This policy protects ACTV8,Inc personal data by:
This policy applies to all personal data stored on systems and media that are owned, leased, or otherwise provided by ACTV8, Inc, regardless of location.
Personal information we may need (and why we need it):
We may collect and process these examples of personal information (at times we may also need to collect other personal information that isn't listed here):
We may use/process this information to:
ACTV8, Inc has appropriate technical and organizational measures in place to protect your information. We will handle and protect your information in line with these data protection principles:
In order to protect personal and sensitive data, ACTV8, Inc keeps an accurate inventory of all personal or sensitive data that is collected, processed or stored and transferred by ACTV8, Inc.
Systems that handle sensitive data are classified at the sensitivity level of the data they handle. Systems handling sensitive data not being used regularly, or being kept up-to-date will be powered down or virtualized. When these systems are no longer needed or the data on them has exceeded the need for retention, those systems will be forensically wiped and then will be disposed of in a responsible manner, according to local laws and regulations.
Often shortened to DLP; Data Loss Prevention is a strategy, program, or set of procedures which are designed to detect, prevent and log unauthorized use, duplication or transmission of sensitive or personal information. DLP is required to avoid data loss or data leak of confidential information being copied or transmitted outside the boundaries of ACTV8, Inc by an internal or external entity.
DLP begins with knowing what sensitive or personal information you have to protect. This fact makes the task of inventorying all sensitive or personal information that much more critical as DLP relies on an accurate and complete inventory.
Data Loss Prevention strategy in place at ACTV8, Inc is as follows:
Any third parties that come in contact with or handle sensitive information on behalf of ACTV8, Inc have agreed to take the same level of care as the terms of this policy, as stated in a signed Data Protection Agreement.
These third parties that have Data Protection Agreements with ACTV8, Inc are assessed periodically for compliance to the terms of the agreement.
Should a third party be found non-compliant to any of the terms of a Data Protection Agreement, corrective actions must be performed promptly to resolve the non-compliance. Continued unresolved non-compliance will have consequences, up to and including termination of the business relationship.
Mobile devices issued or used to process and handle data relevant to ACTV8, Inc will be equipped with mechanisms in place such as a Mobile Device Management (MDM) program or equivalent which offers encryption and controlled access to sensitive data.
Mobile Devices not equipped with mechanisms such as MDM approved for use at ACTV8, Inc, are not authorized to handle sensitive data or personally identifiable information relevant to ACTV8, Inc.
When an employee’s mobile device is lost or stolen which contains sensitive data relevant to ACTV8, Inc, the mobile device will be “bricked”until the device is either found or recovered by the proper authorities.
Data subjects are entitled to ask for a copy of the personal information that we hold about them and to have any inaccuracies in their personal information corrected. When a data subject submits a SAR, they are entitled to:
The process for submitting a Subject Access Request is as follows: