Definitions.
“Affiliate(s)” means any legal entity directly or indirectly controlling, controlled by or under common control of Precanto, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.
"Customer Data" means any data, information or material originated by Customer that Customer submits to Precanto, collects through its use of the Subscription Services or provides to Precanto in the course of using the Subscription Services.
"Data Controllers" are those people that determine how and whether Personal Information is processed. Precanto and our Affiliates are Data Controllers for purposes of these procedures."Data Processors" are those people that process Personal Information on behalf of a Data Controller.
"Data Subjects" are the people to whom the Personal Data relates.
"Personal Data" means any Customer Data relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Properly anonymized and de-identified or aggregate data is not Personal Data.
"Process" is used very broadly to indicate performing any action on Personal Data, such as collecting, recording, organizing, storing, transferring, modifying, using, retaining, or deleting.
Personal Data Minimization and Privacy by Design.
Privacy protection is integral to Precanto' processing of Personal Data. We collect and process Personal Data in a number of ways, including from the following: When customers or prospects request information about our products and services or sign up to receive information from us, they may enter their email address, name, or contact information, in which case their information will be used in order to contact them about our products and services. When customers or prospects purchase services from us, we will collect the Personal Data that they submitted in order to administer or improve our services to them, to administer our rewards and promotional programs; to improve our Website and services to them; to solicit their feedback; and to inform them about our products and services.
When customers or prospects otherwise send their personal information to us by email, by submitting an online form on our website, or contact us using other means and we use that Personal Data in order to respond to them.
We collect Other Information from Website visitors that is publicly transmitted by devices and web browsers in order to understand basic information about the categories and frequency of visitors that come to our website.
Precanto's policy is to minimize the unnecessary collection or use of Personal Data and use of anonymized and de-identified or aggregate data wherever possible.
Procedures.
Data Collection and Consent.
Prior to the collection and processing of Personal Data, Precanto must obtain consent from the Data Subject in a manner appropriate to the context. Most of the time, consent is implied from the circumstances. For instance, if a Data Subject signs up for email updates regarding Precanto news, they expect the information to be used to send newsletters and to communicate with them about product releases, but they would not expect that information to be sold to a third-party for re-targeting purposes. When Personal Data is used in ways that are not reasonably implied from the apparent circumstances, Precanto will seek consent on an opt-in or opt-out basis.
To provide notice and receive informed consent, Precanto will disclose the following before collecting Personal Data when it is not otherwise clear from the circumstances:
- The identity of the person or entity that is collecting the Personal Data (i.e., the Data Controller);
- The purpose(s) for which the Personal Data is to be processed or used;
- The methods by which the Personal Data is to be collected;
- The scope of Personal Data that may be collected (e.g., types, over what time period, etc.); and
- The identity of anyone to whom the Personal Data may be disclosed or transferred.
Precanto does not need not obtain consent from the Data Subject in the following limited circumstances:
- when the Personal Data is available and collected from a public source;
- when the processing is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract;
- when the processing is necessary for compliance with Precanto' legal compliance obligations, such as to investigate and protect its legal interests;
- when the processing is necessary in order to protect the vital interests of the Data Subject, narrowly construed; in certain circumstances, when processing is necessary for the performance of a task carried out in the public interest;
In circumstances, when processing is necessary for the performance of a task carried out in the public interest;
- when processing is necessary for the Precanto' legitimate business interests, as disclosed to the Data Subject, consistent with the fundamental rights and freedoms of the Data Subject; or
- where the intended collection, use, processing, and/or disclosure is otherwise permitted or not precluded by applicable law.
Withdrawal of Consent.
Consent to the collection and use of Personal Data may be withdrawn, subject to contractual and legal restrictions and reasonable notice.
Withdrawal of consent may have consequences, such as no longer being able to provide certain services or communicate in certain ways. In certain circumstances, consent may not be withdrawn with respect to certain necessary uses and disclosures of Personal Data, such as with respect to certain legal and contractual obligations.
Our Personal Data systems are designed to allow for the effective withdrawal of consent. Communications are made subject to opt-out lists maintained by Precanto.
Purpose Specification and Use Limitation.
When Personal Data is used, Precanto uses the Personal Data in a way that is compatible with the purposes for which it was collected, or for a reasonably related purpose. If Personal Data needs to be used for another purpose or handled in a way that the Data Subject has not provided consent, Precanto obtains the consent of the Data Subject for the new or different use.
Only Precanto personnel or third parties working on behalf of Precanto with a legitimate business purpose may access or use Personal Data, and even those individuals may access such Personal Data only for legitimate purposes required by their positions.
Data Subject Access.
Precanto has posted a Privacy Policy (https://precanto.com/privacy) so that Data Subjects can contact the appropriate person with inquiries or complaints regarding the use of their Personal Data. Precanto makes reasonable efforts to grant Data Subjects’ requests to access their Personal Data. In accordance with these procedures, Data Subjects may ask Precanto whether it maintains Personal Data about them, and the contents, if any, of that data. If Precanto denies access, Precanto will provide the Data Subject the reasons for such denial and allow the Data Subject to challenge the denial.
Data Accuracy.
Precanto uses its best efforts to process accurate Personal Data. To this end, Data Subjects may make reasonable requests for the correction of any incorrect or misleading Personal Data about them. To the extent reasonably feasible, Precanto will, as appropriate, correct or destroy Personal Data that is inaccurate, misleading, or out-of-date. If Precanto does not make a requested correction, the request should be noted in the Data Subject’s file to the extent feasible and explained to the Data Subject.
Data Retention.
