PRIVACY POLICY
Isthmus Instruments, LLC (the “company”, “we” or “us”) is committed to protecting the confidentiality of data it receives. This policy sets forth the expectations of the company related to the receipt, handling, storage, use, transmission and destruction of data it receives from you. This policy applies to the company; its employees, agents and representatives; and vendors and others that receive, use, store or transmit information on the company’s behalf.
We are and may in the future be subject to various data protection laws, both foreign and domestic. Such laws have certain common principles and elements, which we respect and will uphold, including (1) transparency, (2) limiting the collection of data, (3) allowing data subjects to have a say in how their personal data is stored and used, (4) implementation of reasonable physical, technical and administrative safeguards to prevent unauthorized access or use of protected data, (5) ongoing risk assessment, and (6) vigilance in preventing and responding to data breaches.
This policy describes our current privacy policy, which is subject to periodic change as outlined below. Questions regarding this policy should be addressed to the Data Protection Officer identified in this policy.
DEFINITIONS
“Personal Information” means information that relates to an identifiable natural person or that can be used, by itself or combined with other data, to identify that person. This includes both business and personal information, such as name, address, telephone number, email address, business contact information, business affiliation, title, etc. Personal Information also includes all Sensitive Personal Information (as defined below). Personal Information does not include information about an individual that cannot be used to identify that individual, such as aggregated and deidentified data.
“Sensitive Personal Information” means Personal Information that is especially sensitive and that should be treated with additional respect and protection, often because its improper use or transmission can lead to identity theft or other significant losses. Examples of Sensitive Personal Information include Social Security Number (SSN); National Insurance Number (NI); credit card number; bank account number(s); username(s) and/or password(s); health information, genetic and biometric information; Personal Information of children; and criminal history, as well as information regarded as highly private or sensitive under various laws, such as information regarding race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation. Questions regarding whether specific data or information constitutes Sensitive Personal Information should be directed to the Data Privacy Officer.
“Protected Information” means all Personal Information, or Sensitive Personal Information, and all other information that the Data Privacy Officer designates as subject to this policy.
“Data Protection Officer” means the individual authorized and obligated to enforce and interpret this policy and responsible for the overall protection and management of our data. The Data Privacy Officer is Jenny Robinson.
“Breach” means an unauthorized use or disclosure of Protected Information, including without limitation unauthorized access. While an unprotected transmission of Protected Information may result in a Breach, it is not, by itself, a Breach.
“Data Subject” means an individual to whom Personal Information or Sensitive Personal Information pertains.
PERSONAL INFORMATION
DATA PROTECTION PRINCIPLES
The following principles govern our collection, use, retention, transfer, disclosure and destruction of Personal Information, and our reasons for collecting Personal Information:
Lawfulness, Fairness and Transparency: Personal Information will be processed lawfully, fairly and in a transparent manner. We will inform Data Subjects how we obtain and use their data (primarily through our Privacy Policy on our website).
Purpose Limitation: Personal Information will be collected for specific and legitimate purposes. This means you will know why we are obtaining Personal Information when we obtain it and we will not use it for other purposes without your consent or other lawful basis to do so.
Minimum Necessary: We do not collect Personal Information we do not need, and we will only retain Personal Information as long as we have a legitimate need for it. We only collect, maintain, use and transmit the minimum amount of Protected Information necessary to accomplish a given task, and we only allow the least amount of people the lowest amount of access necessary to accomplish a legitimate purpose.
We collect primarily the information you supply us with as well as your IP address.
Accuracy: Personal Information should be accurate and kept up to date. You can contact our Data Protection Officer to correct your Personal Information or you may update it through an online form, if available.
Access Limitation: Personal Information will only be accessible to those with a legitimate need for the information to accomplish one of the purposes listed above or another purpose required by law. This includes both protection from external access and internal limitations on who within the company can access Personal Information.
Integrity & Confidentiality: Personal Information will be received, maintained, used and/or transmitted in a matter that ensures appropriate security, including protection from unauthorized or unlawful access, as well as accidental loss, destruction or damage. Data Subjects will be afforded their rights as recognized under applicable laws (including GDPR where applicable).
DATA COLLECTION
Most Personal Information we receive is provided directly by the Data Subject, and in most cases the provision of such information is specifically so that we can provide you with goods or services you have requested.
We collect primarily the information you supply us with (when you sign up for our mailing list or place an order), and we collect your IP address automatically. We collect your email address as well as your name when you sign up for our mailing list or order something from us to enable us to contact you and let you know about new products or other marketing updates, to respond to your concerns or inquiries, and to provide support for our products. We also collect your address and credit card payment information when you order something from us for the purposes of shipping and payment processing. We use various technologies to collect and store Personal Information when you use our website, which includes using “cookies” or other similar technologies.
RIGHTS OF DATA SUBJECTS
We respect the rights of individuals to control their Personal Information under various laws, and we will allow them to exercise those rights. Subject to requirements and restrictions from applicable law (including employment laws and record retention requirements) all Data Subjects have the right to:
access and know what information about them we have.
correct any Personal Information about them that we have.
request that we delete their Personal Information.
request that we limit the way we use or share their Personal Information.
object to the use of their Personal Information for direct marketing.
All requests from a Data Subject related to these rights should be forwarded to the Data Protection Officer, who will respond accordingly. The Data Protection Officer will undertake reasonable efforts to authenticate the identity of the requesting individual before providing further information or undertaking further action to allow the individual to exercise one or more of the above rights. There may be situations where someone other than the Data Subject requests Personal Information of another, such as requests by police or court order. All such requests should be forwarded to the Data Protection Officer, who will respond accordingly.
Information of Minors: This website is not intended for children under 13 years of age. We do not knowingly collect any Personal Information, Sensitive Personal Information, or Protected Information from anyone under the age of 13. If you are under the age of 13, please do not provide any Personal Information or any other type of information to us.
DATA SECURITY AND RETENTION
The amount of time we store Personal Information depends on the purposes for which we use it as well as the type of Personal Information. We will store your Personal Information for as long as you continue to use our products or services, or as long as we have another business purpose to do so but never for longer than permitted by applicable law. The information collected may be stored and processed on third-party servers which may be located in the United States or around the globe. No information, especially electronically stored or transmitted information, is absolutely safe. However, we take the protection of Personal Information seriously. We will continue to actively assess risks and look for ways to better safeguard Protected Information.
We protect Protected Information through physical, technical and administrative safeguards, taking into account factors such as legal requirements; the sensitivity of the information; the need for and uses pertaining to it; practical factors related to access, use and cost; foreseeable risks, their likelihood and the potential harm were a breach to occur.
BUSINESS TRANSFERS
We will not sell, rent, swap or authorize any third party to use your Personal Information without your permission. In the future we may sell, buy, merge or partner with another company or business. In such a transaction, we may include your Personal Information in the transferred assets.
PRIVACY POLICY CHANGES
In the future we may update this Privacy Policy to reflect changes in our business or changes in applicable law. Unless we have legal reason to do otherwise, we will provide at least 30 days’ prior notice of any updates to this Privacy Policy by posting about the update on our website. If you disagree with the terms of this Privacy Policy or any updates to the Privacy Policy, you may contact us at any time to request that we delete your Personal Information.
WHO TO CONTACT
Questions and concerns regarding this policy, its application or interpretation, security and accessibility of our data and other related matters should be directed to the Data Protection Officer:
Jenny Robinson
President
608-504-7754
customercare@isthmusinstruments.com