Policies

Code of Labor Practices

Table of Contents:

  1. Privacy Policy
  2. Disclosure of Information
  3. The Commitment
  4. Collection of Personal Data
  5. Users of Information
  6. Information & Data Security Practices
  7. Data Retention
  8. Data Accuracy
  9. Lawful Basis of Processing and Transfer of Information
  10. Do’s & Don’t s
  11. Link & Third-Party Advertiser
  12. Direct Marketing
  13. Legitimate Interest
  14. Data Protection Rights
  15. Code of Labor Practices
  16. Inclusive Design Policy

1. Privacy Policy:

Use of our website or provision of information through official channels constitutes acceptance of this Privacy Policy, which is incorporated into all agreements with Corazont Technologies and its affiliates. We prioritize user privacy and are committed to protecting your personal information.

This policy is subject to change. We encourage you to review this page periodically to stay informed of updates, which will be effective upon posting. Your continued use of our services will constitute acceptance of the revised policy.

2.Disclosure of Information

“Corazont Technologies is committed to protecting your personal information. We do not share, sell, or rent your data to external parties. However, we may share your information with trusted clients, service providers, and partners who work with us to deliver our services. These third-party providers will only receive the necessary information to perform their specific tasks and are obligated to maintain the confidentiality and security of your data.”

We may share your personal information within our corporate group, including subsidiaries, parent companies, and affiliates, to the extent necessary for the purposes outlined in this Privacy Policy. We ensure that these entities agree to process your information in accordance with this policy and take reasonable steps to limit their use of your data.

Additionally, we may disclose your information as required by law, or in good faith belief that such disclosure is necessary to comply with legal obligations, government requests, or court orders. This may include responding to subpoenas, court orders, or other legal processes.

3. The Commitments

Corazont Technologies prioritizes the privacy of our users, including both companies and individuals, who utilize our services and website. We ensure that you can browse our website without disclosing your identity. We also want to assure you that providing personal information is optional, and we only require the minimal data necessary to deliver our services.

Furthermore, we do not collect or require sensitive personal data to use our services, ensuring your privacy is respected and protected.

4. Collection of Personal Data

At Corazont Technologies, we prioritize protecting your personal information while delivering an exceptional user experience. In compliance with the UK General Data Protection Regulation 2021 (GDPR), the Data Protection Act 2018, California Consumer Privacy Act (CCPA), Canada’s Anti-Spam Legislation (CASL) and related laws, we have a legal obligation to safeguard the personal information you share with us.

Under GDPR, CCPA, CASL personal data refers to any information that can identify a living individual, either directly or indirectly. We may collect this information through various channels, including:

– Email correspondence via our publicly available email address

– Interactions with our website

– Third-party sources, such as business partners, service providers, and subcontractors

– Publicly available data to enhance our records and personalize our services

We may also collect business profile information, including industry, company size, and job title, to improve our understanding of your needs and preferences. Rest assured that we work diligently to protect your personal information and ensure its accuracy, while providing you with a tailored experience.

5. Users of Information

Corazont Technologies utilizes the information collected from you for various business purposes, including:

– Providing personalized promotional content based on your interests

– Verifying profile information

– Delivering targeted advertising

– Enhancing website functionality for internal business purposes

Please note that as a global organization, Corazont Technologies may transfer data to countries with differing data protection laws. We ensure that such transfers comply with stringent security protocols, safeguarding the sensitivity of the data.

To improve our services, we collect statistical and analytical data on your website interactions, including:

– Pages viewed

– Time spent on site

– Links followed

This anonymized data helps us refine content delivery, product offerings, and performance reporting. We also use this data to sell targeted advertising.

Some of our websites contain links to third-party products and services. If you click on these links, we’ll use your activity data to direct you to the third-party site. Corazont Technologies and the third-party may collect data on your click-throughs and purchases. We may receive commissions from third-party sales generated through our referral links.

6. Information & Data Security Practices

At Corazont Technologies, we prioritize a robust and mature security program that delivers exceptional service quality while safeguarding customer and company data. Our comprehensive information security program is designed to guarantee the confidentiality, integrity, and availability of client and customer data, leveraging effective security management practices and controls.

