top of page

stratusCX Privacy Policy

Purpose Of Policy

This policy aims to present the StratusCX’s commitment to the privacy of user information and sensitive commercial/financial data.

 

Scope of Policy

This policy applies to all data owned or managed by StratusCX.

 

Supporting Documents

List of documents supporting this policy,

  • Information security policy

Responsibilities

  1. The chief information security officer (CISO) is responsible for the development, implementation, maintenance, and enforcement of the policy.

  2. StratusCX’s internal audit team is responsible for conducting regular audits to ensure compliance with this policy.

  3. Employees and non-employees of StratusCX are responsible and/or accountable to ensure adherence to the terms of this policy in the course of their job duties.

 

Policy Statements

The privacy policy displayed to the user must clearly communicate a minimum of the following information:

  1. The purpose for the collection of personal information.

  2. How will the information be processed?

  3. Controls for the protection of personal information.

  4. Usage of tools such as cookies to collect personal information online.

  5. Details of information, such as IP address, and domain information, are captured about the user.

  6. Sharing of information with third parties.

  7. User rights to access personal information.

  8. Details to contact StratusCX for queries on processing personal information.

  9. StratusCX’s commitment to privacy and security.

  10. Period for which the terms and conditions are valid.

  11. StratusCX’s information security standards and practices.

  12. Policy on external links

    1. StratusCX will not use information about user activities on the internet together with any information that would result in the user being identified without their consent.

    2. StratusCX will not associate the information collected by software utilities (cookies, single-pixel gif images) with the user name or email address when the user visits the sites.

    3. StratusCX will implement policy guidelines to safeguard the privacy of the user-identifiable information from unauthorized access or improper use. It will continue to enhance security procedures as new technology becomes available.

    4. StratusCX honor requests from users to review all personally identifiable information, such as names, addresses, e-mail addresses, and telephone numbers, maintained in reasonably retrievable form. It will correct inaccurate information that the users may verify.

    5. StratusCX may use the user’s identifiable information to investigate and help prevent potentially unlawful activity or activity that threatens the network or otherwise violates the user agreement for that service.

    6. All kinds of data, such as personally identifiable information shared by users, shall be:

      1. Processed fairly, lawfully, and securely.

      2. Processed per the purpose for which it is collected.

      3. Maintained up-to-date and accurate as necessary.

      4. Retained for no longer than necessary for the purpose it is collected.

    7. Users shall be provided with the following information, at the least, before collecting personally identifiable information

      1. Purposes of processing the information.

      2. Information regarding the specific circumstances in which personal information is collected, such as

        1. The recipients of the information.

        2. Whether submission of information is obligatory or voluntary, as well as the impact of failure to submit such information.

        3. The existence of the right to access, update or remove personal information.

        4. Whether personal information will be used for marketing purposes.

 

Enforcement

 

Policy Violations

Violation of the policy will result in corrective action from the management. Disciplinary action will be consistent with the severity of the incident, as determined by the investigation, and may include, but is not limited to 

  • Loss of access privileges to information assets.

  • Termination of employment or contract.

  • Other actions deemed appropriate by management, HR division, legal division, and their relevant policies.

Violation or deviation of the policy shall be reported to the service desk and a security incident record has to be created for further investigation of the incident.

 

Policy Exceptions

Any exceptions to this policy must be formally approved by the chief information security officer. All the exceptions shall be formally documented in the standard IT exceptions request form.

The exception request shall follow the below-mentioned approval matrix.

First-level

Unit manager/reporting manager

Second-Level

Chief information security officer

 

After approval by the chief information security officer, the exception request form should be forwarded to the relevant IT unit for execution. 

bottom of page