Data Protection and Privacy Policy
Introduction
Sentrient is committed to protecting the privacy and security of your data. This Data Protection Policy outlines the types of data we collect, how we store it, and the measures we take to keep your data secure. This policy is aligned with relevant legal and regulatory frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable local laws.
Scope
This policy applies to all Sentrient services and features, collectively referred to as the “Service,” provided by [Your Company Name], “we,” “us,” or “our.”
Types of Data Collected
- Personal Data: Names, job titles, department, employee ID, email addresses, phone numbers, and other identifying information.
- Employment Data: Employment history, salary, benefits, performance reviews, and other HR-related records.
- Usage Data: Information generated through your use of the Service, including login times, feature usage, and service performance metrics.
- Other Data: Any additional data that you provide to us voluntarily, such as survey responses, feedback, or preferences.
Data Collection Methods
We collect data through:
- User Input: Data you provide while using the Service.
- Automated Uploads: Data uploaded by your System Admins and HR Managers
- Automated Tracking: We use cookies, log files, and other tracking technologies to collect usage data.
- Third-Party Sources: We may occasionally receive data about you from third-party sources, which we use to enhance the Service.
Data Usage
We use your data to:
- Provide and maintain the Service.
- Improve the Service and develop new features.
- Conduct analysis and research related to our services.
- Communicate with you about updates, promotions, or customer service inquiries.
- Comply with legal obligations and resolve disputes.
Data Storage and Security
Cloud Storage
- Multi-Tenancy Architecture: Customer data is isolated using a multi-tenancy architecture, ensuring data from different customers is never mixed.
- Data Encryption: All data is encrypted at rest using industry-standard encryption algorithms.
- Backup: Regular backups are conducted to ensure data persistence, with encrypted copies stored in geographically separate locations.
Local Storage
- Secure File System: Data is stored in secure file systems with restricted access protocols.
- Encryption: Data stored locally is also encrypted using robust encryption algorithms.
Data Transmission
- Secure Socket Layer (SSL)/Transport Layer Security (TLS): All data transmitted over the network is encrypted using SSL/TLS.
- API Security: Secure access tokens and OAuth 2.0 are used to ensure secure data transmission between integrated services.
Security Measures
Access Control
- Multi-Factor Authentication (MFA): MFA is required for accessing sensitive or administrative areas of the service.
- Role-Based Access Control (RBAC): User permissions are strictly controlled based on roles within the organization.
Monitoring and Audit
- Logging: All data access and operations are logged, with the logs being immutable and securely stored.
- Security Audits: Regular internal and external security audits are conducted to assess the efficacy of security measures.
Firewalls and Network Security
- Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS): Network traffic is monitored to detect and prevent unauthorized access or data breaches.
- Virtual Private Cloud (VPC): Resources are hosted in a secure VPC with strict sub-netting and firewall rules.
Endpoint Security
- Anti-Malware Software: All endpoints have up-to-date anti-malware software to prevent malware infections.
- Patch Management: Regular software updates and patches are applied to fix known security vulnerabilities.
Employee Training and Awareness
- Security Training: All employees undergo regular security training to stay updated on the latest security protocols and best practices.
- Access Restrictions: Only authorized personnel with a legitimate business need have access to customer data.
Disaster Recovery
- Disaster Recovery Plan: A documented disaster recovery plan exists and is regularly tested to ensure data integrity and availability in case of catastrophic failures.
- Failover Systems: Redundant systems are in place to ensure service continuity in case of hardware failure.
Penetration and vulnerability Testing
- Sentrient system has gone through third party penetration and vulnerability testing.
- System is tested again every 18 months to make sure that we address any new threats if require.
Data Retention
We retain your data only for as long as necessary to fulfill the purposes for which it was collected. After that, we either anonymize the data or securely delete it.
Data Sharing and Transfers
We do not sell, trade, or otherwise transfer your personal data to third parties, except:
- To third-party service providers for specific functions like payment processing.
- As required by law or to protect the rights and safety of our users and the public.
Your Rights
You have the right to access, rectify, or delete your personal data. You also have the right to data portability and to object to or restrict our processing of your data.
Policy Updates
We reserve the right to update this policy. If significant changes are made, we will notify you through the Service or via email.
Contact Information
For any questions, concerns, or to exercise your rights, contact our Data Protection Officer at:
Email: info@sentrient.com.au