This document aims to provide transparency and assurance to our prospective and existing customers, addressing any questions or concerns they may have about our commitment to security.

Corazont Technologies employs a robust and integrated risk management framework that incorporates industry-recognized best practices in cybersecurity, data protection, and privacy. Our approach encompasses:

  • Proactive cybersecurity measures
  • Vigilant data protection and privacy stewardship
  • Strategic simplification of technology infrastructure
  • Ongoing evaluation and auditing, conducted internally and by independent third-party experts

This comprehensive framework enables us to identify, assess, and mitigate risks, ensuring the security, integrity, and confidentiality of our users’, employees’, and customers’ data.

CyberSecurity

Under the leadership of our Chief Information Security Officer (CISO), Corazont Technologies’ Information Security department has implemented a comprehensive cybersecurity framework across the enterprise. This framework standardizes six critical pillars:

  • Foundational (“Table Stakes”) security
  • Advanced endpoint protection
  • Real-time threat monitoring
  • Proactive vulnerability management
  • Employee security awareness and education
  • Automated employee onboarding and offboarding processes

This unified approach ensures a robust and consistent cybersecurity posture across our organization.”

Table Stakes Security

Corazont Technologies’ Corporate Security Policy outlines stringent security requirements to ensure the delivery of secure and high-quality services to our customers. Key components of this policy include:

  • Uniform password policies for composition, rotation, management, and storage
  • Mandatory encryption for workspaces, databases (at rest and in transit), and data
  • Multi-factor authentication for all supported systems
  • Rigorous access control and regular reviews
  • Thorough hardening and vetting of systems before connecting to our network

These measures safeguard data protection and privacy, maintaining the trust and confidence of our customers

Advanced Endpoint Generation

All workstations and product environments (including development, quality assurance, staging, and production) are required to have endpoint protection agents installed. These agents not only detect known malware but also continuously monitor system activity for potential threats.

Our endpoint protection software is configured to:

  • Automatically terminate suspicious processes that deviate from expected system behavior
  • Provide real-time threat detection and response

This solution is uniformly deployed across the enterprise, ensuring comprehensive security coverage for all Corazont Technologies brands. All Business Units are required to utilize the designated endpoint protection solution, with all generated data fed into a centralized security repository for analysis, reporting, and executive-level dashboards.

Real-time Threat monitoring

All Corazont Technologies systems are mandated to host agents that collect and transmit activity logs to a centralized command center, powered by our threat stream analysis vendor. This enables 24/7 monitoring by our vendor-managed Security Operations Center (SOC) team, who:

  • Analyze potential security events and false positives
  • Identify and surface high-priority alerts for our in-house InfoSec analysts

Our team then:

  • Responds to and escalates alerts as necessary
  • Provides remediation directives to relevant Business Units, outlining process and timeline

All threat stream data is integrated into our central security intelligence repository for comprehensive analysis and executive-level reporting, ensuring seamless threat detection and response.

Proactive Vulnerability Management

Corazont Technologies employs a multi-faceted vulnerability management strategy across the enterprise, comprising:

  • Internal Scanning: Partnering with a third-party service to conduct regular internal scans of production and corporate networks, identifying potential vulnerabilities in end-of-life software, exposed ports, and platform weaknesses.
  • External Penetration Testing: Rotating external penetration testing for each Business Unit, executed by an independent third-party, to uncover vulnerabilities and provide recommendations for remediation.
  • Ethical Hacking: Conducting regular “White Hat” ethical hacking exercises by our Application Security team to identify and address potential issues.

Results from these efforts are shared with relevant Business Units, along with tailored remediation recommendations. Metrics data is automatically aggregated into our central security intelligence platform, ensuring comprehensive vulnerability management and rapid remediation.

