Our goal is to maintain our customers’ trust by meeting legal obligations, maintaining best practices and achieving client and partner satisfaction regarding data privacy in the jurisdictions where we operate.
“PII”, means any information that relates to an individual if the individual is identified or reasonably identifiable. This includes names, e- mail addresses, image, location data, online identifiers, unique device ID, in certain jurisdictions individual IP address, etc.
“Sensitive Personal Information” means information that is especially protected by the law, such as medical information, ethnicity, union status, political opinions, and religious beliefs.
“Third Parties” include entities, other than customers, with which we do business, for instance sales partners, media partners, journalists, suppliers, vendors, and service providers.
“Processing” means any operation or set of operations which is performed on PII or on sets of PII, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We are responsible for the protection of the Personal Information entrusted to us.
- The Data Processing Office (“DPO”) and the Legal Team create and maintain privacy policies and guidelines. They also provide training, guidance, legal advice, and support for privacy to all Personnel, to ensure we always act in compliance with applicable privacy laws.
- All Personnel are responsible for the protection of PII at Business Wire and are expected to:
- become familiar and comply with privacy and data security policies and procedures,
- take the privacy trainings made available to them, and
- collaborate with the DPO and Legal as required to implement these policies.
2. Transparency and Control
We inform customers when we collect their personal data and we honor their preferences for contacting them.
- Every Business Wire website, including those operated by third parties on our behalf, should display a link to our online Privacy Notice.
- If our products collect or process PII, we should create product documentation to assist our customers in determining the privacy impact of adopting our products and to support their compliance with their obligations around data privacy.
- When collecting PII to use for marketing purposes, we should provide options for opt-in or opt-out as required by applicable laws.
- Direct marketing to customers and partners should follow guidelines provided by the Marketing Team and must include a do-not-market or unsubscribe option.
- Any database used for marketing purposes should record opt outs and unsubscribe.
3. Third Parties processing our information
We choose trustworthy vendors and suppliers to process our PII and we ask them to commit to adequate privacy and data security standards. We require our partners to commit to privacy policies and standards that we consider adequate
- The DPO determines privacy and data security policies and standards applicable in our relationships with vendors and suppliers.
- When choosing a vendor or supplier, we should ensure that it can satisfy our standards or industry best practice around privacy and data security standards.
- Every contract with vendors and suppliers that process PII for the Company or on our behalf should include our Data Processing Agreement (“DPA”) or equivalent privacy and security language approved by the DPO and the Legal Team.
- Any changes to our pre-approved privacy and data security language need to be reviewed and approved by the DPO and the Legal Team.
- Before sharing Personal Information with our partners, including channel partners, we ensure that adequate privacy terms are in place.
4. Data Integrity and Data Proportionality
We collect PII to use it for specific and legitimate purposes. We collect what we need to get the job done, we keep it accurate and we retain it only as long as needed for its purpose.
- We process Personal Information for the purpose of Business Wire’s corporate mission and for internal business operational purposes only.
- For each category of Personal information, we define and document the purpose for which we collect it and use it.
- If it does not affect the functionality of our products, we provide customers with the option to limit the PII collected or shared with us.
- IT System administrators are responsible to enforce the governance and compliance standards for data retention and data integrity.
5. Customer Benefit/Value for Customers
We share with our customers the benefits/value we derive from processing PII
- Whenever compatible with security best practices and with the functionality of our products and services, we provide customers with the ability to access their PII collected by our products and services.
We implement technical, organizational, and physical security measures to ensure an appropriate level of security of the PII we process.
- The Information Security Team determines and manages information security policies and standards for the protection of PII.
- Access to PII is granted based on the business need-to- know principle and with the lowest possible access privilege. Personnel are required to adopt recommended data security best practices, such as encryption, and to follow the data classification policies and standards.
- Personnel are responsible to report incidents or violations of data security policies to the Security Operations Team at firstname.lastname@example.org.
Policy Maintenance and Training