Privacy
Privacy Statement
Effective January 1, 2023
This Privacy Statement applies to Notified and its affiliates (“Notified” “we” “us” “our”) unless the affiliate has a separately posted privacy statement. Notified values the privacy of our customers, users, and any individual who accesses or uses the Notified websites, products, and services (collectively, the “Services”). Your privacy is an important factor Notified considers in the development of each of our products and services. This Privacy Statement explains generally how we receive Personal Information about you, and what we do with that Personal Information once we have it.
As Notified is a global provider, the provision of the Services to users may require Personal Information to be shared with other Notified companies around the world. All Notified companies are bound by privacy statements, confidentiality and data transfer agreements as appropriate.
- What do we mean by “Personal Information”?
- What type of Personal Information is collected?
- How do we receive Personal Information about you?
- What do we do with your Personal Information once we have it?
- How long will we retain Personal Information?
- When do we share your Personal Information with others?
- How do we protect your Personal Information?
- How can you protect your Personal Information?
- How do you handle Information subject to the California Consumer Privacy Act?
- What about cookies and other tracking technology?
- How do you handle my “Do Not Track” browser settings?
- Does Notified use any other tracking technology?
- How does Notified ensure compliance with legal obligations?
- How do you handle my Personal Information as part of the Media Database – GlobeNewswire and Notified products and services?
- Data Analytics
- China Users
- What choices do you have regarding your Personal Information?
- What if we change this Privacy Statement?
- How to Contact Us?
What do we mean by “Personal Information”?
For us, “Personal Information” means information or data that relates to an identified or identifiable individual. “Sensitive Personal Information” is a subset of Personal Information and is data about children, financial information, health information (including PHI as defined by the Health Insurance Portability and Accountability Act), Social Security or other national identification number, racial or ethnic origin, political opinions, religious beliefs, trade union membership, sex life, criminal convictions, and precise geolocation data.
What type of Personal Information is collected?
We may collect data, including Personal Information, about you as you use our websites, services and interact with us. This information may include name, address, email address, IP address, phone number, usage information, login information (user name, password), marketing preferences, or payment card number. If we link other data with your Personal Information, we will treat that linked data as Personal Information. We also collect Personal Information from trusted third-party sources and engage third parties to collect Personal Information to assist us.
Please understand, in addition to collecting Personal Information, Notified may also gather information that does not personally identify you regarding your use of the Notified website (“Anonymous Information”). We may use the Anonymous Information we collect regarding your use of this website to measure the effectiveness of our marketing efforts, for improving the Services we offer to you, or to improve the Notified website. Generally, you will not be aware when we collect such Anonymous Information. It may be collected in various ways, such as through traffic data or direct surveys of our customers and may entail the use of, among other things, cookies, IP addresses, or other numeric codes used to identify the computer or other device used to access the Notified website.
How do we receive Personal Information about you?
We learn Personal Information about you when:
- you give it to us directly (e.g., when you choose to contact us, or register on the Notified website);
- we collect it automatically through our products and services (e.g., your use of Notified services);
- someone else tells us Personal Information about you (e.g., our client provides us your Personal Information in order for us to perform services for them); or
- when we try to understand more about you based on Personal Information you’ve given to us (e.g., when we use your IP address to customize language for some of our services).
By providing your Personal Information, you opt-in and consent to its collection, use, disclosure, sharing, and transfer as described in this Privacy Statement.
What do we do with your Personal Information once we have it?
Notified does NOT sell your personal information.
When you give us Personal Information, we will use it in the ways for which you’ve given us permission, or ways in which our clients who provided us the Personal Information instruct. Generally, we use your Personal Information to help us provide and improve our products and services for you and our clients with which you have a business relationship. We may also use the Personal Information you provide to contact you regarding additional or new services and features offered by Notified, or important information regarding Notified.