Employee Awareness

Corazont Technologies prioritizes employee education and awareness through regular, mandatory training sessions, utilizing third-party educational resources. These sessions focus on:

  • Best practices in Information Security and Data Protection
  • Identifying warning signs of malicious activity, including phishing, spear-phishing, and ransomware
  • Compliance with key regulations, such as GDPR, CCPA & CASL

Targeted training is provided to specific departments or brands to ensure compliance obligations are met. To reinforce employee knowledge, we conduct random, unannounced simulated phishing attacks across business units and the company, assessing our workforce’s ability to respond effectively to potential threats.

Employee Onboard / Offboard Automation

Corazont Technologies has implemented a unified employee management system, integrating all global enterprise platforms with a single source of truth for employee status. This dynamic environment enables Business Units to easily verify employee status through a simple API request.

To further streamline access management, we are introducing a single-sign-on (SSO) solution, consolidating all system access for employees into a single control point.

Currently, our automated systems notify regional IT and technology managers, who grant or revoke access based on real-time employee status updates from HR. As we complete the rollout, the majority of access management tasks will be automated, ensuring seamless and secure access control aligned with HR-verified employee status.

Data Protection and Privacy

Corazont Technologies has a long-standing commitment to data privacy, predating the implementation of GDPR. We conducted a thorough series of Privacy Impact Analyses (PIAs) across all business units, with guidance from an independent third-party expert.

Following the PIAs, we appointed a Data Privacy Officer and developed a systematic approach to handling Data Subject Access Requests (DSARs). This effort culminated in a fully automated process, ensuring the rights of our employees and users are protected across all business units.

A centralized platform was established to manage DSARs, featuring an API layer that enables each business unit to respond programmatically. We adhere to the most stringent interpretations of both CCPA and GDPR, responding to each request in accordance with these standards and demonstrating our dedication to data privacy and compliance.

Information Security Incident Response

Corazont Technologies has established a dedicated management team and process for responding to information security incidents, guided by a comprehensive Information Security Incident Response Plan. This plan outlines clear roles and responsibilities, step-by-step procedures, and industry best practices for incident response.

In addition to information security incidents, our crisis management framework engages relevant teams, including legal, internal audit, technology, security, HR, and C-level executives, as needed. This structured approach ensures effective response, escalation, and resolution.

For critical incidents requiring elevated attention, our framework allows for further escalation to the Board of Directors, ensuring timely and informed decision-making at the highest level.

Simplification of Technology Infrastructure

Corazont Technologies’ technological strategy focuses on developing processes that drive synergies and enhance our products. To achieve this, we’re strategically transitioning the management of our technology infrastructure, financial software, CRM systems, HR platforms, and communication tools to trusted third-party Software-as-a-Service (SaaS) providers.

Our Legal and InfoSec teams conduct thorough due diligence on potential vendors, assessing their compliance with critical frameworks such as SOX and PCI. Identified risks are meticulously documented, communicated to relevant business units and vendors, and integrated into our risk profile.

By outsourcing key business processes to SaaS providers, we’re simplifying our internal IT and Legal landscapes, significantly reducing complexity and risk.

7. Data Retention

Corazont Technologies implements robust security measures to safeguard data and information under its control, protecting against misuse, loss, or alteration. Our security protocols incorporate industry-standard technology and equipment to ensure the integrity of your information. Access to your data is strictly limited to authorized personnel and contractors.

While we strive to maintain the highest level of security, no system is completely immune to breaches. We therefore disclaim liability for any damages resulting from unauthorized third-party access or hacking events.

We will retain your personal information for as long as necessary to provide our services, including information you or others have provided, as well as data generated or inferred from your use of our services. Notwithstanding other provisions, we may retain your personal information to comply with legal obligations.

8. Data Accuracy 

We strive to maintain the accuracy and currency of your data. If we become aware of any inaccuracies, we will promptly erase or rectify them. We also rely on your help to ensure the accuracy of your personal data. If you inform us of any errors or inaccuracies, we will take immediate action to correct or update your information.

We process your personal data based on the following legal grounds:

  • Consent: We obtain your explicit consent for processing your data, which is entirely voluntary and not required for any obligatory purposes.
  • Legal Compliance: We process your data to comply with applicable laws and regulations.
  • Vital Interests: We process your data to protect the vital interests of individuals, such as in life-threatening situations.

