Please read carefully prior to using this website and CSP Control Center
1. Data Collection
User should be aware that portions of this Website contain functions for collecting the User’s personal information including User’s name and email address as well as User’s accessing history of this Website. CSP Control Center may also collect and track information about User, including but not limited to User’s IP address, the type of browser User employs, and the referrer ID.
We require customers who register to use the CSP Control Center to give us contact information, such as their name, company name, address, and e-mail address.
At the time you express interest in obtaining additional information, or when you register for the CSP Control Center Service, we may also ask for additional personal information, such as title, department name or additional company information, such as annual revenues, number of employees, or industry. Users can opt out of providing this additional information by not entering it when asked. Users can view their updated profile to confirm their edits have been made.
2. Use and Disclosure of Information
CSP Control Center uses the information that we collect to set up the CSP Control Center for individuals and their organizations. We may also use the information to contact Users to further discuss User interest in our company, the CSP Control Center that we provide, and to send information regarding our company or partners, such as promotions and events.
Users of the CSP Control Center will be using this Website to host data and information (“Data”). Spektra Systems will not share, distribute, print, or reference any such Data except as provided in the Terms of Service, or as may be required by law.
Individual records may at times be viewed or accessed only for the purpose of resolving a problem, support issue, or suspected violation of the Terms of Service or as may be required by law. Of course, Users are responsible for maintaining the confidentiality and security of their user registration and password.
CSP Control Center may also collect certain information from Users of the CSP Control Center and visitors to this Website, such as IP address, Name, Email address, Company name.
This information is logged to help analyse and diagnose technical problems, and to administer our Website in order to constantly improve the quality of the CSP Control Center.
IP address is used to check against any malicious attacks previously recorded with us to avoid any security issues.
We may also track and analyse non-identifying and aggregate usage and volume statistical information from our visitors and Users and provide such information to third parties.
CSP Control Center offers subscription-based services where payment information may be required should the visitor wish to sign up for the services. If a User elects to use our referral service for informing a friend about our website, we ask them for the friend’s name and email address. CSP Control Center will automatically send the friend an email inviting them to visit our website.
Notwithstanding the above, CSP Control Center may in any event use and disclose information disclosed to it or collected by it through the Website to the extent required by any subpoena, legal process, court, judicial, regulatory or governmental authority, or if in CSP Control Center’s reasonable discretion use or disclosure is necessary to investigate fraud or any threat to the safety of any individual, to protect CSP Control Center ’s legal rights or to protect the rights of third parties. In the event that CSP Control Center is involved in a merger, reorganization, dissolution, sale of business or assets or similar event, information disclosed to or collected by CSP Control Center in connection with this Website may be transferred to CSP Control Center’s successor, or to the purchaser of such assets, as applicable.
3. Entry by User
Certain areas of this Website will require entry by the User of certain personal information as indicated above. CSP Control Center requires that the actual User input such information and that such information be accurate and current.
4. Use of User Information
CSP Control Center reserves the right to compile, save, use within the scope of CSP Control Centre’s activities, and analyse any and all User data (registration data, use history, etc.). CSP Control Center will use such User data for internal purposes only, including without limitation for the purposes of responding to User’s requests for information and for contacting User. CSP Control Center may provide aggregated statistics about Users to third parties, but such information will be aggregated so that it does not identify any particular User.
CSP Control Center may periodically send User information regarding CSP Control Center , its products and services. If User has been receiving such information and does not wish to continue receiving such information, User should contact CSP Control Center at firstname.lastname@example.org and let Spektra Systems know that User no longer wishes to receive such information. Alternatively, you can simply reply to an email from CSP Control Center and type “REMOVE” in the subject line.
6. Cookies and Tracking Technology
7. Third-Party Sites
Our Website has security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. Despite the above security measures employed by CSP Control Center, Users should be aware that it is impossible to guarantee absolute security with respect to information sent through the Internet.
Secured and encrypted protocol (HTTPS) is used for all sending data collected at customer environments.
CSP Control Center also enforces unique usernames and passwords that must be entered each time a User logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.
9. Blogs and other Forums on CSP Control Center
If you use a CSP Control Center blog, chat room, or another type of posting page, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other Users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums, or the use of such information by any third party.
CSP Control Center reserves the right to modify this Policy from time to time. If we make any substantial changes in the way, we use your personal information we will make that information available by posting a notice on this website. Therefore, User is advised to review this policy occasionally.
User’s continued use of this Website subsequent to CSP Control Center’s notice of modification of this Policy shall constitute User’s acceptance of the modified Policy.
11. Retention of Personal Information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in the “How to Access & Control Your Personal Data” below.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Spektra Systems service. We retain information derived from cookies and other tracking technologies for a reasonable period of 3 years from the date such information was created.
Deletion policy of above-mentioned data adheres to deletion of data permanently from Spektra Systems’ databases.
The data our customers collect by using the Subscription Service is retained according to the relevant agreements with our customers.
12. How to Access & Control Your Personal Data
Reviewing, Correcting and Removing Your Personal Information
- You have the following data subject’ rights:
- You can request access, correction, updates or deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here
To exercise any of these rights, please contact us at Privacy@spektrasystems.com or by mail to SPEKTRA SYSTEMS LLC – 8201 164TH AVE NE, SUITE 200 REDMOND WA 98052-7615, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
If you would like to access or control your data with one of our Customers or users of the Subscription Service, please contact the customer or user directly. Spektra Systems acts as a processor for our customers and will work with our customers to fulfil these requests when applicable.
The GDPR mandates notification requirements for data controllers and processors in the event of a breach of personal data. The information below discusses those provisions, how Spektra Systems tries to prevent breaches in the first place, how Spektra Systems detects a breach, and how Spektra Systems will respond in the event of breach and notify you as a data controller.
