Data Privacy Framework (DPF) Policy
Resilinc Corporation (“Resilinc”) has adopted this Data Privacy Framework Policy (“Policy”) to establish and maintain an adequate level of protection for the processing of Personal Data that Resilinc obtains from Customers located in the European Union, the United Kingdom (including Gibraltar) and Switzerland.
Resilinc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss – U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (“UK” including Gibraltar) and Switzerland to the United States in reliance on the Data Privacy Frameworks.
Resilinc has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information.
If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.
To learn more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/
All Resilinc employees, whether permanent, temporary, part-time or contract, who handle Personal Data from European Union (EU), the United Kingdom (UK), and Switzerland (Swiss) are required to comply with the principles stated in this Policy.
This Policy applies to the processing of Individual Customer Personal Data that Resilinc receives in the United States concerning Individual Customers who reside in the EU, the UK and Switzerland. Adherence by Resilinc to this policy may be limited to the extent required to meet legal, governmental, or national security obligations, including requirements to cooperate with law enforcement.
Resilinc has designated the CISO to oversee its compliance with the Data Privacy Framework Program and shall review and approve any material changes to this program as necessary and oversee the overall enforcement of the policies and practices under the DPF Program. Any questions, concerns, or comments regarding this Policy also may be directed to [email protected]
Resilinc has designated Compliance Manager for self-attestation audits and follow-ups on the DPF Program at Resilinc.
Resilinc has a designated person who shall interface with USA authorities for DPF registration and other matters.
CISO at Resilinc India shall oversee that all personal data processed/handled at Resilinc India follows the practices as defined in this policy.
Resilinc will renew its Data Privacy Framework certifications annually unless it subsequently determines that it no longer needs such certification.
Prior to the re-certification, Resilinc will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices.
Specifically, as part of the verification process, Resilinc will undertake the following:
- Review this DPF policy and its publicly posted website to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual Customers of Resilinc’s participation in the Data Privacy Framework Program
- Ensure that this Policy continues to comply with the DPF principles.
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (Resilinc may do so through its publicly posted website, Individual Customer contract, or other means)
- Review its processes and procedures for training Employees about Resilinc’s participation in the Data Privacy Framework and the appropriate handling of Individual’s Personal Data
- Resilinc will prepare an internal self-assessment audit statement on an annual basis.
Resilinc collects Personal Data from Customer when they complete the surveys, register with Resilinc Website, communicate with us, or alternate contact provided by the user to collect relevant information.
As a general matter, Resilinc collects the following types of Personal Data from its Customer: contact information, including, name, email id, phone number, office address, designation in the organization, user id and password.
Also, while Customer visits the Resilinc website for any form fill event, Resilinc collects personal data such as name, title, company, phone, state, country (never street address).
Resilinc collects information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as browser type, browser version, and pages of Resilinc Site that they visit, the time and date of the visit, the time spent on those pages, cookies, and other statistics. In addition, we may use third-party services that assist in information gathering.
Resilinc uses Personal Data that it collects directly from its customers and for its suppliers indirectly in its role as a service provider for the following business purposes, without limitation:
- Establishing the business deal by contacting relevant customers.
- Maintaining and supporting its products, delivering, and providing the requested products/services.
- Storing and processing data, including Personal Data, in computer databases and servers located in the United States.
- For other business-related purposes permitted or required under applicable local law and regulation.
- Email is sent to suppliers to collect the information requested by Customer; Customers will receive emails on updates or events.
- Prospective customers will receive regular communication on proposals and update on the requirements.
Google Play and Apple IOS privacy policies –
Resilinc uses the below set of permissions for personal data in Android and IOS App for the users using the mobile app.
Accounts – Resilinc uses this permission to store user account details in the account manager. This information is stored securely on the device with OS-level data security.
Read Phone State – Resilinc uses this permission to uniquely identify user device and link their devices to their accounts.
Call – Resilinc use this permission for allowing users to make a call to partner and sites.
Resilinc may provide Personal Data to Third Parties that act as vendors, consultants, and contractors to perform tasks on behalf of and under our instructions like storage of data. For example, Resilinc may store such Personal Data in the facilities /cloud environment operated by Third Parties.
Resilinc India is used for data processing and data storage, these platforms are used for communication with the interested parties, secured FTP – for data transfer, and backup storage. The local Laptop is backed up in secured backups.
Such Third Parties (e.g. independent FTP service provider, cloud service provider(s), etc.) must agree to use such Personal Data only for the purposes for which they have been engaged by Resilinc and they must either comply with the Data Privacy Framework Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
Resilinc also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that Resilinc may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Resilinc is liable for appropriate onward transfers of personal data to third parties.
Personal Data is handled by Resilinc USA as well as Resilinc India. Resilinc India is a 100% owned subsidiary of Resilinc Corporation. Resilinc India is handling data processing. Customers of Resilinc are aware that information is collected by Resilinc USA and processed by Resilinc India. All Personal Data is stored on the cloud.
Resilinc does not collect Sensitive Data from its Customers. There is no Human Resource data (personal data of employees of EU including sensitive data) transferred from Resilinc Europe to Resilinc U.S.
Resilinc uses Personal Data only for business purpose as mentioned in the section “COLLECTION AND USE OF PERSONAL DATA” and not for any other reasons. Resilinc takes reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Resilinc will retain such information no longer than appropriate to fulfill the purpose.