We process your personal data to:

  • Deliver our services to you
  • Communicate with you about those services
  • Provide promotional items at your request or related to our services

We have determined that our legitimate interests are the most suitable basis for this processing. To ensure we protect your rights, we have:

  • Conducted a thorough legitimate interest assessment (LIA)
  • Maintained a record of this assessment to justify our decision

Your interests are important to us, and we strive to balance our legitimate interests with your individual rights and freedoms.

We’ve identified our legitimate interests and confirmed that processing your data is necessary and proportionate, with no less intrusive alternatives available.

9. Lawful Basis of Processing and Transfer of Information

We may process your personal data under the following circumstances:

  • You have explicitly consented to the processing.
  • The processing is necessary to fulfill a contract between us.
  • Compliance with applicable laws requires the processing.
  • The processing is essential to protect someone’s vital interests.
  • We have legitimate business interests that justify the processing.

In certain cases, we rely on your explicit consent to process your personal information. This occurs when you deliberately opt-in, such as agreeing to receive marketing communications from us. You have the right to revoke your consent at any time, and we will respect your decision.

We process your data for the following purposes:

  • Delivering personalized services to you
  • Maintaining and optimizing our websites and apps
  • Communicating with you through various channels
  • Providing targeted marketing and promotional content
  • Sharing valuable resources, such as eBooks and newsletters
  • Continuously improving and enhancing our services

10. Do’s & Don’t s

Are fees applicable?

We will not require recipients to:

  • Provide identification beyond an email address
  • Take additional steps beyond responding via email or visiting a single webpage

to process an opt-out request.

After individuals opt-out of receiving messages from us, we will:

  • Refrain from selling or transferring their email addresses, including mailing lists.
  • Only share email addresses with third-party services that help us comply with CAN-SPAM regulations.

The CAN-SPAM Act of 2003 sets rules for commercial emails, giving recipients the right to opt-out and imposing penalties for non-compliance.

We ensure our emails comply with laws and provide clear opt-out instructions for affiliate offers and commercial messages. You have the right to request access to and copies of your personal data, along with information about its processing and disclosure.

You also have the right to correct inaccuracies, erase or restrict processing of your data on legitimate grounds, and object to processing by us or on our behalf. Furthermore, you can request transfer of certain data to another controller in a structured and machine-readable format.

If we process your data based on consent, you can withdraw it without affecting prior processing. However, this does not prevent processing based on other available legal grounds. Finally, you have the right to lodge complaints with a Data Protection Authority regarding our processing of your data.

Under applicable laws, you may be entitled to certain rights regarding the processing of your personal data.

11. Link & Third-Party Advertiser

Corazont Technologies partners with third-party advertisers, ad servers, and ad networks (collectively, “Advertisers”) to display ads on our Website. These Advertisers use technology to deliver targeted advertisements and links directly to your web browser.

This technology collects non-personal data, like IP addresses, to deliver targeted ads. It also tracks ad effectiveness and tailors the ads you see on our Website.

Corazont Technologies doesn’t share your personal information with Advertisers without your permission, unless it’s part of a specific program or campaign that allows you to opt-out. However, if you interact with an Advertiser’s content or visit their website, you may be sharing information directly with them.

12. Direct Marketing

We may use your information to share relevant services and promotions with you via email, phone, mail, or other channels. You can opt-out of these communications at any time, free of charge.

If you’re our customer, we’ll keep you informed about our services, upcoming deals, and other relevant information using the contact details you provided. We’ll always follow applicable laws.

To stop receiving promotional emails, simply follow the unsubscribe link in any email we send. Note that unsubscribing from one list won’t stop all communications, as we may still contact you about requested services or other lists you’ve joined.

We adhere to the Telephone Consumer Protection Act (TCPA), which regulates telemarketing calls, automated calls, pre-recorded calls, text messages, and unsolicited faxes. TCPA compliance is a top priority, and our internal processes are designed to ensure strict adherence to this regulation.