We may use the Personal Information to enforce our agreements with you, prevent fraud and other prohibited or illegal activities, for other legally permissible purposes and generally to ensure that we comply with applicable laws and prevent or detect use or abuse of our services.
Important Notice Regarding Webcasting and Event Services
Notified processes Personal Information as part of delivering the above noted services on behalf of its customers. The customer is the data controller of the information. For these services, Notified only collects Personal Information necessary to fulfill our contractual obligations with the customer. We may collect contact data such as name, e-mail address and company details you provide us during the registration process and during your use of the services. We may also collect product usage data, such as the date on which you viewed a webcast, the duration of your viewing and the part of the webcast you viewed.
Notified may also use your Personal Information to create anonymous data records or aggregations of data, to perform statistical analyses and for other purposes, by omitting or removing information that makes the data personally identifiable to you.
If you have provided Personal Information to our customer, their respective privacy statement will also apply to the processing of your data. You should familiarize yourself with their statement.
How long will we retain Personal Information?
We will retain your Personal Information only as long as needed to fulfill the purposes for which it was collected or as required by law. Your information will be deleted, anonymized or pseudonymized once it is no longer needed to comply with our business requirements, legal obligations, resolve disputes, protect our assets, or enforce our agreements.
When do we share your Personal Information with others?
We will/may share your Personal Information with others:
- When we have asked and received your permission to share it.
- When we’re required to provide it to our client from whom we received your Personal Information, or with whom you have a business relationship.
- For processing or providing products and services to you, but only if those entities receiving your Personal Information are contractually obligated to handle the data in ways approved by Notified. We may use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development).
- To provide aggregate Personal Information to our business partners to make our products and services better, but when we do so, we will de-identify your Personal Information and try to disclose it in a way that minimizes the risk of you being re-identified.
- To provide your Personal Information to business partners in case you purchase services of third parties from Notified (“Third Party Services”). Third Party Services are not directly controlled operated or maintained by Notified and Notified’s Privacy Statement does not apply to such Third Party Services. For any Third Party Services you purchase from Notified, we recommend you consult the respective privacy statements of the Third Party Services providers to determine how they will handle your Personal Information.
- To follow the law whenever we receive requests about you from a government entity, or related to a lawsuit. We’ll notify you or our client from whom we received your Personal Information when we’re asked to hand over your Personal Information in this way unless we’re legally prohibited from doing so. When we receive requests like this, we’ll only release your Personal Information if we have a good faith belief the law requires us to do so. Nothing in this Statement is intended to limit any legal defenses or objections you may have to a third party’s request to disclose your Personal Information.
- If we have a good faith belief it is reasonably necessary to protect the rights, property or safety of you, our other users, Notified or the public.
- If our organizational structure or status changes (e.g., if we undergo a restructuring, are acquired, or go bankrupt), we may pass your Personal Information to a successor or affiliate.
How do we protect your Personal Information?
We are committed to protecting your Personal Information once we have it. We implement industry standard physical, administrative and technical security measures. If, despite these efforts, we learn of a security breach involving your Personal Information, when required by law or contractual obligations, we’ll notify you or our client so appropriate protective steps can be taken. Notified is not responsible for unauthorized access to such Personal Information by hackers or others that obtain access through illegal measures in the absence of negligence on the part of Notified.
You may have access to other sites through the Notified websites. These sites may have different security practices and you should familiarize yourself with those practices.
How can you protect your Personal Information?
Electronic communication (e.g., email, online chat or instant messaging, etc.) you send to us may not be secure unless we advise you in advance security measures will be in place prior to you transmitting the information. For this reason, we ask you do not send Personal Information such as financial information, health information, social security numbers or passwords to us through unsecured electronic communication. Users should also take care with how they handle and disclose their Personal Information. Please refer to the Federal Trade Commission’s Web site at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft.
