CUSHNOC RESILIENCY ADVISOR’S PRIVACY POLICY

PURPOSE

The purpose of this policy is to describe the treatment of client or prospect information provided to or accessed by Cushnoc Resiliency Advisors’ (“Cushnoc”) employees and/or those working on behalf of Cushnoc such as contractors, consultants, and vendors.

SCOPE

This privacy policy applies to information gathered or accessed by Cushnoc in the process of delivering services and solutions to clients

THE USE OF CLIENT INFORMATION BY CUSHNOC

Cushnoc is granted access to private, sensitive and/or non-public client information through the normal course of business. Access to this information is important to the ability of Cushnoc to deliver effective, customized and valued services to clients. Cushnoc will not use the information obtained or accessed through the normal course of delivering services for purposes other than those agreed to with the client in the statement of work or at the time of collection. Cushnoc does not disclose client information to third parties unless necessary for the delivery of services listed in a statement of work or contract as required by law or regulatory requirements, in which case Cushnoc would require the explicit consent of the client to do so. No client information shall be collected that is not needed for the delivery of services. Any inquiries or complaints in regards to this policy should be directed to info@Cushnoc.com.

COLLECTION AND USE OF MARKETING INFORMATION BY CUSHNOC

In addition to client information collected as part of delivery of services and solutions, Cushnoc may also collect marketing data from both clients and prospects for use in delivery of sales and marketing. This information is limited to the individual’s name, title, company name, address, e-mail, and phone number. This information will be used solely for marketing purposes and will not be directly shared with third-parties. It is possible that this information may be stored in third-party systems that are used to enable marketing communications; access to this information, however, will be restricted to Cushnoc employees.


This information will be collected in accordance with local statutory regulations and will be transparent about the nature, purpose, and extent of processing operations associated with the data. Persons who voluntarily supply their contact information to Cushnoc may receive future communications. Persons who wish to amend or update their details or who do not wish to receive further correspondence may contact Cushnoc and ask that their details to be changed or to be removed.

COOKIES

Cushnoc uses cookies for one purpose:

  • To enhance the user experience during visits to our corporate web site.

These cookies do not proactively monitor user activity and are designed solely to improve the use and functionality our web site. Some cookies may be “persistent” in nature in order to deliver a more responsive browsing experience. Anonymous, aggregated cookie data may be used for the purpose of usage analysis, quality control and improvement of user experience. You will be notified (and can prevent the use) of cookies during the initiation of your first session and can subsequently modify or disable cookie functionality by accessing your browser preferences.

RETENTION OF PERSONAL INFORMATION

Cushnoc retains the information collected from clients and web site users for as long as the information is relevant to the executive of business contracts or for other business purposes, or until the user requests that we remove the data.

INFORMATION SECURITY AND INTEGRITY

The security, integrity and confidentiality of non-public information are extremely important to Cushnoc. Cushnoc has implemented technical, administrative and physical security measures that are designed to protect such information from unauthorized access, disclosure, use and modification. Access to information is limited to those employees, contractors, consultants, and vendors that need to access the information to perform their duties. All employees are required to sign a non-disclosure agreement to work at Cushnoc. Consultants, contractors and vendors that perform work on behalf of Cushnoc are required to enter into a non-disclosure agreement and are expected to adhere to this policy and any others governing the actions of Cushnoc’s employees.


Cushnoc’ need to collect, maintain, use, or disseminate personal information about individuals is limited to use in delivering services to clients or marketing/sales services to prospects. Personal information will not be collected that is not needed and agreed to for these purposes. Cushnoc personnel and third parties that perform work on behalf of Cushnoc have a responsibility to protect an individual’s privacy when collecting, maintaining, using or disseminating personal information about an individual.

CUSHNOC RESILIENCY ADVISER'S PRIVACY PROGRAM

To support the privacy policy, Cushnoc has implemented and maintains a Privacy Program. The following sections describe the Privacy Program.

PRIVACY PROGRAM ROLES AND RESPONSIBILITIES

Program Sponsor – Provides sponsorship and oversight to the Privacy Program. The sponsor is a C-Level executive and responsible for reviewing and validating all program activities, strategy options and organizational changes that may affect the privacy program.


