Avalution Privacy Policy

Purpose

The purpose of this policy is to describe the treatment of client information provided to or accessed by Avalution Consulting (“Avalution”) employees and/or those working on behalf of Avalution such as contractors, consultants, and vendors.

Scope

This privacy policy applies to information gathered or accessed by Avalution in the process of delivering business continuity services to clients.

The Use of Client Information by Avalution

Avalution is granted access to private, sensitive and/or non-public client information through the normal course of business, including but not limited to names, addresses, email addresses, etc. Access to this information is important to the ability of Avalution to deliver effective, customized and valued business continuity services to clients. Avalution will not use the information obtained or accessed through the normal course of delivering services for purposes other than those agreed to with the client in the statement of work. Avalution does not disclose client information to third parties unless necessary for the delivery of business continuity services listed in the statement of work or as required by law or regulatory requirements, in which case Avalution would require the explicit consent of the client to do so. No client information shall be collected that is not needed for the delivery of business continuity services. Any inquiries or complaints in regards to this policy should be directed to [email protected]

Client Information Security and Integrity

The security, integrity and confidentiality of client information are extremely important to Avalution. Avalution has implemented technical, administrative and physical security measures that are designed to protect client information from unauthorized access, disclosure, use and modification. Access to client information is limited to those employees, contractors, consultants, and vendors that need to access the information to perform their duties for the client on behalf of Avalution. All employees are required to sign a non-disclosure agreement to work at Avalution. Consultants, contractors and vendors that perform work on behalf of Avalution are required to enter into a non-disclosure agreement and are expected to adhere to this policy and any others governing the actions of Avalution's employees. Avalution's need to collect, maintain, use, or disseminate personal information about individuals is limited to use in delivering business continuity services to clients. Personal information will not be collected that is not needed for delivering business continuity services. Avalution personnel and third parties that perform work on behalf of Avalution have a responsibility to protect an individual's privacy when collecting, maintaining, using or disseminating personal information about an individual. Avalution acknowledges the individual's right to access their personal data. Any individual who has their data collected by Avalution Consulting in the course of conducting professional services and business can access their relevant data to either correct or delete it. To do this, individuals owning data handled under Privacy Shield should submit a request in writing to the Program Coordinator (see below) to review this data in order to correct or delete it. All deletions and/or edits to individual data shall be logged in accordance with industry best-practices for privacy and data security. Avalution does not share any data with third parties without the express consent of our clients. In the event this policy changes Avalution will offer our clients the choice to opt-out. Avalution may be liable for appropriate onward transfers of personal data to third parties. Lastly, please be aware that Avalution may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Avalution's Privacy Program

To support the privacy policy, Avalution will implement and maintain a Privacy Program.  The following sections describe the Privacy Program.

Roles and Responsibilities

Program Sponsor – Provides sponsorship and oversight to the Privacy Program.  The sponsor is a senior-level manager and responsible for reviewing and validating all program activities, strategy options and organizational changes that may affect the privacy program.

Program Coordinator – Provides day-to-day management for the Privacy Program.  The coordinator is responsible for approving program activities and strategy options.  The coordinator also requests resources to enable successful implementation and maintenance of program activities.

Avalution Employees – Responsible for understanding their role in the Privacy Program and familiarity with this policy and program details.

Consultants, Contractors and Vendors delivering services on behalf of Avalution – Responsible for understanding their role in the Privacy Program and familiarity with this policy and program details.  Avalution expects all third parties performing work on behalf of Avalution to adhere to this Privacy Policy and Avalution’s Privacy Program.

EU-US Privacy Shield Compliance

Avalution complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Avalution has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In compliance with the EU-US Privacy Shield Principles, Avalution commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact our Support team at [email protected]

Avalution has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-euconsumers/ for more information and to file a complaint. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

United States Governing Authority

The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with the Privacy Shield.

Agents of Avalution Consulting

Any party acting as an agent of Avalution Consulting will be required to adhere to the same principles and policies set forth in this document.

Privacy Program Activities

Analysis of Information Needs

The Privacy Program will identify what client information and personal information must be protected in alignment with this Privacy Policy and any applicable legal obligations.

Privacy Risk Identification and Assessment

Avalution will implement and maintain procedures to identify and assess risks to client information security and integrity. Avalution will identify and monitor the locations where client information is stored. The risk identification and assessment will include the identification of sources of risk, impact of the risk and potential mitigation strategies. The risk identification and assessment will be conducted on all new projects with the potential to impact privacy risks.

There are several reasonable and foreseeable internal and external risks to the security and integrity of personal information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of the security and confidentiality of personal and confidential client information. These risks may include, but are not limited to:

  • Unauthorized access of personal information by individuals not approved for access
  • Compromised system security
  • Interception of data during transmission
  • Loss of data integrity
  • Physical loss of data
  • Poor audit trails
  • Unauthorized access of personal information by employees
  • Unauthorized transfer of personal information to third parties or employees not approved for access
  • Unauthorized transfer of personal information by third parties

The management and control of privacy risks shall be accomplished by 1) the development of policies, procedures, and standards which address identified privacy risks; 2) the development of training opportunities and informational materials to assist in the implementation of these policies, procedures and standards; and 3) monitoring, auditing and otherwise evaluating business areas for compliance with privacy policies, procedures, and standards.

Implementation of Client Information Security and Integrity Procedures and Controls

Avalution will implement and maintain digital and physical security procedures and safeguards to restrict access to client information to only those people that need access to perform their duties. Please be aware that despite Avalution's best efforts, no security measures are perfect or impenetrable. Any employee, consultant, contractor, or vendor that becomes aware of any breach of information security and integrity will immediately notify the Avalution Managing Consultant or Director for the project. The Avalution Managing Consultant or Director will then take action to mitigate the potential for further breaches and take the necessary steps to notify the client and resolve the situation.

Review of Client Information Security and Integrity Procedures and Controls

From time to time, Avalution will review security procedures to consider appropriate new technology and methods. These periodic reviews will include an assessment of the applicable risks to client information security and integrity including the identification of the sources and impacts of identified risks. Any unacceptable risks will be documented and corrective actions will be identified and implemented within a reasonable amount of time. In addition, the review of privacy procedures implemented by third parties working on behalf of Avalution will be conducted on a regular basis to ensure compliance to Avalution's privacy policy.

Training and Awareness

Avalution employees and consultants, contractors and vendors working on behalf of Avalution will be made aware of and trained in the procedures used to protect client information security and integrity. Changes to this privacy policy and procedures to protect client information are documented and made available to the relevant parties.