# Data Compliance Data Compliance Document for data.isyndicate.io International Syndication Company LLC.\ Last updated: September 2023 *** **Table of Contents** 1. Introduction 2. Purpose 3. Scope of Compliance 4. Definitions 5. Data Collection Methods 6. Data Elements Collected 7. Data Storage and Encryption 8. Data Access and Export Controls 9. Data Validation 10. Security Measures 11. Data Audits and Accountability 12. Incident Response and Data Breach Procedure 13. Data Protection Officer (DPO) 14. Training and Awareness 15. Non-Compliance Penalties 16. Amendments 17. Contacts *** **1. Introduction** This document outlines the practices and guidelines concerning data compliance for the web application data.isyndicate.io. *** **2. Purpose** To establish and describe how data.isyndicate.io collects, processes, stores, and manages sensitive and non-sensitive data. *** **3. Scope of Compliance** This policy applies to all data stored within the data.isyndicate.io platform. *** **4. Definitions** * Administrator: Users with the highest level of data access. * Manager: Users with limited data oversight. * Resource: External contributors to the database. *** **5. Data Collection Methods** * Manual Entry: By staff and resources. * Automatic Collection: Through integration with mailbooster.icrmsoftware.com for email validation. *** **6. Data Elements Collected** | Data Element | Source | Purpose | | ------------ | ------- | ----------------- | | Name | Various | Identification | | Email | Various | Communication | | Company Info | Various | Business Outreach | *** **7. Data Storage and Encryption** * Storage: Data stored on AWS AlmaLinux instance. * Encryption: AES 256-bit encryption for at-rest data. *** **8. Data Access and Export Controls** * Administrator: Can export up to 10k records in CSV. * Manager & Resource: Can view but not export. *** **9. Data Validation** * Email Validation: Through integration with mailbooster.icrmsoftware.com. *** **10. Security Measures** * Firewall: AWS firewall services in place. * Access Control: Strict role-based access controls. *** **11. Data Audits and Accountability** * Logs: Access logs and action trails maintained for audit. * Accountability: Regular compliance checks. *** **12. Incident Response and Data Breach Procedure** * Response Team: Managed by DPO. * Notification: Within 72 hours of identifying the breach. *** **13. Data Protection Officer (DPO)** * Name: Mr. Chris York * Role: Overall compliance oversight. *** **14. Training and Awareness** * Mandatory Training: For all team members. *** **15. Non-Compliance Penalties** * Fines: Applicable as per policy. *** **16. Amendments** This document is subject to change to remain compliant with legal and technological advancements. *** **17. Contacts** * DPO: Mr. Chris York