Data Compliance

International Syndication Company LLC. Last updated: 1st September 2023

Table of Contents

1. Introduction

2. Purpose

3. Scope of Compliance

4. Definitions

5. Data Collection Methods

6. Data Elements Collected

7. Data Storage and Encryption

8. Data Sharing and Third-Party Involvement

9. User Rights and Consent Mechanisms

10. Data Retention and Deletion

11. Security Measures

12. Data Audits and Accountability

13. Incident Response and Data Breach Procedure

14. Data Protection Officer (DPO)

15. Training and Awareness

16. Non-Compliance Penalties

17. Amendments

18. Contacts

1. Introduction

This document outlines the data compliance guidelines and obligations for b2bmedium.com, a platform owned and operated by International Syndication Company LLC. ("The Company"). The document aims to encapsulate all aspects of data collection, storage, usage, and dissemination while ensuring alignment with various international and domestic data protection laws and regulations.

2. Purpose

The purpose of this document is to ensure a uniform understanding and application of data compliance protocols within the organization and among its partners. The document serves as the definitive guide for how user data should be handled to meet both ethical and legal standards.

3. Scope of Compliance

This document is applicable to all forms of data—whether electronic or paper-based—collected from users, subscribers, and other entities interacting with b2bmedium.com. It also extends to internal employees, external clients, vendors, and third-party services with whom data may be shared or who have access to such data.

4. Definitions

• Personal Data: Any information relating to an identifiable individual.

• Consent: Explicit approval by the data subject.

• Data Subject: Any individual whose data is being collected, held, or processed.

• Processor: Any entity that processes data on behalf of the Data Controller.

5. Data Collection Methods

• Manual Registration: Users can register by filling out a form with their email, name, and other details.

• LinkedIn Sign-in: We use the LinkedIn API to facilitate easier registration and data pre-filling.

• User Behavior Analytics: Activities such as clicks, downloads, and searches are tracked to gauge user intent.

6. Data Elements Collected

7. Data Storage and Encryption

• Database: AWS almalinux instance running MySQL

• Encryption: AES 256-bit encryption

• Access Control: Role-based access is controlled by a centralized Identity and Access Management (IAM) system.

8. Data Sharing and Third-Party Involvement

• Clients: Data is shared with clients for the purpose of B2B lead generation, only after explicit user consent.

• Third-party Services: No third-party services are currently involved in data handling.

9. User Rights and Consent Mechanisms

• Consent at Collection: Clear consent mechanisms are in place at every point where personal data is collected.

• Right to Amend: Users can amend their personal details, preferences, and consent at any time through their account dashboard.

• Right to Erasure: Users can delete their account, which results in the deletion of all associated data.

10. Data Retention and Deletion

• Retention Period: Data is retained until the user deletes their account or explicitly requests deletion via email.

• Automatic Deletion: Inactive accounts are auto-deleted after 12 months.

11. Security Measures

• Firewall: A robust firewall is set up to prevent unauthorized access.

• Monitoring: Constant monitoring for any unauthorized activities or security breaches.

• Security Audits: Periodic internal and external security audits.

12. Data Audits and Accountability

• Audit Logs: Comprehensive logs of all data-related activities.

• Quarterly Audits: Conducted both internally and by external auditors.

13. Incident Response and Data Breach Procedure

A detailed plan outlining the steps to be taken in case of a data breach, including notifications to affected data subjects and legal bodies.

14. Data Protection Officer (DPO)

Mr. Chris York serves as the DPO. He is responsible for ensuring compliance with this policy and can be reached at dpo@isyndicate.io.

15. Training and Awareness

Regular training sessions for employees on data compliance requirements, procedures, and best practices.

16. Non-Compliance Penalties

Failure to comply with this document may result in penalties as outlined in various applicable laws and regulations.

17. Amendments

This document may be amended periodically to adapt to changes in laws, technologies, or company policies.

18. Contacts

For queries or clarifications, please contact dpo@isyndicate.io.