The Notified website may contain hyperlinks that can take you to websites run by third parties (“Third-Party Websites”). Any hypertext or other links to Third-Party Websites from the Notified website are provided solely as a convenience to you. If you use these links, you will leave the Notified website. Notified has not reviewed all of these Third-Party Websites and does not control and is not responsible for any of these websites or their content or practices. Thus, Notified does not endorse or make any representations about them, or any information, software, or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the Third-Party Websites linked to the Notified website, you do this entirely at your own risk. Remember, this Privacy Statement only applies to Notified. When you are no longer on a Notified website, you may encounter different privacy and security practices and you should familiarize yourself with those practices each time you visit a new website.
Please be aware any information you choose to share on any publicly available portion of the Services or with third parties, including without limitation your personal page, chat messages, forum posts, blogs, resumes, job applications, business cards, or any other information you provide may be collected and used by third parties or other attendees without restriction.
How do you handle information subject to the California Consumer Privacy Act?
Notified complies with all applicable privacy laws including the California Consumer Privacy Act (CCPA). We may collect data, including Personal Information, about you as you use our websites, services and interact with us. This information may include name, address, email address, IP address, phone number, login information (user name, password), marketing preferences, or payment card number. If we link other data with your Personal Information, we will treat that linked data as Personal Information. We also collect Personal Information from trusted third-party sources and engage third parties to collect Personal Information to assist us. This information will only be used to provide services or information which you have requested. Notified does not sell your Personal Information.
We will retain your Personal Information only as long as needed to fulfill the purposes for which it was collected or as required by law. Your information will be deleted, anonymized or pseudonymized once it is no longer needed to comply with our business requirements, legal obligations, resolve disputes, protect our assets, or enforce our agreements.
Please see Cookies section below to understand how we use cookies.
Notified will not discriminate in any way against you for exercising any of your rights under the CCPA or any other applicable privacy law. This includes, but is not limited to denying goods or services, change in pricing, or lower quality goods or services. Please see “What choices do you have regarding your personal information?” and “How to Contact Us” sections below for how to exercise your rights under the CCPA and other applicable privacy laws.
What about cookies and other tracking technology?
A cookie is a small file, typically of letters and numbers, downloaded onto a device when the user accesses certain websites. Cookies can make the web more useful by storing information about your preferences for a particular website or a service. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer.
Cookies are typically classified as either session Cookies or persistent Cookies depending on whether they expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer.
- Session Cookies – allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes such as remembering what a user has put in their shopping basket as they browse around a site. They could also be used for security when a user is accessing internet banking or to facilitate use of webmail. These session Cookies expire after a browser session, so would not be stored longer term. For this reason, session Cookies may sometimes be considered less privacy intrusive than persistent Cookies.
- Persistent Cookies – are stored on a user’s device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered. Persistent Cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.
Notified uses cookies or other similar tracking technologies to provide you with better Services.
Most browsers are initially set to accept Cookies. You may configure your browser to accept all Cookies, reject all Cookies, or notify you when a Cookie is set. You can manage your own Cookies preferences by using your browser settings: each browser is different, so check the “Help” menu of your browser to learn how to change your Cookie preferences or delete them. If you prefer, you can set your browser to refuse Cookies. You block Cookies by activating the setting on your browser which allows you to refuse the setting of all or some Cookies.
Please note you may browse some Notified websites without accepting Cookies from Notified; however, you may not be able to take full advantage of the functionality of the website or the Services if you do so. Other Services, particularly those which require a login and password, require Cookies and cannot be used when you have disabled Cookies in your browser. For more general information, you can visit www.allaboutcookies.org.
How do you handle my “Do Not Track” browser settings?
Notified does not track the non-Notified website activity of any internet user with Do Not Track browser settings engaged.
Does Notified use any other tracking technology?