Program Coordinator – Provides day-to-day management for the Privacy Program. The coordinator is responsible for approving program activities and strategy options. The coordinator also requests resources to enable successful implementation and maintenance of program activities.


Cushnoc Employees – Responsible for understanding their role in the Privacy Program and familiarity with this policy and program details.


Consultants, Contractors and Vendors delivering services on behalf of Cushnoc – Responsible for understanding their role in the Privacy Program and familiarity with this policy and program details. Cushnoc expects all third parties performing work on behalf of Cushnoc to adhere to this Privacy Policy and Cushnoc Resiliency Advisor’s Privacy Program.

AGENTS OF CUSHNOC CONSULTING

Any party acting as an agent of Cushnoc Consulting will be required to adhere to the same principles and policies set forth in this document.

PRIVACY PROGRAM ACTIVITIES

Analysis of Information Needs
The Privacy Program will identify what information and personal information must be protected in alignment with this Privacy Policy and any applicable legal obligations.

Privacy Risk Identification and Assessment
Cushnoc will implement and maintain procedures to identify and assess risks to information security and integrity. Cushnoc will identify and monitor the locations where sensitive information is stored. The risk identification and assessment will include the identification of sources of risk, impact of the risk and potential mitigation strategies. The risk identification and assessment will be conducted on all new projects with the potential to impact privacy risks.
There are several reasonable and foreseeable internal and external risks to the security and integrity of personal information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of the security and confidentiality of personal and confidential information. These risks may include, but are not limited to:

  • Unauthorized access of personal information by individuals not approved for access
  • Compromised system security
  • Interception of data during transmission
  • Square Full
    Loss of data integrity
  • Square Full
    Physical loss of data
  • Square Full
    Poor audit trails
  • Square Full
    Unauthorized access of personal information by employees
  • Square Full
    Unauthorized transfer of personal information to third parties or employees not approved for access
  • Square Full
    Unauthorized transfer of personal information by third parties

The management and control of privacy risks shall be accomplished by 1) the development of policies, procedures, and standards which address identified privacy risks; 2) the development of training opportunities and informational materials to assist in the implementation of these policies, procedures and standards; and 3) monitoring, auditing and otherwise evaluating business areas for compliance with privacy policies, procedures, and standards.

IMPLEMENTATION OF CLIENT INFORMATION SECURITY AND INTEGRITY PROCEDURES AND CONTROLS

Cushnoc implements and maintains digital and physical security procedures and safeguards to restrict access to sensitive information to only those people that need access to perform their duties. Please be aware that despite Cushnoc Resiliency Advisor’s best efforts, no security measures are perfect or impenetrable. Any employee, consultant, contractor, or vendor that becomes aware of any breach of information security and integrity will immediately notify the Cushnoc Managing Consultant or Director for the project. The Cushnoc Managing Consultant or Director will then take action to mitigate the potential for further breaches and take the necessary steps to notify the client and resolve the situation.


REVIEW OF CLIENT INFORMATION SECURITY AND INTEGRITY PROCEDURES AND CONTROLS

From time to time, Cushnoc will review security procedures to consider appropriate new technology and methods. These periodic reviews will include an assessment of the applicable risks to information security and integrity including the identification of the sources and impacts of identified risks. Any unacceptable risks will be documented and corrective actions will be identified and implemented within a reasonable amount of time. In addition, the review of privacy procedures implemented by third parties working on behalf of Cushnoc will be conducted on a regular basis to ensure compliance to Cushnoc Resiliency Advisor’s privacy policy.

TRAINING AND AWARENESS

Cushnoc employees and consultants, contractors and vendors working on behalf of Cushnoc will be made aware of and trained in the procedures used to protect information security and integrity. Changes to this privacy policy and procedures to protect information are documented and made available to the relevant parties.

QUERIES/QUESTIONS

ANY DATA SUBJECTS CONCERNED ABOUT THEIR RIGHTS MAY CONTACT CUSHNOC AT INFO@CUSHNOCRA.COM FOR ADDITIONAL INFORMATION.