Privacy Policy

 

Diamax Information Systems Corporation (“Diamax,” “we,” “us,” or “our”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Diamax Information Systems Corporation has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Diamax Information Systems Corporation has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/


Overview

The Purpose of this Privacy Policy is to announce that Diamax Information Systems Corporation is in compliance with the Data Privacy Frameworks, and to notify our existing and potential clients of our commitment to subject to the Data Privacy Framework Principles all personal data received from the EU, Switzerland, and/or United Kingdom as well as other jurisdictions where applicable. We believe our membership in this framework is in line with our traditional and continued values of transparent and principled handling of customer data and service.

In addition to demonstrating compliance with the Data Privacy Frameworks, this policy is designed to help you understand what kinds of data is being used, how we treat that data, and some of the services and media used in capture and handling of that information. For a more thorough understanding of different laws and policies regarding your information, data, and rights, you are encouraged to visit the primary legal resource appropriate to your jurisdiction.

Given the recent and evolving nature of data protection legislation and the complexities involved, we routinely update the information in this Privacy Policy. We strongly advise any potential or existing clients to read it thoroughly and revisit it routinely. If changes to this Privacy Policy are deemed to be materially significant by us, Diamax will send an email to all participating clients notifying them that the Privacy Policy has been significantly changed and that they need to review the Privacy Policy to assess any potential impact it may have on their data usage and business policies and practices.

Data Processor- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Diamax is the data processor for your Personal Data, but may not be the only one. This privacy policy applies exclusively to Diamax Data Processing and any subsidiaries or third parties Diamax is responsible for. Diamax is not responsible or liable for other Data Processors that your Data Controller may contract with.

Data Controller- A data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Third Party-means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.


EU Data Subjects

Scope- This section applies if you are an individual located in the European Union (“EU”) (“EU Data Subject”). For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland.


Privacy Rights

  1. Right to withdraw consent. To the extent Diamax requests and you provide your consent to the processing of your Personal Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
  2. Right of access to and rectification of your Personal Information.​ Our technology allows individuals to access, edit, and manage their data based on the agreements with their Data Controller. In situations where the client is not able to edit or rectify their information, their Data Controller can request that we change this data so long as it is in line with agreed policies and contracts and not unlawful.
  3. Right to erasure (or, “Right to be Forgotten”).​ Our technology allows your information to be fully erased from our system and ensures your right to erasure. However, requests to have your data removed are dependent upon the specific contracts and policies that are in force with your Data Controller.
  4. Right to data portability. Diamax Technology allows for the export of data so that you can obtain pertinent Personal Information that you have consented to give for processing. However, the formatting and structure of the data being given to you may be dependent on the contract between the Diamax and your Data Controller.
  5. Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by your Data Controller (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) Your Data Controller no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether your Data Controller’s legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
  6. Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described by your Data Controller you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
  7. Retention of your Personal Information. Diamax retains all Personal Data unless (a) the technology is configured in a way where the individual has the ability to delete their account (b) the Data Controller has requested that the data be deleted on behalf of the individual (c) retaining the information is in violation of applicable laws.


The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:

  • cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
  • breach or prejudice the rights of confidentiality and security of others;
  • prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
  • otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.


Data Processed

Diamax is a Software as a Service company and Data Processor that provides data processing services to our clients, both solely and in conjunction with other data processing services. The types of Personal Data collected for processing is dependent upon what the Data Controller collects and what they send to us for Data Processing. The collection of Personal Data may not be equivalent with the data we process, so interested individuals should contact their applicable Data Controller to get specifics about collection of Personal Data.

Generally, Personal Data sent to us for processing includes data such as names, phone numbers, company name, job titles, email addresses, etc.; and is derived from customers, partners, vendors, and employees of our client.

Diamax may or may not be responsible for the method that the Data Controller gathers Personal Data, and individuals interested in understanding how this data is captured should contact their applicable Data Controller or review the applicable Data Controller’s Privacy Policy or Terms of Service.

Generally, our clients collect personal data through voluntary divulgence, third party publicly available databases or services, third party private purchases, third party nomination or submission, and automatically collected data (cookies, IP/URL tracking, etc.).