Notified employs a software technology called transparent images to help us better manage content on our site by informing us what content is effective. We use extremely small, transparent images with a unique identifier, similar in function to cookies, used to track the online movements of Web users. The main difference between the two is transparent images are invisible on the page and are very small, about the size of the period at the end of this sentence. In some instances, transparent images are tied to users’ personally identifiable information. In particular, we use transparent images in our HTML-based e-mails to let us know which e-mails have been opened by the recipients. This allows us to gauge the effectiveness of certain communications. Users may opt out of these e-mails by replying to the unsubscribe link at the end of the e-mail message.
How does Notified ensure compliance with legal obligations?
In connection with the Services, and if applicable, you and Notified shall at all times ensure compliance with any privacy and data protection laws including those in the United States (including but not limited to the Gramm-Leach-Bliley Financial Services Modernization Act, the Health Insurance Portability and Accountability Act, California Consumer Privacy Act and the Fair Credit Reporting Act), in the United Kingdom (including but not limited to the Data Protection Act), in the European Union (including but not limited to relevant EU member state legislation and the General Data Protection Regulation), in the Asia-Pacific Economic Cooperation (including but not limited to Australia’s Privacy Act along with the Australian Privacy Principles, Singapore’s Personal Data Protection Act and Japan’s Act on the Protection of Personal Information) and anywhere around the world.
We’re a global organization and our information systems are in several countries around the world. We also use service providers whose information systems may also be in various countries. This means your Personal Information might end up in one of those information systems in another country, and that country may have a different level of data protection regulation than yours. The whole or any part of your Personal Information in connection to the Services may be processed by Notified, its affiliates and subcontractors in the United States, United Kingdom, the European Union, Philippines, India, Canada, Mexico and the rest of the world, and may be transferred outside the country in which you provided the Personal Information. By giving us Personal Information, Notified may conduct such transfers of your Personal Information. No matter what country your Personal Information is in, we comply with applicable law and will also abide by the commitments we make in this Privacy Statement.
How do you handle my Personal Information as part of Notified’s and/or GlobeNewswire’s Media Contacts Database products and services?
Certain of our Notified and GlobeNewswire services provide detailed profiles for media contacts and news outlets to public relations, media and marketing professionals, such as yourself. If you are receiving these types of emails from Notified and/or GlobeNewswire, it is because your professional contact information is publicly available and we believe there is a legitimate interest and/or implied consent for you to be part of our media contacts database, which includes data in the public relations industry compiled by our in-house research team. If you do not wish to be part of our media contacts database, you may unsubscribe at any time by clicking unsubscribe at the bottom of an email you have received from us. We may use your Personal Information for purposes related to data analytics with our third party partners. By fully unsubscribing your Personal Information will not be used this way.
We provide business to business communication technology services and may use your Personal Information in order to enhance and deliver data analytics, which include transforming, examining, cleansing and modelling data in order to support decision making, determining useful information and informing conclusions. Specifically, data analytics are intended to include the following data sharing and recommendations across our various lines of business:
- Expand contact information;
- Aggregation of data to identify trends and benchmarks;
- Connect attendees and enhance profiles;
- Provide people and content recommendations;
- Drive recruitment to virtual and hybrid events;
- Help to understand usage, adoption and engagement;
- Increase and demonstrate return on investment of customer investments;
- Assess the physical component of hybrid events; and
- Give insight to customer analytics to develop new customers and expand existing customer relationships.
We make no representations or warranties on the accuracy and serviceability of your data in connection with data analytics. Data created or existing from data analytics is intended for your use only. Data may not be resold, reused or shared with third parties without prior written consent by Notified. For the avoidance of doubt, by signing up to use our Services, you have freely and voluntarily given informed, explicit and unambiguous permission for Notified to process your Personal Information, including your users’ Personal Information, for data analytics. You also acknowledge that providing this permission is not a condition of receiving Notified’s Services. You further understand that you have the right to withdraw this permission at any time by providing written notice to Notified.
