Safe Harbor Privacy Policy

Scope

This policy covers the self-regulating, privacy practices that Data Intensity employs when providing Managed Services (Network-based support), Hosted Services, and Consulting services.
Data Intensity’s Safe Harbor policy explains Data Intensity services models, as well as how information is handled within each of these models (as opposed to personal data that is stored as part of the operations of Data Intensity as a business entity).

Definitions

Managed Services: Managed Services typically involve data that resides at our customer’s location or at a hosting provider of their choice. Companies that contract with Data Intensity for managed services provide information about themselves including their names, addresses, billing information, and some employee contact information for those who will administer the contract, as well as contacts with whom Data Intensity will be interacting on a daily basis. Data Intensity treats Managed Services environment data as confidential in accordance with the terms of the relevant agreement between Companies and Data Intensity in which Data Intensity has agreed to provide Managed Services.

Hosted Services: Hosted services typically involve data that resides in Data Intensity-owned or -leased space. Companies that contract with Data Intensity provide information about themselves including their names, addresses, billing information, and some employee contact information for those who will administer the contract, as well as contacts with whom Data Intensity will be interacting on a daily basis. Data Intensity treats Hosted Services environment data as confidential in accordance with the terms of the relevant agreement between Companies and Data Intensity under which Data Intensity agrees to provide Hosted Services.

Consulting Services: Consulting services are professional services provided to Data Intensity Customers.

1. Customer Information
To help explain how we treat customer information, it is important to make a distinction between information that Data Intensity maintains about its customers (“Customer Information”) and data we manage or host on behalf of those customers.

All customer environments contracted under Managed Services or Hosting services agreements, including but not limited to Production, Non-Production and/or Disaster Recovery environments, contain customer information. These environments may include personal information about a Customer’s employees, customers, partners and/or suppliers. This policy covers the personal information that is provided to or accessed by Data Intensity in the Managed Services or Hosted Services environment.

While our principal facilities are in the US, we may transfer managed services data or hosted data provided by Customers to a non-US-based office, service engineer and/or consultant to provide the necessary service or information requested by the customer. In order to provide service in a timely, cost-effective and efficient manner, data provided to Data Intensity will be made available throughout our global offices to authorized Data Intensity users that require access to the information to address customer requirements. Data Intensity’s policies require all employees, consultants, partners, or suppliers and offices worldwide that access data to comply with our global requirements for the protection of that data as it resides within our Managed Services or Hosted Services.

Data Intensity has access to data in connection with Managed Services and Hosted Services in accordance with the terms of the relevant agreement(s) between Data Intensity and its hosted Customers. Data Intensity neither controls its Customers’ information collection nor use practices related to Managed Services or Hosted Services data. Data Intensity simply provides the relevant application management and support services, and may provide storage of hosted data. Data Intensity shall have no liability for a Customer’s failure to provide the appropriate notice and/or obtain the appropriate consent prior to transferring data to Data Intensity. Data Intensity makes no independent use of Managed Services or Hosted data outside of that which is required to provide services to our Customers.

We set forth herein below the conditions under which data may be accessed, as well as the possible circumstances under which there may be direct interaction with end users:

To Provide Services Requested By Customer: Hosted data will be accessed as required to fulfill the requirements of the services contract or subsequent/independent requests for service by our Customer.
To Provide Support: Hosted data collected/accessed for this purpose may include contact information and information related to products and support requested by a Managed Services Customer or a Hosted Services Customer and may include information related to a service issue.

To Maintain and Upgrade the System: Technical staff may require periodic access to data to monitor system performance, perform system tests and develop and implement upgrades to systems. Any temporary copies of data created as a necessary part of this process shall be maintained solely for periods of time relevant to those purposes. Following completion of the process, the copies of the data shall be purged.

To Address Performance and Fix Issues: On occasion, patches and other fixes to software, such as security patches that address newly discovered vulnerabilities, shall be developed by the software vendor. In accordance with the terms of the contract for Managed Services or Hosted Services and/or upon notification from our Customer, we may access the test and development or production environment, including hosted data, to validate that such patches and fixes work in within our Customers’ environment(s).

As a Result of Legal Requirements: Data Intensity may be required to provide personally identifiable information to comply with legally mandated reporting, disclosure or other legal process requirements.

2. Communication Preferences and Opt-Out
Data Intensity does not use Managed Services or Hosted Services data for its own marketing purposes, but may market to Managed Services or Hosted Services Customers if there are pre-existing relationships or independent contacts with the Managed Services or Hosted Services Customer, except that upon obtaining Customer’s consent, Data Intensity may use Customer or its relationship with Customer as a reference for marketing purposes.

3. Access
Data Intensity may access the customer’s Managed Services or Hosted Services environment to provide the necessary support, to resolve an issue or inquiries into performance-related issues, or for periodic maintenance and management of the systems. Data Intensity may also require that the Customer provide access to user information to validate that a particular issue has been resolved. All access to the customer’s system is controlled via an access control list (ACL) mechanism and the use of an account management framework to ensure system and user level security. Access to personal information by the Managed Services Customer or Hosted Services Customers is controlled by said customers.

4. Security
Data Intensity is concerned with the security of the personally identifiable information and has in place measures designed to prevent unauthorized access to that information and to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction. These measures include policies and procedures as well as adhering to the principles of requesting least privileges.

5. Compliance Issues
Compliance issues should be directed to Data Intensity’s Security Officer, who may be reached at Data Intensity’s Worldwide Headquarters located at 22 Crosby Drive Bedford, Massachusetts 01730 phone: 781.541.5900. It is the responsibility of all employees, consultants, partners, or suppliers to act in accordance with the Privacy Policy and obligations with respect to Personal Data. Failure to do so may result in disciplinary action, if warranted, up to and including termination of employment.

6. Verification, Enforcement
Data Intensity’s privacy practices are self-certified annually to the U.S. Department of Commerce to ensure they are consistent with U.S.-E.U. Safe Harbor principles: Notice, Choice, Onward Transfer, Access and Accuracy, Security, and Oversight/Enforcement. More information about the U.S. Department of Commerce Safe Harbor Program can be found at http://www.export.gov/safeharbor/.

The Security Officer is responsible for:

  • Ensuring that the privacy guidelines, programs, procedures, training and other measures necessary to implement the Privacy Policy are developed and put into practice
  • Overseeing responses to inquiries and resolutions of complaints and/or disputes relating to the privacy of Identifiable Persons
  • Working with Data Intensity’s legal department to ensure Data Intensity’s ongoing compliance with applicable privacy laws and agreements, as well as any obligations Data Intensity may enter into voluntarily, such as the Safe Harbor Principles; and overseeing annual assessments of Data Intensity’s internal practices to ensure that they conform to the Privacy Policy and related company obligations