Data Usage

The use of Personal Data is dependent upon the Data Controller and may be affected by the specific Terms of Use or client conditions. Diamax conforms its data processing to the specific requests and needs of the Data Controller, contractual obligations, and redressing of technical problems (unless prohibited by law).

Generally, data processing is used for providing member services and support, marketing, profiling (including user experience and design), and integration with Third Parties.


Inquiries or Complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Diamax Information Systems Corporation commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Diamax Information Systems Corporation at:

E-Mailprivacy@diamax.com

Mailing Address:          

ATTN: Data Protection Officer

Diamax Information Systems

1934 Old Gallows Road, Suite 350

Tysons Corner, VA 22182

 

Third Party Disclosure

Diamax uses a limited number of third-party service providers, which may include services centered around support, network and technical operations, as well as online shopping and Targeted Advertising. The specific Third Parties Diamax contracts with are dependent upon the Data Controller and the specific requirements for integrations and Third Party usage stipulated in their contract.

In these cases where an Onward Transfer of your personal data occurs, Diamax does so under the standards for EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework programs, which require us to follow the Data Privacy Framework Principles of notice, choice, accountability for onward transfers, security, data integrity, and purpose limitation, access, recourse, enforcement, and liability.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

An individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.

If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See: Data Privacy Framework Annex.

In cases of onward transfer to third parties Diamax undertakes all best practices and procedures to secure data but assumes no liability for data transferred over the internet as it is not possible to guarantee 100% security and relies on outside parties out of necessity. Diamax also accepts no liability for the acts of third-party service providers, as their conformance with the Data Privacy Framework Principles is dependent upon their contractual obligations between them and the Data Controller.

Linked Websites: Diamax provides links to third party websites operated by organizations not affiliated with Diamax. Diamax does not disclose your information to organizations operating such linked third party websites. Diamax does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by or given to Diamax on behalf of the Data Collectors.


Rights of Individuals to Access their Data

Diamax acknowledges the rights of EU individuals to access their Personal Data and limit the use and disclosure of it. Diamax respects individual data rights and has committed to them through the Data Privacy Framework Frameworks. Upon reasonable request to rectify, edit, request access, or limit disclosure of your Personal Data, you may contact Diamax with your request and specific Data Controller, and we will contact them about responding to your request. Likewise, you can directly contact your Data Controller and they can contact us about your requests. We will respond to requests as required and within 30 days.


Choices for Limiting Disclosure of Personal Data

As a Data Processor Diamax is limited in its ability to delete or alter any information entrusted to us by any person organization other than the authorized Data Controller or government authority. Individuals concerned about disclosure of their Personal Data should look at the specific disclosure terms of their Data Controller. The Data Controller should have direct marketing, cookie, and other “opt-out” features to allow individuals to control the disclosure and erasure of Personal Data.

In cases where Personal Data is deemed to have been unlawfully collected or a material breech of the Data Controller’s stated policies have occurred, Diamax may be obligated to alter Personal Data to remain in compliance with the Data Privacy Framework Principles.


How We Secure Information

Diamax implements security measures and systems to ensure confidentiality, integrity, and availability of our data. Our team follows industry standard best practices and protocols which include, but are not limited to, Security Audits, Encryption, and Limiting Data Access. For a more comprehensive look at our security policies, please visit our Security Policy page.


Your Responsibilities: Please recognize that protecting your Personal Data is also your responsibility. We ask you to be responsible for safeguarding your password, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Diamax of any unauthorized use of your password. Diamax cannot secure Personal Information that you release on your own or that you request us to release.

Your information collected through the Service may be stored and processed in the United States or any other country in which Diamax or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.


Children's Privacy

Diamax is committed to protecting the privacy of children as well as adults. While Diamax Technologies are not purchased or licensed by anyone under the age of 18, some Data Collectors target audience may be children. In these cases, a review of the site to make sure that they are COPPA (Children’s Online Privacy Protection Act) and GDPR compliant is undertaken.


Governing Body

Diamax’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.


Third Party Arbitration

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Diamax Information Systems Corporation commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS Mediation, Arbitration, and ADR Services, an alternative dispute resolution provider based in the United States, neutrals around the world. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS Data Privacy Framework (DPF) Dispute Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.