Cforia Privacy Policy

Privacy Policy

Cforia Software, Inc. Privacy Statement and General Data Protection Regulation (GDPR – formerly Data Protection Act DPA) Compliance Statement

Statement of intent
The purpose of this Privacy Policy is to provide you, the User, with details of how Cforia Software, Inc. will collect and use the personal data you supply to it. Personal data is information which relates to identifiable living individuals.

It is the stated policy of Cforia Software, Inc. that it will act in accordance with current legislation and aims to meet current best practice about the processing of personal data.

Collection of personal data
Cforia Software Inc will only use your authorized personal data to help provide better service and information to you and to bring you details of material which Cforia believes might be of interest to you. You agree that Cforia Software, Inc. can use your personal data for such purposes, unless you inform Cforia Software, Inc. otherwise. No personal information supplied by you will be transmitted outside the Cforia Software, Inc. organization, and Cforia Software, Inc. will not sell or otherwise provide your personal data to any third party without your consent unless required by law.

Use of personal data
Cforia Software, Inc. will only use your personal data to help us provide information to you and to bring you details of other events and materials which we believe might be of interest to you. You agree that Cforia Software, Inc. can use your personal data for such purposes, unless you inform us otherwise by opting-out of receipt of future materials or information, or requesting that you information be removed and forgotten. No personal information supplied by you will be transmitted outside the Cforia Software, Inc. organization, and Cforia Software, Inc. will not sell or otherwise provide your personal data to any third party without your consent unless required by law.

Storage and correction of personal data
Cforia Software, Inc. will retain the personal data we hold concerning you for as long as it is current, unless you send Cforia Software, Inc. notice that you no longer wish it to retain this data. Cforia Software, Inc. is obliged to supply you, on request, with a copy of the personal data it holds about you, if you pay a small fee. If you wish to exercise this right, please email GDPR@Cforia.com for more details, including details regarding the fee which is payable for exercising such right. Should you discover any inaccuracies in such personal information, please notify Cforia Software Inc as soon as possible at the same address. Cforia Software, Inc. will then correct its records and notify any third parties to whom such personal information may have been transmitted in accordance with the paragraph above.

Copyright All rights reserved©
Save to the extent expressly permitted under the Terms and Conditions of use of the Web Site, the content of these pages may not be reproduced, or transmitted, or made available in whole or in part without the prior consent of Cforia Software, Inc. These pages may be downloaded or printed for your personal and private use if you make no alteration of any of the pages and you do not use any part of the pages in any other for publication, in whatever medium, without the prior written consent of Cforia Software, Inc.

PCI Compliance

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands—Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data. 

Cforia completes an annual PCI DSS assessment using an approved Qualified Security Assessor (QSA). The assessment culminates with an Attestation of Compliance (AoC) and Report on Compliance (RoC) issued by the QSA. The effective period for compliance is prospective and begins upon passing the audit and receiving the AoC from the assessor, and ends one year from the date the AoC is signed. Cforia is certified as compliant under PCI DSS version 3.2.1 at Service Provider Level 1. 

Clients who utilize Cforia’s PCI compliant products and services significantly reduce the scope, cost and effort of their own PCI compliance assessments.

GDPR Addendum 3 - Processing and Removal of Personal Data at Time of Registration

Cforia uses data intelligence to better understand and serve our Prospect’s and Customer’s business needs. We do not keep or maintain any personal or private information (e.g. No Credit Cards, No home addresses, No government issued information of any kind). We take into account each individual’s rights to privacy and information security.

Under GDPR Transparency Requirements, Cforia provides individuals the rights to be informed about the collection and use of their personal data and the mechanisms for the individual to change how Cforia handles that information and future communications.

Cforia Software will provide individuals with GDPR information including, the purposes for processing their personal data, the retention periods for that personal data and who it will be shared with.

If we obtain any personal data from other sources (tied to your business email address), we will provide you with that privacy information within a reasonable period of obtaining the data and no later than one month.

What Cforia provides:

We provide individuals with all the following privacy information:

  •  The name and contact details of our organization
  • The name and contact details of our representative as needed
  • The contact details of our data protection officer as needed
  • The purposes of the information processing – which is to help better provide specific content consistent with your selected “Preferences” at time of opt-in
  • The categories of personal data obtained
  • The recipients or categories of recipients of the personal data
  • The details of transfers of the personal data to any third countries or international organizations if applicable
  • The retention periods for the personal data – the duration of your active engagement with Cforia and no longer than a month after a request for opting out has been received
  • The right for any individual to withdraw consent to continue communicating with you and need your “Right to be Forgotten”
  • The right to lodge a complaint with a supervisory authority
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data if applicable and if the personal data is collected from the individual it relates to
  • The details of the existence of automated decision-making, including profiling (if applicable)

When Cforia will provide it:

We provide individuals with privacy information at the time we collect their personal data from them.

If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information:

  •  Within a reasonable period of obtaining the personal data and no later than one month
  • If we plan to communicate with the individual, at the latest, when the first communication takes place or if we plan to disclose the data to someone else, at the latest, when the data is disclosed

 

How Cforia will provide it:

We provide the information in a way that is:

  •  Concise
  • Transparent
  • Intelligible
  • Easily accessible
  • Using clear and plain language

Changes to the information Cforia holds:

  •  We regularly review and, where necessary, update our privacy information
  • If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing

 

Cforia Best Practice – Drafting the information:

  • We undertake an information audit to find out what personal data we hold and what we do with it
  • We put ourselves in the position of the people we’re collecting information about
  • We carry out user testing to evaluate how effective our privacy information is
 

Cforia Best Practice – Delivering the information:

When providing the Cforia Privacy Information to individuals, we use a combination of appropriate techniques, such as:

  • A multi-layered approach depending on what Cforia Controller systems your information is stored
  • Reporting and Analytics on data retained
 
Cforia uses the GDPR compliant Salesforce.com Customer Relationship Management (CRM) platform, to provide companies with transparency and control of their customer data and to accelerate and maintain compliance with privacy regulations like the General Data Protection Regulation (GDPR):
 
  • At time of registration for any event or any material, which requires providing personal contact information
  • For every new and returning content registrant:
    •  Unsubscribe
    • Update Subscription & GDPR Preferences
    • Forward to a Friend
  • Recording Change Status within Marketo from the Registration Page and within SFDC
  • At time of registration for an event or material which requires providing contact information
  • Cforia Email Preference Center
    • Cforia has engaged both Salesforce.com(SFDC) and Marketo functionality to assist with outbound notifications, validations, and ongoing compliance on opt-in and opt-out and right to be forgotten. 
 

GDPR for Cforia Zendesk Customer Support:

Cforia uses Zendesk for Cforia Customer Service and Support. Zendesk is ISO 27001:2013 and ISO 27018:2014 certified for information protection and privacy. Zendesk ISO certifications and SOC 2 audit reports are available upon request by authorized security personnel at privacy@zendesk.com.

Zendesk GDPR Compliance: Cforia uses Zendesk to help establish the rights for our end-users. The Zendesk GDPR compliance establishes enhanced rights for end-users, and organizations to be able to accommodate GDPR rights.

Data Breach Notifications: Cforia is a controller of certain business/personal data and has clear processes in place in order to comply with the GDPR requirement to report data breaches in accordance with GDPR. Zendesk will notify any affected customers without undue delay if we become aware of a data breach of our services.

Data Protection Impact Assessment (“DPIA”): DPIAs usually describe  organization’s data processes and protective measures, particularly those that may be risky. For data processing activities, customers need to conduct and file with authorities a DPIA.