Accountability for Personal Information
microXpert corporation is responsible for all personal information under its control. Employees of microXpert corporation are accountable for compliance with these privacy and security principles. We also adhere to a strict non-disclosure policy when handling or viewing information stored at a clients' site.
Identifying Purposes for the Collection of Personal Information
microXpert corporation identifies the purpose for which your personal information is collected. We do this before or at the time the information is actually being collected. Your information will never be used for any additional purpose unless express consent is granted.
Consent for the Collection, Use, and Disclosure of Personal Information
microXpert corporation obtains your consent to collect, use or discloses personal information. The method of obtaining consent is appropriate to the type of personal information being collected, used or disclosed: microXpert corporation will obtain your express consent (verbal, written or electronic agreement) to collect, use or disclose sensitive personal information such as user names and passwords. microXpert corporation will use implied consent to collect, use or disclose your personal information where one or more of the following apply:
- a customer relationship already exists,
- express consent has previously been given,
- where the purpose of using the personal information is reasonably apparent to you.
Limiting Collection of Personal Information
microXpert corporation collects only the information required to provide products and services to you. If the personal information we require is collected for a reason other than to provide products and services, your consent will be obtained before or at the time the information is collected. microXpert corporation will collect personal information only by clear, fair, and lawful means.Examples of why we collect personal information include:
- Communicating with you generally
- Processing your applications
- Processing and keeping track of transactions and reporting back to you
- Protecting against fraud or error
- Providing product and services requested by you
- Recommending products and services that microXpert corporation believes will be of interest and provide value to you
- To comply with legal and governmental requirements
Limiting Use, Disclosure and Retention of Personal Information
microXpert corporation uses and discloses your personal information only for the purposes it was collected. microXpert corporation will never sell, share or rent personal information to any organization or person for any reason. We will never share your personal information with third party organizations except to offer you a product or service.
microXpert corporation retains your personal information only as long as it is required for our business relationship or as required by law.
Ensuring Safeguards for Personal Information
We take steps to safeguard your personal information, regardless of the format in which it is held, including:
- physical security measures such as restricted access facilities and locked filing cabinets,
- electronic security measures for computerized personal information such as password protection, database encryption and personal identification numbers,
All requests for such information will be on a 'need to know' basis only.
microXpert corporation has both a legal and an ethical responsibility to protect the confidentiality of its clients' data, information, and privacy. In addition to regulations, employees are bound by this non-disclosure agreement when performing work at a client's site.
Since data may be viewed by an employee of microXpert corporation during the nature and course of executing duties as requested by the client, or in compliance with prearranged maintenance, we feel that we have an obligation to our clients to provide piece of mind that their data will not be compromised.
- An employee of microXpert corporation is expressly prohibited from disclosing, publishing, reproducing, or transmitting client data or information, in whole or in part, in any form or by any means, verbal or written, electronic or mechanical, for any purpose, without the prior express written permission of the client. It is understood that to perform duties requested by a client that they may have access to any and all data stored on a network, computer, storage media, sever, or other device.
- The client will be advised should any data or information be copied, transmitted or removed from the base site, if not previously arranged for (i.e. off-site backup routine). The client's express permission will be obtained to carry out these actions.
Failure of an employee to abide by this policy may result in disciplinary action of which may include termination and/or legal action.