If you use our services in the People’s Republic of China, your personal data is collected, processed and/or stored by Notified, its affiliates and their third party suppliers in the People’s Republic of China, the United States of America and other locations in the rest of the world. By using the services in the People’s Republic of China, you hereby consent that (a) your personal data may be transferred outside of the People’s Republic of China to the locations noted herein and (b) Notified and its affiliates and their third party suppliers may collect, process and or/store your personal data in order to provision the services. To receive a list of Notified’s third party suppliers that collect, process and or/store your personal data, please send us a request at legal@notified.com.
What choices do you have regarding your Personal Information?
We are aware you have several rights in respect to how we process your Personal Information, which include but are not limited to, a right to access your Personal Information, be forgotten, restrict and/or object to processing in some circumstances and request your Personal Information be transferred to you or your nominated third party.
You may choose not to have your information disclosed to a third party (unless Notified is legally required to share it). You may also choose to not have your information used for a purpose materially different than the purpose for which it was originally collected or subsequently authorized by you.
We will take reasonable steps to give you the opportunity to correct inaccuracies in the Personal Information we retain concerning you and delete Personal Information concerning you upon your request, unless the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated. We may deny a request to delete your data if we have legal obligations to retain it. Any such data will be subject to our standard retention guidelines.
You are entitled to know whether we hold personal data about you and, if we do, to have access to that personal data and require it to be corrected if it is inaccurate. In some circumstances, you may have the right to oppose the use or disclosure of your data or have your data deleted. You can do this by contacting us as directed in the “Contact Us” section below.
To correct inaccuracies in your Personal Information, limit purpose of use and disclosure, delete your Personal Information, or for any other requests or questions, please contact us as directed in the “Contact Us” section below. Once we have verified your identity, we will complete the request from you or an authorized agent you have designated. We will make all efforts to verify your identity using information we already have but may need to request additional data if we are unable to make the verification on this data alone. If you designate an agent to make requests for you, we reserve the right to ask for proof of the agency.
Notified will not discriminate against any individual for exercising their privacy rights outlined above. This includes, but is not limited to; denying goods or services, change in pricing or lower quality goods or services.
What if we change this Privacy Statement?
We may need to change this Statement and our notices. Unless otherwise required, the updates will be posted online. If the changes are substantive, unless otherwise required, we will announce the update through Notified’s websites. Unless further steps are necessary related to the changes, your continued use of the product or service after the effective date of such changes constitutes your acceptance of such changes. To make your review more convenient, we will post an effective date at the top of the page.
If you require further information about privacy compliance at Notified, if you require details about our Data Protection Officer or if you want to make a correction to your Personal Information, please email us at legal@notified.com or mail us at:
Notified
Legal Department
PO Box 541178
Omaha, NE 68154
United States
EUROPEAN UNION – GDPR
Notified
Legal Department
4 Rue Charras
Paris 75009
France
Data Privacy and GDPR Reference Guides
Notified has prepared the following reference guide on data privacy:
For more information regarding Notified’s data privacy policy, please email legal@notified.com.
Subject Access Requests
Notified has prepared a Subject Access Request form in order for our users and/or subscribers to make any personal data related requests. Please complete the form and send it to legal@notified.com. A representative of Notified will promptly respond to your request.
EU Standard Contractual Clauses
Corresponding with the European Commission’s June 4, 2021 adoption of new Standard Contractual Clauses (“SCCs”), Notified has prepared an addendum to incorporate the new SCCs into your existing Data Processing Agreement or Service Agreement. If you are a Notified customer, please download the applicable addendum through the link below, complete the relevant sections on pages 1 and 12 and return a signed copy to Notified at legal@notified.com.
Data Processing Agreement
Notified has prepared a Data Processing Agreement in connection with our services. If you are a Notified customer, please download the agreement through the link below, complete the relevant sections and return a signed copy to Notified at legal@notified.com.
Security Overview
Notified is committed to protecting its customers, partners, and employees from unauthorized access to, alteration, disclosure, or destruction of data and information systems whether intentional or unintentional. Notified believes that effective security requires leadership from the top and a team effort involving the participation and support of every Notified user who interacts with data and information systems.
