Objective

At Apptimus, we are committed to protecting the privacy and security of all personal data we collect, process, and store. This Data Privacy & Security Policy outlines your responsibilities and expectations regarding data protection. This policy applies to all employees, contractors, and third-party vendors who have access to or process personal data on behalf of Apptimus.

This policy applies to all personal data processed by Apptimus, including:

• Customer Data: Information collected from our clients, such as contact details, project information, and financial data.
• Employee Data: Information collected from employees, such as personal details, contact information, employment records, and payroll data.
• Prospect Data: Information collected from potential clients, such as contact details and business information.
• Other Data: Any other personal data processed by Apptimus in the course of our business operations.

Data Protection Principles

You must adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: Process personal data only for specific, explicit, and legitimate purposes and do not process it in a way that is incompatible with those purposes.
• Data Minimization: Collect only the personal data that is necessary for the purposes for which it is processed.
• Accuracy: Take all reasonable steps to ensure that the personal data you process is accurate and, where necessary, kept up to date.
• Storage Limitation: Retain personal data only for as long as is necessary for the purposes for which it is processed.
• Integrity and Confidentiality: Process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
• Accountability: You are accountable for and must demonstrate compliance with these data protection principles.

Your Responsibilities

Data Collection and Processing:

• Collect personal data only with the knowledge and consent of the individual, or when permitted by law.
• Ensure that personal data is collected and processed for legitimate business purposes.
• Implement appropriate security measures to protect personal data from unauthorized access, use, disclosure, or modification.

Data Storage and Retention:

• Store personal data securely and in accordance with our data retention policies.
• Regularly review and delete outdated or unnecessary personal data.

Data Sharing and Disclosure:

• Do not share your company email account, system access, or any other company-issued devices with others.
• Only share personal data with third parties when necessary for business purposes and with appropriate safeguards in place.
• Do not sell or rent personal data to third parties for marketing purposes.

Data Subject Rights:

• Respect the rights of individuals to access, correct, or delete their personal data.
• Comply with all applicable data protection laws and regulations regarding individual rights.

Data Breach Notification:

• Report any suspected data breaches to the [Designated Contact Person/Department] immediately.

Confidentiality of Customer Data

Team members may have access to customer instance data on company systems. This data is strictly confidential and must be treated with the utmost care.

• Prohibited Actions:
• Sharing with Other Customers: Do not share customer data with any other customer, even if they are similar clients or have similar needs. This includes sharing screenshots, reports, or any other information that reveals specific details about a customer's instance.
• Use in Demo Systems: Customer data must never be used in any demo systems or presentations for prospective clients. Always use anonymized or simulated data for demonstrations.
• Sharing with Others: Do not share customer data with anyone outside of Apptimus, including friends, family, or personal contacts. This includes sharing information on social media or any other public forum.

Compliance

• Comply with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant local laws.