Last Updated: April 9, 2020
Like any cloud-based offering, Cipher Business Solutions, LLC (“Cipher”) understands that by using our services you are entrusting us with business critical and sensitive information. As such, we take serious measures, to ensure data is kept secure and private and within your control.
This Privacy Statement covers the privacy practices Cipher utilizes when its customers (“Customers”) use our Cloud-Based Application, SPEAR (the “Service”). This Privacy Statement does not cover any information or data collected by Cipher for other purposes, such as information collected for marketing purposes.
PERSONAL DATA SPEAR PROCESSES
In the normal course of using the SPEAR Application Service (“SPEAR”), Customers will input electronic data into the Service application (“Customer Data”). The use of information collected through the Service shall be limited to the purpose of providing the Service for which the Customer has engaged Cipher. Cipher may access Customer Data for the purposes of providing the applicable service, preventing or addressing service or technical problems, responding to support issues, and responding to Customer’s instructions, or as may be required by law, in accordance with the relevant agreement between Customer and Cipher.
SPEAR processes Customer Data under the direction of the Customer and, has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to SPEAR for processing purposes.
A user of SPEAR who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Customer’s SPEAR administrator. If the Customer requests Cipher to remove the personal data to comply with data protection regulations, Cipher will respond to their request within 30 days.
Cipher will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Cipher may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Cipher will notify Customer of such request unless prohibited by law.
ACCESSING THE SERVICE
Customers and their authorized users may access the Service directly through a URL unique to their individual tenant or may elect to use internal launch pages for single sign-on or other purposes. Customers enter information for processing and storage as they use the Service. Customers may also configure the Service to allow end users to input information directly into the Service.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD STATEMENT
Cipher complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States, and from Switzerland to the United States, respectively. Cipher has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.
In compliance with the Privacy Shield Principles, Cipher commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Cipher at: enquiries@cipherbsc.com
Cipher has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
EU Persons may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework at https://www.privacyshield.gov.
Cipher is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Cipher complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Cipher is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cipher may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We will not sell, share, or rent your personal information to any third party. If we change this policy in the future, we will alert you and also provide individuals with an opt-out or opt-in choice before we share their data with third parties, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
Additional Cipher Privacy Information:
DATA RETENTION
Cipher retains Customer Data according to the timeframes set forth in the relevant agreement with its Customers.
SECURITY
Cipher maintains a comprehensive, written information security program that contains industry-standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Cipher designs its applications to allow Customers to achieve differentiated configurations, enforce user access controls, and manage data categories that may be populated and/or made accessible on a country-by-country basis. Configuring these settings appropriately is the Customer’s responsibility. Additional information about the security settings and configurations can be found in the SPEAR Documentation made available to Customers.
Any comments, concerns, complaints, or questions regarding our Privacy Policy may be addressed to: enquiries@cipherbsc.com.
Cipher Business Solutions, LLC
8300 NW 53rd St. Suite 350
Doral, FL 33166
Phone: 305-447-0850