Data Privacy Policy for AcctVantage ERP
Rev 241008
1. Introduction
This Data Privacy Policy outlines the practices and principles governing the collection, use, storage, and protection of personal and organizational data in the use of AcctVantage ERP (“the Software”). We are committed to ensuring the privacy and security of all data processed through the Software. By using the Software, you acknowledge and accept the practices described in this policy.
2. Data Collection
a. Types of Data Collected
The Software may collect and process the following types of data:
- Personal Data: This includes, but is not limited to, names, job titles, contact information, and user credentials.
- Operational Data: This includes organizational data such as financial records, inventory details, procurement information, and sales records.
- System Usage Data: This includes logs, error reports, and performance metrics generated by the Software.
b. Collection Methods
Data is collected through:
- User input during system setup and operation.
- Automated system monitoring and logs.
c. Legal Basis for Data Collection
All data collected will be processed in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) or any other relevant local data privacy regulations.
3. Data Use
a. Purpose of Data Collection
The data collected will be used for the following purposes:
- To enable the proper functioning and customization of the Software.
- To provide support and maintenance services.
- To monitor system performance and improve the quality of the Software.
- To comply with any legal obligations.
b. Third-Party Access
No personal data is shared with third parties, except in cases where:
- We are required to do so by law.
- The data owner has given explicit consent.
- Third-party vendors are engaged for maintenance services and only after ensuring they comply with appropriate data protection standards.
- Third-party vendors provide service integrations with the Software, and only after ensuring they comply with appropriate data protection standards.
4. Data Storage
a. Location of Data
Since the Software is hosted on-premise, all data will reside on the client’s local servers or designated storage solutions. The client organization is responsible for securing the physical infrastructure where the data is stored.
b. Retention Period
Data will be stored for as long as necessary to fulfill the purposes for which it was collected. Retention periods may vary based on legal requirements or contractual agreements between the client and its stakeholders.
5. Data Security
We take reasonable and appropriate measures to protect data from unauthorized access, alteration, disclosure, or destruction. This includes:
- Encryption: All sensitive personal and operational data is encrypted in storage and during transmission.
- Access Controls: User access to the Software and its data is restricted based on roles and responsibilities. Password policies are enforced to ensure secure access.
6. User Rights
a. Right to Access
Users have the right to request access to the personal data processed by the Software. This may include a copy of the data and an explanation of how it is being used.
b. Right to Rectification
Users may request corrections to any inaccuracies in their personal data.
c. Right to Erasure
In certain circumstances, users may request the deletion of their personal data from the system. This is subject to legal obligations and legitimate interests.
d. Right to Restrict Processing
Users may request that the processing of their personal data be restricted under certain conditions, such as disputing the accuracy of the data.
e. Right to Data Portability
Users can request a portable copy of their personal data for use with another service, where applicable.
7. Data Breach Response
In the event of a data breach involving personal data:
- We will notify the relevant supervisory authorities and affected individuals as the law requires.
- Immediate steps will be taken to contain and mitigate the breach.
- Affected clients will receive guidance on how to safeguard their data moving forward.
8. Client Responsibilities
As the Software is deployed on-premise, the client organization bears certain responsibilities, including but not limited to:
- Data Backup: Ensuring regular backups of critical data and maintaining secure backup systems.
- Physical Security: Securing the physical infrastructure hosting the Software to prevent unauthorized access or tampering.
- Compliance: Ensuring that data processing complies with all relevant local and international laws and regulations.
9. Updates to the Policy
This Data Privacy Policy may be updated periodically to reflect changes in our practices or legal requirements. Any significant changes will be communicated to users through appropriate channels.
10. Contact Information
If you have any questions or concerns regarding this Data Privacy Policy or the handling of your data, please contact our Data Protection Officer (DPO) at:
- AcctVantage ERP
- Email: info@acctvantage.com
- Address: 317 North Main Street, Hendersonville, NC 28792
- Phone: 828-692-3301