  • We maintain an internal do-not-call list to ensure residential numbers are not contacted.
  • Executives are required to disclose specific information to ensure transparency.
  • To minimize inconvenience, our telemarketing equipment is set to disconnect calls after four rings or 15 seconds if unanswered.
  1. Customer Preferences: We provide customers and contacts with the option to opt-out of marketing communications, allowing them to easily manage their preferences and discontinue unwanted outreach.

Customers and contacts can choose to opt-out of marketing calls, texts, or messages at any time, ensuring they only receive communications relevant to their interests.

We empower customers and contacts to take control of their marketing preferences, offering a simple opt-out option for those no longer interested in our offers or communications.

  1. To avoid TCPA violations, we rigorously adhere to calling time restrictions, as outlined in the regulation’s various provisions.
  2. We specialize in B2B marketing and therefore only contact businesses during reasonable hours, from 8 AM to 6 PM, to ensure minimal inconvenience.
  • Maintain Internal Do Not Contact List: We respect consumers opt-out requests by maintaining a list of numbers to be excluded from calls and texts, and we update this list through the National Do Not Call Registry.
  • Automatic Telephone Dialing System (ATDS): We adhere to TCPA guidelines, which prohibit auto-dialed marketing communications to phones and devices with potential usage charges, unless the recipient provides prior express written consent.
  • Auto-dialed calls: In compliance with regulations, we do not use artificial or pre-recorded voices for marketing calls to residential landlines or mobile numbers unless we have received prior express consent.
  • Identification Requirements: As part of our transparency efforts, our representatives will always provide their name, company affiliation, and contact information, including phone number or address.

13. Legitimate Interest

Our Approach to Legitimate Interests: We carefully balance our legitimate interests with individual rights and interests. We use personal data in ways that are reasonably expected and transparent.

Protecting Sensitive Data: We take extra precautions when processing children’s data. We implement safeguards to minimize potential harm and offer opt-outs where possible.

Ongoing Review and Compliance: We regularly review and update our legitimate interest assessments (LIA). If our LIA identifies significant privacy impacts, we consider conducting a data protection impact assessment (DPIA). We provide information about our legitimate interests in our privacy notices.

Compliance with Regulations: We comply with the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). If you are a California resident, additional terms apply as per the CCPA.

  1. Your Right to Transparency

As a California resident, you have the right to request that we disclose what personal information we collect, disclose, or sell. This right is guaranteed by the California Consumer Privacy Act (CCPA).

Categories of Personal Information “We Collect” is stated below

  • Personal details: Your name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Demographic information: Your age, gender, marital status, nationality, or other demographic characteristics.
  • Contact details: Your phone number, email address, or mailing address.
  • Consent records: Records of your consent to receive marketing communications or share your personal information with third parties.
  • Purchase details: Your purchase history, including the products or services you’ve purchased, the date of purchase, and the amount paid.
  • Employer’s details: Your employer’s name, address, and other contact information.
  • Content and advertising data: Information about your interactions with our website, social media, or advertising, including your browsing history, search history, and interactions with our content.
  • Views and opinions: Your opinions, feedback, or reviews about our products or services.

Purpose of Data Collection – includes

  • Providing you with our products or services
  • Improving our website and user experience
  • Sending you marketing communications
  • Responding to your inquiries or feedback

Complying with applicable laws and regulations

Protection of Minors’ Data

We confirm that we do not sell personal information of minors under 18 years of age without proper authorization from a parent or guardian.

Disclosure of Personal Information

We may disclose the categories of personal information listed above to our vendors and service providers for business purposes, including:

  • Providing you with our products or services
  • Processing your payments
  • Sending you marketing communications
  • Improving our website and user experience

Please note that we only disclose personal information to vendors and service providers who have agreed to maintain the confidentiality and security of such information.

  1. Right to Request Deletion of Personal Information

As a valued individual, you have the right to request the deletion of your personal information from our records. To exercise this right, please submit a request via email to info@corabonttechnologies.com.

When submitting your request:

  • Provide identifying information, including your email address
  • Verify your identity by responding from the same email address

We will respond promptly to your request and take necessary steps to delete your personal information, unless an exception applies.

