Castra Security Policy

Privacy Policy

Castra Managed Services LLC (“Castra”, “we”, “our”, and “us”) believes privacy is paramount and understands and cares about your privacy and your right to your information. We strive to be stewards of your information, just as you would do with your information.

This Privacy Policy (the “Policy”) applies to personal information collected through the Castra website, online services, and web pages that post, reference, and incorporate this Policy (all of the foregoing, collectively, the “Site”), whether accessed via computer, mobile device or other device (collectively, “Device”).

Your privacy matters to us, thus Castra has some basic principles:

  • We don’t ask you for personal information unless we truly need it
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights
  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

If you have questions about deleting or correcting your personal data, please contact our team at [email protected]

Consent

Consent to Data Collection and Processing

You hereby agree with and consent to the collection and processing of your personal information as described in this Policy.

Consent to International Data Transfers

Your personal information may be collected, processed and stored by Castra or its direct services partners in the United States and other countries where our servers reside. Please be aware that the privacy protections and legal requirements, including the rights of authorities to access your personal information, in some of these countries may not be equivalent to those in your country. You hereby agree with and consent to the transfer of your personal data to the United States and other countries where Castra operates.

Withdrawal of Consent

You have the right, at any time, to withdraw your consent to Castra’s collection and processing of your information, or to the transfer of your personal data to the United States and other countries where Castra operates. You may withdraw your consent by contacting us at [email protected]

Privacy Over the Internet

Castra understands that some individuals have special privacy concerns around information transmitted or collected over the Internet or through web sites. This Policy also describes how you can reach us to update your personal information, access and control the use of the personal information, or get answers to questions you may have about our privacy practices. Please read this Policy carefully, because by accessing and using this Site you are acknowledging that you understand and agree to the terms of this Policy. In addition, please review our Terms of Use, which governs your use of this Site.

Security of Your Information

Castra uses reasonable organizational, technical, and administrative measures designed to protect your personal information under our control, although “perfect security” does not exist on the Internet. Online, we guard the privacy and confidentiality of your personally identifiable information with audited safeguards. We do not currently collect any sensitive information, such as credit card numbers or social security numbers. This Policy will be updated to reflect any changes, should they arise.

How The Online Information Castra Collects Is Used

As you interact with Castra, there may be opportunities for you to provide us with your information. Additionally, we may collect certain information about you as further described below.

The types of information that Castra collects about you may include, but are not limited to:

  • Contact information (such as name, address, city, state and ZIP code, occupation, email address and telephone number);
  • Payment information (such as your bank account information, and payment history);
  • Information about your connected Devices (such as IP address, browser type, unique device identifier, cookie data, and associated identifying and usage information);
  • Marketing profile information;
  • The kind of Castra service product you purchased; and
  • The kind of service provided to you.

To gauge the effectiveness of the Site, we do collect some non-individually-identifiable generic information about our visitors. Our web servers automatically recognize a visitor’s Internet service provider, the IP address, the domain name, the type of browser, the operating system, which pages are viewed on the Site, the web page a visitor was on when they linked to the Site, how much time is spent on each page, and other information related to the operation and interaction of the Site. This information does not reveal a visitor’s identity. We aggregate this information and use it to evaluate and improve the Site.

Identifiable Information – You can choose to provide individually-identifiable information to Castra in a number of ways as described below. When visitors supply information about themselves for a specific purpose, Castra uses the information for that purpose (such as to provide the information the visitor has requested or to consider a visitor for a particular job). In addition, when visitors use the Site to request information about our services, we may use the individually-identifiable information as we would use the same information obtained o-line – for example, to evaluate your service needs and contact you regarding additional services you may find useful.

Castra will not ever sell, trade, or disclose to third parties any individually identifiable information derived from the registration for or use of Castra online service – including customer names and addresses (except as required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to the customer or others).

