Performance Scoring LLC, DBA “LoopSpire,” is committed to upholding the highest standards of data privacy and security for its users. This Data Privacy and Security Plan outlines the measures and practices implemented by Performance Scoring LLC to protect the confidentiality, integrity, and availability of user data.
Performance Scoring LLC classifies data into different categories based on sensitivity and criticality. This classification helps determine appropriate security controls and access rights for each category.
The data classification levels used by Performance Scoring LLC are:
- Public: Non-sensitive information intended for public disclosure.
- Internal: Internal information not intended for public access.
- Confidential: Sensitive data requiring strict access controls and encryption.
- Personal Identifiable Information (PII): Personally identifiable information that must be protected according to applicable laws and regulations.
Data Collection and Consent:
Performance Scoring LLC collects only the necessary data required for its services and obtains user consent in a transparent and compliant manner. The collection, storage, and processing of personal data adhere to relevant privacy laws and regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Data Storage and Retention:
Performance Scoring LLC stores user data in secure environments, protected by robust physical, technical, and administrative measures. Data retention is based on legal and business requirements, and any outdated or unnecessary data is securely deleted.
Data Access Control:
Access to user data is restricted to authorized personnel only, based on the principle of least privilege. Performance Scoring LLC implements strong authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access. User access privileges are regularly reviewed and revoked when no longer required.
Performance Scoring LLC employs encryption mechanisms to protect data both in transit and at rest. Strong encryption algorithms are used to secure sensitive data, ensuring that even if unauthorized access occurs, the data remains unreadable.
Incident Response and Breach Management:
Performance Scoring LLC has a well-defined incident response plan in place to detect, respond to, and mitigate any potential data breaches or security incidents. The plan includes procedures for reporting incidents, containment, investigation, and notification to affected users and regulatory authorities, as required by applicable laws.
Employee Training and Awareness:
Performance Scoring LLC conducts regular training programs to educate its employees about data privacy and security best practices. Employees are made aware of their responsibilities regarding data protection and confidentiality. Training programs are updated to address emerging threats and evolving regulatory requirements.
Third-Party Vendors and Partners:
Performance Scoring LLC ensures that any third-party vendors or partners with access to user data adhere to strict privacy and security standards. Appropriate contractual agreements are in place to protect user data and require vendors to comply with applicable data protection laws.
Compliance Monitoring and Auditing:
Performance Scoring LLC conducts periodic internal audits to assess compliance with data privacy and security policies and procedures. External audits may also be conducted by independent third-party auditors to ensure adherence to industry best practices and regulatory requirements.
Performance Scoring LLC is committed to continuously improving its data privacy and security practices. Feedback from users, industry best practices, and emerging technologies are taken into account to enhance the protection of user data.
This Data Privacy and Security Plan reflects Performance Scoring LLC’s dedication to safeguarding user data and maintaining the trust of its users. It is a living document that will be regularly reviewed, updated, and communicated to ensure its effectiveness in an ever-evolving digital landscape.