DATA SECURITY AND PRIVACY POLICY
INFOSEC-ISE0061, REVISION 1
Overview
IS Evolutions Consult is committed to protecting your privacy. This privacy statement applies to the data collected by IS Evolutions Consult through your use and administration of our software services (the “Services,” as further defined below); it does not apply to other online or offline IS Evolutions Consult sites or products
This policy is written for the organisation or company (our “Customers”) that contracts with IS Evolutions Consult for the Services. All references to “you” or “your” in this policy are to our Customers. Users of the Services should direct privacy-related inquiries to the organisation or company that provides access to the Services
Data Types
Personal Identifiable InformationWe will at all times treat personal data in accordance with our Data Protection Policy and at all times in accordance with the General Data Protection Regulation of Ghana, regardless of which data type this may fall under.
Customer Data (Including Personal Identifiable Information)Customer Data is all data, including all text, sound, or image files and software that you provide, or is provided on your behalf, to IS Evolutions Consult through your use of the Services.
We only use Customer Data to provide the Services. This may include troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of the Services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam).
Administrator DataAdministrator Data is information about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Services. This may include name, address, phone number, and email address, whether collected at initial purchase or later during management of the Services
Administrator Data is used to complete the transactions you request, administer your account, improve the Services, as well as to detect and prevent fraud.
We may contact you to provide information about new subscriptions, billing and other important updates about the Services, including security or other technical matters. We may also contact you regarding third-party inquiries we receive regarding your use of the Services. Subject to your contact preferences, we may also contact you regarding information and offers about other IS Evolutions Consult products and services, or to request your feedback about the Services.
To manage your contact preferences or update your information, please visit your personal settings page in the Services
Support DataSupport Data is the information we collect when you submit a support request, including information about hardware, software, and other details related to the support incident, such as: contact or authentication information, chat session personalisation, information about the condition of the computer and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files.
Support may be provided through phone, e-mail, or online chat. We may use Remote Access (RA), with your permission, to temporarily navigate your desktop. Phone conversations, online chat sessions, or RA sessions with support professionals may be logged. For RA, you may also access the recording after your session. For Online Chat or RA, you may end a session at any time of your choosing. We use Support Data in the same way as we use your information, as described in this privacy statement. Additionally, we use it to resolve your support incident and for training purposes.
Following a support incident, we may send you a survey about your experience and offerings. You must opt out of support surveys separately from other communications provided by IS Evolutions Consult, by contacting Support or through the e-mail footer.
To review and edit your personal information collected through our support services, and for any other inquiries regarding our support services, please contact us.
Cookies & Similar Technologies
Information we get from your use of the Services is primarily non-personally identifying information of the sort that web browsers, servers, and services like Google Analytics, typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the Service (e.g. how you access features), your approximate location, cookies, etc.
We collect this non-personally identifying information in order to better understand how users use the Services and, where possible, to improve their experience. For instance, we log the time it takes to run database queries so that we can improve performance. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of our Services) or may provide the aggregate data to third parties.
When you use the Services, we also collect potentially personally-identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed (which may reference the identifier of a record or entity), and the unique identification number associated with the account.
The Services use "cookies," small text files placed on a device’s hard disk by a web server. Most web browsers automatically accept cookies, however, you have the option of modifying your browser settings to block or limit the use of cookies. The Services may use cookies and similar technologies, such as web beacons, for the following purposes:
- Storing users’ preferences and settings.
- Sign-in, authentication, and fraud detection.
- Site analytics.
Sharing Your Information
Data ProtectionWe will not disclose Customer Data, Administrator Data or Payment Data (“your information”) outside of IS Evolutions Consult or its controlled subsidiaries and affiliates except as you direct, as described in your agreement(s) or as described in this privacy statement.
We may contract with other companies to provide services on our behalf. If you have consented, we may provide these companies with access to your information where necessary for their engagement. These companies are required to maintain the confidentiality of your information and are prohibited from using it for any purpose other than that for which they are engaged by IS Evolutions Consult.
We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact IS Evolutions Consult with a request for Customer Data, we will attempt to redirect the third party to request the data directly from you. As part of that process, we may provide your contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.
IS Evolutions Consult may share Administrator Data or Payment Data with third parties for purposes of fraud prevention or to process payment transactions, as further described in this statement.
The Services may enable you to purchase, subscribe to, or use services, software, and content from companies other than IS Evolutions Consult (“Third Party Offerings”). If you choose to purchase, subscribe to, or use a Third Party Offering, we may provide the third party with your Administrator Data or Payment Data to enable the third party to provide its offering to you (and with your consent, send you promotional communications). That data and your use of a Third Party Offering will be governed by the applicable third party privacy statement(s) and policies.
We will not substantively respond to data protection and privacy requests from your users without your prior written consent, unless required by applicable law.
Data Security
IS Evolutions Consult uses robust security measures to protect Customer Data from unauthorised access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Services are accessed using Internet Secure Socket Layer (SSL) technology protects Customer Data using both server authentication and data encryption. These technologies help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. IS Evolutions Consult also implements an advanced security method based on dynamic data and encoded session identifications, and the Company hosts its Websites in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders.
IS Evolutions Consult also offers enhanced security features within the Services that permit Customers to configure security settings to the level they deem necessary
Customers are responsible for maintaining the security and confidentiality of their Service usernames and passwords.
We will maintain administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Your Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures as described above for preventing access, use, modification or disclosure of Your Data by our personnel except (a) to provide the Purchased Services and prevent or address service or technical problems, (b) as compelled by law, or (c) as You expressly permit in writing. Where your use of the Services includes the processing of personal data (as described in the Data Protection Act of Ghana, you are the data exporter, and your acceptance of the SLA shall be treated as your acceptance.
If we become aware of any unlawful access to any Customer Data stored on our equipment or in our facilities, or unauthorised access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data (each a "Security Incident"), we will: (a) notify you of the Security Incident; (b) investigate the Security Incident and provide you with information about the Security Incident; and (c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
An unsuccessful Security Incident will not be subject to this Section. An unsuccessful Security Incident is one that results in no unauthorised access to Customer Data or to any of our equipment or facilities storing Customer Data. This may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers) or similar incidents.
Our obligation to report or respond to a Security Incident under this Section is not and will not be construed as an acknowledgement by IS Evolutions Consult of any fault or liability with respect to the Security Incident.
Notification of a Security Incident, if any, will be delivered to one or more of your administrators by any means we select, including via email. It is your sole responsibility to ensure your administrators maintain accurate contact information on the IS Evolutions Consult Services portal at all times.