Privacy Policy With Respect to Data Received From Clients

INTRODUCTION

Coresecure, Inc. (“Coresecure” or "we") provides software development and managed hosting solutions. Coresecure also provides other related offerings to its clients. In connection with providing its services, Coresecure occasionally receives personally identifiable information (“personal information”) from its clients via a variety of online form submissions (“transaction data”). This policy determines Coresecure’s general privacy and security practices with respect to this personal information. While this policy sets forth Coresecure’s general privacy and security practices, the detailed obligations and commitments of Coresecure to our clients are specified in the contractual arrangements with clients. In the event of a conflict between this policy and a client contract, the client contract prevails.

This policy does not describe how personal data is collected and processed by our clients who obtain personal information directly from consumers. Consumers should review the privacy policies of the business entities with which they directly share their data to learn about such entities’ privacy practices.

Coresecure also has registered offices in the United States and Italy, both of which also adhere to all aspects of this Privacy Statement, including the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.

Coresecure also constantly works in order to comply to the General Data Protection Regulation (GDPR), which will be applied from 25th May, 2018.

NATURE OF DATA RECEIVED AND FORMS OF COLLECTION

Coresecure handles personal information in three principal ways:

  1. Through the use of this website: we use cookies to collect statistical information about the usage of our website (like number of pages visited, or number of visitors per day); we also collect any information that users voluntarily send to us;
  2. Through business interactions / use of our Services: as a website hosting and management company, we operate as a data processor - as opposed to a data controller. This means that every time an individual makes a transaction or provides information on a website hosted by us on behalf of one of our clients, we immediately collect and process these information and send them directly to our clients, without storing them in our servers;
  3. Through contractual agreements: we collect information about entities which we come into contact for business purposes (i.e. our customers), and store them on our ERP solution, provided by Netsuite, Inc.
  4. Through access to public databases, social platforms and other resources freely accessible on the internet (i.e. Google search); being the information already available on the web, we are not responsible for their accuracy or truthfulness, nor we have any involvement with their appearing, permanence, modification or deletion from the web.

Cookies are small files that are stored on your computer, mobile phone, or other device when you first visit a page. They may be used to identify an individual as a unique user by storing certain personal preferences and user data.

This website uses Google Analytics, a web analytics service that uses cookies to help the website analyse how users interface with our website. The information collected by the cookies (including your IP address) do not relate with any sensitive information (such as name, age or ethnicity), are provided in anonymous way and are used for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

For more information on Google’s privacy and cookie policy, please visit Google’s privacy policy http://www.google.com/privacy/privacy-policy.html.

Coresecure also uses JobScore as its platform for choosing candidates and managing its hiring process. Please note that Coresecure does not store or retain any of the personal information that you may provide to JobScore. If you want to know more in depth how your information are collected and used by this Applicant Tracking tool, please follow the link: https://www.jobscore.com/agreements/privacy_policy/.

USE OF THE DATA RECEIVED

Coresecure processes personal information to help its clients prevent fraud online scams and policy abuse and may use your personal information to:

  • Administer this website;
  • Personalize the website for you;
  • Enable your access to and use of the website services;
  • Publish information about you on the website;
  • Send you products that you purchase;
  • Supply to you services that you purchase;
  • Send you statements and invoices;
  • Collect payments from you; and
  • Send you marketing communications.

The period for which personal information is retained is determined by the contract between Coresecure and each individual client and may vary based on the type of Coresecure service. Out of these terms, we usually keep the personal information collected no longer than is necessary for the purposes for which the personal data are processed.

However, specific elements of a form submission (such as an email address or phone number), believed to have been used in a fraudulent manner will be retained for longer periods consistent with Coresecure’s agreements with its individual merchant clients. Clients should contact the business entities with which they directly share their data to learn how long their transaction data may be retained. Coresecure considers the protection of personal information a serious matter, and for this purpose has put in place mechanisms to detect and investigate a personal data breach, and to protect the accuracy and integrity of personal information.

