ISP28 – PRIVACY POLICY

ISO/IEC 27001:2013 – Control A.18.1.4
NIST 800-171 – Control 3.6.1

Policy Document

Preamble

NMR Consulting (“NMR”) understands the need for determining and enforcing all privacy related rules and regulations. To this end, NMR has produced this privacy policy aligned to the requirements of ISO/IEC 27001: 2013 and NIST 800-171 to ensure that the Company shall comply with all relevant standard requirements.

Privacy Policy

At NMR, we are committed to maintaining the confidentiality and security of any personal information about our employees, partners and clients. Your privacy is always at the top of our priorities, and we are focused on protecting it from unauthorized access. This Privacy & Security Policy spells out how we collect, use, and disclose information from or about you.

Users can access NMR services (“Services”) via our websites or applications on Devices. A “Device” is any device used to access the NMR Services, including without limitation a computer, mobile phone, tablet, or other electronic device. By using our “Services” you are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy & Security Policy. The use of information collected through our service shall be limited to the purpose of conducting business with/for NMR customers (“Customers”).

The Information We Collect and Store

NMR employees are prohibited from viewing the content of the data you provide to the company, except as provided in this Privacy & Security Policy. Of course, in the case that you request our help to resolve your support issues relating to that data, and only after receiving your permission, NMR employees may access the relevant data.

We may collect and store the following information:

Information You Provide

When we securely collect personal information, such as your name, phone number, email address, and business postal addresses.

Your Data and Other Information About You

With your permission, NMR collects and stores information you provide and/or as otherwise described in this Privacy & Security Policy.

Log Data

When you access our web sites, we may automatically collect certain information from your device, its software, and your activity using the Services. This may include, for example (but without limitation), the Device's Internet Protocol (“IP”) address, browser type, the web page visited before or after you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata, and interactions with the Service.

Cookies

We also may use “cookies” to collect information and provide and improve our Services. A cookie is a small file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to our Services. We may use “session ID cookies” to enable certain features of the Services, to better understand how you interact with the Services, to monitor aggregate usage and web traffic routing on the Services, and to enable third-party vendors, including Google, to serve ads based on someone's past visits to our website. This also enables third-party vendors, including Google, to show our ads on sites across the internet. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.

Our affiliates use cookies to make it easier for us to gather analytics about site usage and to help us provide interactive support for our users. The use of cookies by our affiliates is not covered by our privacy policy. We do not have access or control over these cookies.

Widgets

Our websites may include social media features, such as the Facebook Like button and widgets, such as the “Share This” button for Twitter and LinkedIn. These features may collect your IP address and the page you are visiting on our site, and they may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.


How We Use Personal Information

Personal Information

In the course of using our Services, we may collect or otherwise obtain information that can be used to contact or identify you (“Personal Information”). Personal Information is or may be used: (i) to provide and improve Services, (ii) to administer your use of Services, (iii) to recommend follow-up reminders, assign tasks, or personalize services, and (iv) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us that are not required for our Services, please follow the "unsubscribe" instructions provided in any of those communications or update your account settings information.

Analytics

We also collect some information (ourselves or using third party services) that requires using logging and cookies, such as IP address, which can sometimes be correlated with Personal Information. We use this information for the above purposes and to monitor and analyze use of Services, for technical administration, to increase service functionality and user-friendliness, to verify users have the authorization needed for the Services to process their requests, and for advertising purposes.


Information Sharing and Disclosure by Us

No Sale of Personal Information

We do not sell Personal Information to third parties.

Service Providers, Business Partners and Others

We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve Services (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of Service features). These third parties may have access to your information for purposes of performing these tasks on our behalf and under obligations like those in this Privacy Policy.

Third-Party Applications

As of the date this policy went into effect, NMR has never and will not share your information with a third-party application. In the future, with your consent, we may share your information with a third-party application (for example when you choose to access our Services through such an application). We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy that is acceptable to you.

Compliance with Laws and Law Enforcement Requests; Protection of NMR Consulting 's Rights

We may disclose to third parties data stored in your NMR Consulting account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of NMR Consulting or its users; or (d) to protect NMR Consulting 's rights. If we provide any data stored in your NMR Consulting account to a law enforcement agency, we will remove NMR Consulting 's encryption from the information before providing it to law enforcement.

Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email, sign in notification, and/or a prominent notice on our website) if that happens or if your information otherwise becomes subject to a different privacy policy in lieu of this one. We will also notify you of choices you may have regarding the information.

Changing or Deleting Your Information

For questions about changing or deleting your Personal Information, please info@nmrconsulting.com. We will respond to your inquiry within 7 business days.

Data Retention

Our intention is to retain your information as long as needed to provide you with the Services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may request removal of your information. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete information from our servers files if you have that information in common with other users.

Security

NMR Consulting stresses its privacy and security standards. Although no one can guarantee absolute security, we regularly re-evaluate our privacy and security policies in order to adapt to new challenges. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. We encrypt the most sensitive data that you store on NMR Consulting using at least 128-bit TLS encryption, which is the same encryption standard used by banks to secure customer data.

Changes to our Privacy & Security Policy

If we make a change to this privacy policy, we will provide you with notice (for example, by email, a sign-in notification, or some other means) prior to the change becoming effective. By continuing to use the Service after those changes become effective, you are agreeing to be bound by the revised Privacy and Security Policy; if you do not agree to the change, simply don't use the Service after the change is effective, in which case the change will not apply to you.

Technical Requirement Details

Responsibility for upholding ISO and NIST policies are truly company-wide under the authority of the Director of Information Security who encourages the personal commitment of all staff to address information security as part of their skills.


Contacting Us

If you have any questions about this Privacy Policy, please contact us at info@nmrconsulting.com.