Resilinc shall implement physical and logical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Resilinc has formal procedures for the protection of Personal Data. For example, Personal Data is stored on the cloud with proper access control. Resilinc applies access restrictions, limiting the scope of personnel who have access to Individual Customer Personal Data. Access to Resilinc’s electronic information systems like servers and databases requires user authentication via password or similar means. Adequate antivirus/anti-malware shall be installed on all systems processing personal information.
Team members working from home and accessing personal data from their official laptops shall access over secure means such as HTTPS enabled browser. All employees and vendors having access to personal data shall execute a signed nondisclosure/ confidentiality agreement (NDA). Appropriate disciplinary action shall be taken by Resilinc wherever any employee or staff violates the practices as mentioned in the policy and the privacy procedures.
Resilinc India office at Pune has formal Information Security Policies and Procedures based on ISO 27001 standard and has implemented adequate physical and technical safeguards to provide the level of security as required by the Data Privacy Framework Principles.
Where Resilinc collects personal information directly from individuals in the EU , UK and Swiss, it will inform them about the purposes for which it collects and uses personal information about them, the type of third parties to which Resilinc discloses that information, and the choices and means, if any, that Resilinc offers individuals for limiting the use and disclosure of personal information. Notice will be provided in clear language when individuals are first asked to provide personal information to Resilinc, or as soon as practical thereafter, and in any event before Resilinc uses the information for a purpose other than for which it was originally collected.
Resilinc notifies Individual Customers about its adherence to the Data Privacy Framework Program through its publicly posted website DPF policy, available at: https://www.resilinc.com/privacy-policy/
Customers of Resilinc are aware that information is collected by Resilinc USA and processed by Resilinc India.
Resilinc personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized. Individual Customers have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Resilinc collected it.
Individual Customers may review their Data stored in the databases and correct or erase any data that is incorrect, as permitted by applicable law and Resilinc policies.
Upon reasonable request and as required by the DPF Principles, Resilinc allows Individual Customers access to their Personal Data, in order to correct or amend such data where inaccurate.
Partner Portal Users can modify the information from the portal and or they can send the request to [email protected] and the request can be taken care of by Resilinc USA or the Resilinc India team. Existing Customer information will be communicated from customers to Resilinc through secured FTP and will be updated on Resilinc Solutions.
In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request the erasure of Personal Data, Individual Customers should submit a written request to [email protected]
Resilinc shall endeavor to respond in a timely manner to all reasonable written requests to view, modify, or delete Personal Data.
This Policy may be amended from time to time, consistent with the Data Privacy Framework Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
EU, UK (including Gibraltan) and Swiss Individual customers may contact Resilinc with questions or complaints concerning this Policy at the following address: [email protected]. Resilinc has defined the detailed complaint handling procedures for handling the complaints.
1 Purpose:
Resilinc relies on its Information Technology Resources (“Resources”), including its internal Internet connections and network (“Network”), and internal computer systems and programs (“Environment”) to support its business processes. To ensure that its Resources are used properly by its employees, independent contractors, agents, and other Users, Resilinc has implemented this Information Acceptable Use Policy (AUP).
2 Information Acceptable Use Policy:
This Policy applies to all Users of Resilinc’s Resources, wherever they may be located. It is each User’s duty to use Resilinc’s Resources responsibly, professionally, ethically, and lawfully
Each User is responsible for the security of the Information Technology Environment. A User should notify the Resilinc Management Representative / Resilinc IT team if he or she feels that security may have been compromised in any way. Users responsible for implementing new applications, services or hardware should coordinate activities with the Resilinc IT team to determine if the new application, service or hardware complies with the previously defined Resilinc security architecture
Any violation of this Policy may lead to disciplinary action (up to and including termination of employment) and/or appropriate legal action. The Resilinc Management Representative or Administrator of the application may deny or revoke access privileges if there is a reasonable belief that a violation has occurred. Access privileges may be restored only after consultation between the Management Representative and Resilinc Management and/or Resilinc Senior Management personnel
The policies stated in this AUP are intended as guidelines only for Resilinc Resource usage. The language should not be construed as creating a contract of employment, express or implied, between Resilinc and any Resilinc employee. Unless Resilinc employees have a written employment contract, either the employee or Resilinc may terminate the employment relationship at any time, for any reason, with or without cause. In addition, no provision of this AUP shall create an employer-employee relationship between Resilinc and any User who is not a Resilinc employee, such as an affiliated contractor, third party vendor, or other User of Resilinc Resources who is not a Resilinc employee
Resilinc reserves the right to add, delete, or revise any provision of the AUP at any time, or any Information Security Policy without prior notice to Users
Users shall adhere to Resilinc retention and destruction schedules for all electronic files, including e-mails, electronic documents and records, and other electronic files
3 No Expectation of Privacy:
No Expectation of Privacy: The Resilinc Resources and User accounts are issued to Users to assist them in the performance of their jobs and, therefore, remain the property of Resilinc. Users do not have an expectation of privacy in anything Users create, store, send, or receive on Resilinc Resources. Resources belong to Resilinc and are to be used solely for the purpose of Resilinc business, the User’s usual duties, and or other purposes authorized by management
Waiver of Privacy Rights: Users expressly waive any right of privacy in anything Users create, store, send, or receive on Resilinc Resources. Users consent to allowing authorized Resilinc IT Services personnel to access and review all materials Users create, store, send or receive on Resilinc Resources. Resilinc may, but is not obligated to, use human or automated means to monitor the use of its Resources
