This policy establishes and communicates the key principles CypherCrescent follows in protecting the personal information that it collects. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case CypherCrescent will comply with the local legal requirements.
Data Subject is any individual about whom CypherCrescent holds personal data.
Personal data is any information that allows an individual to be identified directly or indirectly (e.g., name, date of birth, title, address, telephone number and email address).
Sensitive personal data is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to a data subject (e.g., racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, and physical or mental health conditions). Personal data and sensitive personal data are collectively referred to as "personal information".
Collecting and Processing Personal Information
CypherCrescent collects and processes personal information that is necessary for legitimate business purposes, which will be disclosed to the data subject at the time of collection. CypherCrescent will use and process this information only for the purposes for which it was collected, retaining the personal information only for so long as is required for the specific purpose for which the information was collected.
CypherCrescent will not collect sensitive personal data except when permitted or required to do so by law, and will do so only for legitimate business purposes. If in any other instance a need arises to collect sensitive personal data, CypherCrescent will do so only with the data subject's express consent, which can be withdrawn at any time.
CypherCrescent will not sell, disclose or rent personal information for direct marketing purposes.
Transfer of Personal Information
CypherCrescent may transfer the personal information outside the data subject's home country when: (i) it has the consent of the data subject; (ii) it is necessary or appropriate as permitted by law to do so because it is relevant to CypherCrescent's dealings with the data subject; or (iii) it is required by law.
CypherCrescent will implement reasonable measures to protect the security and confidentiality of personal information and provide an adequate level of protection in each of the locations where the information is transferred.
In limited circumstances, CypherCrescent may disclose personal information to a third party who is providing a service to CypherCrescent. CypherCrescent will only disclose personal information if the third party has provided satisfactory assurances to CypherCrescent of its ability to provide appropriate and sufficient data privacy and security safeguards to protect the personal information from unauthorized disclosure, use or loss. Where CypherCrescent learns that a third party is using or disclosing personal information in a manner contrary to this policy, CypherCrescent will take reasonable steps to discontinue such use or disclosure.
Disclosures to third parties will be only for the purposes described in this policy, for a compatible purpose, or for a purpose authorized by the data subject.
Choice and Options
CypherCrescent gives data subjects the opportunity to choose not to have his or her personal information transferred to third parties for use in a manner incompatible with the purpose for which it was originally collected. An employee may not opt out of the transfer of his or her personal information to a third party if it is being conducted for the purpose of: (1) meeting applicable legal requirements, or (2) furthering the legitimate employment relationship with CypherCrescent. Prior to transferring sensitive personal data for use in a manner incompatible with the purpose for which it was originally collected, explicit (opt in) choice will be sought.
Security of Personal Information
Only authorized colleagues with a valid, work-related need may access a data subject's personal information. In the event of a data breach, CypherCrescent will issue breach notifications as may be required under applicable law.
Data Subject Rights
While personal information is maintained by CypherCrescent, a data subject may access the information pertaining to him/her to the extent required by local law to review, update and correct inaccuracies; To do so, the data subject should contact CypherCrescent. Additionally, a data subject may ask CypherCrescent to correct, update, supplement or delete personal information held on him/her.
CypherCrescent may, in its discretion, charge a reasonable, cost-based fee for access or photocopying of this information. For security purposes, CypherCrescent may require verification of identity before providing access to personal information.
If a data subject has a question about this policy or a complaint about the way CypherCrescent has collected, processed, used or disclosed his/her personal information, the data subject should contact CypherCrescent.
Changes to this Policy