NSTIS

Privacy Policy

Last updated: December 2024

1. Introduction

I&S SOOM Technology ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our iS&T Policy Dashboard service (the "Service").

This Privacy Policy applies to all users of the Service, including government agencies, research institutions, and individual researchers. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization, and other contact information necessary to provide the Service.

Survey Data

We collect and store survey questions, responses, and respondent information as provided by you. This data is encrypted and stored securely.

Usage Data

We collect information about how you use the Service, including pages visited, features used, and time spent. This helps us improve the Service.

Device Information

We collect information about your device, including device type, operating system, browser type, and IP address for security and analytics purposes.

3. How We Use Your Information

  • Provide and improve the Service
  • Send service-related announcements and updates
  • Respond to your inquiries and support requests
  • Analyze usage patterns and improve user experience
  • Comply with legal obligations and enforce our terms
  • Prevent fraud and enhance security
  • Send marketing communications (with your consent)

4. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We may share data with:

  • Service Providers: Third parties who help us operate the Service (hosting, analytics, email delivery)
  • Legal Requirements: When required by law or government request
  • Business Transfers: In case of merger, acquisition, or bankruptcy
  • With Your Consent: When you explicitly authorize data sharing

5. Data Retention

We retain personal data for as long as necessary to provide the Service and comply with legal obligations. You can request deletion of your data at any time, subject to legal requirements.

  • Account data: Retained for the duration of your account
  • Survey data: Retained as long as you maintain your account
  • Usage logs: Retained for 12 months for security and analytics
  • Backup data: Retained for 30 days for disaster recovery

6. Your Privacy Rights

GDPR Rights (EU Residents)

If you are located in the EU, you have the following rights under GDPR:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing activities
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA:

  • Right to Know: Request what personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use: Limit use of sensitive personal information

To exercise any of these rights, please contact us at [email protected] with your request.

7. Data Security

We implement comprehensive security measures to protect your data:

  • End-to-end encryption using TLS 1.3
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication (MFA) support
  • Role-based access control (RBAC)
  • Comprehensive audit logging
  • SOC 2 Type II certification

8. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings. We use:

  • Essential Cookies: Required for authentication and security
  • Analytics Cookies: To understand how you use the Service
  • Preference Cookies: To remember your settings

9. International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to such transfers.

For EU residents, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international data transfers.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting the updated policy on the Service. Your continued use of the Service constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

I&S SOOM Technology

Privacy Team

Email: [email protected]

Website: www.soomtech.com

14. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at [email protected].