No Privacy in Communication: Users must never consider electronic communications to be either private or secure. E-mail could potentially be stored indefinitely on any number of Resilinc Resources as well as non-Resilinc resources. Copies of your message may be forwarded to others electronically or on paper. In addition, e-mail sent to non-existent or incorrect usernames may be delivered to the wrong person(s)
4 Prohibited Activity:
Unlawful Material: Material that constitutes harassment, discrimination, libel, pornography, a threat of violence, or is otherwise unlawful may not be sent by e-mail, electronic text messages, or any other form of electronic communication (such as bulletin board systems, newsgroups, chat groups) or displayed on or stored in any Resilinc Resource. Users encountering or receiving this kind of material should immediately report the incident to the Management Representative / IT team
Disclaimer of Liability for Internet Use: The Internet is a worldwide network of computers that contains millions of pages of information, some of which may contain offensive or inappropriate material. Resilinc has implemented Internet blocking software to restrict access to certain Internet sites that pose a risk to its Resources. In the event Users nonetheless encounter material on the Internet that poses a risk to Resilinc Resources, Users should immediately disconnect from the site and report the site to the Resilinc IT Help Desk. Resilinc is not responsible for material viewed by Users on the Internet. Users accessing the Internet do so at their own risk
Prohibited Uses: Resilinc Resources may not be used for dissemination or storage of commercial or personal advertisements, solicitations, promotions, destructive programs (viruses), political material, or any other use prohibited by this Policy
Waste of IT Resources: Users may not perform acts that waste Resilinc Resources or unfairly monopolize Resilinc Resources to the exclusion of other Users. These acts include, but are not limited to sending non-business-related mass distribution e-mails or chain letters; subscribing to non-business-related mailing lists; spending excessive amounts of time on the Internet or social networking sites; playing, streaming, or downloading non-business-related computer games, music or video; or otherwise creating unnecessary network traffic
Communication of Confidential Information: Unless expressly authorized by Resilinc Senior Management, sending, transmitting, or otherwise disseminating proprietary data, trade secrets, or other confidential information is strictly prohibited. Always keep in mind that e-mail and the Internet are public methods of communication. When you send information via e-mail or make it available on the Internet, there is always a possibility that the information will be viewed by unauthorized individuals. This type of information is a valuable asset of the company and each of us must make sure that it is protected from unauthorized disclosure
Altering Identity (Spoofing): Users may not alter the “From” line or other attribution-of-origin or time-stamp information in the e-mail, messages, or postings sent or received from Resilinc Resources. Anonymous or pseudonymous electronic communication is prohibited when using Resilinc Resources; Users must identify themselves honestly and accurately when sending e-mail
Personal Use: Any use of Resilinc Resources not approved by Resilinc IT Management is prohibited. Resilinc management is aware that personal communications between
Resilinc coworkers and external contacts does occur, as well as some limited personal use. Management expects Users to limit such communications and personal use to a minimum. Excessive or abusive volume of personal communications and activities of a personal nature that ties up resources or employees or violate any other provision of this agreement are expressly prohibited. Users are reminded that there are no expectations of privacy when using Resilinc Systems
Software and Copyright Violations: The distribution, retrieval, or reproduction of any material without the permission of the copyright holder is expressly prohibited. The import or installation of any software which has not been properly authorized and purchased by Resilinc IT management is expressly prohibited. No User may modify, revise, transform, adapt, disassemble, decompile, or otherwise alter any software licensed to Resilinc without prior written authorization from Resilinc
No Forward Policy: Some information that is transmitted via electronic communications is intended for specific individuals, and therefore, should not be shared with others. Users should exercise caution when forwarding communications to other Resilinc Users. Resilinc information that is confidential in nature may not be forwarded to external parties without the expressed permission of senior management. Resilinc e-mail users are prohibited from modifying the settings of their e-mail account or otherwise causing e-mail received by them to be automatically forwarded to a non-Resilinc e-mail address
5 Logins and Passwords:
Login Accounts: A unique login account consisting of a User ID and password (see 17.5, point 2, 3, 4) is required for each User of the IT Environment. Users are responsible for all transactions made using his or her User ID. No User may access Resilinc Resources using another User’s account. All Users are expected to logoff the workstation when they are away from their work area for extended periods of time. All Users are required to logoff at the end of each day before they leave. Users may not disguise their identity while using any Resilinc Resource
Responsibility for Passwords: Users are responsible for safeguarding their passwords for access to Resilinc Resources. Individual passwords should not be printed, stored online, shared or given to others. Users are prohibited from using or disclosing another User’s password
Password Maintenance: Passwords should contain a minimum of eight characters in length. Passwords must include uppercase, lowercase and numerical characters. The use of special characters (e.g. “@”,”!”,”&”,”%”) if supported, is strongly suggested
Passwords do not Imply Privacy: Use of passwords to gain access to Resilinc Resources does not imply that Users have an expectation of privacy in the material they create, store, send, or receive on Resilinc Resources. Resilinc has the right to access, inspect, read, and/or print without prior notice, all material stored on Resilinc Resources
Disclosure of Information: All information accessed by Users of Resilinc systems is to be kept confidential, and only discussed or shared with another User who has been properly authorized to view the information as part of his or her job responsibilities. Information is stored with the expectation that it will only be used or accessed by authorized persons
6 Security:
Physical Security: Users shall take all reasonable and prudent measures to physically secure all Resilinc Resources. Users shall not attempt to circumvent any system that secures Resilinc Resources or its components
