ISO/IEC 27001:2013 – Control A.18.1.4
NIST 800-171 – Control 3.6.1
At NMR, we are committed to maintaining the confidentiality and security of any personal information about our employees, partners and clients. Your privacy is always at the top of our priorities, and we are focused on protecting it from unauthorized access. This Privacy & Security Policy spells out how we collect, use, and disclose information from or about you.
Users can access NMR services (“Services”) via our websites or applications on Devices. A “Device” is any device used to access the NMR Services, including without limitation a computer, mobile phone, tablet, or other electronic device. By using our “Services” you are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy & Security Policy. The use of information collected through our service shall be limited to the purpose of conducting business with/for NMR customers (“Customers”).
The Information We Collect and Store
NMR employees are prohibited from viewing the content of the data you provide to the company, except as provided in this Privacy & Security Policy. Of course, in the case that you request our help to resolve your support issues relating to that data, and only after receiving your permission, NMR employees may access the relevant data.
We may collect and store the following information:
Information You Provide
When we securely collect personal information, such as your name, phone number, email address, and business postal addresses.
Your Data and Other Information About You
With your permission, NMR collects and stores information you provide and/or as otherwise described in this Privacy & Security Policy.
When you access our web sites, we may automatically collect certain information from your device, its software, and your activity using the Services. This may include, for example (but without limitation), the Device's Internet Protocol (“IP”) address, browser type, the web page visited before or after you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata, and interactions with the Service.
We also may use “cookies” to collect information and provide and improve our Services. A cookie is a small file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to our Services. We may use “session ID cookies” to enable certain features of the Services, to better understand how you interact with the Services, to monitor aggregate usage and web traffic routing on the Services, and to enable third-party vendors, including Google, to serve ads based on someone's past visits to our website. This also enables third-party vendors, including Google, to show our ads on sites across the internet. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.
How We Use Personal Information
In the course of using our Services, we may collect or otherwise obtain information that can be used to contact or identify you (“Personal Information”). Personal Information is or may be used: (i) to provide and improve Services, (ii) to administer your use of Services, (iii) to recommend follow-up reminders, assign tasks, or personalize services, and (iv) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us that are not required for our Services, please follow the "unsubscribe" instructions provided in any of those communications or update your account settings information.
We also collect some information (ourselves or using third party services) that requires using logging and cookies, such as IP address, which can sometimes be correlated with Personal Information. We use this information for the above purposes and to monitor and analyze use of Services, for technical administration, to increase service functionality and user-friendliness, to verify users have the authorization needed for the Services to process their requests, and for advertising purposes.
Information Sharing and Disclosure by Us
No Sale of Personal Information
We do not sell Personal Information to third parties.
Service Providers, Business Partners and Others
Compliance with Laws and Law Enforcement Requests; Protection of NMR Consulting 's Rights
We may disclose to third parties data stored in your NMR Consulting account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of NMR Consulting or its users; or (d) to protect NMR Consulting 's rights. If we provide any data stored in your NMR Consulting account to a law enforcement agency, we will remove NMR Consulting 's encryption from the information before providing it to law enforcement.
Changing or Deleting Your Information
For questions about changing or deleting your Personal Information, please email@example.com. We will respond to your inquiry within 7 business days.
Our intention is to retain your information as long as needed to provide you with the Services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may request removal of your information. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete information from our servers files if you have that information in common with other users.
NMR Consulting stresses its privacy and security standards. Although no one can guarantee absolute security, we regularly re-evaluate our privacy and security policies in order to adapt to new challenges. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. We encrypt the most sensitive data that you store on NMR Consulting using at least 128-bit TLS encryption, which is the same encryption standard used by banks to secure customer data.
Changes to our Privacy & Security Policy
Technical Requirement Details
Responsibility for upholding ISO and NIST policies are truly
company-wide under the authority of the Director of Information Security
who encourages the personal commitment of all staff to address
information security as part of their skills.