Precanto does not keep Personal Data longer than necessary for the purpose for which it was collected. Precanto securely destroys Personal Data from its systems when it is no longer required to accomplish the purpose for which it was collected. Precanto may, however, retain some Personal Data in order to comply with applicable laws, regulations, rules, and court orders.
If the Data Subject is a customer, upon termination or expiration of their agreement, Precanto shall, in accordance with the terms of the Agreement, delete or make available to customer for retrieval all relevant Personal Data (including copies) in Precanto’ possession, save to the extent that Precanto is required by any applicable law to retain some or all of the Personal Data. In such an event, Precanto shall extend the protections of the agreement to such Personal Data and limit any further Processing of such Personal Data to only those limited purposes that require the retention, for so long as Precanto maintains the Personal Data.
Security.
Precanto takes reasonable administrative, technical, and physical measures to safeguard against unauthorized processing or use of Personal Data, and against the accidental loss of, or damage to, Personal Data. These measures include:
- Making available written plans to identify, prevent, detect, respond to, and recover from cybersecurity threats and incidents;
- Developing security authentication procedures for accessing all systems that store Personal Data;
- Maintaining patched, up-to-date anti-virus software, firewalls, and other computer security safeguards, and appointing appropriate personnel to be
- Responsible for keeping such safeguards up-to-date;
- Requiring third-party data processors, vendors and other service providers who will be processing Personal Data on behalf of Precanto maintains appropriate security measures;
- Maintaining appropriate records of access to and processing of Personal Data;
- Auditing Personal Data security and recording the results of such audits;
- Using appropriate protections, such as encryption, to protect Personal Data in transit and when stored on portable computer media as necessary or appropriate;
- Utilizing appropriate and secure destruction methods of Personal Data as legally required; and,
- Utilizing appropriate and secure destruction methods of Personal Data as legally required; and,
Sharing Personal Data With Third Parties.
Precanto may share the Personal Data with Affiliates and third parties that provide services to our customers to the extent such third parties are contractually required to follow the procedures set forth herein, or substantially equivalent standards, and to protect Personal Data in accordance with all relevant laws, regulations and rules, and subject to any appropriate security measures and directions from Precanto. Personal Data may not be sold, transferred, or disclosed to other third parties except as authorized in writing.
Sub-processing.
Precanto may engage Precanto Affiliates and third party sub-processors (collectively, “Sub-processors”) to Process the Personal Data on Precanto’s behalf. The Sub-processors currently engaged by Precanto are listed at Precanto’s Sub-processor web page: (the “Sub-processor List”). The Sub- processor List shall include a mechanism to subscribe to notifications of any new Sub-processors or changes to the Sub-processor List. Precanto shall impose on such Sub-processors data protection terms that protect the Personal Data to the same standards as our agreements and shall remain liable for any breach caused by a Sub-processor.
Precanto may, by giving no less than thirty (30) days’ notice to the customer, add or make changes to the Sub-processors. The customer may object to the appointment of an additional Sub-processor within fourteen (14) calendar days and in accordance with the directions set forth in the Sub-processor List.
Precanto may replace a Sub-processor if the need for the change is urgent and necessary to provide the Services and the reason for the change is beyond Precanto’ reasonable control. In such instances, Precanto shall notify the customer of the replacement as soon as reasonably practicable, and the customer shall retain the right to object to the replacement Sub-processor.
Confidentiality.
Precanto employees and third-party contractors may not disclose information made available on Precanto systems and networks, including to other Precanto personnel, except as expressly authorized by the appropriate manager. The duty of nondisclosure and confidentiality extends to interactions with third parties, including other employees, customers, business partners, and vendors.
Incident Reporting and Response.
The suspected theft, loss, or unauthorized processing of data, including Personal Data, must be immediately addressed. Precanto will take immediate steps to investigate the cause of the security breach and make every effort to contain the breach. Precanto must follow the steps set forth in the Data Security Incident Response Plan when responding to security incidents.
Privacy Inquiries and Dispute Resolution.
Precanto has designated an individual to handle complaints and disputes regarding the use of Personal Data. This person may be contacted by Data Subjects for complaints or disputes about how their Personal Data is handled. These complaints and disputes shall be addressed by Precanto management. The Privacy Officer is the person authorized to handle complaints and disputes.
Compliance with Procedures.
Precanto employees who violate this Policy may be subject to disciplinary actions, up to and including termination of employment.
As is appropriate, Precanto may modify its procedures for the handling of Personal Data, but material changes to the handling of Personal Data cannot be applied retroactively without the express consent of the Data Subject or customer unless consent was not necessary to collect and use the Personal Data.
To facilitate compliance with this Policy and to protect its workers, systems, information, and assets; Precanto may review, audit, monitor, intercept, access, and disclose information processed or stored on Precanto equipment and technology, or on personally owned devices accessing Precanto networks.
If you have any questions about this guidance, or for additional information or training, please contact us at privacy@precanto.com.
Precanto’ management may monitor, assess, and promote compliance with this Policy by providing guidance regarding implementation of, and adherence to, the Policy; Training.assisting with the design of initiatives to minimize the collection and other processing of Personal Data; designing and conducting appropriate privacy training; serving as an initial point of contact for privacy and Personal Data protection issues; handling privacy complaint investigations and resolutions; providing guidance regarding contracts for processing Personal Data; monitoring legal developments regarding privacy and data protection; and providing an ongoing assessment of compliance with applicable laws and industry best practices.
Training.
All Precanto employees shall receive annual training on our privacy and security programs and procedures.
References.
For questions related to the implementation of this Policy, contact privacy@precanto.com.