Accessing Other Computers and Networks: A User’s ability to connect to other computers or networks does not imply a right to connect to those systems or to make use of those systems unless specifically authorized by the operators of those systems. Users should not access or view any Resilinc information without having the proper authorization to do so
Computer Security: Each User is responsible for ensuring that the use of external computers and networks, including the Internet generally, does not compromise the security of the Resilinc Environment. This duty includes preventing intruders from accessing the Resilinc Network without authorization and taking reasonable precautions to avoid the introduction and spread of viruses, malware, and other harmful software
Information Technology Security: Users shall not connect to the Resilinc Network by any means other than by those specifically allowed and defined by the Resilinc IT team. Personally owned computers or other equipment should not be connected to the Resilinc Network without prior approval of the Resilinc Management / IT team. Users shall not disable or otherwise alter Resilinc Resource functions (passwords, virus scan, distribution software, audit trails) implemented by Resilinc IT Services
Monitoring: Resilinc’s IT team reserves the right to monitor its Resources, Environment, and Network. Monitoring includes, without limitation, reviewing Internet sites visited, reviewing material downloaded/uploaded by Users to/from the Internet, and reviewing e-mail sent from and received by Users in their Resilinc e-mail account. This may be done at any time and without prior notice to Users
Circumventing Established Security: Users may not attempt to circumvent Resilinc’s data protection measures or attempt to uncover security loopholes. Users may not gain or attempt to gain unauthorized access to restricted areas or files on Resilinc Resources. Users should not tamper with any hardware or software protections or restrictions placed by Resilinc on its computers, computer applications, files, directories, or other electronic equipment or information
Encryption: Users sending e-mail containing confidential information, such as business plans or budgets, to non- Resilinc e-mail addresses must encrypt the e-mail message
Sending E-mail to Verified Addresses: Users must verify that the e-mail address to which they are sending Resilinc information is correct
7 Viruses:
Virus Detection: Viruses can cause substantial damage to computer systems. Each User is responsible for taking reasonable precautions to ensure that he or she does not introduce viruses into the Resilinc Environment. To that end, Users should not disable virus protection software installed on Resilinc Resources. Users should comply with virus software update announcements as required, and report suspected virus activity to the Resilinc IT Help Desk as soon as possible.
8 Voicemail:
Voicemail Setup: Once training is attended, each User should record an internal and external greeting in accordance with the guidelines presented in training. Users should also change the voicemail password from the system default
Voicemail Usage: Users should be cautious when including confidential information in voicemail messages, either internally or externally. Users should take care not to play voicemail over speakerphones where other employees might overhear confidential information
9 Intellectual Property Rights:
Any information developed or compiled by the User—including documents such as writings, diagrams, spreadsheets, and databases, regardless of form—and any invention, discovery, development, modification, system, program, or design that results from the use of Resilinc Environment by the User, shall be the exclusive property of Resilinc.
10 Malicious Destruction of Resilinc Software/Hardware:
Resilinc has made considerable investments in software and hardware to provide the computing environment needed by its employees. Users shall not maliciously destroy or otherwise damage/delete any software licensed to or owned by, or any hardware owned, leased, or otherwise in the possession of Resilinc. Any such damage or destruction shall subject the User to disciplinary action under this Policy. In addition, Resilinc reserves the right to seek compensation through legal action, if appropriate, for any damages caused by the User.
11 Attorney-Client Communications:
E-mail sent to or from in-house counsel or an attorney representing Resilinc should include this warning: “ATTORNEY-CLIENT PRIVILEGED. DO NOT FORWARD WITHOUT PERMISSION.” Users who receive communication from counsel should not forward such communications without the permission of counsel. Users are reminded that e-mail should not be considered as a secure means of communication.
12 Incident Response:
Users must immediately report to the Management Representative or his or her Supervisor any suspected or confirmed security incident or threat. This would include, but not be limited to, a computer virus, breach of security or security weakness, loss or disclosure of data, or any unauthorized access or use of data. Users should not discuss the specifics of a security problem with anyone else except the Management Representative or Supervisor unless specifically authorized to do so. Additionally, Users must take no independent actions to remedy or address the incident or threat, unless expressly authorized to do so. Incidents will be administered as per Incident Management procedure.
13 Exceptions:
Exceptions to this Policy can be made with written approval of Resilinc Management.
14 Terminations:
Upon termination of employment or any other termination of access rights, all Resilinc computers, equipment, programs, files, hardware, and intellectual property must be returned to Resilinc, and any further access to Resilinc systems is strictly prohibited.
In compliance with the Data Privacy Framework Principles, Resilinc commits to resolve complaints about your privacy and our collection or use of your personal information. EU, UK, and Swiss individuals with questions or concerns about the use of their Personal Data should contact us at: [email protected].
Resilinc’s Data Protection Officer can be reached at [email protected].
EU Representative: You can contact our EU representative as follows:
Resilinc UK Ltd.
Adelaide House
Montrose Avenue
Slough – SL1 4XX
United Kingdom
Email: [email protected].
Resilinc will investigate and attempt to resolve complaints in accordance with the DPF Principles within 45 days of receiving a complaint.
Resilinc Corporation has further committed to refer unresolved EU-US DPF, UK Extension to the EU-US DPF, and Swiss-US DPF complaints to DATA PRIVACY FRAMEWORK SERVICES, an alternative dispute resolution provider operated by BBB National Programs and located in the [United States]. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.bbbprograms.org/dpf-complaints for more information or to file a complaint. The services of DATA PRIVACY FRAMEWORK SERVICES are provided at no cost to you.
Resilinc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
“Customer” means any client/ partner/ supplier engaged with Resilinc to avail its product and services.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Personal Data” as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available.
