Analytiq endeavors to protect your privacy and the confidentiality, integrity, and availability of data and information entrusted to it. This Services Privacy Policy (the “Policy”) explains the privacy practices that we employ when providing support, consulting, hosting, or other services (the “Services”) to our clients (“You”) pursuant to our Services Agreement. Analytiq has created this Services Privacy Policy to clarify that the use of information to which it may be provided access in order to provide Services is more limited than the use of information covered by Analytiq’s general Privacy Policy.
SERVICES DATA
Services Data refers to data and/or any information, including personally identifiable or personal information, which is stored on Analytiq, client, or third-party systems to which Analytiq is provided access in order to perform Services under an agreement executed by Analytiq and its client(s).
Analytiq handles Services Data according to the terms of this Policy, the agreement executed by Analytiq and its client, and in compliance with any applicable law, regulation, control, or privacy policy referenced in the agreement between Analytiq and its client(s).
The difference between Services Data provided by a client and personal or other information collected by Analytiq is as follows: When a client contracts with Analytiq for Services, the client provides information about itself, including its name, address, billing information, and some employee contact information; this information is handled according to the terms of Analytiq’s Privacy Policy, where applicable. In contrast, if, having contracted with Analytiq for Services, a client provides Analytiq with access to its production, development, or test environment(s), which may contain personal information about its employees, customers, or vendors (collectively “End Users”), this information is considered Services Data and is handled according to the terms of this Services Privacy Policy.
HOW SERVICES DATA IS COLLECTED AND USED
Analytiq may access, collect, and/or use Services Data in order to provide Services and to correct problems. Services Data may be accessed and used to perform support, consulting, and/or other services including, but not limited to, testing and applying new product or system versions, patches, updates, and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues.
Any copies of Services Data created for these purposes are maintained only for time periods relevant to those purposes and are treated as confidential under an applicable Analytiq agreement with its client. Additionally, in certain circumstances, a law, court order, or other judicial or administrative process may require Analytiq to provide access to Services Data to a government authority or a party to a private lawsuit.
Analytiq may transfer and access Services Data as required for the purposes specified above, in compliance with applicable law and the agreement executed by Analytiq and its client.
We may share Services Data with third parties who provide services to Analytiq, including but not limited to information technology and related infrastructure provisioning, customer service, email delivery, auditing, and other similar services. When Analytiq shares Services Data with third-party service providers, we require that they use your Services Data only for the purpose of providing services to us and subject to terms consistent with this Policy and an agreement executed by Analytiq and such third party.
Analytiq employees and any subcontractors or agents acting on our behalf to provide Services are required to sign formal agreements protecting the strict confidentiality of Services Data and any/all client and Analytiq confidential or proprietary information. Their access is limited to what is required for them to perform the service for which they have been employed or engaged, and all Analytiq personnel are required to attend annual security, confidentiality, and privacy training.
Analytiq does not use Services Data except for the purposes stated above and those purposes stated in a client’s contract with Analytiq. Analytiq may process Services Data, but it does not control Services Data and is not a data controller for this data. Analytiq has no control over how its clients collect or use personal data or information, or even the nature or type of data or information a client may store on servers hosted or managed by Analytiq, and Analytiq does not own Services Data.
All Analytiq clients are required by contract to comply with all applicable laws, regulations, and the terms and conditions of their contracts with Analytiq. If You provide any Services Data to Analytiq, You are responsible for providing any notices and/or obtaining any consents necessary for Analytiq to access, use, process, retain, and transfer Services Data as specified in this Policy and in your contract with Analytiq.
ACCESS CONTROLS
Analytiq’s access to Services Data is based on its specific contract with each of its clients and Analytiq’s security policies. Services Data that is stored in Analytiq-hosted or managed systems is controlled via an access control list mechanism, as well as the use of an account management framework.
You control access to Services Data by your End Users; End Users should direct any requests related to their personally identifiable information to You. However, if End Users contact Analytiq directly, we will take reasonable steps to facilitate communication between You and the affected End User.
You and your End Users shall take reasonable steps to maintain the privacy of usernames and passwords to prevent unauthorized access to or disclosure of usernames and passwords. You and your End Users are entirely responsible for maintaining the confidentiality of usernames and passwords.
SECURITY AND NOTIFICATION OF BREACH
Security
Analytiq employs reasonable and appropriate physical, administrative, and technical measures to maintain the confidentiality, integrity, and availability of Services Data under its control or in its possession. Analytiq’s security policies cover the management of security for both its internal operations as well as the Services. These policies govern security applicable to Services and apply to all Analytiq employees, subcontractors, and agents. Analytiq’s security policies and procedures are continually reviewed and overseen by Analytiq management, who are responsible for security oversight, compliance, enforcement, and conducting information security assessments.
Analytiq takes reasonable and appropriate steps to reduce the risks of human error, theft, fraud, and misuse of its facilities. Analytiq requires that all employees, subcontractors, and agents read and acknowledge its security policies. Analytiq employees, subcontractors, and agents are required to maintain the confidentiality of Services Data. Their confidentiality obligations include written confidentiality agreements, training on data protection, and compliance with all company policies relevant to the protection of confidential information.
Notwithstanding these measures, no system for safeguarding personal or other information is 100% secure, and we cannot fully eliminate security risks associated with Services Data.
Notification of Breach
Analytiq continually evaluates potential vulnerabilities and risks to Services Data under its control or in its possession and promptly responds to all known data security incidents. Analytiq’s management reviews such incidents to determine appropriate escalation paths based on the specific details of each circumstance and puts response teams in place to address them.
If Analytiq determines that Services Data has been subject to unauthorized access or acquisition that affects the confidentiality, integrity, or availability of such data, Analytiq will promptly inform You.
PRIVACY CERTIFICATIONS
Analytiq is committed to upholding the highest privacy standards. If applicable, we ensure compliance with relevant privacy certifications and frameworks to protect customer data.
CROSS-BORDER TRANSFERS
As relates to personal data subject to the EU General Data Protection Regulation (GDPR), Analytiq may transfer such data out of the European Economic Area (EEA) in performance of the Services. When we transfer such data out of the EEA, we endeavor to ensure it receives a similar degree of protection as provided by the data protection laws of your jurisdiction.
To obtain additional information on the mechanism we use to transfer EEA personal data, please contact us at info@analytiqglobal.com.
When processing and/or transferring personal data subject to the GDPR on behalf of its EEA customers, Analytiq does so as a data processor, at the direction of the client as data controller.