SPEAR Service Privacy Policy

Like any cloud-based offering, Cipher Business Solutions, LLC (“Cipher”) understands that by using our services you are entrusting us with business critical and sensitive information. As such, we take serious measures, to ensure data is kept secure and private and within your control.

This Privacy Statement covers the privacy practices Cipher utilizes when its customers (“Customers”) use our Cloud-Based Application, SPEAR (the “Service”). This Privacy Statement does not cover any information or data collected by Cipher for other purposes, such as information collected for marketing purposes.

PERSONAL DATA SPEAR PROCESSES

In the normal course of using the SPEAR Application Service (“SPEAR”), Customers will input electronic data into the Service application (“Customer Data”). The use of information collected through the Service shall be limited to the purpose of providing the Service for which the Customer has engaged Cipher. Cipher may access Customer Data for the purposes of providing the applicable service, preventing or addressing service or technical problems, responding to support issues, and responding to Customer’s instructions, or as may be required by law, in accordance with the relevant agreement between Customer and Cipher.

SPEAR processes Customer Data under the direction of the Customer and, has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to SPEAR for processing purposes.

A user of SPEAR who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Customer’s SPEAR administrator. If the Customer requests Cipher to remove the personal data to comply with data protection regulations, Cipher will respond to their request within 30 days.

Cipher will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Cipher may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Cipher will notify Customer of such request unless prohibited by law.

Customers and their authorized users may access the Service directly through a URL unique to their individual tenant or may elect to use internal launch pages for single sign-on or other purposes. Customers enter information for processing and storage as they use the Service. Customers may also configure the Service to allow end users to input information directly into the Service.

Cipher complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Cipher has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Cipher has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the latter Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the Data Privacy Framework, Cipher commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact Cipher at: enquiries@cipherbsc.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Cipher commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Cipher will arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to our organization and following the procedures and subject to conditions set forth in Annex I of Principles.

With respect to Personal Data received or transferred pursuant to the Data Privacy Framework, Cipher is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cipher may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We will not sell, share, or rent your personal information to any third party. If we change this policy in the future, we will alert you and also provide individuals with an opt-out or opt-in choice before we share their data with third parties, or before we use it for a purpose other than which it was originally collected or subsequently authorized. If in the future we would transfer personal information to a third party acting as an agent on its behalf, Cipher will remain liable under the DPF principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Additional Cipher Privacy Information:

DATA RETENTION