  • Protect Your Privacy: You have the right to opt-out of the sale of your personal information. We commit to respecting your choice and providing a secure opt-out mechanism.
  • Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights: As a California resident, you are protected from discriminatory treatment by our business when exercising your privacy rights, including the right to opt-out, delete, or access your personal information.
  • Authorized Agent: Submitting a Request as a Designated Representative: To request information under the California Consumer Privacy Act on behalf of a California consumer, please provide an email authorization from the email address associated with our records for that consumer.

Representative Requests Under CCPA: If you are authorized to act on behalf of a California consumer, you may submit a request under the California Consumer Privacy Act by providing:

  • A signed, written authorization from the consumer permitting you to act on their behalf, supplemented by the consumer’s direct identity verification with our team, or
  • You may also submit documentation proving you have been granted power of attorney under California Probate Code Sections 4000-4465, authorizing you to act on behalf of the consumer. Failure to provide adequate proof may result in denial of the request.

GDPR Rights Under Article 20 of the General Data Protection Regulation (GDPR), individuals in the European Union have the right to:

  • Receive their personal data in a structured, commonly used, and machine-readable format.
  • Transfer their personal data to another controller without obstruction from the original controller.

14. Data Protection Rights

We are committed to transparency and want to ensure you understand your rights regarding data protection. You are entitled to:

  1. Access to Personal Information: You are entitled to obtain a copy of your personal data from our company.
  2. Right to Amend Personal Data: You are entitled to request that we correct any errors or inaccuracies in your personal data. You also have the right to request that we complete any incomplete data.
  • Erasure of Personal Data: Under specific circumstances, you have the right to ask our company to erase your personal data.
  1. Right to Temporarily Halt Processing: You have the option to request that we limit the use of your personal data, subject to applicable terms and conditions.
  2. Objecting to Data Processing: Under specific circumstances, you can object to our processing of your personal data. We will consider your request and respond accordingly.
  3. Right to Data Transfer: You have the right to request that we transfer your personal data to another organization or provide it to you in a portable format, subject to applicable laws and regulations.

Response Time and Contact Information

If you submit a request, we will respond within one month. To exercise any of these rights, please email us at [insert email address].

Email Transparency and Compliance

We adhere to transparent email practices:

  • We avoid misleading or deceptive headers.
  • Our emails accurately identify the sender, recipient, and routing information.
  • Subject lines reflect the email’s content.
  • Commercial emails are clearly labeled as advertisements or promotions.
  • Recipients can easily opt-out of future emails.

Honoring Opt-out Requests

We respect your preferences and honor opt-out requests promptly, typically within business days of receipt.

15. Code of Labor Practices

At Corazont Technologies, we are committed to upholding the highest standards of labor practices, as outlined in International Labour Organization (ILO) conventions 87 and 98, and adhering to all applicable laws and regulations governing wages, labor, and employment.

Our commitment to labor rights extends across all aspects of our business, including:

  • Ensuring freedom of association and collective bargaining
  • Providing a safe and healthy work environment
  • Prohibiting discrimination and harassment of any kind
  • Expecting our vendors to adhere to our Vendor Policy and Code of Conduct

We strive to maintain a workplace culture that values diversity, inclusion, and respect for all employees, regardless of their background, identity, or expression.

In alignment with our business strategy and financial planning, we are dedicated to implementing these commitments across all our brands and subsidiaries.

16. Inclusive Web Design Policy

At Corazont Technologies, we prioritize digital accessibility and strive to make our online presence inclusive for all users. Our accessibility policy is built around the Web Content Accessibility Guidelines (WCAG) 2.0/2.1, Level AA.

We’ve implemented various enhancements to ensure our websites, mobile devices, and apps are accessible, including:

  • Alt-text for images
  • Keyboard and screen reader navigation
  • Closed captioning
  • Color contrast and zoom capabilities
  • Accessibility statements with contact information

We encourage users to report any accessibility issues they encounter. To provide feedback or request assistance, please email info@corazonttechnologies.com, specifying the Corazont Technologies property in question.

We’re committed to ensuring our content is accessible to people with disabilities and appreciate your help in achieving this goal.