# Data Compliance **Data Compliance Document for iSyndicate.io** International Syndication Company LLC.\ Last updated: 1st September 2023 *** **Table of Contents** 1. Introduction 2. Purpose 3. Scope of Compliance 4. Definitions 5. Data Collection Methods 6. Data Elements Collected 7. Data Storage and Encryption 8. Data Sharing and Internal Usage 9. User Rights and Consent Mechanisms 10. Data Retention and Deletion 11. Security Measures 12. Data Audits and Accountability 13. Incident Response and Data Breach Procedure 14. Data Protection Officer (DPO) 15. Training and Awareness 16. Non-Compliance Penalties 17. Amendments 18. Contacts *** **1. Introduction** This Data Compliance Document outlines the policies and procedures in place at iSyndicate.io for ensuring the secure and compliant management of data. It is intended to align with legal and ethical standards for data protection and privacy. *** **2. Purpose** The purpose of this document is to provide clear guidelines for data compliance related to iSyndicate.io, specifically regarding data collection, storage, sharing, and usage. *** **3. Scope of Compliance** This document is applicable to all data collected via iSyndicate.io from registered users. This includes data collected through inquiry forms. *** **4. Definitions** * Personal Data: Any information related to an identified or identifiable natural person. * Processing: Any operation performed on personal data, whether or not by automated means. * Data Subject: The individual whose personal data is being processed. * Data Controller: The entity that determines the purposes and means of processing personal data. *** **5. Data Collection Methods** * Form Submission: A form on iSyndicate.io collects contact information after the user consents to our privacy policy. *** **6. Data Elements Collected** | Data Element | Source | Purpose | | --------------- | ------ | ---------------- | | Name | User | Identification | | Email | User | Communication | | Inquiry Details | User | Customer support | *** **7. Data Storage and Encryption** * Storage: All data collected via iSyndicate.io is stored in salescloud.isyndicate.io, our internal CRM system. * Encryption: All stored data is encrypted using AES 256-bit encryption. *** **8. Data Sharing and Internal Usage** * Internal Sharing: Data is used internally for sales, marketing, and customer service. * Third-Party Sharing: There is no third-party sharing of data collected via iSyndicate.io. *** **9. User Rights and Consent Mechanisms** * Consent: A checkbox is provided to obtain explicit user consent before data collection. * Rights: Users have the right to access, correct, and delete their data. *** **10. Data Retention and Deletion** * Retention Policy: Data is retained indefinitely unless a deletion request is made by the user. *** **11. Security Measures** * Firewall: AWS firewall services are implemented to restrict unauthorized access. * Encryption: Data is encrypted both at rest and in transit. *** **12. Data Audits and Accountability** * Audit Logs: All access to and actions on data are logged for audit purposes. * Accountability: Employees with access to data are trained and accountable for compliant handling. *** **13. Incident Response and Data Breach Procedure** * Incident Response Team: Headed by the Data Protection Officer, this team is responsible for managing data breaches. * Notification: In the event of a breach, affected parties will be notified within 72 hours. *** **14. Data Protection Officer (DPO)** * Name: Mr. Chris York * Experience: 15 years * Role: Overseeing data protection strategy and its implementation to ensure compliance. *** **15. Training and Awareness** * Employee Training: All employees are required to undergo data protection training. *** **16. Non-Compliance Penalties** * Internal Penalties: Employees found in violation may face disciplinary action up to and including termination. *** **17. Amendments** This document may be periodically updated to reflect changes in laws, technologies, or company policies. *** **18. Contacts** For further queries and clarifications, please contact Mr. Chris York, Data Protection Officer.