In the event of a breach of personal data that is likely to result in a high risk to the rights and freedoms of individuals (such as discrimination, identity theft, fraud, financial loss, or damage to their reputation), the GDPR requires Spektra Systems to:
13. Data Breach Notification and Reporting Policy
- Responsibilities as a Data Controller
Notify the appropriate Data Protection Authority (DPA) within 72 hours of becoming aware of it—for example, after Spektra Systems notifies Data Subject. If Spektra Systems don’t notify the DPA within that time period, Spektra Systems shall need to explain why to the DPA. This notice to the DPA is required even where there is a risk to individuals that is not likely to result in a high risk.
Notify the data subjects of the breach without undue delay.
Document the breach including a description of the nature of the breach—such as how many people were impacted, the number of data records affected, the consequences of the breach, and any remedial action your organization is proposing or took.
- Responsibilities as a Data Processor
After we become aware of a personal data breach, the GDPR requires us to notify you without undue delay. Where Spektra Systems is a processor our obligations reflect both GDPR requirements and our standard, worldwide contractual provisions. We consider that all confirmed personal data breaches are in scope; there is no risk of harm threshold. We will notify our customers whether the data breach was suffered by Spektra Systems directly or by any of our sub-processors. We have processes in place to quickly identify and contact security incident personnel you’ve identified in your organization. In addition, all sub-processors are contractually obliged to report their own breaches to Spektra Systems and provide guarantees to that effect.
- Definition of Data Breach under GDPR
Personal data means any information related to an individual that can be used to identify them directly or indirectly. A personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
- Detection of Data Breach
All our services and personnel follow internal incident management procedures to ensure that we take proper precautions to avoid data breaches in the first place. However, in addition, Online Services have specific security controls in place across our platforms to detect data breaches in the rare event that they occur.
- Response to Data breach
To support you in the event of a breach of personal data Spektra Systems has:
Security personnel trained on the specific procedures to follow.
Has policies, procedures, and controls in place to ensure that Spektra Systems maintains detailed records. This includes documentation that captures the facts of the incident, its effects, and remedial action, as well as tracking and storing information in our incident management systems.
- Data Breach notification to Data Subject
Spektra Systems has policies and procedures in place to notify you promptly. To satisfy your notice requirements to the DPA, we will provide a description of the process we used to determine if a breach of personal data has occurred, a description of the nature of the breach and a description of the measures we took to mitigate the breach.
- Spektra Systems investments in data security
In addition to our commitment to provide timely notification of breach, Spektra Systems strongly invests in systems, processes, and personnel to reduce the likelihood of personal data breach and to quickly detect and mitigate consequence of breach if it does occur.
Here is a description of some of our investments in this space:
Access Control Systems. Spektra Systems maintains a “zero-standing access” policy, which means that engineers do not have access to the service unless it is explicitly granted in response to a specific incident that requires elevation of access. Whenever access is granted it is done under the principle of least privilege: permission granted for a specific request only allows for a minimal set of actions required to service that request. To do this, Spektra Systems maintains strict separation between “elevation roles”, with each role only allowing certain pre-defined actions to be taken. The “Access to Customer Data” role is distinct from other roles that are more commonly used to administer the service and is scrutinized most heavily before approval. Taken together, these investments in access control greatly reduce the likelihood that an engineer in Spektra Systems inappropriately accesses customer data.
Security Monitoring Systems and Automation: Spektra Systems maintains robust, real-time security monitoring systems. Among other issues, these systems raise alerts for attempts to illicitly access customer data, or for attempts to illicitly transfer data out of our service. Related to the points about access control mentioned above, our security monitoring systems maintain detailed records of elevation requests that are made, and the actions taken for a given elevation request. Spektra Systems also maintains automatic resolution investments that automatically act to mitigate threats in response to issues we detect, and dedicated teams for responding to alerts that cannot be resolved automatically. To validate our security monitoring systems, Spektra Systems regularly conducts red-team exercises in which an internal penetration testing team simulates attacker behavior against the live environment. These exercises lead to regular improvements to our security monitoring and response capabilities.
Personnel and Processes: In addition to the automation described above, Spektra Systems maintains processes and teams responsible for both educating the broader organization about privacy and incident management processes, and for executing those processes during a breach. For example, a detailed privacy breach Standard Operating Procedure (SOP) is maintained and shared with teams throughout the organization. This SOP describes in detail the roles and responsibilities both of individual teams within Spektra Systems and centralized security incident response teams. These span both what teams need to do to improve their own security posture (conduct security reviews, integrate with central security monitoring systems, and other best practices), and what teams would need to do in the event of an actual breach (rapid escalation to incident response, maintain and provide specific data sources that will be used to expedite the response process). Teams are also regularly trained on data classification, and correct handling and storage procedures for personal data. Spektra Systems directs teams to purge any PII data shared by customer (in error) with permanent deletion of the email communication thread from our systems and report the same.
14. Contacting Spektra Systems
In some scenarios, a customer may become aware of a breach and may wish to notify Spektra Systems. The current protocol is for customers to notify Spektra Systems Support, which will then interface with engineering teams for more information. In this scenario, Spektra Systems engineering teams are similarly committed to providing the information customers need, through their support contact, in a timely fashion. Customers need to reach out to Spektra on email@example.com for any scenario that constitutes to a breach as per this policy. If you believe that CSP Control Center has not adhered to this Policy, please contact us electronically firstname.lastname@example.org , and we will use commercially reasonable efforts to promptly determine and remedy the problem.
15. Website Visitors from outside the United States
|2.0||Jun 2, 2020|