Privacy Policy

Pavone & Fonner wants you and your information protected. We go through great strides to abide by the law and use the law for your benefit only.

PAVONE & FONNER LLP GLOBAL PRIVACY POLICY

 

Objective

Our goal is to maintain our customers’ trust by meeting legal obligations, maintaining best practices and achieving client and partner satisfaction regarding data privacy in the jurisdictions where we operate.

This Global Privacy Policy (“Privacy Policy”) outlines the principles that employees, contractors, and entities operating on our behalf are expected to follow and respect data privacy when dealing with Personally Identifiable Information (“PII”) in their daily jobs.

Scope

All employees, temporary employees, consultants, and contractors (“Personnel”) of Pavone & Fonner LLP, its subsidiaries, and affiliated companies (“Company”), are expected to comply with this Privacy Policy.

This Privacy Policy applies to PII about customers, partners, and vendors.

Definitions

“PII”, means any information that relates to an individual if the individual is identified or reasonably identifiable. This includes names, e- mail addresses, image, location data, online identifiers, unique device ID, in certain jurisdictions individual IP address, etc.

“Sensitive Personal Information” means information that is especially protected by the law, such as medical information, ethnicity, union status, political opinions, and religious beliefs.

“Third Parties” includes entities, other than customers, with which we do business, for instance sales partners, media partners, journalists, suppliers, vendors, and service providers.

“Processing” means any operation or set of operations which is performed on PII or on sets of PII, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Privacy Principles

1. Accountability

We are responsible for the protection of the Personal Information entrusted to us.

  • The Data Processing Office (“DPO”) and the Legal Team create and maintain privacy policies and guidelines. They also provide training, guidance, legal advice, and support for privacy to all Personnel, to ensure we always act in compliance with applicable privacy laws.
  • All Personnel are responsible for the protection of PII at Pavone & Fonner LLP and are expected to:
    • become familiar and comply with privacy and data security policies and procedures,
    • take the privacy trainings made available to them, and
    • collaborate with the DPO and Legal as required to implement these policies.

2. Transparency and Control

We inform customers when we collect their personal data and we honor their preferences for contacting them.

  • Every Pavone & Fonner LLP website, including those operated by third parties on our behalf, should display a link to our online Privacy Notice.
  • If our products collect or process PII, we should create product documentation to assist our customers in determining the privacy impact of adopting our products and to support their compliance with their obligations around data privacy.
  • When collecting PII to use for marketing purposes, we should provide options for opt-in or opt-out as required by applicable laws.
  • Direct marketing to customers and partners should follow the guidelines provided by the Marketing Team and must include a do-not-market or unsubscribe option.
  • Any database used for marketing purposes should record opt outs and unsubscribe.
  • Third parties that conduct marketing activities on our behalf or in collaboration with Pavone & Fonner LLP should follow our written guidelines and should comply with our policies, including this Privacy Policy, and with applicable laws.

3. Third Parties processing our information

We choose trustworthy vendors and suppliers to process our PII and we ask them to commit to adequate privacy and data security standards. We require our partners to commit to privacy policies and standards that we consider adequate

  • The DPO determines privacy and data security policies and standards applicable in our relationships with vendors and suppliers.
  • When choosing a vendor or supplier, we should ensure that it can satisfy our standards or industry best practices around privacy and data security standards.
  • Every contract with vendors and suppliers that process PII for the Company or on our behalf should include our Data Processing Agreement (“DPA”) or equivalent privacy and security language approved by the DPO and the Legal Team.
  • Any changes to our pre-approved privacy and data security language need to be reviewed and approved by the DPO and the Legal Team.
  • Before sharing Personal Information with our partners, including channel partners, we ensure that adequate privacy terms are in place.

4. Data Integrity and Data Proportionality

We collect PII to use it for specific and legitimate purposes. We collect what we need to get the job done, we keep it accurate and we retain it only as long as needed for its purpose.

  • We process Personal Information for the purpose of Pavone & Fonner LLP’s corporate mission and for internal business operational purposes only.
  • For each category of Personal information, we define and document the purpose for which we collect it and use it.
  • If it does not affect the functionality of our products, we provide customers with the option to limit the PII collected or shared with us.
  • IT System administrators are responsible to enforce the governance and compliance standards for data retention and data integrity.

5. Customer Benefit/Value for Customers

We share with our customers the benefits/value we derive from processing PII

  • Whenever compatible with security best practices and with the functionality of our products and services, we provide customers with the ability to access their PII collected by our products and services.

6. Security

We implement technical, organizational, and physical security measures to ensure an appropriate level of security of the PII we process.

  • The Information Security Team determines and manages information security policies and standards for the protection of PII.
  • Access to PII is granted based on the business need-to- know principle and with the lowest possible access privilege. Personnel are required to adopt recommended data security best practices, such as encryption, and to follow the data classification policies and standards.
  • Personnel are responsible to report incidents or violations of data security policies to the Security Operations Team at [email protected].

Policy Maintenance and Training

This Privacy Policy may be reviewed as needed on a periodic basis.

Pavone & Fonner LLP may change or edit this Privacy Policy at any time without prior notice, or otherwise in accordance with applicable law. Changes will be posted and notices sent to appropriate management for distribution to all employees.

All Personnel and other affected parties are responsible for reviewing and maintaining ongoing compliance with this Privacy Policy. Any questions should be directed to the DPO at [email protected].

Enforcement of this Privacy Policy is mandatory for all Personnel. Appropriate training on the various aspects of the Privacy Policy will be provided to different teams based on priority and relevance. Any questions regarding training for the Privacy Policy and privacy requirements questions should be directed to the DPO.

Disciplinary Action

Appropriate disciplinary action may be taken against anyone found to be in violation with this Privacy Policy, up to and including termination, in accordance with applicable law. Failure to report known violations of the Privacy Policy to [email protected] is a violation of this Privacy Policy.