“Personal Data” and “Personal Information” are data about an identified or identifiable individual that are within the scope of the FADP, received by an organization in the United States from Switzerland, and recorded in any form.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. And ideological or trade union-related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
Data Privacy Framework (DPF) Policy
Last updated: October 9, 2023
Resilinc Corporation (“Resilinc”) has adopted this Data Privacy Framework Policy (“Policy”) to establish and maintain an adequate level of protection for the processing of Personal Data that Resilinc obtains from Customers located in the European Union, and Switzerland.
Resilinc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the Swiss – U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, and Switzerland to the United States in reliance on the Data Privacy Frameworks.
Resilinc has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information.
If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
All Resilinc employees, whether permanent, temporary, part-time or contract, who handle Personal Data from European Union (EU), and Switzerland (Swiss) are required to comply with the principles stated in this Policy.
Resilinc has designated CISO to oversee its compliance with the Data Privacy Framework Program and shall review and approve any material changes to this program as necessary and oversee the overall enforcement of the policies and practices under the DPF Program. Any questions, concerns, or comments regarding this Policy also may be directed to [email protected]
Resilinc has designated Compliance Manager for self-attestation audits and follow-ups on the DPF Program at Resilinc.
Resilinc has a designated person who shall interface with USA authorities for DPF registration and other matters.
CISO at Resilinc India shall oversee that all personal data processed/handled at Resilinc India follows the practices as defined in this policy.
Resilinc will renew its Data Privacy Framework certifications annually unless it subsequently determines that it no longer needs such certification.
Prior to the re-certification, Resilinc will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer
Personal Data are accurate and that the company has appropriately implemented these practices.
Specifically, as part of the verification process, Resilinc will undertake the following:
- Review this DPF policy and its publicly posted website to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual Customers of Resilinc’s participation in the Data Privacy Framework Program
- Ensure that this Policy continues to comply with the DPF principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (Resilinc may do so through its publicly posted website, Individual Customer contract, or other means)
- Review its processes and procedures for training Employees about Resilinc’s participation in the Data Privacy Framework and the appropriate handling of Individual’s Personal Data
- Resilinc will prepare an internal self-assessment audit statement on an annual basis
Resilinc collects Personal Data from Customer when they complete the surveys, register with Resilinc Website, communicate with us, or alternate contact provided by the user to collect relevant information.
As a general matter, Resilinc collects the following types of Personal Data from its Customer: contact information, including, name, email id, phone number, office address, designation in the organization, user id and password.
Also, while Customer visits the Resilinc website for any form fill event, Resilinc collects personal data such as name, title, company, phone, state, country (never street address).
Resilinc collects information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as browser type, browser version, and pages of Resilinc Site that they visit, the time and date of the visit, the time spent on those pages, cookies and other statistics. In addition, we may use third-party services that assist in information gathering.
Resilinc uses Personal Data that it collects directly from its customers and for its suppliers indirectly in its role as a service provider for the following business purposes, without limitation:
- Establishing the business deal by contacting relevant customers.
- Maintaining and supporting its products, delivering and providing the requested products/services.
- Storing and processing data, including Personal Data, in computer databases and servers located in the United States.
- For other business-related purposes permitted or required under applicable local law and regulation.
- Email is sent to suppliers to collect the information requested by Customer; Customers will receive emails on updates or events.
- Prospective customers will receive regular communication on proposals and update on the requirements.
Google Play and Apple IOS privacy policies –
Resilinc uses the below set of permissions for personal data in Android and IOS App for the users using the mobile app.
Accounts – Resilinc uses this permission to store user account details in the account manager. This information is stored securely on the device with OS-level data security.
Read Phone State – Resilinc uses this permission to uniquely identify user device and link their devices to their accounts.
Call – Resilinc use this permission for allowing users to make a call to partner and sites.
Resilinc may provide Personal Data to Third Parties that act as vendors, consultants, and contractors to perform tasks on behalf of and under our instructions like storage of data. For example, Resilinc may store such Personal Data in the facilities /cloud environment operated by Third Parties.
Resilinc India is used for data processing and data storage, these platforms are used for communication with the interested parties, secured FTP – for data transfer, and backup storage. The local Laptop is backed up in secured backups.
Such Third Parties (e.g. independent FTP service provider, cloud service provider(s), etc.) must agree to use such Personal Data only for the purposes for which they have been engaged by Resilinc and they must either comply with the Data Privacy Framework Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
Resilinc also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that Resilinc may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Resilinc is liable for appropriate onward transfers of personal data to third parties.
Personal Data is handled by Resilinc U.S. as well as Resilinc India. Resilinc India is a 100% owned subsidiary of Resilinc Corporation. Resilinc India is handling data processing. Customers of Resilinc are aware that information is collected by Resilinc U.S. and processed by Resilinc India. All Personal Data is stored on the cloud.
Resilinc does not collect Sensitive Data from its Customers. There is no Human Resource data (personal data of employees of EU including sensitive data) transferred from Resilinc Europe to Resilinc U.S.
Resilinc uses Personal Data only for business purpose as mentioned in the section “COLLECTION AND USE OF PERSONAL DATA” and not for any other reasons. Resilinc takes reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Resilinc will retain such information no longer than appropriate to fulfill the purpose.
Resilinc shall implement physical and logical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Resilinc has formal procedures for the protection of Personal Data. For example, Personal Data is stored on the cloud with proper access control. Resilinc applies access restrictions, limiting the scope of personnel who have access to Individual Customer Personal Data. Access to Resilinc’s electronic information systems like servers and databases requires user authentication via password or similar means. Adequate antivirus/anti-malware shall be installed on all systems processing personal information.
