We are using the latest advances in privacy-preserving machine learning and data encryption to ensure your data is handled safely and no human-readable information ever leaves your premises.
Measures and policy
We are working with leading business accounting and consulting services to get our SOC2 Type 2 certification. The SOC2 reports cover controls around security, availability, and confidentiality of customer data and are approved by the American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC).
We do not directly deal with consumer data, but our customers do. You can find the details of our internal processes around collecting, processing and transferring personal data listed below.
The Privacy Shield Frameworks were designed by the U.S. Department of Commerce to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data. We abide by The Privacy Shield Framework and have applied for certification.
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Ntropy Network Inc, Suite B-2 2035 Sunset Lake Road, New Castle, 19702. For the purpose of the GDPR, the Company is the Data Controller.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Account means a unique account created for You to access our Service or parts of our Service.
Website refers to Ntropy Network, accessible at https://ntropy.network
Service refers to the Website.
Country refers to: Delaware, United States
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
Personal Data is any information that relates to an identified or identifiable individual. For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's Personal information to another business or a third party for monetary or other valuable consideration.
1. What data do we collect?
Identity Data includes name, username or similar identifier, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
Marketing and Communications Data includes your preferences in receiving marketing from us and any third parties and your communication preferences. We may also keep records of our correspondence when you contact us via email, phone, our website and other communication channels.
Recruitment and Employment Data includes information you have provided through an online job site, a recruitment agency, via email, or through our referral system, in person at interviews and/or by any other method. In particular, qualifications, experience, information relating to your employment history, salary details, bank details and references that you provide to us.
Transaction Data includes details of products and services we have provided you with.
Technical Data includes internet protocol (IP) address, your login data, type of device you are using, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Usage Data includes information about your visit to our website including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), reports, information you viewed or searched on our site, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs, sometimes accessed via heatmaps or user recordings) and methods used to browse away from the page.
2. What data do we not collect?
Special Category Data includes information about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life, or sexual orientation.
Criminal Offence Data includes personal data relating to criminal convictions and offences, or related security measures.
3. How do we use your personal data?
To provide a requested service or carry out a contract with you: To securely enable you to access the Ntropy service.
Where we have your consent: Specifically, to send you email newsletters and occasional marketing information.
Where we have a legitimate interest: To understand who is using our services and how we may be able to improve them. To hold on to data to bring or defend potential legal claims. To undertake fraud checks.
Where we have a legal obligation: Financial reporting and taxation requirements require us to keep certain financial records for specific periods of time. Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. You can find out more about the information in these balancing tests by contacting us using the details below.
4. How long do we keep your personal data for?
We only retain your information for as long as is necessary for us to use your information as described above, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance, if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including: our contractual obligations and rights in relation to the information involved; legal obligation(s) under applicable law to retain data for a certain period of time; our legitimate interest where we have carried out a balancing test; statute of limitations under applicable law(s); (potential) disputes; if you have made a request to have your information deleted; and guidelines issued by relevant data protection authorities. Otherwise, we securely erase your information once this is no longer needed.
5. Who do we share your personal data with?
We share your personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as data analytics and hosting providers. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality. We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function co-ordinators. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality. As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal information will be disclosed to such entity. Also, if any bankruptcy or reorganisation proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.
6. What happens if you don’t provide us with the information we request?
If you do not provide the personal information necessary or withdraw your consent for the processing of your personal information, where this information is necessary for us to provide services to you, we will not be able to provide these services to you.
7. Do we make automated decisions concerning you?
No, we do not carry out automated decision making.
For the third parties based outside of the EEA we transfer data to, we use model contracts approved by the European Commission. For the third parties based in the US we transfer data to, they should be part of the EU-US Privacy Shield. Please contact us using the contact details below to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.
What does this mean?
1. The right to object to processing: You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
4. The right to rectification: You are entitled to have your information corrected if it’s inaccurate or incomplete.
5. The right to erasure: This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
6. The right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7. The right to data portability: You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
8. The right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
9. The right to withdraw consent: If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for: baseless or excessive/repeated requests; or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
10. How do we contact you? We may contact you by phone, email or social media. If you prefer a particular contact means over another please just let us know.