all survey
responses without identifying the personal or professional
credentials of individual survey participants. If we
are asked to provide personal or professional credentials
outside of the terms of our contractual relationship,
we will only do so upon receipt of your organization’s
explicit approval.
We conduct focused marketing
of other products/services that we provide, either directly
or through our third-party partners under joint marketing
agreements. In most cases, these marketing efforts are
aimed at providing your organization with service that
complements our cybersecurity assessment service such
as a remediation or BCP service. You
may elect to opt-out of such marketing activities (telephone,
mail, e-mail, etc.) by contacting us directly with your
stated preferences. Send opt-out requests via e-mail
to dave.chatfield@NetDiligence.com.
We acknowledge/track all such requests and will respect
your stated wishes. |
| |
|
| 3. |
Our Assessment
Services and/or Third Party Partner Services: Our
performance of assessments or any other services we provide
are carried out in compliance with the terms stated in
#2 above, but with a few additional caveats: (a) When
services are performed by or in conjunction with our third
party partners, the handling of your personal/professional
credentials and/or provided responses may be subject to
the privacy policies and data retention schedules of both
NetDiligence®and those of any participating partners,
(b) We will inform participating partners of your organization’s
opt-out preferences, if any, and will require their conformance
with your wishes in this area as a condition of our partnership
arrangement. |
What Security
Protections Do We Apply in Keeping Your Personal Information
Safe?
We make use of appropriate protections, such as firewalls,
encryption of data in transit during survey sessions and password-protection
of report deliverables containing sensitive information such
as your professional credentials and/or your organization’s
existing practices. We adhere to the best practices described
in the ISO 17799 standard, Information
technology – Code of practice for information security
management, and take reasonable and cost-efficient
precautions to ensure that your personal/professional credentials
and organizational practices are protected from accidental
or malicious disclosure to unauthorized parties.
Do You Have Any Questions Regarding
Our Privacy Policy or Practices?
We welcome your questions or comments
regarding our privacy policy or existing practices. Please
contact Dave Chatfield at (954) 684-9190 or via e-mail at
dave.chatfield@NetDiligence.com.
|
