EU-U.S. Privacy Shield
Continuity Logic participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Continuity Logic is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov
Continuity Logic is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Continuity Logic complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Continuity Logic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Continuity Logic may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Continuity Logic has further committed to cooperate with the EU data protection authorities (DPAs) for EU employees regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU, in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Customer Information and Services Data
Customer as a Data Exporter (Controller)
Customer Information: When using the Site, you may choose to provide us with certain personal information such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments, questions, and perform the services provided by Continuity Logic.
Under the Privacy Shield Principles, individuals have the right to opt out of (i) disclosures of their personal information to third parties; or (ii) uses of their personal information. If you wish to opt out or change your information, please send an email to the privacy officer at the address listed below.
If data that resides on CL360 systems to which Continuity Logic is provided access to perform services (including test, development and production environments that may be accessed to perform Continuity Logic consulting and support services). Continuity Logic treats services data according to the terms of this policy, and treats services data as confidential in accordance with the terms of your order for services
In contrast, having contracted with Continuity Logic for CL360 or other services, the customer provides Continuity Logic access to its production, development or test environment, which may include personal information about its employees, customers, partners or suppliers (collectively “end users”).
Continuity Logic as a Data Importer (Processor)
Below are the conditions under which Continuity Logic may access, collect and/or use services data. The data importer is Continuity Logic, LLC. In this instance, data importer is providing a Software as a Service (SaaS) application for the data exporter to store and manage their Business Continuity, Disaster Recovery, Incident Management and Governance, Risk & Compliance programs.
Continuity Logic may receive the above data exporter information through system interface(s) to provide users with accurate information during the creation and maintenance of application usage.
To Provide Services and to Fix Issues
Services data may be accessed and used to perform services under your order for support, consulting, or general CL360 services and to confirm your compliance with the terms of your order. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs or other issues you have reported to Continuity Logic. Any copies of services data created for these purposes are only maintained for time periods relevant to this purpose.
Because of Legal Requirements
Continuity Logic may be required to retain or provide access to services data to comply with legally mandated reporting, disclosure or other legal process requirements.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If Continuity Logic is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
Some of our pages utilize framing techniques to serve content to/from our partners while preserving the look and feel of our website. Please be aware that you are providing your customer information to these third parties and not to https://www.continuitylogic.com.
Continuity Logic does not use services data except as stated above or in your order. Continuity Logic may process services data but does not control your collection or use practices for services data. If you provide any services data to Continuity Logic, you are responsible for providing any notices and/or obtaining any consent necessary for Continuity Logic to access, use, retain and transfer services data as specified in this policy and your order.
Upon request Continuity Logic will provide you with information about whether we hold any of your customer information. You may correct, or request deletion of your customer information by contacting us at email@example.com. We will respond to your request within a reasonable timeframe.
Continuity Logic’s access to services data is based on job role/responsibility. Service data residing in Continuity Logic-hosted systems is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. You control access to services data by your end users; end users should direct any requests related to their personal information to you. Please see “Information Related to Data Collected through the CL360 application” section below.
You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may do so by using the “Unsubscribe” link found in emails we send to you or by contacting us at firstname.lastname@example.org.
We may also send you service related email announcements on rare occasions when it is necessary to do so. For instance, if our service is suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
Tracking Technologies / Cookies.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Security and Breach Notification
Continuity Logic is committed to the security of your services data, and has in place physical, administrative, and technical measures designed to prevent unauthorized access to that information. Continuity Logic security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2005 standard, govern all areas of security applicable to services and apply to all Continuity Logic employees. Continuity Logic’s Support, Consulting and CL360 lines of business have developed detailed statements of security practices that apply to many of their service offerings.
Continuity Logic’s policies and procedures are reviewed and overseen by Continuity Logic Global Information Security (CLGIS). CLGIS is responsible for security oversight, compliance and enforcement, and for conducting information security assessments and leading the development of information security policy and strategy.
Continuity Logic is also committed to reducing risks of human error, theft, fraud, and misuse of Continuity Logic facilities. Continuity Logic’s efforts include making personnel aware of security policies and training employees to implement security policies. Continuity Logic employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
Continuity Logic promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. CLGIS and Legal are informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Continuity Logic determines that your services data has been misappropriated (including by a Continuity Logic employee) or otherwise wrongly acquired by a third party, Continuity Logic will promptly report such misappropriation or acquisition to you. If you have any questions about the security of your personal information, you can contact us at email@example.com.
Links to Third Party Sites
Information Related to Data Collected through the CL360 application
Information Related to Data Collected for our Customers:
- Continuity Logic collects information under the direction of its Customers and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customers.
Access and Retention of Data Controlled by our Customers:
- Continuity Logic acknowledges that you have the right to access your personal information. Continuity Logic has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to the Continuity Logic’s Customers (the data controller). If requested to remove data, we will respond within a reasonable timeframe.
- Continuity Logic will retain personal data we process on behalf of our Customers for as long as needed to provide services to our Customer. Continuity Logic will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Chief Privacy Officer,
140 S Falkenberg Road
Riverview, FL 33578
Last Update: March 26, 2020