Castra collects, discloses, and uses your personal information: for the purpose of determining your qualifications for employment and reaching a hiring decision; to comply with any legal process, applicable laws, and/or regulations; to defend ourselves in claims under such laws; to respond to your inquiries and fulfill your requests, such as to send you documents you request or e-mail; to send you important information regarding our relationship with you or regarding this Site, changes to our terms, conditions, and policies and/or other administrative information; for our business purposes, such as marketing new products and services, data analysis, audits, developing new products or services, enhancing our Site, improving our products and services, identifying Site usage trends, providing products and services, maintaining customer relationships, improving the quality, safety, and security of our products and services, administering your account(s), troubleshooting, supporting electronic signature, customizing and improving communication content, evaluating product performance, providing customer support and product support, warranty administration, and determining the eectiveness of our Site; to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, credit card processing, IT services, e-mail services, marketing services, auditing services, and other services, in order to enable them to provide services; to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and when we otherwise have your consent.

In addition, we use and disclose personal information collected through this Site as we believe to be necessary or appropriate: (a) as permitted by applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to enforce our Terms of Use; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

Third Party Web Sites

This Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or web property that is available through this Site or to which this Site contains a link. The Site may contain hyperlinks to other web sites. When you click onto one of these hyperlinks, and leave the Site, you are moving to another web site that we do not control. We encourage you to read the privacy statements of these linked web sites, as their privacy policy may differ from ours and we cannot take any responsibility for the content or policies adopted by other web sites. The availability of any third party site, or the inclusion of a link to any third party site, on this Site does not imply endorsement of it by us or by our affiliates.

How We Collect Personal Information about You

Most of the personal information Castra collects about you is collected directly from you, such as when you (1) submit your personal information to receive product updates and marketing information, (2) contact us via the online “Contact” portal on the Site, (3) send e-mail messages or feedback, or transmit other information by e-mail, and (4) apply for a job. To elect to engage in such activities, we may ask that you provide us personal information.

Passive Information Collection and Use

As you navigate around this Site, certain information can be passively collected (that is, gathered without you actively providing the information), using various technologies. We passively collect and use information in a variety of ways, including:

  • Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access this Site through a mobile Device.
  • Cookies: Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on this Site, pages visited, and language preferences. We and our service providers may use the information for security purposes, to facilitate navigation, and display information more effectively. In addition, we may use cookies to gather statistical information about
  • Site usage in order to continually improve its design and functionality, understand how individuals use it, and to assist us with resolving questions regarding it.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) to disable existing cookies; or (iii) to set your browser to automatically reject any cookies. If you set your browser to reject cookies, part of the Site may not work for you.

  • Pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Site pages to, among other things, track the actions of Site users and compile statistics about Site usage and response rates.
  • IP Address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address is identified and logged automatically in our server log files whenever a user visits this Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering this Site.
  • Device Information: We may collect information about your Device, such as a unique device identifier.

Privacy Policy Changes

Although most changes are likely to be minor, Castra may change its Privacy Policy from time to time, and at Castra’s sole discretion. Castra encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Business Transfers

If Castra, or substantially all of its assets, were acquired, or in the unlikely event that Castra goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Castra may continue to use your personal information as set forth in this policy.

Rights to Access, Correct, or Delete Your Information, and Closing Your Account

You have a right to (1) access, modify, correct, or delete your personal information controlled by Castra regarding your profile, (2) change or remove your content, and (3) close your account. You can request your personal information that is not viewable on your profile or readily accessible to you (for example, your IP access logs) by emailing us at [email protected]. If you close your account(s), your information will generally be removed from the Service within one (1) week. We generally delete closed account information and will de-personalize any logs or other backup information through the deletion process within thirty (30) days of account closure, except as noted below.

Data Retention

We retain the personal information you provide while your account is in existence or as needed to provide you services. We may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, prevent fraud and abuse, or enforce this Privacy Policy. We may retain personal information, for a limited period of time, if requested by law enforcement.

Email Communications

Castra or its business partners may use email to communicate with customers or prospective customers about events or new products and services or to respond to visitor’s emails. If you receive unwanted email from us you may also remove yourself from our email list by simply following the “unsubscribe” instructions in the email. We will not send commercial solicitations to customers who request it not be sent. Please note that if you do go through this process, some email messages may still come to you, although not those dealing with commercial solicitations.

Use of Site By Minors

We do not intentionally collect information from individuals under the age of 18. The Site is not directed to individuals under the age of 18 and we re-quest that these individuals not provide personal information through this Site.

