Privacy Policy

At EKI-Digital, we recognize that privacy is an important issue, so we design and operate our services with the protection of your privacy in mind at all times. This Privacy Policy outlines the types of personal protection we assure when you use EKI-Digital’s website, as well as some of the steps we take to safeguard it.

Information Sharing

We do not rent or sell your personally identifying information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:

  • We have your consent.
  • We provide such information to trusted businesses or persons for the sole purpose of processing personally identifying information on our behalf. When this is done, it is subject to agreements that oblige those parties to process such information only on our instructions and in compliance with this Privacy Policy and appropriate confidentiality and security measures.
  • We conclude that we are required by law or have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of EKI-Digital, its users or the public.

If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our services. We will not disclose your account information to other people or non-affiliated companies, except in the limited circumstances described in this Policy or with your consent.

In the event of a transfer of ownership of EKI-Digital, such as acquisition by or merger with another company, we will provide notice before any personally identifying information is transferred and becomes subject to a different privacy policy.

We may share aggregated information with others.

Information Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.

Data Security Policy

Our data protection policy sets out our commitment to protecting client data and how we implement that commitment with regards to the collection and use of client data.

We are committed to:

  • Ensuring that we comply with the data protection principles, as listed below.
  • Ensuring that data is collected and used fairly and lawfully.
  • Processing client data only in order to meet our operational needs or fulfill legal and contractual requirements.
  • Establishing appropriate retention periods for client data.
  • Ensuring that data subjects’ rights can be appropriately exercised.
  • Providing adequate security measures to protect client data.
  • Ensuring that all staff is made aware of standard practice for data protection.
  • Ensuring that queries about data protection, internal and external to the organization, is dealt with effectively and promptly.
  • Regularly reviewing data protection procedures and guidelines within the organization.

Our data protection principles:

  • Client data shall be processed fairly and lawfully.
  • Client data shall be obtained with the purpose of completing our contractual obligation to the Client, and shall not be further processed in any manner incompatible with that purpose.
  • Client data (processed or unprocessed) shall not be kept for longer than is necessary to complete our contractual obligation to the Client. As such, all Client data will be deleted automatically by our internal data security system90 days after the client’s project has been completed.
  • Appropriate technical and organizational measures shall be taken against the unauthorized processing of Client data, and against the accidental loss, destruction, or damage to client data. To this end, Client data will be stored on our servers and protected with 128-bit encryption. Each file will be protected with a unique password, which will be held only by the Project Manager and analysts assigned to the project.

to help us identify ways to improve it and, eventually, to determine how we can tailor our website to make it a more positive and relevant user experience.

Data Breach Notification Policy

  1. Purpose

EKI-Digital’s Data Breach Notification Policy (“Policy”) has been developed to provide for a reasonable and consistent response to data breach incidents involving Personal Data. The objective of this Policy is to ensure that EKI-Digital responds appropriately to data breaches and ensures that the appropriate notifications are made when necessary, in compliance with Applicable Laws.

Compliance with this policy is in place to both minimize potential damages that could result from a data breach and to ensure that parties affected by a data breach are properly informed of how to protect themselves.

  1. Definitions

2.1 “Customer” means a third party that has entered into a binding, written agreement with EKI-Digital for the provision of Services.

2.2 “Customer Personal Data” means any Personal Data Processed by EKI-Digital on behalf of a Customer pursuant to or in connection with a customer agreement;

2.3 “Employee” means a natural person employed by EKI-Digital for wages or salary.

2.4 “Employee Personal Data” means any Personal Data of natural persons Processed by EKI-Digital in connection with the performance of a contract of employment or for purposes of recruitment.

2.5 “GDPR” means EU General Data Protection Regulation 2016/679;

2.6 The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly

  1. Scope

This Policy applies in the event of a Personal Data Breach under Article 33 of the GDPR – Notification of a personal data breach to the supervisory authority – and Article 34 – Communication of a personal data breach to the data subject.

This Policy is applicable to all directors, officers, and employees of EKI-Digital and any other individual or entity acting for or on behalf of EKI-Digital, whether operating inside or outside the United States (collectively “Covered Persons”). Third parties, including but not limited to consultants, agents, intermediaries, and joint-venture partners, must be informed about this Policy and agree to comply with its tenets.

  1. Data Breach Response Team

The following positions/individuals will constitute EKI-Digital’s Data Breach Response Team (or “Team”) for purposes of this Policy:

  • Data Privacy Officer
  • Complaince Officer
  • Chief Operating Officer
  • Human Resources Representative
  • Customer Support Representative
  • Security Representative
  1. Personal Data Breach

5.1 Customer Personal Data. EKI-Digital shall notify Controller without undue delay after becoming aware of a Personal Data Breach. Such notification shall at least: (i) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) describe the likely consequences of the personal data breach; and (iv) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

5.1 Employee Personal Data

5.1.1 To the Data Subject. EKI-Digital shall, without undue delay and, where feasible, communicate the personal data breach to the data subject. The communication to the data subject referred to in paragraph 1 of this Article shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33(3).

5.1.2 To the Supervisory Authority. EKI-Digital shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data Breach to the supervisory authority competent in accordance with Article 55. 2 Such notification shall at least: (i) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) describe the likely consequences of the personal data breach; and (iv) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

  1. Last Updated 11/19/2018