Last Updated: June 21st, 2020
Please carefully review the following to understand how we will collect, use and store your personal information. The Policy also describes your options regarding use, access and correction of your personal information.
Protection of Your Personal Information
ConnectTMA takes the security of your personal data very seriously. We strive to protect your information by taking appropriate physical, technical and organizational measures to safeguard against unauthorized or unlawful access, use, processing or alteration of the personal information that we obtain from you through our Services and against any breaches or loss of such personal information, such as anonymization, pseudonymization, encryption (such as encrypted by Transport Layer Security [HTTPS] during transmission), restricted access, and other such measures. We are not responsible for the security of any independent third-party applications and services or the data those third-party applications and services may collect about you. Please request those third parties provide information on how they keep your data secure.
The laws relating to the privacy and protection of your personal data are continuing to evolve. ConnectTMA recognizes that you have inalienable and justifiable rights to your own personal information. We recognize your right to object to certain types of processing, including direct marketing (i.e. receiving emails from us notifying you about other services which we think will be of interest to you or being contacted with varying potential opportunities). We also recognized your right to be informed about how we use your data. This Policy is intended to provide you with clear, transparent and easily understandable information about how we use your information. We want to be sure you are aware and can check that we are using your information in accordance with data protection law. We recognize your right to have your information corrected if it is inaccurate or incomplete. Additionally, should you want your information to be deleted, we can remove your information that we hold. We also recognize your right to withdraw consent. If you have provided us with consent to use your information, you may withdraw your consent at any time (although if you do revoke consent, it does not mean that ConnectTMA has done anything with your personal data that is unlawful).
Information You Provide to ConnectTMA
We collect information you provide directly to us, including when you visit our website, register for our Services and/or use one of the Services. When you use our Services you may provide information to us, both online and offline, including, for example, information you provide when you register with ConnectTMA, your name, organization name, email address, street address, phone numbers, fax numbers, date of birth, identifiers for devices you use to access our Services, location data, photos, videos and demographics (gender, company or organization name, occupation, language preference, city, country, postal code, area code, time zone, etc.). If you purchase Services from us, we may also store your payment information as required. We may hold and associate any information you provide us with together with information gathered from other sources, including any accounts that you choose to associate with your use of the Services, or with information we receive from other companies.
Information ConnectTMA Collects Automatically
When you use the Services, we automatically collect some information. We may collect information about your usage of and activity on our Services. When you visit our websites, information we may automatically log includes, for example, your operating system, Internet Protocol (IP) address, access times, browser type and language and the website that you visited before visiting our website.
ConnectTMA Use of Your Information
- We may use your information, including personal information, as follows:
- To provide requested services or perform a contract with you;
- To provide and deliver products and Services that you request;
- To process the post transaction requested by you;
- To send you information related to your requests, queries and purchases, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages; where we have your consent to send you marketing communications, including about promotions, rewards, upcoming events and news about products and services offered by ConnectTMA; where we have a legitimate interest in improving your customer experience;
- To operate and improve our websites, Services and marketing;
- To respond to your comments and questions and provide customer service;
- To compile information to be able to provide you with a personalized and customized experience, content, marketing and recommendations across our Services (in line with your choices as relates to receiving any direct marketing communications);
- To filter the content to be displayed as part of the Services;
- To compile usage and other statistics and insights relating to the Services;
- To prevent, investigate and deter against fraudulent, unauthorized or illegal activity, and ensure network and information security;
- To facilitate sharing of information and content that you choose to upload via social media;
- Where we have a legal obligation, to protect, investigate and deter against fraudulent, unauthorized or illegal activity;
Where your personal information is necessary for us to be able to provide you with requested services we make this clear on collection. If you decline to provide us with this information or object to continued processing of this information, we will be unable to provide such requested services to you. If you object to the processing of your personal data for marketing communications or if you withdraw your consent, we are obliged, according to data protection law, to enter the required data (name, e-mail address) in our internal emailing system in order to ensure the ongoing observance of your objection or of your withdrawal of consent. We will use your blocked data exclusively for this purpose.
