A. EasySet Responsibilities:
- EasySet maintains a wide variety of compliance programs that validate our security controls. EasySet safeguards the security of the Client’s data during transmission to or from the EasySet platform by using encryption protocols and security software. EasySet maintains physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of Client or personal information. EasySet’s security procedures may require proof of identity before disclosure of personal information to the Client/User.
- EasySet is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. EasySet complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, EasySet is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, EasySet may be required to disclose personal data in response to lawful requests by authorities, including to meet national security or law enforcement requirements. If requested by law, and within the legal confines of the request, EasySet will notify the Client of the data request within 7 business days of initial notification.
- To process payments, EasySet follows the Payment Card Industry Data Security Standard (PCI DSS) applied by 3rd party services, when handling credit card data.
B. Client/User Responsibilities
- Client/Users are responsible for all activities that occur under the designated account(s), regardless of whether the activities are authorized by the Client or undertaken by the Client, the Client’s employees or a third party (including the Client’s contractors, agents or End Users/Released Parties), EasySet LLC and EasySet’s affiliates are not responsible for unauthorized access to the Client’s account.
- Client/User Data: The Client will ensure that the Client’s content and the End User/Released Parties use of the Client’s content will not violate any of the Policies or any applicable law. The Client is solely responsible for the development, content, operation, maintenance, and use of the content.
- Security and Backups: The Client is responsible for properly configuring and using the EasySet software and otherwise taking appropriate action to secure, protect and backup Client accounts and Client Content in a manner that will provide appropriate security and protection, which might include the use of encryption to protect Client Content from unauthorized access and routinely archiving Client Content.
- Log-In Credentials: EasySet log-in credentials are for Client/User internal use only and Client/User will not sell, transfer or sublicense the credentials to any other entity or person. The Client/User may disclose Log-In Credentials to agents and subcontractors of choice performing work on his/her behalf.
- By choosing to use any of the EasySet software, the Client/User agrees to the collection and use of information subjected to policy, local, US Federal law and the EU General Data Protection Regulation (GDPR). Data collected by EasySet such as a Client’s email address and categorical/statistical assessment data may be used internally for statistical use to improve EasySet software. The Client’s personal information, as well as any information related to the assessed (“Released party”), will be kept confidential. EasySet states that it will not transfer any of Client’s personal or sensitive information to a third party, other than one acting as an agent of its behalf without the Client’s consent unless legally requested by law.
C. Information Collection and Use:
- While using the EasySet software, EasySet may request the Client to provide specific personally identifiable information, including but not limited to the Client’s name, phone number, email and postal address. For use and access to the EasySet system (excluding payment information) only a verified email address is required. This information collected will be used to contact the Client, identify users, payments when applicable, and to generate EasySet products/reports.
- Any data deleted by the Client/User from his/her account, including reports, report images, icons, logos, or uploads of any kind are all deleted from EasySet servers within twenty-four (24) hours. Backup data is overwritten every twenty-four (24) hours. For security and privacy, data is not backed up for more than twenty-four (24) hours. Not all information deleted by the Client intentionally or by accident, can be restored, even within the twenty-four (24) hour window. All deletions which exceed twenty-four (24) hours are permanent and final. Unless requested by the Client, all data associated with the account including purchased reports and report credits will be permanently deleted, ninety (90) days after a Client account has been disabled. Future use of the EasySet software requires the Client to open a new EasySet Account with the associated Report Credit Package fees.
- Log Data: When the Client/User visits an EasySet platform, EasySet collects directly or through a third party typical information that the Client’s browser sends, referred to as Log Data. This Log Data may include information such as Client’s computer’s Internet Protocol (“IP”) address, browser version, pages of our service that Client visits, the time and date of visit, the time spent on those pages, actions the Client took on the website and/or on Client’s account and other recorded behavioral statistics. This data is protected using commercially acceptable means of doing so and is used only to identify improvement of use.
- Service Providers: EasySet may employ third-party companies and individuals for the following reasons –
- To facilitate EasySet Services.
- To provide the Service on our behalf
- To perform Service-related services.
- To assist EasySet in analyzing how the Service is used.
- To monitor and protect Client information and identify improper use.
6. Information EasySet collects:
- Statistical means and application improvements.
- Stats collected: Title (only) vulnerabilities used, titles (only) of Solutions for Consideration, Usage and Preference Information, assessment location, server logs, account creation information, device information and transaction information.
7. How EasySet uses the Information –
- To enhance the safety and security of our users and services.
- For the customer support.
- For research and development.
- To enable communications to users.
- To provide promotions.
- In connection with legal proceedings if applicable.
8. To Unsubscribe from EasySet Communications: Client/User may unsubscribe from EasySet marketing communications by clicking on the “unsubscribe” link located on the bottom of the e-mail or by sending an email to EasySet@EasySetGo.com. EasySet Client’s/Users cannot opt out of receiving transactional emails related to their EasySet account.
10. Children’s Privacy: EasySet Services do not address anyone under the age of 18. EasySet does not knowingly collect personally identifiable information from children under the age of 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact EasySet so that we will be able to take necessary actions.
11. Reviewing, Correcting and Removing Client’s Personal Information: The Client has the following data protection rights –
- Client can withdraw consent, request access, correction, updates or deletion of Client’s personal information at any time.
- Client has the right to complain to a data protection authority about our collection and use of personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada are available here.)