Created: Thu, 03 Feb 2022 14:26:19 -0500
Last Modified: Fri, 10 Jun 2022 12:41:56 -0400
Introduction and Scope
This policy must be read, understood, and signed off on by all employees and contractors who have access to personal information or privileged access to systems that contain or process personal information.
This policy covers the handling of personal information collected by Logik.io or its customers, including data that is stored, processed, or otherwise shared with Logik.io INC,. its systems, employees, and contractors. It covers the collection, processing, storing, and deletion of personal information. Human resource data is also governed by this policy as it too must be protected in similar fashion as personal data of users and customers and all other personal information that may be collected, processed, or stored by Logik.io.
Data Controller and Data Processor
Logik.io's business customers are the data controllers for most of the information that is entered into the Logik.io web application, website, and supporting systems or that is shared periodically with Logik.io employees in order to deliver services. This positions Logik.io as the data processor for most information stored and processed by Logik.io. There are some pieces of information that are collected directly by Logik.io to facilitate security, logging, and application performance. These items include information such as IP address and behavior within the Logik.io platform. For these pieces of information, Logik.io acts as the data controller and processor. Additionally, Logik.io employs a variety of technologies and partners that periodically act as sub-processors. If users have any questions or concerns about the processing and handling of their personal information, they may communicate directly with the Privacy Officer.
Privacy Notice and Transparency
It is important ethically and legally to provide reasonable transparency to data subjects in respect to the processing and handling of their personal data. Logik.io maintains an up-to-date privacy notice that is made available to all customers and users of the Logik.io platform and services. It is imperative that employees and contractors read
this privacy notice. In the event that errors or concerns are discovered, findings must be shared with the Privacy Officer.
Privacy by Design
The concept of privacy by design must be applied to every new product, project, or service as well as in the event that a change of substance to a current product, project, or service occurs. Privacy by design involves considering privacy at every stage of the project: planning, design, development, testing, launch, maintenance, and end of life.
In applying privacy by design, the following elements must be considered:
• Types of Data Collected
• The Purposes of Processing
• Legal Basis of Processing
• Data Residency and Cross-Border Transfer
• Retention Time
• Data Subject Rights
A privacy impact assessment and a threat risk assessment must be conducted as part of the planning and design phases of the project and must be updated before launch to factor in changes in scope that occur throughout the product development. Additionally, these assessments must be reviewed at least annually or in the event of a major change in scope, business use case, architecture, or legal landscape.
Legal Basis of Processing
Below are the legal bases for Logik.io to collect personal information:
• Users have given their consent for one or more specific purposes.
• Provision of data is necessary for the performance of an agreement with the user.
• Processing is necessary for compliance with a legal obligation.
• Processing is necessary for the legitimate interests pursued by the controller or by a third party.
Personal data is to be processed and stored for as long as required to fulfill the purpose for which it is collected.
• Personal data collected for the performance of a contract between Logik.io and a business customer is retained until such contract has been entirely performed or the business customer asks for the data to be deleted.
• Personal data collected for Logik.io's legitimate interests shall be retained as long as needed to fulfill such purposes.
Logik.io may be allowed to retain personal information for a more extended period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Logik.io may be obliged to retain personal data for a more extended period whenever required to perform a legal obligation or upon order of an authority. Once the retention period expires, the user's personal data will be securely deleted.
Processing Requests and Inquiries from Data Owners
• Withdraw their consent at any time. Users have the right to withdraw consent after they have previously given their consent to the processing of their personal data.
• Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.
• Access their data. Users have the right to learn if Logik.io is processing their data, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing.
• Verify and seek rectification. Users have the right to verify their data accuracy and ask for it to be updated or corrected.
• Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, Logik.io will not process their data for any purpose other than storing it.
• Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from Logik.io.
• Receive their data and haveit transferred to another controller. Users have the right to receive their data in a structured, commonly used, machine-readable format, and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user's consent, on a contract that the user is part of, or on precontractual obligations.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Process for Data Subject to Exercise These Rights
Any requests to exercise data subject rights can be directed to Logik.io through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by Logik.io as early as possible and always within one month.
Definitions for terms can be found in the Intercom knowledge base glossary of terms. To access the Glossary, interact with the Intercom speech bubble from any page on the Securicy platform and search for `Glossary.'