December 7, 2022
Castra Managed Services LLC (“Castra”, “we”, “our”, and “us”) believes privacy is paramount and understands and cares about your privacy and your right to your information. We strive to be stewards of your information, just as you would do with your information.
Your privacy matters to us, thus Castra has some basic principles:
- We don’t ask you for personal information unless we truly need it
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights
- We don’t store personal information on our servers unless required for the on-going operation of one of our services.
If you have questions about deleting or correcting your personal data, please contact our team at email@example.com
Consent to Data Collection and Processing
You hereby agree with and consent to the collection and processing of your personal information as described in this Policy.
Consent to International Data Transfers
Your personal information may be collected, processed and stored by Castra or its direct services partners in the United States and other countries where our servers reside. Please be aware that the privacy protections and legal requirements, including the rights of authorities to access your personal information, in some of these countries may not be equivalent to those in your country. You hereby agree with and consent to the transfer of your personal data to the United States and other countries where Castra operates.
Withdrawal of Consent
You have the right, at any time, to withdraw your consent to Castra’s collection and processing of your information, or to the transfer of your personal data to the United States and other countries where Castra operates. You may withdraw your consent by contacting us at firstname.lastname@example.org
Privacy Over the Internet
Security of Your Information
Castra uses reasonable organizational, technical, and administrative measures designed to protect your personal information under our control, although “perfect security” does not exist on the Internet. Online, we guard the privacy and confidentiality of your personally identifiable information with audited safeguards. We do not currently collect any sensitive information, such as credit card numbers or social security numbers. This Policy will be updated to reflect any changes, should they arise.
How The Online Information Castra Collects Is Used
As you interact with Castra, there may be opportunities for you to provide us with your information. Additionally, we may collect certain information about you as further described below.
The types of information that Castra collects about you may include, but are not limited to:
- Contact information (such as name, address, city, state and ZIP code, occupation, email address and telephone number);
- Payment information (such as your bank account information, and payment history);
- Information about your connected Devices (such as IP address, browser type, unique device identifier, cookie data, and associated identifying and usage information);
- Marketing profile information;
- The kind of Castra service product you purchased; and
- The kind of service provided to you.
To gauge the effectiveness of the Site, we do collect some non-individually-identifiable generic information about our visitors. Our web servers automatically recognize a visitor’s Internet service provider, the IP address, the domain name, the type of browser, the operating system, which pages are viewed on the Site, the web page a visitor was on when they linked to the Site, how much time is spent on each page, and other information related to the operation and interaction of the Site. This information does not reveal a visitor’s identity. We aggregate this information and use it to evaluate and improve the Site.
Identifiable Information – You can choose to provide individually-identifiable information to Castra in a number of ways as described below. When visitors supply information about themselves for a specific purpose, Castra uses the information for that purpose (such as to provide the information the visitor has requested or to consider a visitor for a particular job). In addition, when visitors use the Site to request information about our services, we may use the individually-identifiable information as we would use the same information obtained o-line – for example, to evaluate your service needs and contact you regarding additional services you may find useful.
Castra will not ever sell, trade, or disclose to third parties any individually identifiable information derived from the registration for or use of Castra online service – including customer names and addresses (except as required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to the customer or others).
Castra collects, discloses, and uses your personal information: for the purpose of determining your qualifications for employment and reaching a hiring decision; to comply with any legal process, applicable laws, and/or regulations; to defend ourselves in claims under such laws; to respond to your inquiries and fulfill your requests, such as to send you documents you request or e-mail; to send you important information regarding our relationship with you or regarding this Site, changes to our terms, conditions, and policies and/or other administrative information; for our business purposes, such as marketing new products and services, data analysis, audits, developing new products or services, enhancing our Site, improving our products and services, identifying Site usage trends, providing products and services, maintaining customer relationships, improving the quality, safety, and security of our products and services, administering your account(s), troubleshooting, supporting electronic signature, customizing and improving communication content, evaluating product performance, providing customer support and product support, warranty administration, and determining the eectiveness of our Site; to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, credit card processing, IT services, e-mail services, marketing services, auditing services, and other services, in order to enable them to provide services; to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and when we otherwise have your consent.
Third Party Web Sites
How We Collect Personal Information about You
Most of the personal information Castra collects about you is collected directly from you, such as when you (1) submit your personal information to receive product updates and marketing information, (2) contact us via the online “Contact” portal on the Site, (3) send e-mail messages or feedback, or transmit other information by e-mail, and (4) apply for a job. To elect to engage in such activities, we may ask that you provide us personal information.
Passive Information Collection and Use
As you navigate around this Site, certain information can be passively collected (that is, gathered without you actively providing the information), using various technologies. We passively collect and use information in a variety of ways, including:
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access this Site through a mobile Device.
- Site usage in order to continually improve its design and functionality, understand how individuals use it, and to assist us with resolving questions regarding it.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) to disable existing cookies; or (iii) to set your browser to automatically reject any cookies. If you set your browser to reject cookies, part of the Site may not work for you.
- Pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Site pages to, among other things, track the actions of Site users and compile statistics about Site usage and response rates.
- IP Address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address is identified and logged automatically in our server log files whenever a user visits this Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering this Site.
- Device Information: We may collect information about your Device, such as a unique device identifier.
If Castra, or substantially all of its assets, were acquired, or in the unlikely event that Castra goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Castra may continue to use your personal information as set forth in this policy.
