NexxPhase deals with confidential data, including data of their customers. The highest priority is placed on the security and privacy of this data, and these policies are designed to safeguard such data while allowing employees the proper access to complete their job roles. This policy applies to all users of personally identifiable information in NexxPhase's possession.
The data center housing the NexxPhase's customer's data has the highest level of physical security standards. Access to the facility is controlled and logged and the facility is carefully monitored. System Security is also of critical importance and is designed into all levels of the NexxPhase application's and infrastructure.
User authentication is performed for all external user's before connecting to NexxPhase applications. Only current employees and contractors with a specific "need to know" will have access to specific data.
NexxPhase's computer network is protected from unauthorized intrusion via the use of a firewall; even with such precaution, it is impossible to guarantee that an intrusion into NexxPhase's computer network will not occur. Remote access to NexxPhase's computer network shall be permitted only through a virtual private network and only when deemed necessary by an appropriately authorized NexxPhase employee. NexxPhase monitors NexxPhase's computer network traffic for malicious behavior.
Transfer of Data To Third Parties
NexxPhase does not share any of its customer's personally identifiable information to third parties except in good faith where NexxPhase believes it is appropriate to cooperate in investigations of fraud or other illegal activity. NexxPhase discloses information in response to a subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process, including subpoenas from private parties in a civil action.
All data in NexxPhase's possession is backed-up on a regular basis and back-ups are stored in a secure off-site location. Computer systems containing critical data employ redundancy to protect against loss of data from hardware failure. Data retention
NexxPhase's own data shall be retained for as long as it is actively used, or as required by applicable law, regulation or NexxPhase policy. Client data will be kept for the duration of the work with the client, or longer if required pursuant to the contract with the client, or as required by applicable law or regulation. Once data in possession of NexxPhase is no longer required to be maintained, it shall be properly disposed of which shall include taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect personal privacy, NexxPhase adheres to the following Safe Harbor Principles.
Acting only as an agent for its clients, NexxPhase provides persons whose personally identifiable information is provided to NexxPhase by a client, an opportunity to opt-out if they do not want to be contacted by NexxPhase on behalf of NexxPhase or NexxPhase's clients.
2) Onward Transfer
NexxPhase will not transfer clients' data except with the written authorization of the client.
NexxPhase maintains reasonable precautions to protect personally identifiable information from loss, misuse and unauthorized disclosure, alteration or destruction.
4) Data Integrity
NexxPhase's customer's information maintained by NexxPhase will be used for the sole purpose of supporting client's business operations.
NexxPhase's customer's have the option to review their personal data by contacting NexxPhase's customer services representatives. As part of the review process, only authorized NexxPhase customer services representatives can correct, amend, or delete the customer's information where it is inaccurate.
NexxPhase does not use customer data for any purpose incompatible with those purposes authorized in its client agreements. Sensitive Information, including credit card numbers, is not stored except as directed by NexxPhase's clients who own the data, and is not transferred to third parties except as authorized by client.