Team members working from home and accessing personal data from their official laptops shall access over secure means such as HTTPS enabled browser. All employees and vendors having access to personal data shall execute a signed non-disclosure/confidentiality agreement (NDA). Appropriate disciplinary action shall be taken by Resilinc wherever any employee or staff violates the practices as mentioned in the policy and the privacy procedures.
Resilinc India office at Pune has formal Information Security Policies and Procedures based on ISO 27001 standard and has implemented adequate physical and technical safeguards to provide the level of security as required by the Data Privacy Framework Principles.
Where Resilinc collects personal information directly from individuals in the EU and , it will inform them about the purposes for which it collects and uses personal information about them, the type of third parties to which Resilinc discloses that information, and the choices and means, if any, that Resilinc offers individuals for limiting the use and disclosure of personal information. Notice will be provided in clear language when individuals are first asked to provide personal information to Resilinc, or as soon as practical thereafter, and in any event before Resilinc uses the information for a purpose other than for which it was originally collected.
Resilinc notifies Individual Customers about its adherence to the Data Privacy Framework Program through its publicly posted website DPF policy, available at: https://www.resilinc.com/privacy-policy/
Customers of Resilinc are aware that information is collected by Resilinc USA and processed by Resilinc India.
Resilinc personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized. Individual Customers have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Resilinc collected it.
Individual Customers may review their Data stored in the databases and correct or erase any data that is incorrect, as permitted by applicable law and Resilinc policies.
Upon reasonable request and as required by the DPF Principles, Resilinc allows Individual Customers access to their Personal Data, in order to correct or amend such data where inaccurate.
Partner Portal Users can modify the information from the portal and or they can send the request to [email protected] and the request can be taken care of by Resilinc USA or the Resilinc India team. Existing Customer information will be communicated from customers to Resilinc through secured FTP and will be updated on Resilinc Solutions.
In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request the erasure of Personal Data, Individual Customers should submit a written request to [email protected]
Resilinc shall endeavor to respond in a timely manner to all reasonable written requests to view, modify, or delete Personal Data.
This Policy may be amended from time to time, consistent with the Data Privacy Framework Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
EU, and Swiss Individual customers may contact Resilinc with questions or complaints concerning this Policy at the following address: [email protected]. Resilinc has defined the detailed complaint handling procedures for handling the complaints.
1 Purpose
Resilinc relies on its Information Technology Resources (“Resources”), including its internal Internet connections and network (“Network”), and internal computer systems and programs (“Environment”) to support its business processes. To ensure that its Resources are used properly by its employees, independent contractors, agents, and other Users, Resilinc has implemented this Information Acceptable Use Policy (AUP).
2 Compliance
- This Policy applies to all Users of Resilinc’s Resources, wherever they may be located. It is each User’s duty to use Resilinc’s Resources responsibly, professionally, ethically, and lawfully.
- Each User is responsible for the security of the Information Technology Environment. A User should notify the Resilinc Management Representative / Resilinc IT team if he or she feels that security may have been compromised in any way. Users responsible for implementing new applications, services or hardware should coordinate activities with the Resilinc IT team to determine if the new application, service or hardware complies with the previously defined Resilinc security architecture.
- Any violation of this Policy may lead to disciplinary action (up to and including termination of employment) and/or appropriate legal action. The Resilinc Management Representative or Administrator of the application may deny or revoke access privileges if there is a reasonable belief that a violation has occurred. Access privileges may be restored only after consultation between the Management Representative and Resilinc Management and/or Resilinc Senior Management personnel.
- The policies stated in this AUP are intended as guidelines only for Resilinc Resource U.S.ge. The language should not be construed as creating a contract of employment, express or implied, between Resilinc and any Resilinc employee. Unless Resilinc employees have a written employment contract, either the employee or Resilinc may terminate the employment relationship at any time, for any reason, with or without cause. In addition, no provision of this AUP shall create an employer-employee relationship between Resilinc and any User who is not a Resilinc employee, such as an affiliated contractor, third party vendor, or other User of Resilinc Resources who is not a Resilinc employee.
- Resilinc reserves the right to add, delete, or revise any provision of the AUP at any time, or any Information Security Policy without prior notice to Users.
- Users shall adhere to Resilinc retention and destruction schedules for all electronic files, including e-mails, electronic documents and records, and other electronic files.
3 No Expectation of Privacy
- No Expectation of Privacy: The Resilinc Resources and User accounts are issued to Users to assist them in the performance of their jobs and, therefore, remain the property of Resilinc. Users do not have an expectation of privacy in anything Users create, store, send, or receive on Resilinc Resources. Resources belong to Resilinc and are to be used solely for the purpose of Resilinc business, the User’s usual duties, and or other purposes authorized by management.
- Waiver of Privacy Rights: Users expressly waive any right of privacy in anything Users create, store, send, or receive on Resilinc Resources. Users consent to allowing authorized Resilinc IT Services personnel to access and review all materials Users create, store, send or receive on Resilinc Resources. Resilinc may, but is not obligated to, use human or automated means to monitor the use of its Resources.
- No Privacy in Communication: Users must never consider electronic communications to be either private or secure. E-mail could potentially be stored indefinitely on any number of Resilinc Resources as well as non-Resilinc resources. Copies of your message may be forwarded to others electronically or on paper. In addition, e-mail sent to non-existent or incorrect usernames may be delivered to the wrong person(s)
4 Prohibited Activity
- Unlawful Material: Material that constitutes harassment, discrimination, libel, pornography, a threat of violence, or is otherwise unlawful may not be sent by e-mail, electronic text messages, or any other form of electronic communication (such as bulletin board systems, newsgroups, chat groups) or displayed on or stored in any Resilinc Resource. Users encountering or receiving this kind of material should immediately report the incident to the Management Representative / IT team.
