Last Updated: February 14, 2024

Like any cloud-based offering, Cipher Business Solutions, LLC (“Cipher”) understands that by using our services you are entrusting us with business critical and sensitive information. As such, we take serious measures, to ensure data is kept secure and private and within your control.

This Privacy Statement covers the privacy practices Cipher utilizes when its customers (“Customers”) use our Cloud-Based Application, SPEAR (the “Service”). This Privacy Statement does not cover any information or data collected by Cipher for other purposes, such as information collected for marketing purposes.

PERSONAL DATA SPEAR PROCESSES

In the normal course of using the SPEAR Application Service (“SPEAR”), Customers will input electronic data into the Service application (“Customer Data”). The use of information collected through the Service shall be limited to the purpose of providing the Service for which the Customer has engaged Cipher. Cipher may access Customer Data for the purposes of providing the applicable service, preventing or addressing service or technical problems, responding to support issues, and responding to Customer’s instructions, or as may be required by law, in accordance with the relevant agreement between Customer and Cipher.

SPEAR processes Customer Data under the direction of the Customer and, has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to SPEAR for processing purposes.

A user of SPEAR who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Customer’s SPEAR administrator. If the Customer requests Cipher to remove the personal data to comply with data protection regulations, Cipher will respond to their request within 30 days.

Cipher will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Cipher may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Cipher will notify Customer of such request unless prohibited by law.

ACCESSING THE SERVICE

Customers and their authorized users may access the Service directly through a URL unique to their individual tenant or may elect to use internal launch pages for single sign-on or other purposes. Customers enter information for processing and storage as they use the Service. Customers may also configure the Service to allow end users to input information directly into the Service.

DATA PRIVACY FRAMEWORK

Cipher complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Cipher has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Cipher has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the latter Principles

shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the Data Privacy Framework, Cipher commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact Cipher at: enquiries@cipherbsc.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU- U.S. DPF and the Swiss-U.S. DPF, Cipher commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services (JAMS), an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute- resolution for more information or to file a complaint.

 

DATA PRIVACY FRAMEWORK

Cipher complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Cipher has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Cipher has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the latter Principles

shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the Data Privacy Framework, Cipher commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact Cipher at: enquiries@cipherbsc.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU- U.S. DPF and the Swiss-U.S. DPF, Cipher commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services (JAMS), an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute- resolution for more information or to file a complaint.

Cipher is responsible for the processing of Personal Data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Cipher complies with the Data Privacy Framework for all onward transfers of Personal Data from the EU, UK and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Data Privacy Framework, Cipher is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cipher may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We will not sell, share, or rent your personal information to any third party. If we change this policy in the future, we will alert you and also provide individuals with an opt-out or opt-in choice before we share their data with third parties, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

 

Additional Cipher Privacy Information:

DATA RETENTION

Cipher retains Customer Data according to the timeframes set forth in the relevant agreement with its Customers.

SECURITY

Cipher maintains a comprehensive, written information security program that contains industry-standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Cipher designs its applications to allow Customers to achieve differentiated configurations, enforce user access controls, and manage data categories that may be populated and/or made accessible on a country-by-country basis. Configuring these settings appropriately is the Customer’s responsibility. Additional information about the security settings and configurations can be found in the SPEAR Documentation made available to Customers.

Any comments, concerns, complaints, or questions regarding our Privacy Policy may be addressed to: enquiries@cipherbsc.com.

Cipher Business Solutions, LLC
8300 NW 53rd St. Suite 350
Doral, FL 33166
Phone: 305-447-0850