This policy is designed to inform you of the Tech180 policy regarding the collection, use and disclosure of information we receive from users of the Site. By using the Site, you agree to the collection and use of information in accordance with this policy. Tech180 may disclose information received from users where Tech180 reasonably believes that disclosure of such information is necessary to comply with law (including court and government orders, and civil subpoenas) or to Tech180’s agents and advisors so that they may provide their services to Tech 180, and only under strict confidentiality restrictions.
INFORMATION COLLECTION, USE, AND SHARING:
When using the Site, you may provide us with certain personally identifiable information that can be used to provide services to you. Personal identifiable information may include, but is not limited to your name, address, telephone number, email address, or any other information deemed necessary to provide the services.
Any audio or video content on the Site is for marketing and promotional purposes only and may not be duplicated by visitors.
We take precautions to protect your information. When you submit sensitive information via the Site, your information is protected both online and offline. Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser or looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment. Tech180 currently uses Suite3, 180 Pleasant Street, Easthampton, MA 01027 which is independently certified annually for data security.
Tech180 recognizes the importance of protecting our users’ privacy. To that end we have created this privacy statement in order to demonstrate our commitment to privacy. Information on how Site content can and cannot be used is also listed below. Please note that laws and regulations above and beyond Tech180 ‘s policies may apply to commercial electronic messages sent to individuals who have elected to list their contact information on the Tech180 website. Tech180 strives to comply with all privacy laws.
WHAT INFORMATION IS COLLECTED
Tech180 and its Web hosting company, acting as Tech180’s agent, collect and store technical information about your visit to our website. We use this information for statistical purposes to make our Site more accessible to visitors and the information we collect is not provided to any other third party. Specifically, we may record:
- The name of the domain from which you access the Internet.
- The Internet address of the website from which you linked directly to our Site, if any.
- The type of Web browsing software and operating system you are using to view our Site.
- The date and time you access our Site.
- The pages you visit on our Site.
- The amount of time spent on the Site.
Some parts of the Tech180 website may use a “cookie,” which is a file placed on your computer hard drive, that allows the Tech180 Web server to log the pages you use in the Tech180 Site and to determine if you have visited the Site before. The Tech180 server uses this information to provide certain features during your visit to the Site. You can set your browser to warn you when placement of a cookie is requested and decide whether or not to accept it. By rejecting a cookie, some of the features available on the Site may not function properly. We use Google Analytics to collect Internet Protocol address and other personal information from browsers. Please do not share personal information on the site.
HOW INFORMATION COLLECTED IS USED
Demographic and profile data collected at our Site may be added to a database maintained by Tech180 to customize your website experience. It may be used to contact users of the Site for online surveys or advocacy purposes if the user has indicated an interest. No personal information is ever shared or sold to a third party.
LINKS TO OTHER SITES
The Site may contain links to other Sites. Tech180 is not responsible for the privacy practices of such websites. Inclusion of links to an outside website, whether in an advertisement or content area of Tech180’s website, is not an endorsement of the website or a guarantee that the information it contains is accurate.
Our Site may make list servers and Web forums available to its users. Any information that is disclosed in these areas becomes public information, and you should exercise caution when deciding to disclose personal information.
“Tech180” is a Massachusetts corporation dedicated to innovative products, services and software development for the aerospace industry.
Legislation and attention in the U.S. on data privacy has been focused on the collection of personally identifying information (PII) by businesses and organizations, the right of consumers to share or not share that information, and how PII can be used by third parties. Any personally identifying information contained in data that Tech180 processes and aggregates was collected by Tech180 clients. Therefore, Tech180’s data privacy focus is limited to describing to clients the precautions, systems and protections utilized by the company to bring in and store data, and prevent unauthorized data access; to make transparent the security and privacy services/systems utilized; and to demonstrate company compliance with Tech180’s own data security and privacy controls. And finally, this policy addresses Tech180’s approach to data disposal and data breach disclosure.
- Personally Identifying Information
Protecting information that could be used to identify an individual’s identity is of primary concern politically, socially and legislatively today. As described above, this information is referred to as Personally Identifying Information, or PII.
