NexxLinx deals with confidential data, including data of their customers. The highest priority is placed on the security and privacy of this data, and these policies are designed to safeguard such data while allowing employees the proper access to complete their job roles. This policy applies to all users of personally identifiable information in NexxLinx's possession.
The data center housing the NexxLinx's customer's data has the highest level of physical security standards. Access to the facility is controlled and logged and the facility is carefully monitored. System Security is also of critical importance and is designed into all levels of the NexxLinx application's and infrastructure.
User authentication is performed for all external user's before connecting to NexxLinx applications. Only current employees and contractors with a specific “need to know” will have access to specific data.
NexxLinx’s computer network is protected from unauthorized intrusion via the use of a firewall; even with such precaution, it is impossible to guarantee that an intrusion into NexxLinx’s computer network will not occur. Remote access to NexxLinx's computer network shall be permitted only through a virtual private network and only when deemed necessary by an appropriately authorized NexxLinx employee. NexxLinx monitors NexxLinx’s computer network traffic for malicious behavior.
Transfer of Data To Third Parties
NexxLinx does not share any of its customer’s personally identifiable information to third parties except in good faith where NexxLinx believes it is appropriate to cooperate in investigations of fraud or other illegal activity. NexxLinx discloses information in response to a subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process, including subpoenas from private parties in a civil action.
All data in NexxLinx’s possession is backed-up on a regular basis and back-ups are stored in a secure off-site location. Computer systems containing critical data employ redundancy to protect against loss of data from hardware failure. Data retention
NexxLinx’s own data shall be retained for as long as it is actively used, or as required by applicable law, regulation or NexxLinx policy. Client data will be kept for the duration of the work with the client, or longer if required pursuant to the contract with the client, or as required by applicable law or regulation. Once data in possession of NexxLinx is no longer required to be maintained, it shall be properly disposed of which shall include taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect personal privacy, NexxLinx adheres to the following Safe Harbor Principles.
Acting only as an agent for its clients, NexxLinx provides persons whose personally identifiable information is provided to NexxLinx by a client, an opportunity to opt-out if they do not want to be contacted by NexxLinx on behalf of NexxLinx or NexxLinx's clients.
2) Onward Transfer
NexxLinx will not transfer clients' data except with the written authorization of the client.
NexxLinx maintains reasonable precautions to protect personally identifiable information from loss, misuse and unauthorized disclosure, alteration or destruction.
4) Data Integrity
NexxLinx's customer's information maintained by NexxLinx will be used for the sole purpose of supporting client's business operations.
NexxLinx's customer's have the option to review their personal data by contacting NexxLinx's customer services representatives. As part of the review process, only authorized NexxLinx customer services representatives can correct, amend, or delete the customer's information where it is inaccurate.
NexxLinx does not use customer data for any purpose incompatible with those purposes authorized in its client agreements. Sensitive Information, including credit card numbers, is not stored except as directed by NexxLinx's clients who own the data, and is not transferred to third parties except as authorized by client.