- Disclaimer of Liability for Internet Use: The Internet is a worldwide network of computers that contains millions of pages of information, some of which may contain offensive or inappropriate material. Resilinc has implemented Internet blocking software to restrict access to certain Internet sites that pose a risk to its Resources. In the event Users nonetheless encounter material on the Internet that poses a risk to Resilinc Resources, Users should immediately disconnect from the site and report the site to the Resilinc IT Help Desk. Resilinc is not responsible for material viewed by Users on the Internet. Users accessing the Internet do so at their own risk.
- Prohibited Uses: Resilinc Resources may not be used for dissemination or storage of commercial or personal advertisements, solicitations, promotions, destructive programs (viruses), political material, or any other use prohibited by this Policy.
- Waste of IT Resources: Users may not perform acts that waste Resilinc Resources or unfairly monopolize Resilinc Resources to the exclusion of other Users. These acts include, but are not limited to sending non-business-related mass distribution e-mails or chain letters; subscribing to non-business-related mailing lists; spending excessive amounts of time on the Internet or social networking sites; playing, streaming, or downloading non-business related computer games, music or video; or otherwise creating unnecessary network traffic
- Communication of Confidential Information: Unless expressly authorized by Resilinc Senior Management, sending, transmitting, or otherwise disseminating proprietary data, trade secrets, or other confidential information is strictly prohibited. Always keep in mind that e-mail and the Internet are public methods of communication. When you send information via e-mail or make it available on the Internet, there is always a possibility that the information will be viewed by unauthorized individuals. This type of information is a valuable asset of the company and each of us must make sure that it is protected from unauthorized disclosure.
- Altering Identity (Spoofing): Users may not alter the “From” line or other attribution-of-origin or time-stamp information in the e-mail, messages, or postings sent or received from Resilinc Resources. Anonymous or pseudonymous electronic communication is prohibited when using Resilinc Resources; Users must identify themselves honestly and accurately when sending e-mail.
- Personal Use: Any use of Resilinc Resources not approved by Resilinc IT Management is prohibited. Resilinc management is aware that personal communications between Resilinc coworkers and external contacts does occur, as well as some limited personal use. Management expects Users to limit such communications and personal use to a minimum. Excessive or abusive volume of personal communications, activities of a personal nature that tie up resources or employees or violate any other provision of this agreement are expressly prohibited. Users are reminded that there are no expectations of privacy when using Resilinc Systems
- Software and Copyright Violations: The distribution, retrieval, or reproduction of any material without the permission of the copyright holder is expressly prohibited. The import or installation of any software which has not been properly authorized and purchased by Resilinc IT management is expressly prohibited. No User may modify, revise, transform, adapt, disassemble, decompile, or otherwise alter any software licensed to Resilinc without prior written authorization from Resilinc.
- No Forward Policy: Some information that is transmitted via electronic communications is intended for specific individuals, and therefore, should not be shared with others. Users should exercise caution when forwarding communications to other Resilinc Users. Resilinc information that is confidential in nature may not be forwarded to external parties without the expressed permission of senior management. Resilinc e-mail users are prohibited from modifying the settings of their e-mail account or otherwise causing e-mail received by them to be automatically forwarded to a non-Resilinc e-mail address.
5 Logins and Passwords
- Login Accounts: A unique login account consisting of a User ID and password (see 17.5, point 2, 3, 4) is required for each User of the IT Environment. Users are responsible for all transactions made using his or her User ID. No User may access Resilinc Resources using another User’s account. All Users are expected to log off the workstation when they are away from their work area for extended periods of time. All Users are required to log off at the end of each day before they leave. Users may not disguise their identity while using any Resilinc Resource
- Responsibility for Passwords: Users are responsible for safeguarding their passwords for access to Resilinc Resources. Individual passwords should not be printed, stored online, shared or given to others. Users are prohibited from using or disclosing another User’s password.
- Password Maintenance: Passwords should contain a minimum of eight characters in length. Passwords must include uppercase, lowercase and numerical characters. The use of special characters (e.g. “@”,”!”,” &”,” %”) if supported, is strongly suggested.
- Passwords do not Imply Privacy: Use of passwords to gain access to Resilinc Resources does not imply that Users have an expectation of privacy in the material they create, store, send, or receive on Resilinc Resources. Resilinc has the right to access, inspect, read, and/or print without prior notice, all material stored on Resilinc Resources
- Disclosure of Information: All information accessed by Users of Resilinc systems is to be kept confidential, and only discussed or shared with another User who has been properly authorized to view the information as part of his or her job responsibilities. Information is stored with the expectation that it will only be used or accessed by authorized persons.
6 Security
- Physical Security: Users shall take all reasonable and prudent measures to physically secure all Resilinc Resources. Users shall not attempt to circumvent any system that secures Resilinc Resources or its components.
- Accessing Other Computers and Networks: A User’s ability to connect to other computers or networks does not imply a right to connect to those systems or to make use of those systems unless specifically authorized by the operators of those systems. Users should not access or view any Resilinc information without having the proper authorization to do so.