PII is categorized as either Non-Sensitive PII or Sensitive PII. Non-Sensitive PII makes it possible to identify, contact, or locate a single person. For example, names, addresses, phone numbers and email addresses constitute Non-Sensitive PII. When Non-Sensitive PII is combined with other information it is possible to construct behavioral profiles of individuals and groups of individuals that can be used for analysis and marketing purposes.
Sensitive PII is currently defined by the Federal Communications Commission (FCC) as credit card numbers, financial account numbers, government issued ID numbers, health information, or information regarding children. Both federal and state-by-state laws exist to regulate the collection and storage of this information. Tech180 does not store any Sensitive PII.
The objective of Tech180’s Data Security and Privacy controls are intended to mitigate against the risk of a data breach that could result in PII being stolen and used for unauthorized purposes.
- Data Collection
The data collected by Tech180 client organizations includes non-sensitive PII, such as names and addresses, as well as purchase transaction information. The majority of this information is collected and immediately stored on the server hosted for Tech180. It is the responsibility of the collecting organization to govern end user privacy and security processes, based on applicable federal and state laws.
Related to the subject of data collection is the transportation or transmission of collected data. Tech180 requires its partners to utilize its secure data transmission process to protect against the risk of data theft during the file transport process. This method eliminates the need for the common, unsecure practice of attaching data files to emails for transmission.
Clients send data to Tech180 via SFTP (Secure File Transfer Protocol). SFTP is based on SSH (Secure Shell), which is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Tech180 also employs a robust firewall to protect data and software assets.
- Data Storage
Data stored on computer storage devices is subject to a variety of data security risks. These include unauthorized access to the actual computers and the physical data center where the computers are located, as well as safe handling of data backup media.
Data Center Security
Tech180 provides a physically secure data center where the computers, network equipment, source software and data storage media are located. Best practice security controls are utilized to ensure that only authorized individuals have access, all access is logged and access to the data center is recorded with video surveillance, 7 x 24 daily. The data center room itself is located within a building that employs 7 x 24 security personnel, card key access, and multiple secure locking access points. Tech180 currently uses Suite3, 180 Pleasant Street, Easthampton, MA 01027 which is independently certified annually for data security.
Tech180 also follows a secure data backup process to protect against unauthorized access to backup media and to ensure rapid recovery of client data in the case of multiple types of data loss or corruption. Tech180’s backup and recovery processes mitigate against risk of natural disasters including fire, earthquake, power loss, and floods. Tech180 conducts full back ups nightly. The data is retained in a secure environment for five years. Other data storage risks that pertain to our production computer servers include:
- firewall protection
- login authentication
- secure network connections
- anti-virus and malware protection
Traveling Laptop and other portable devices Security:
In addition to data storage on Tech180 computer servers located in its data center, Tech180 consultants and staff work with client PII and transactional data on PCs and laptops. Tech180 controls that mitigate the risk of stolen data from these sources include the use of a central file server where all client working files and final deliverables are located, as well as delivering to clients’ password-protected data files via portal laptops and removing the files immediately after client delivery.
- Data Use
Tech180 processes client data by performing two primary services that enable its use for direct response campaigns and data analysis/research. The first service is name and address correction, often referred to as “data hygiene” or “NCOA (National Change of Address)”, which updates patron address information to current postal service standards. This process enables correct unique household identification. Name and address correction is performed by Tech180 in-house, while a contracted service with a leading data services provider is used for national change of address corrections. Tech180’s contract with this provider assures this data is not used for any purpose other than the intended processing. When the cleaned data is returned to Tech180 it is validated for record counts and stored within the secure data center.
Tech180 also offers clients either self-service or Tech180-administered segmentation. This service aggregates patron data into manageable segments, making list creation, trades, and reports much simpler to work with.
As described in the Overview, Tech180 retains rights to utilize aggregated data, which is stripped of PII. The aggregation process itself ensures that the risk of disclosing PII is removed.
- Data Disposal
Tech180 will honor requests to remove from its data center PII and transaction data provided to Tech180 for data services. The process utilized by Tech180 removes names, addresses and the associations to transaction and organizational information. This enables Tech180 t