Privacy Policy & Data Governance
Conforming to this policy is part of Revvy LLC’s (“Revvy” or the “Company”) overall duty of confidentiality toward individuals with whom it deals. The policy covers aspects of the business that involves personal information and relates to all services and departments. Personal data covers both facts and opinions about anything that can be identified about an individual. Staff, whether employee or independent contractor, is reminded that ethical considerations are also an important aspect of Data Protection. The scope covers the processing of data in all formats, both paper and electronic, used to store information and includes the following: 1) Manually stored paper data; 2) Electronically stored records; 3) Tapes held on video recordings; 4) Archived data; 5) Other electronic media including CDROMs, memory sticks, and audio recordings. The policy also addresses security issues related to personal data.
Data Protection
To underscore our commitment to the authority and independence of our compliance oversight efforts and to facilitate the effectiveness of those efforts, Revvy has established data protection standards and the Company shall, from time to time, establish systems or processes for the collection and documentation of data processing, and/or transfer of personal data.
Data Security
All employees and independent contractors engaged by the Company must adopt physical, technical, and organizational measures to ensure the security of personal data, including the prevention of alteration, loss, damage and unauthorized processing or access. Adequate security measures include but are not limited to the following:
Admission Control: Prevention of data processing systems from being used by unauthorized persons
Access Control: Prevention of persons entitled to use a data processing system from accessing data beyond their needs and authorizations including preventing unauthorized reading, copying, modifying, or removal during processing and use, or after storage
Disclosure Control: Ensuring personal data in the course of electronic transmission during transport or during storage on a data carrier cannot be read, copied, modified or removed without authorization, and providing a mechanism for checking to establish who is authorized to receive, and who has received, the information
Input Control: Ensuring it can be subsequently checked and established whether and by whom personal data have been entered into, modified on, or removed from data processing systems
Job Control: Ensuring in the case of commissioned processing of personal data, the data can be processed only according to the instructions of the data controller
Availability Control: Ensuring personal data are protected against undesired destruction or loss
Use Control: Ensuring data collected for different purposes can and will be processed separately
Longevity Control: Ensuring data is not kept longer than necessary, including by requiring that data transferred to third parties be returned or destroyed
Employee and Independent Contractor Confidentiality Agreements
All persons involved in any stage of processing personal data must explicitly be made subject to a requirement of secrecy that will continue after the end of their relationship with the Company.
Dispute Resolution
Employee: Employees with inquiries or complaints about the processing of their personal data should first discuss the matter with their immediate supervisor. If the data subject does not wish to raise an inquiry or complaint with an immediate supervisor, or if the supervisor and the data subject are unable to reach a satisfactory resolution of the issues raised, the employee should bring the issue to the attention of either Manager of the Company.
Non-employee/Independent Contractors: Non-employees or Independent Contractors with inquiries or complaints about the processing of their personal data should bring the matter to either Manager of the Company in writing. Any disputes concerning the processing of the personal data of non-employees or independent contractors will be resolved through informal mediation between the Company and said non-employee or independent contract.
Appeal: If the issue is not resolved through consultation with the data subject's supervisor or by the Company generally, or through other mechanisms under existing employment agreements, independent contractor agreements, union agreements, or statutory procedures, then the data subject may seek redress through resort to litigation or complaint to a data protection authority with jurisdiction (all as permitted by applicable local law or procedure).
Data Archive and Retention
This policy applies to all of the Company's employees and independent contractors. All records pertaining to the Company that were created or are maintained by any Company personnel while acting within the course and scope of his or her employment are subject to the requirements of this policy. For the purposes hereof, “Record” shall mean and include: any document, file, or record created, received, or obtained by any Revvy personnel while acting within the course and scope of his or her employment or engagement with the Company pertaining to Company business or operations by any means on anything tangible including, but not limited to: paper files, documents and records, computer records, email, voicemail messages, handwritings, photographs, photocopies, or fax, regardless of the manner in which the record has been stored; specific categories and types of records are contained in the retention schedule.