Rights to Access, Correct, or Delete Your Information, and Closing Your Account
You have a right to (1) access, modify, correct, or delete your personal information controlled by Castra regarding your profile, (2) change or remove your content, and (3) close your account. You can request your personal information that is not viewable on your profile or readily accessible to you (for example, your IP access logs) by emailing us at email@example.com. If you close your account(s), your information will generally be removed from the Service within one (1) week. We generally delete closed account information and will de-personalize any logs or other backup information through the deletion process within thirty (30) days of account closure, except as noted below.
Castra or its business partners may use email to communicate with customers or prospective customers about events or new products and services or to respond to visitor’s emails. If you receive unwanted email from us you may also remove yourself from our email list by simply following the “unsubscribe” instructions in the email. We will not send commercial solicitations to customers who request it not be sent. Please note that if you do go through this process, some email messages may still come to you, although not those dealing with commercial solicitations.
Use of Site By Minors
We do not intentionally collect information from individuals under the age of 18. The Site is not directed to individuals under the age of 18 and we re-quest that these individuals not provide personal information through this Site.
Compliance with Local Laws
This Policy is meant to guide Castra with respect to personal information collected from or about you at this Site. While this Policy applies to personal information generally, the local laws, rules and regulations of jurisdictions that are applicable to Castra (“Local Laws”) may require standards which are stricter than this Policy and, in such event, Castra will comply with applicable Local Laws. Specific privacy policies may be adopted to address the specific privacy requirements of particular jurisdictions.
Security and Breach Notification
Castra is committed to the security of your information, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. Castra security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 and SOC2 Type2 standards, govern all areas of security applicable to services and apply to all Castra employees.
Castra is also committed to reducing risks of human error, theft, fraud, and misuse of Castra facilities. Castra’s efforts include making personnel aware of security policies and training employees to implement security policies. Castra employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
Castra promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. Castra Management is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Castra determines that your services data has been misappropriated (including by an Castra employee) or otherwise wrongly acquired by a third party, Castra will promptly report such misappropriation or acquisition to you.
European Economic Area (EEA) Residents
We may transfer your personal information outside the European Economic Area (EEA) to the United States or any country that Castra or its service providers may have operations.
Such countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to a European Commission approved contract (as permitted under the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain a copy of the safeguards please contact us.
If you would like further information please contact us. We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information that this Policy is already designed to address
- Require us to correct any mistakes in your information which we hold
- Require the erasure of personal information concerning you in certain situations
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal information concerning you for direct marketing
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Oce (ICO) on individual’s rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email, call, or write to us – firstname.lastname@example.org
- Let us have enough information to identify you
- Let us have proof of your identity and address
- Let us know the information to which your request relates
If you would like to unsubscribe from any email newsletter, you can also click on the unsubscribe button at the bottom of the email newsletter. It may take a few days for this to take place.
How to Complain
We hope that we can resolve any query or concern you raise about our use of your information. To contact us, please use email@example.com
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, particularly in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Response to Do Not Track signals
Some web browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital devices that a visitor does not want to have his/her online activity tracked. Because not all web browsers offer DNT options and DNT signals are not yet uniform, we and many other digital service opera-tors do not respond to DNT signals.
Castra will use a self-assessment approach to verify compliance with this Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.
If you believe that your personal information has been processed or disclosed in violation of this Policy, Castra encourages you to raise any concerns using the contact information provided in this Policy. Castra will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information.
Castra complies with formal recognized legal policies (US / EU / other) regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Castra is also responsible for ensuring that third parties acting as an agent our behalf do the same.
Individuals with inquiries and complaints regarding our policy should contact Castra at:Castra Managed Services, LLC
ATTN: Privacy Officer ISO
3308 Durham Chapel Hill Blvd
Durham NC 27707
Castra has further committed to refer unresolved complaints to American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.adr.org/Support for more information or to file a complaint. The services of American Arbitration Association are provided at no cost to you.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact your local EU Data Protection Agency (DPA) at https://webgate.ec.europa.eu/odr/main/?event=main.home.show. Under certain conditions, you may have the right to invoke a binding arbitration to resolve the matter.
Your Access to Your Personal Information
We give you choices regarding our use and disclosure of your personal information. You may opt-out of our collection of your personal information at any time by contacting us as specified below. We will seek to comply with your request(s) as soon as reasonably practicable.If applicable and you would like to review, correct, update, or delete the personal information that you have provided via this Site, please contact us as specified below. We will try to comply with your request as soon as reasonably practicable.
We retain your personal information for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.
Changes to the Policy
If a dispute arises from or relates to this contract or the breach thereof, and if the dispute cannot be settled through direct discussions, the parties agree to endeavor first to settle the dispute by mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration. The parties further agree that any unresolved controversy or claim arising out of or relating to this contract, or breach thereof, shall be settled by arbitration administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.
The AAA provides world-class-third-party case management that offers clients a variety of value added services to ensure efficient and effective administration of arbitration and mediation cases AAA Case Filing Services provides customers with an easy, fast and efficient process for filing any type of dispute resolution case, regardless of geographical location For more information on Case Filing Services, please click on www.adr.org/fileacase
Inquiries or Questions
If you have questions or concerns about Castra’s policies and practices for handling applicant personal information, or otherwise, please contact us:By E-mail: firstname.lastname@example.org