Notified follows a comprehensive framework for:
-
Protecting the confidentiality, integrity, and availability of Notified data and information systems.
-
Protecting Notified, its employees, and its clients from illicit use of Notified information systems and data.
-
Ensuring the effectiveness of security controls over data and information systems that support Notified’s operations.
-
Recognizing the highly networked nature of the current computing environment and provide effective company-wide management and oversight of those related Information Security risks.
-
Providing for development, review, and maintenance of minimum security controls required to protect Notified’s data and information systems.
-
Educating employees, contractors, and consultants with the required ways to protect the information resources of Notified;
-
Clarifying employee, contractor, and consultant responsibilities and duties with respect to the protection of information resources; and
-
Coordinating the efforts of different groups within Notified so information resources are properly and consistently protected, regardless of their location, form, or supporting technologies.
The lynchpin for Notified’s information security protocols is our Enterprise Information Security Policy Manual and our SOC 2 assessment. Subject to confidentiality requirements, Customers may request a copy of Notified’s Enterprise Information Security Policy Manual and SOC 2 Assessment by contacting your Notified Account Manager or Sales Representative.
Enterprise Information Security Policy Manual
-
Access Control
-
Asset Management
-
Business Continuity
-
Cryptography
-
Data Security and Privacy
-
Disaster Recovery
-
Human Resources
-
Information Classification
-
Operations Security
-
Physical and Environmental Security
-
Risk Management
-
Incident Management
-
Vendor Management
-
Vulnerability Management
SOC 2 and Penetration Testing
-
Annual SOC Type 2 Assessment
-
Annual Pen Testing
-
Internal Testing and Auditing
Network Security and Server Hardening
We ensure robust network and application security through firewalls that enforce access control policies, deep packet inspection, and real-time tracking of network communications. Our measures protect against unauthorized access both from external sources and within our organization.
-
Intrusion Detection Security is deployed to identify and counteract malicious activities attempting to penetrate the firewalls.
-
Email security appliances prevent advanced threats, block spam and viruses, and employ standard email authentication technology for reliable delivery.
-
Automated scanning detects vulnerabilities from both internal and external sources, including our web application security testing that automates vulnerability assessments (OWASP) and malware scanning to prevent unwanted online activities.
-
The development release process includes code scanning and addresses any issues before promotion to production.
-
Annual penetration test conducted by Infosec using an independent third-party testing service.
Endpoint Security
All Notified issued workstations are configured by Notified to comply with all our security standards. These standards encompass workstation configuration, regular updates, tracking, and monitoring through our endpoint management solutions.
Our default workstation settings include:
-
Encrypted data storage
-
Strong password enforcement according to Notified's policy
-
Automatic locking during periods of inactivity
All Notified workstations are equipped with up-to-date monitoring software that actively detects and reports potential malware or unauthorized software. Client data is strictly prohibited from being stored on any laptop, desktop, mobile device, or unauthorized repositories.
Encryption
Notified encrypts all stored data in our production systems using industry standards, including disks, volumes, and database backups. Encryption keys are kept secure on a restricted-access server. We have a robust set of safeguards in place to protect the creation, storage, retrieval, and destruction of sensitive information. Additionally, Notified utilizes strong encryption protocols to secure all data in transit including transmissions between Notified and our customers.
Access Control
Provisioning: Notified follows a principle of least privilege and role-based permissions when granting access. Employee access is tailored to their job responsibilities, ensuring they can only access data necessary for their roles. Notified maintains a central record of all rights granted and all access is reviewed regularly.
Authentication: To ensure the mitigation of unauthorized access, Notified employs multi-factor authentication for all system access, including our production environment. Additionally, private keys are used where appropriate, combined with multi-factor authentication.
