On this year’s Data Privacy Day, we want to do our part to raise awareness and promote best practices for privacy and data protection. Unfortunately, many practitioners in the security industry are either color blind or tone deaf to privacy. They think if they have a security solution in place that privacy is automatically covered. Additionally, many security solutions collect information in bulk and pervasively track users, user behaviors, and a wide range of machine data perhaps under the mistaken belief that seemingly anonymous data equals data privacy. It does not.
We are proud to share our codified privacy principles publicly in the hope that it will inspire others to set a high bar and strive to achieve it in everything they do. Here are our privacy principles.
Our Privacy Principles
Cymatic recognizes the fundamental importance of privacy, data protection, and security to all our customers, partners, and employees. Cymatic is committed to respecting the privacy of all individuals that share information with the company. These Privacy Principles are intended to further our respect and help ensure that Cymatic complies with all data protection and privacy laws globally.
Cymatic defines personal data as any information relating to an identified or identifiable natural person.
- Accountability: We strive to be a responsible steward of the personal data we manage on behalf of all individuals who share personal data with Cymatic and to uphold these Privacy Principles. It is our goal to ensure personal data is always processed in a fair and lawful manner.
- Privacy by Design: We seek to embed privacy into our business processes, products and services by proactively identifying and addressing privacy risk early in the lifecycle of new projects in order to safeguard personal data entrusted to Cymatic.
- Purpose and Use Limitation: We will always attempt to limit our collection and use of personal data to the specific purposes that have been communicated. We will not use personal data in any way that is incompatible with the purpose for which it was collected.
- Transparency: We will always try to provide clear descriptions of our policies and practices that collect, process, transfer, and disclose personal data.
- Choice: Where possible, we will always describe the choices that are available and allow individuals to make informed decisions about the personal data they share with us.
- Data Minimization: We will always strive to collect the minimal amount of personal data that is necessary for the purpose communicated.
- Security for Privacy: We will always seek to protect personal data from unauthorized access throughout the data lifecycle with security safeguards that are appropriate for the sensitivity of the personal data.
- Integrity & Access: Personal data should be accurate and kept up-to-date. Where feasible, we allow individuals to have access to their personal information to review and update.
- Transfer: We only transfer personal data to authorized third-parties after informing users, and only for purposes that have been communicated or are compatible with the collection.
- Storage Limitation: We endeavor to retain personal data for the minimum amount of time required to complete the purpose for which it was collected, or as required by law. After the purpose has been fulfilled, we will responsibly remove it in a timely manner.
- People Are Not Products: We will not sell personal data.