Effective date: January 1, 2011
Last update: December 17, 2020
Personally identifiable information is only collected when you choose to provide it to Division-D, such as in an email or by completing a form on the Website. The Website does contain a contact page where you can contact Division-D personnel and request additional information. This PII may include: name, company name, address, telephone number or email address. This information is only used by Division-D to contact you in response to your inquiry, conduct business activities with you, provide customer service and provide new products and services to existing and prospective customers. While Division-D may use the information it collects to notify you of necessary changes to the Website, new services/offerings and unique opportunities, you can contact Division-D at any time if you do not wish to receive these notices by emailing Division-D at email@example.com.
Division-D is respectful and keenly aware of the privacy rights of children. Division-D’s products and services are not intended for persons under 18 years of age and the Website is not directed to children. Division-D does not knowingly solicit or collect any PII from children under the age of 18, nor knowingly markets Division-D products and services to children under this age. If you are a parent and are aware that your child has provided Division-D with PII without your knowledge or consent, please contact us immediately at firstname.lastname@example.org.
You can request the PII that Division-D has collected about you, correct factual inaccuracies in information, remove personal information and/or update your personal information by contacting email@example.com. Some of the Non-PII collected on behalf of the Agency is considered personal data under EU Data protection laws. While Division-D doesn’t place cookies nor process any data directly as an Agency, interested persons may contact our Partners to see what type of access rights they offer.
- The terms “consumer,” “personal information,” “processing,” “sell,” “service provider,” and “verifiable consumer request” are as defined under Section 1798.140 of the CCPA.
- “Approved Sub-processor” means a third-party entity that processes data on behalf of and as specifically directed by Division-D pursuant to a written contract and is thereby bound by obligations that are no less onerous than the obligations set out in this DPA.
- "Client Personal Information" means personal information provided by Client pursuant to the Agreement.
- "Incident" means the known or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to transmitted, stored, or otherwise processed by Division-D or a Sub-processor of Division-D.
- Division-D Warranties: Division-D agrees that: a) it shall collect, store, transfer, dispose, disclose and use all Division-D Personal Information using the highest standard of care to ensure the protection of such data and in compliance with all applicable federal, state and international laws, regulations and directives; b) it shall not collect, retain, process, share or otherwise use Client Personal Information except for performing the services as described in the Agreement unless as required by law or a government authority (in which case Division-D shall use its best efforts to notify Client before such disclosure or as soon thereafter as reasonably possible); c) it shall act as a service provider and shall not sell Client Personal Information; d) it shall take reasonable steps as a service provider to ensure that the transfer of Client Personal Information is not a sale of personal information; e) except for Approved Sub-processors, it shall only transfer Client Personal Information to a third-party as specifically directed by Client. Any Sub-processors will be permitted to obtain Client Personal Information only to deliver the services Division-D has retained them to provide and are prohibited from using Client Personal Information for any other purpose. Division-D shall remain fully liable for all acts or omissions of its subcontractors.
- Data Retention: Division-D shall retain Client Personal Information only for as long as necessary to provide Services to Client. Upon termination of the parties agreement for any reason, Division-D shall promptly erase or destroy all or any part of such Client Personal Information.
- Information Security Standard. Both parties agree that they will use their commercially reasonable efforts to maintain administrative, technical, and physical safeguards that are no less rigorous than industry standard practices to ensure the security and confidentiality of Client Personal Information, protect against any anticipated threats or hazards to the confidentiality, availability or integrity of Client Personal Information, and protect against unauthorized access, use, or alteration of Client Personal Information.
- Written Information Security Program. Both parties shall maintain, in writing, reasonable security procedures and practices (“Written Information Security Program” or “WISP”) as necessary to protect Client Personal Information within its control from unauthorized access, destruction, use, modification, or disclosure. Without limiting the generality of the foregoing statement, the WISP shall at a minimum encompass each of the elements set forth below.
Any Incident involving the nonencrypted or nonredacted personal information as defined under section 1798.81.5(d)(1) of the California Civil Code (each a “Reportable Incident”) shall be subject to the following procedures:
- Division-D shall notify Client promptly (within 72 hours) of any Reportable Incident by sending an email with all available and relevant details to an email address specified by Client.
- Division-D shall investigate the Reportable Incident, and provide reasonable and necessary cooperation with Client, including facilitating interviews with relevant personnel, making available all relevant records, logs, files, data reporting and other materials, and providing Client with reasonable physical access to the facilities affected where owned by Division-D.
- Unless required by law, Division-D shall not inform any third party, other than incident response and forensics specialists under NDA, of any Reportable Incident without first obtaining Client’ prior written consent, other than to inform a complainant that the matter has been forwarded to Client’ legal counsel.
- Following a Reportable Incident, Division-D shall document responsive actions taken in connection with the Incident and shall conduct a post-breach review of events and actions taken, if any, to make changes in security practices and procedures to prevent such Incident from occurring again in the future.
- Incident Remediation. Division-D shall use its commercially reasonable efforts to mitigate and remedy any Incident and prevent any further Incident at its sole expense.
- Third Party notification. Division-D agrees that, unless applicable law states otherwise, Client shall have the sole right to determine (i) whether notice of the Reportable Incident is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Client’ discretion, (ii) the contents of such notice, and (iii) whether any type of remediation may be offered to affected persons, as well as the nature and extent of any such remediation. Division-D agrees to reimburse Client for reasonable costs described in this section for Reportable Incidents and/or as required by applicable law.