Password Management: Notified maintains a strict password policy. The password policy is designed to create unique, complex passwords that deter reuse, mitigate phishing risks, and address other password-related vulnerabilities.
System Monitoring, Logging, and Alerting: Notified actively monitors the security status of our corporate and production environments recording user activities, exceptions, faults, and information security events. All servers, workstations, and Notified devices are under constant observation by our comprehensive suite of security monitoring platforms which alert our 24x7x365 security operations center of any potential malicious activity. Administrative access and activities on production servers are logged, monitored, and retained. In addition to automatic notifications, we review logs and security events for all system components to identify anomalies or suspicious activity daily.
Responding to Security Incidents
Notified’s Security Incident Management Policy governs security incidents within Notified and provides an organized and consistent approach for security incident response, investigation, and communications. The policy's main objectives include immediately reporting potential security incidents to our Information Security Operations team, assessment of and decisions on the event, timely and accurate communication to stakeholders about each event, and minimizing the adverse impact of incidents on business operations and service quality. A multi-layered team structure with defined roles and escalation protocols is used to handle incidents.
Business Continuity and Disaster Recovery
Business impact analysis is used to assess the potential criticality and impact of a crisis or disaster on Notified’s business products and processes. The result of the business impact analysis supports Notified in the development of recovery strategies and business continuity planning. Notified's policies for Business Continuity Management and Disaster Recovery are crafted to provide effective response strategies that enhance the organization's resilience and ensure consistent service to clients. These policies offer overall guidance for creating customized response plans at the business level. Each business is responsible for developing, maintaining, and testing its specific business continuity plan annually.
Data Retention and Disposal
Maintaining records and managing data storage is a crucial aspect of our operations at Notified. We handle information related to general operations, clients, and financials as part of our day-to-day functions.
To ensure adherence to legal requirements across jurisdictions, Notified has established a comprehensive standard for data retention. This standard aligns with various laws and regulations, including the EU General Data Protection Regulation (GDPR), U.S. state privacy laws like the California Consumer Privacy Act (CCPA), international privacy legislation, and the Federal Trade Commission’s guidelines on consumer privacy protection. This standard applies universally to all Notified computer systems, employees, and facilities.
As part of our commitment to data security, we implement thorough measures for data disposal. Both digital and non-digital information system assets undergo sanitization processes. Before disposal, we perform a DoD/3 pass wipe on digital assets, and magnetic media is degaussed to ensure complete data erasure.
Vendor Management
Vendor Management at Notified is a shared function with Notified’s Sourcing (Procurement) team, Legal department, Product team, and Information Security Department. These groups work together to conduct thorough due diligence for vendors during initial selection and throughout the vendor relationship.
-
The Sourcing team oversees the policy and process for procuring goods and services for Notified.
-
The Legal department handles legal reviews of contracts for Notified companies.
-
The Information Security department assesses vendors processing Notified data or accessing its systems, working with the Legal department office to establish and negotiate appropriate contractual safeguards related to information security.
Our Commitment to You
Safeguarding your data is our mission at Notified. Security is ingrained in our business, reinforcing the trust between Notified and our clients.
For any inquiries or concerns, please contact your dedicated account representative or our support team. We are here to assist you at every step.
SOC 2 Compliant
Notified commitment to security is further exemplified by our third party assessment of our security controls and SOC 2 compliance. The SOC 2 - Type II audit provides clients with the assurance that we have established continuous security monitoring and best practices throughout our operations. These comprehensive measures ensure that our clients can trust the security of their investment communications.
What is SOC 2?
SOC (Service Organization Controls) report is an audit by a third party of the internal data protection controls implemented by service organizations. SOC 2 - Type II reports are the most comprehensive compliance standards in this category. By achieving SOC 2 - Type II compliance, NOTIFIED demonstrates its proactive approach and investment in keeping clients' data secure. This assessment is particularly critical for service providers working with cloud and IT services, as it assures regulators, examiners, and auditors that stringent security measures are in place.
