EpiGrowth LLC Data and Security Policy

EpiGrowth as a consultancy strives to meet all of the requirements for Data and Security as promulgated by CCPA and GDPR regulations.

Personally Identifiable Data and other categories of information

• Personally Identifiable Information (PII) is any data element or collection of elements that could be used to identify a specific person.
• Restricted information is data which is internal only, and can only be accessed by a limited subset of EpiGrowth employees and contractors.
• Confidential information includes any company or customer information that we process or access that is not publicly available.
• Public information is that which is publicly available.

Personally Identifiable Information (PII) and confidential information can only be used for the purpose for which it was collected or generated. It is a breach of our customers’ and participants’ trust not to keep their data confidential. We would damage our reputation and could face legal and monetary consequences.

PII Collected by EpiGrowth: PII is collected by client disclosure or by administrative access granted to client databases only and is for use only during the course of services rendered. EpiGrowth does not acquire PII from any other source. The types of information collected include:

• Names
• IP Address
• Physical Addresses
• Email Addresses

EpiGrowth uses PII for the execution of client business and projects and does not disclose, sell, or use client PII for any other purpose. Disclosures to third parties may be made in connection with the services provided which may include the use of independent contractors or other third party service providers, who have signed confidentiality agreements with EpiGrowth to maintain confidentiality of your personal information. Business purposes may include:

Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, detecting security incidents, performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business; debugging to identify and repair errors that impair existing intended functionality; short-term, transient use, provided the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction; undertaking internal research for technological development and demonstration; and undertaking activities to verify or maintain the quality a service and to improve, upgrade, or enhance the service that is controlled by the business.

As the client, you have the right to request information on our business’ data collection and sales practices, including the categories of personal information that have been collected, the use of your information and, if the information was disclosed to third parties, the categories of personal information disclosed to third parties and the categories of third parties to whom such information was disclosed. These rights include:

• The right to request a copy of the specific personal information collected about during the 12 months before your request
• The right to have such information deleted; and
• The right not to be discriminated against because they exercised any of the new rights.

Data Security Practices

EpiGrowth strives to comply with industry standards and best practices for data protection.

• All customers, contractors, and employees sign confidentiality agreements to protect data privacy within EpiGrowth.
• Data is only downloaded when there is a business need and data is deleted off of local drives when there is no longer a business need for local storage of the data. This includes design and testing of any client deliverables.
• Any data stored on a computer should be protected by strong passwords that are changed regularly. We encourage all staff and contractors to use a password manager to create and store their passwords.

Data Management

• EpiGrowth uses third party cloud services for all data processing and storage.
• EpiGrowth uses Google Drive, Dropbox, Slack

Data Retention

Any PII or customer related data that may be stored locally for the purpose of delivering client services will not be stored longer than one (1) month after the completion of the customer service agreement.

EpiGrowth’s Data Privacy and Security Policy complies with the California Consumer Privacy Act. If you are a California resident, your rights include:

• As a client you may only make a personal information request twice in a 12-month period, after which EpiGrowth will need to collect information from the requesting party so that it can verify their identity, and Epigrowth will respond within 45 days of receiving a personal information request.
• To submit a personal information or erasure request, please email [email protected].

This data policy is effective as of January 1, 2020 and is reviewed annually