Information We Share
Information that we collect may be retained for as long as needed to fulfill the purposes outlined in the “ConnectTMA Use of Your Personal Information” section above, or for a period of time specifically required by applicable regulations or laws such as retaining the information for tax and accounting purposes. When determining the relevant retention periods, we will take into account factors including our contractual obligations and rights in relation to the information involved; legal obligations under applicable laws to retain data for a certain period of time; statute of limitations under applicable laws; potential disputes; and guidelines issued by relevant data protection authorities. We strive to adhere to information minimization, utilizing your personal data only for specified purposes and only for the time required. We securely erase your information once the information is no longer needed. Please contact us if you would like more information on how long we retain your information.
Information Choice and Changes
We make sure that our marketing emails tell you how to “opt out” of receiving further marketing emails. If you opt-out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you and may include a request that you participate in surveys related to your use of, and satisfaction with, the Services. You may send requests about your personal information to us through our contact information below. You may request to change contact choices or marketing choices and to update, access, delete or make other changes regarding your personal information or content that you post on the Services in line with your rights above. We may not honor all such requests unless required by law. When you use our Services, we and third parties may give you choices about certain mechanisms for tracking, including tracking of your online activities over time and across different websites, Third-Party Sharing Services, third-party platforms. We may provide you with settings that allow you change how we, and others, collect certain information about you. Many browsers are set to accept cookies unless and until you change your settings. Removing or rejecting our cookies could affect how our websites and Services work for you and could delete or disable opt-out cookies set by us and third parties. There are many other ways in which web browser signals and similar mechanisms can indicate your choice to disable tracking, and we may not be aware of nor honor every such mechanism.
Where ConnectTMA Stores Your Information and the Transfer of Your Information
The information that we collect may be stored on our servers and transferred to, stored and processed in the United States and any other country where ConnectTMA maintain facilities, depending on where you use our services.
We welcome your comments or questions about this Policy. Please email us at [email protected]
Last Updated: June 21st, 2020
How we handle security
As a data-focused technology company, we care about your data. Additionally, we strive to be transparent about our policies and security practices. We welcome your feedback and are always looking for ways to improve the security of our platform.
Here is a brief overview of our Data Security model.
Secure Communication (data in motion)
All our endpoints are encrypted using the TLS protocol suite (the successor of SSL). This includes internal communication between subsystems. This prevents a variety of potential security issues, including snooping and man-in-the-middle attacks.
Token Based Authentication
We use OpenID Connect as an identity layer. OpenID Connect is built on top of the OAuth 2.0 protocol. This protocol allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.
Accounts & Credentials
The most common data security issues are caused by lost, stolen, or misused account credentials. For this reason, we require each user to register for the ConnectTMA platform with their own unique account credentials. While each user is responsible for maintaining the confidentiality and security of their own ConnectTMA account credentials, we can provide additional password related features for organizations when requested.
Our password policy includes the following enforced provisions:
- Password History – Prevents the reuse of passwords
- Personal Data – Passwords can’t include any personal data
- Password Strength
- Must be 8+ characters in length
- Requires Lower case, upper case, and numbers
- Password Dictionary – will not allow 10k most common passwords as well as any additional entries added
Encrypted Password Data
All passwords are encrypted using a one-way password hashing algorithm. This means that any potential leak of user data from our servers will remain encrypted. This significantly reduces the risk of password exposure in the unlikely event of a breach of our password database.
In addition, if a user knows or has any reason to suspect that their credentials have been lost, stolen, or misappropriated, we recommend a password reset using the forgot password page.
We have built in Anomaly Detection, which can alert you to suspicious activity, as well as block repeated, hostile login attempts — this is often referred to as brute-force protection.
All imported data and generated reports are stored on dedicated database servers segmented from our web servers. The reports are protected from SQL injections by the means of data segregation and prepared statements.
In order to prevent the loss of data and to quickly recover from any loss of data, we take daily backups of our database and all associated systems. Further, our database systems are protected by continuous backups at the database level, and we maintain full Point in Time Recovery ability.
The information and data that we collect will be stored on our servers within Amazon Web Services and may be transferred to, stored and processed in the United States or any other country where ConnectTMA or Amazon Web Service maintains facilities, depending on where you use our services.
The Amazon Web Services Data Privacy FAQ can be found here: https://aws.amazon.com/compliance/data-privacy-faq/