- Computer Security: Each User is responsible for ensuring that the use of external computers and networks, including the Internet generally, does not compromise the security of the Resilinc Environment. This duty includes preventing intruders from accessing the Resilinc Network without authorization and taking reasonable precautions to avoid the introduction and spread of viruses, malware and other harmful software.
- Information Technology Security: Users shall not connect to the Resilinc Network by any means other than by those specifically allowed and defined by the Resilinc IT team. Personally owned computers or other equipment should not be connected to the Resilinc Network without prior approval of the Resilinc Management / IT team. Users shall not disable or otherwise alter Resilinc Resource functions (passwords, virus scan, distribution software, audit trails) implemented by Resilinc IT Services
- Monitoring: Resilinc’s IT team reserves the right to monitor its Resources, Environment, and Network. Monitoring includes, without limitation, reviewing Internet sites visited, reviewing material downloaded/uploaded by Users to/from the Internet, and reviewing e-mail sent from and received by Users in their Resilinc e-mail account. This may be done at any time and without prior notice to Users.
- Circumventing Established Security: Users may not attempt to circumvent Resilinc’s data protection measures or attempt to uncover security loopholes. Users may not gain or attempt to gain unauthorized access to restricted areas or files on Resilinc Resources. Users should not tamper with any hardware or software protections or restrictions placed by Resilinc on its computers, computer applications, files, directories, or other electronic equipment or information.
- Encryption: Users sending e-mail containing confidential information, such as business plans or budgets, to non- Resilinc e-mail addresses must encrypt the e-mail message
- Sending E-mail to Verified Addresses: Users must verify that the e-mail address to which they are sending Resilinc information is correct.
7 Viruses
- Virus Detection: Viruses can cause substantial damage to computer systems. Each User is responsible for taking reasonable precautions to ensure that he or she does not introduce viruses into the Resilinc Environment. To that end, Users should not disable virus protection software installed on Resilinc Resources. Users should comply with virus software update announcements as required, and report suspected virus activity to the Resilinc IT Help Desk as soon as possible.
8 Voicemail
- Voicemail Setup: Once training is attended, each User should record an internal and external greeting in accordance with the guidelines presented in training. Users should also change the voicemail password from the system default.
- Voicemail U.S.ge: Users should be cautious when including confidential information in voicemail messages, either internally or externally. Users should take care not to send voicemail over speakerphones where other employees might overhear confidential information.
9 Intellectual Property Rights
Any information developed or compiled by the User—including documents such as writings, diagrams, spreadsheets, and databases, regardless of form—and any invention, discovery, development, modification, system, program, or design that results from the use of Resilinc Environment by the User, shall be the exclusive property of Resilinc.
10 Malicious Destruction of Resilinc Software/Hardware
Resilinc has made considerable investments in software and hardware to provide the computing environment needed by its employees. Users shall not maliciously destroy or otherwise damage/delete any software licensed to or owned by, or any hardware owned, leased, or otherwise in the possession of Resilinc. Any such damage or destruction shall subject the User to disciplinary action under this Policy. In addition, Resilinc reserves the right to seek compensation through legal action, if appropriate, for any damages caused by the User.
11 Attorney-client Communications
E-mail sent to or from in-house counsel or an attorney representing Resilinc should include this warning: “ATTORNEY-CLIENT PRIVILEGED. DO NOT FORWARD WITHOUT PERMISSION.” Users who receive communication from counsel should not forward such communications without the permission of counsel. Users are reminded that e-mail should not be considered as a secure means of communication.
12 Incident Response
Users must immediately report to the Management Representative or his or her supervisor any suspected or confirmed security incident or threat. This would include, but not be limited to, a computer virus, breach of security, or security weakness, loss or disclosure of data, or any unauthorized access or use of data. Users should not discuss the specifics of a security problem with anyone else except the Management Representative or Supervisor, unless specifically authorized to do so. Additionally, Users must take no independent actions to remedy or address the incident or threat, unless expressly authorized to do so. Incidents will be administered as per Incident Management procedure.
13 Exceptions
Exceptions to this Policy can be made with written approval of Resilinc Management.
14 Termination
Upon termination of employment or any other termination of access rights, all Resilinc computers, equipment, programs, files, hardware, and intellectual property must be returned to Resilinc, and any further access to Resilinc systems is strictly prohibited.
In compliance with the Data Privacy Framework Principles, Resilinc commits to resolve complaints about your privacy and our collection or use of your personal information. EU, and Swiss individuals with questions or concerns about the use of their Personal Data should contact us at: [email protected].
Resilinc’s Data Protection Officer can be reached at [email protected].
EU Representative: You can contact our EU representative as follows:
Resilinc UK Ltd.
Adelaide House
Montrose Avenue
Slough – SL1 4XX
United Kingdom
Email: [email protected].
Resilinc will investigate and attempt to resolve complaints in accordance with the DPF Principles within 45 days of receiving a complaint.
Resilinc Corporation has further committed to refer unresolved EU-US DPF, and Swiss-US DPF complaints to DATA PRIVACY FRAMEWORK SERVICES, an alternative dispute resolution provider operated by BBB National Programs and located in the [United States]. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.bbbprograms.org/dpf-complaints for more information or to file a complaint. The services of DATA PRIVACY FRAMEWORK SERVICES are provided at no cost to you.
Resilinc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
“Customer” means any client / partner /customer’s supplier engaged with Resilinc to avail itself of its product and services.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Personal Data” as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available.
“Personal Data” and “Personal Information” are data about an identified or identifiable individual that are within the scope of the FADP, received by an organization in the United States from Switzerland, and recorded in any form.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. And ideological or trade union related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.