Compliance with Local Laws

This Policy is meant to guide Castra with respect to personal information collected from or about you at this Site. While this Policy applies to personal information generally, the local laws, rules and regulations of jurisdictions that are applicable to Castra (“Local Laws”) may require standards which are stricter than this Policy and, in such event, Castra will comply with applicable Local Laws. Specific privacy policies may be adopted to address the specific privacy requirements of particular jurisdictions.

Security and Breach Notification

Castra is committed to the security of your information, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. Castra security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 and SOC2 Type2 standards, govern all areas of security applicable to services and apply to all Castra employees.

Castra is also committed to reducing risks of human error, theft, fraud, and misuse of Castra facilities. Castra’s efforts include making personnel aware of security policies and training employees to implement security policies. Castra employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

Castra promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. Castra Management is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Castra determines that your services data has been misappropriated (including by an Castra employee) or otherwise wrongly acquired by a third party, Castra will promptly report such misappropriation or acquisition to you.

European Economic Area (EEA) Residents

We may transfer your personal information outside the European Economic Area (EEA) to the United States or any country that Castra or its service providers may have operations.

Such countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to a European Commission approved contract (as permitted under the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain a copy of the safeguards please contact us.

If you would like further information please contact us. We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • Fair processing of information and transparency over how we use your use personal information
  • Access to your personal information and to certain other supplementary information that this Policy is already designed to address
  • Require us to correct any mistakes in your information which we hold
  • Require the erasure of personal information concerning you in certain situations
  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • Object at any time to processing of personal information concerning you for direct marketing
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • Object in certain other situations to our continued processing of your personal information
  • Otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Oce (ICO) on individual’s rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • Email, call, or write to us – [email protected]
  • Let us have enough information to identify you
  • Let us have proof of your identity and address
  • Let us know the information to which your request relates

If you would like to unsubscribe from any email newsletter you can also click on the unsubscribe button at the bottom of the email newsletter. It may take a few days for this to take place.

How to Complain

We hope that we can resolve any query or concern you raise about our use of your information. To contact, please use [email protected]

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

Response to Do Not Track signals

Some web browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital devices that a visitor does not want to have his/her online activity tracked. Because not all web browsers offer DNT options and DNT signals are not yet uniform, we and many other digital service opera-tors do not respond to DNT signals.

Compliance

Castra will use a self-assessment approach to verify compliance with this Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.

If you believe that your personal information has been processed or disclosed in violation of this Policy, Castra encourages you to raise any concerns using the contact information provided in this Policy. Castra will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information.

Cross-Border Transfer

Personal information may be transferred, accessed and stored globally as necessary in accordance with this privacy policy.

Castra complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Castra is also responsible for ensuring that third parties acting as an agent our behalf do the same.

Castra has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Castra is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Dispute Resolution

If you have any complaints regarding our compliance with this privacy policy, you should first contact us at [email protected] or at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy.

In compliance with the Privacy Shield Principles, Castra commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Castra at:

Castra Managed Services, LLC
ATTN: Privacy Officer ISO
3308 Durham Chapel Hill Blvd
Durham NC 27707

Castra has further committed to refer unresolved Privacy Shield complaints to American Arbitration Association an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.adr.org/Support for more information or to file a complaint. The services of American Arbitration Association are provided at no cost to you.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact your local EU Data Protection Agency (DPA) at https://webgate.ec.europa.eu/odr/main/?event=main.home.show. Under certain conditions, you may have the right to invoke a binding arbitration to resolve the matter.

Your Access to Your Personal Information

We give you choices regarding our use and disclosure of your personal information. You may opt-out of our collection of your personal information at any time by contacting us as specified below. We will seek to comply with your request(s) as soon as reasonably practicable.If applicable and you would like to review, correct, update, or delete the personal information that you have provided via this Site, please contact us as specified below. We will try to comply with your request as soon as reasonably practicable.

Retention Period

We retain your personal information for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.

Changes to the Policy

To improve the services it can offer you, Castra may modify, change or expand its capabilities for obtaining and using information received from or about users of our web site. Castra will update this privacy policy as necessary so that you have an opportunity to remain up-to-date of developments in this area. Please continue to check our privacy policy from time to time to learn about any of these changes or developments.

Inquiries or Questions

If you have questions or concerns about Castra’s policies and practices for handling applicant personal information, or otherwise, please contact us:By E-mail: [email protected]