Issue No: 4.0
Updated: January 2022
Purpose
Intradiem (the “Company”) captures customer information which is directly acquired or provided through integrations or otherwise. As a result, the Company has adopted a Data and Information Privacy Policy (the “Policy”) to protect “nonpublic personal information” of its customers, classified as Privacy- restricted.
Nonpublic personal information includes nonpublic “personally identifiable information” plus any list, description or grouping of customers that is derived from nonpublic personally identifiable information and contains personally identifiable information through which an individual can be identified. The primary purpose of this policy is to implement administrative, technical and physical safeguards to protect the security, confidentiality, integrity and privacy of Customer information.
Scope
This Policy applies to all employees, contractors and temporary staff of the Company, its subsidiaries and/or affiliates who directly or remotely access the Company’s infrastructure and/or systems.
Policy Owner
The Chief Technology Officer (CTO) shall have final authority over the management of the Policy. The CTO may delegate his/her authority regarding this Policy as he/she sees fit.
Changes
The Company may modify or amend this Policy at any time with or without prior notice.
Violations
Anyone violating this Policy shall be subject to disciplinary action up to and including termination of employment for cause.
Policy
It shall be the policy of Intradiem to protect the privacy, confidentiality and integrity of Customer Privacy-restricted information and data, as well as any non-customer information which is classified as Privacy-restricted or confidential. The Company will comply with all appropriate laws and regulations regarding the Company’s obligations to protect such information.
Customer Information and Data Collected by Intradiem:
The mobile application collects and stores the following data locally to the mobile device:
Agent Contact Preferences: This includes email address, mobile number, and contact preferences indicating over which channel they prefer to receive messages (SMS, email, Push Notifications).
Work Preferences: Work preferences are set by the Agent and indicate what days of the week and times of day the user would like to be contacted if shifts become available. Note, this is only applicable if enabled for that tenant by the organization.
Application Data: Agent schedule data and inbox messages are cached locally on the mobile device and synchronized with the tenant at 15-minute intervals.
Security:
All data stored within the mobile application is encrypted using AES 256-bit encryption. Every read/write operation on the device decrypts and encrypts data, meaning that no data is ever left unencrypted on the device.
Touch ID is stored in Apple Keychain in order to support secure, biometric authentication.
No data is shared between applications on the device, meaning that data cannot “bleed” between applications.
Passwords are never stored on the device.
Some of the third-party libraries used require location to access wifi networks and read/write to external storage permission to get callback from the OS in case of filesystem changes for the security, but none of the data is collected or shared.
Retention, Disposal, and Destruction: Data and Information destruction must comply with regulatory and contractual requirements. Data retention should be identified within contracts with each customer. In the absence of a data retention clause, the Company will follow its standard retention policy. Right to erasure, or export as defined in GDPR, must be outlined in customer contracts. In the absence of a data destruction clause, the Company will follow its standard destruction policy. DevSecOps will retain a data retention and destruction matrix based on classification and in accordance with policy and procedure.
Access: In accordance with Company Policy and Procedure as well as with any contractual requirements, granting access to data and information (paper or electronic format) must follow the principle of least privilege. All controls must be appropriately designed to allow for authorized access only.
Non-Disclosure:
The Company maintains safeguards to comply with federal and state laws, regulations, and standards to guard Privacy-restricted data and information. The Company does not share any nonpublic personal data and information with any nonaffiliated third parties, except in the following circumstances:
- As necessary to provide Company services or to maintain and service the customer’s account.
- As required or requested by regulatory authorities or law enforcement officials who have jurisdiction over the Company or as otherwise required or permitted by any applicable law; and
- To the extent reasonably necessary to prevent fraud and unauthorized
Employees are prohibited from disclosing data and information regardless of classification to unauthorized third parties or for any purposes not authorized by the Company.
Mobile Application Specific Policy:
The Intradiem Mobile application communicates across secured and encrypted API connections to display information to the user on the handheld device. This architecture provides a very high quality of service.
Administrators can edit profiles and permissions to revoke access to any user through the administration console . The application provides access to functions based upon the core permissions and rights defined for each user by the administrator. Mobile users are never able to view or access more than their permissions allow.
Contact Information
Intradiem, Inc.
Mansell Two
3650 Mansell Road
Suite 500
Alpharetta, GA 30022
If you have any questions, concerns or comments about this Privacy Statement, please contact us.