Tenfold takes privacy very seriously. Utmost care is taken to protect the personal information entrusted to us by customers. For this reason, Tenfold has implemented comprehensive technical and organizational measures to comply with the California Consumer Privacy Act (CCPA).
Efforts Tenfold has undertaken to ensure enduring CCPA Compliance
- Policies outlining asset management detailing an inventory of assets, ownership, and their acceptable use.
- Policies outlining the various categories of personal information processed by the organization and which Tenfold roles get access to which information and for what purpose. It has a comprehensive coverage of all our processes and procedures.
- Assessments of sub-processors (third party service providers and partners) to ensure they meet security and privacy requirements.
- Tenfold appointed a Data Protection Officer (DPO).
- Application development teams employ the concept of privacy by design and continue to implement mechanisms to provide customers more control over the information stored in Tenfold Cloud.
- Tenfold regularly conducts internal audits of products, processes, operations, and management. The findings are communicated only to appropriate employees to remediate identified problems.
- Should a security incident or breach occur notifications will be made according to our internal Privacy Incident Response policy. Customers may be notified of a breach within 72 hours after Tenfold becomes aware of it. For general incidents, users will be notified through the Tenfold status portal.
CCPA related organizational measures
- Tenfold has created a Privacy governance framework, which introduces the role of the Chief Privacy Officer, who ensures CCPA compliance; and compliance with local privacy laws throughout the jurisdictions we operate in.
- External and internal privacy policies and statements have been updated to reflect CCPA requirements.
- Tenfold implements processes, procedures and guidelines to support customers’, prospects’, and employees’ exercise of their CCPA rights: the right to opt out of third-party data sales; the right to be informed of data collection and rights; the right to have collected data disclosed; the right to have collected data deleted; and the right to equal services and prices.
- Tenfold does not sell any personal information received in its capacity as a service provider, and does not retain, use or disclose any such personal information except as necessary for the specific purpose of complying with its customer’s directions or as permitted by the CCPA.
- Guidelines and procedures are documented, processes are in place to handle incidents involving personal information. These procedures and resolution of incidents are supervised by our Privacy and Security Officers.
- Service agreements with customers and suppliers (subprocessors) reflect the CCPA requirements. Tenfold only engages with sub processors who provide sufficient CCPA guarantees; particularly in terms of expert knowledge, reliability, and resourcing, Tenfold requires them to implement technical and organizational measures to meet the requirements of CCPA for our clients.
- Tenfold executes annual employee training and awareness campaigns, all employees are required to complete the mandatory CCPA training.
- Tenfold direct marketing campaigns are CCPA ready; they are executed only after a privacy-oriented assessment, and under supervision of CCPA trained marketing professionals.
CCPA related technical and security measures
- All employees have signed confidentiality statements, and are required to adhere to internal policies.
- Employees’ access to IT systems and physical personal information storage facilities (“Storage”) is secured, protected by (multiple) authentication requirements, and separable;
- Tenfold practices comprehensive separation of roles. Employee roles and responsibilities are divided so as to reduce the possibility of a single individual compromising a critical process.
- Every employee strictly adheres to their published role; only performing authorized duties relevant to their respective jobs and positions.
- Employee access rights to IT systems and Storage are determined based on predefined and documented business needs, and the job requirements are aligned with user identities.
- Employee account management is restricted to authorized personnel and reviewed on a periodic basis.
We encourage customers, suppliers and partners to review our CCPA compliant Personal Data Protection Policy
For all other contracting enquiries please don’t hesitate to contact our dedicated team at firstname.lastname@example.org.