In cases of onward transfer to third parties or data of EU and Swiss data subjects received pursuant to the Data Privacy Framework, Coresecure, Inc is potentially liable.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

DISCLOSURES TO THIRD PARTIES

Coresecure does not share form submission data with third parties, except in the following limited circumstances:

  1. Personal information may be accessible to third-party service providers processing data on behalf of its customers; however, any such service providers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the GDPR;
  2. Personal information may be disclosed to third parties as directed by the client which sent the information to Coresecure, including to third-party services used to validate data elements;
  3. Personal information may be provided to a third party to the extent Coresecure enters into a transaction for the acquisition of all or substantially all of Coresecure’s assets.

ACCESS, CHOICE, CORRECTION, AND DELETION OF PERSONAL DATA

Data subjects whose data is received by Coresecure have the right to access, correct or delete their personal data; if you are in the European Union, the Data Privacy Framework and GDPR grant you the right to be informed, access, rectify or erase your personal data.

All of our customers, whose information have been entered in our ERP solution - provided by Netsuite, Inc., will be included in a series of communication lists, such as billing and product updates and, occasionally, marketing correspondence, newsletter and surveys. Coresecure's ERP solution also provides its customers opt-out or opt-in choices and allows them to select which type of communication they wish to receive by flagging different subscriptions (i.e. by using the ‘unsubscribe’ option in the email). You always have the option to ask Coresecure not to reach you with this information again, by contacting us to the following address:

E-mail:
compliance@coresecure.com
(put “Privacy Compliance” in subject line)

At any time you can opt-out of Coresecure’s sharing your database information with its customers and third parties. However, you should note that even if Coresecure will cease sharing your information in any databases created after your opt-out date, its customers may continue to have access to legacy database information.

Under certain circumstances, you can also object the processing of your personal information and exercise the right to data portability.

If your information have been processed by Coresecure on behalf of one of its clients, you may exercise your rights by directly contacting Coresecure’s client that collected your data, or by contacting Coresecure at the contact information noted below.

E-mail:
compliance@coresecure.com
(put “Privacy Compliance” in subject line)

Mailing address:
Legal/Privacy Compliance
Coresecure, Inc.
10 Rogers Street; Suite 121
Cambridge, MA 02142 USA

Telephone:
617.621.3300

Coresecure will respond to your request within 30 days. In order to confirm your identity, Coresecure may require additional information from you, which will be stored as necessary to fulfill the purposes for which it was collected, and may be retained even after a data subject request has been made, for purposes of our legitimate interests - including as necessary to comply with legal obligations, resolve disputes, prevent fraud, and enforce agreements.

EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework

Coresecure complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Coresecure has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Coresecure has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-US Data Privacy Framework Principles, Coresecure commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact Coresecure, Inc. at:

E-mail:
compliance@coresecure.com
(put “Privacy Compliance” in subject line)

Mailing address:
Legal/Privacy Compliance
Coresecure, Inc.
10 Rogers Street; Suite 121
Cambridge, MA 02142 USA

Telephone:
617.621.3300

Coresecure has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

ENFORCEMENT

Coresecure has implemented internal mechanisms to verify ongoing adherence to this policy. We periodically verify that this policy remains accurate, comprehensive for its intended purpose, and is accessible in accordance with applicable law. Coresecure is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

AMENDMENTS

This privacy policy may be amended from time to time consistent with the requirements of the Data Privacy Framework. Coresecure will post any revised policy on this website.

CONTACT FOR QUESTIONS

Any questions about the accuracy, use, processing or storage of data received by Coresecure should be directed to compliance@coresecure.com.

SECURITY OF YOUR PERSONAL INFORMATION

Coresecure uses various organizational and technical measures to protect your privacy and avoid unauthorized use or disclosure of your personal data. However, you should note that no transfer of data over the Internet is completely secure. While we use reasonable efforts to protect your data on our systems, when the data is transferred over the Internet, it may be accessed and used by unauthorized third parties. Coresecure has no control over the performance, reliability, availability or security of the Internet and does not warrant that any information transfer via the Internet or any communication through the Internet is secure. Coresecure shall not be liable for any disclosure, unauthorized use, loss, damage, expense, harm or inconvenience resulting from the loss, delay, interception, corruption, intervention, misuse or alteration of any personal information due to any action beyond Coresecure’s reasonable control.

CHILDREN’S PERSONAL INFORMATION

www.coresecure.com is a site not targeted to children and is not intended to collect personal data from children under age of 13. If you have questions regarding privacy of your personal information you submit to us through our website, please send an e-mail to compliance@coresecure.com.