Privacy Policy

Purpose

This policy establishes the minimum requirements for the implementation and maintenance of a customer data privacy program at Harding and Carbone.

Scope

This policy applies to customers of Harding and Carbone application development services. This policy applies to all employees and third-parties responsible for managing Harding and Carbone systems.

Privacy Policy Requirements

Policy

Data Privacy Policies - Harding and Carbone will create and maintain written Data Privacy Policies that describe the ways in which sensitive customer information will be protected.

Distribution Of Privacy Policies - All Harding and Carbone privacy policies that a prospect or a customer may need to know must be publicly posted or otherwise periodically distributed to these same people.

Collection Limitation

Private Data Collection - The collection of private data by Harding and Carbone workers must be performed by lawful means, and only for a purpose related to the activities of Harding and Carbone.

Data Quality

Incorrect Personal Information - Whenever Harding and Carbone receives notice from customers that personal information held in its records is incorrect, it must promptly modify the information, or else append to the record an indication that this information is disputed and alleged to be incorrect.

Purpose Specification

Information Collection Notice - In every instance where personally-identifiable information (PII) is collected; an explicit and understandable notice must be provided at the time and place the information is collected. Where information which is not personally-identifiable is collected, notice about this collection must nonetheless appear in the posted privacy policy.

Use Limitation

Personal Information for Business Functioning - Harding and Carbone must collect, process, store, and disseminate only that information that is necessary for the proper functioning of its business.

Third Party Transfer

Transferring Private Data - Harding and Carbone must release private data only to third-party organizations that commit in writing to maintain the information with an adequate level of protection, as determined by the Information Security Manager.

Security Safeguards

Embedded Personal Information - Harding and Carbone information systems must not employ secret serial numbers, secret personal identification numbers, or any other secret mechanisms that might reveal the identity of, or activities of customers.

Personal Identifiers On Publicly-Accessible Locations – Personally Identifiable Information (PII), such as social security numbers, must not appear on any publicly-accessible location managed by or controlled by Harding and Carbone.

Account Number Intelligence - To protect customers against identity theft, Harding and Carbone does not use externally-meaningful identifiers as its own internal customer account numbers. Thus, Harding and Carbone customer account numbers must never be equivalent to social security numbers, driver's license numbers, or any other identifier which might be used in an unauthorized fashion by a third party.

Openness

Customer Access To Personal Information - Customers have a right to obtain confirmation from Harding and Carbone that personal information (PII) about them is kept on Harding and Carbone systems. The nature of the information kept and the uses to which this information is put will generally be provided. If this cannot be done, the reasons why Harding and Carbone has denied this request will nonetheless be promptly provided.

Individual Participation

Private Information Collection Consent - Harding and Carbone must obtain explicit consent from customers before it records any private information about them in a computerized information system.