Data Protection
This Data Loss Protection Policy outlines the measures and guidelines for safeguarding data on the Vicinus software platform, which utilizes publicly available Google My Business (GMB) data. The policy aims to protect the privacy, confidentiality, and integrity of the data collected and processed by the platform.
Data Classification
Vicinus will classify data into different categories based on sensitivity and criticality. The classification levels are:
- Public Data: Non-sensitive information that is freely accessible and can be shared without any restrictions.
- Internal Use Only: Data that is not publicly available but is necessary for the internal operations and functioning of Vicinus.
- Confidential Data: Sensitive information that should be protected from unauthorized access, disclosure, or modification.
Data Collection and Usage
- Vicinus will only collect publicly available GMB data, adhering to Google's terms and conditions.
- The collected data will be used exclusively for providing location-based services, analytics, and enhancing user experience on the platform.
- Data collected will not be sold, shared, or disclosed to third parties, except as required by law or with explicit user consent.
Access Control
- Access to the data will be restricted to authorized personnel only, based on the principle of least privilege.
- Multi-factor authentication will be enforced for all employees and administrators accessing the platform and data.
- Access logs will be maintained and regularly reviewed to identify and address any unauthorized access attempts.
Data Storage and Encryption
- Data will be stored in secure, encrypted databases to prevent unauthorized access and data breaches.
- Encryption will be used for data transmission over the network to ensure data integrity and confidentiality.
Data Retention
- Vicinus will retain data for the minimum period necessary to fulfill its business purposes and comply with legal obligations.
- Once data is no longer required, it will be securely deleted or anonymized to prevent any potential data exposure.
Data Sharing with Third Parties
- Before sharing any data with third-party vendors or partners, appropriate data sharing agreements will be established to protect data integrity and confidentiality.
- Third-party recipients will be required to comply with privacy and security standards equivalent to or exceeding those of Vicinus.
Incident Response and Reporting
- Vicinus will have an incident response plan in place to handle data breaches, security incidents, or any unauthorized access promptly.
- Any data breach or security incident will be reported to affected individuals and relevant authorities as required by applicable laws and regulations.
Employee Training
- All employees, contractors, and personnel with access to data will receive regular training on data protection policies, best practices, and security protocols.
- Training will cover how to identify and report potential security vulnerabilities and data breaches.
Audit and Compliance
- Regular audits will be conducted to assess compliance with this Data Loss Protection Policy and any relevant data protection laws.
- Any identified non-compliance or security issues will be addressed promptly and appropriately.
Policy Review
This policy will be subject to periodic review and update to align with changes in business practices, technologies, and regulatory requirements.
By implementing this Data Loss Protection Policy, Vicinus is committed to ensuring the security and privacy of publicly available GMB data and maintaining the trust of its users and partners.