The Privacy Policy

Abacus Insights Privacy Policy, Customer Security, and Notice

Updated June 8, 2020

Overview

The Abacus Insights Website is primarily informational and only allows collection of data for employment purposes, for certain inquiries, and to improve the functioning of the website. Abacus Insights understands your concerns about the privacy and security of data you may submit through the Abacus Insights Website. This notice provides you information about what type of information is gathered and tracked on the Website, how the information is used, with whom the information is shared, how the data is protected, and how you may make inquiries regarding the privacy and security of the data.

Abacus Insights values your privacy. In this Privacy Policy, Customer Security, and Notice (“Policy”), we describe how we collect, use, secure, and disclose information that we obtain about visitors to our website https://www.abacusinsights.com (the “Site”) and the information and services made available through our Site (collectively, the “Services”). It also describes your choices regarding use, access, and correction of your personal information. The use of information collected through our service shall be limited to the purpose of providing the service for which you have accessed Abacus Insights and for improving the functioning of the website. This Site is owned and operated by, or on behalf of Abacus Insights (“we”, “our” or “us”). By accessing and using the Site you acknowledge that you have read and understood the content of this Policy.

Please read this Policy carefully and ensure that you understand it before you start to use our services. We reserve the right to change and update this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access our Services or otherwise interact with us in order to stay informed about our information practices and the ways you can help protect your privacy.

If you do not agree to the terms of the Abacus Insights Privacy Policy, Customer Security, and Notice, do not use the Abacus Insights website.

Information Collected from the website

We may collect information about you directly from you and from third parties, as well as automatically through your use of our Site.

Information We Collect Directly from You

Abacus Insights collects and processes information you provide directly to us via the Site. Personal information submitted through the Site includes the details you submit when you apply for a job with us on and through the Site, or otherwise communicate with us. The types of information we may collect include your name, email address, company name, postal address, phone number, job history, job qualifications, and any other information you choose to provide.

Cookies and Tracking Technologies

Abacus Insights uses a minimal number of cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about our user base as a whole. Please visit the following page for more information: Cookies and Tracking Technologies

Information Usage

We use your personal information to communicate with you about your employment inquiry, to process your employment inquiry, to respond to your inquiries, or to improve the functioning of the website.

Your rights:

You are entitled to request that Abacus Insights:

  • provide you with a copy of your Personal Information that it holds;
  • correct any errors in that Personal Information; and
  • update that Personal Information as required.

If you would like to receive a copy of the Personal Information we have about you as submitted to us via this Web site, please send a request to privacy@abacusinsights.com.  If this information is incorrect or incomplete, please let us know by sending a request to privacy@abacusinsights.com. We will make a reasonable effort to correct or update it promptly (unless we require further information from you in order to fulfill your request). You may also ask us to remove your name and other Personal Information from our databases. In each of the foregoing cases, we will make reasonable efforts to honor your request promptly, subject to legal and other permissible considerations. If you have any questions about our Privacy Policy, Customer Security, and Notice, please contact us at privacy@abacusinsights.com.
 

Notice to California Residents.

If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) may grant you certain additional rights. Please visit the following page for more information: Your California Privacy Rights.

How Abacus Insights Protects Your Data

 

Customer Security overview

Abacus Insights takes the security of customer data very seriously.  Customers depend on Abacus Insights to maintain customer data integrity, establish sound business continuity plans, and protect the privacy and security of their data.  Abacus Insights uses a tiered security approach leveraging Amazon Web Services (“AWS”) security, Microsoft Azure (“Azure”) security, as well as its own security processes and systems.

Data Centers

Abacus Insights hosts its data within AWS and Azure data centers only.

Hosting Vendor Data Center Access

AWS and Azure follow current industry practices with regard to physical access.

  • Nondescript facilities
  • Physical access is strictly controlled
  • Video surveillance at perimeter and ingress points
  • Professional security staff
  • Intrusion detection systems
  • Two-factor authentication required to access data center floors
  • All visitors monitored
  • Access is logged

AWS and Azure follow the principle of least privilege.  Access is granted for legitimate business needs and only to the minimum required to complete the work. Access is revoked when staff leave or change positions.

Hosting Vendor Physical Controls

AWS and Azure support physical controls to safeguard the assets in the facility including:

  • Fire Detection and Suppression equipment
  • 24 hour support for power generation.  UPS backups for temporary, isolated outages and generators for longer outages affecting the power grid.
  • Climate control

Hosting Vendor Monitoring and Management

AWS and Azure monitor electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment. AWS and Azure’s decommissioning procedures prevent customer data from being exposed to unauthorized individuals. For more information on hosting vendor security see AWS’s web site here, and Azure here.

Transmission Security

Abacus Insights ensures all data transmissions are encrypted.  Abacus Insights protects sessions and uses current industry practices to secure communications.

Network Protection

Abacus Insights leverages AWS and Azure security as well as its own tools for ensuring the network is protected.  Abacus Insights, AWS, and Azure have installed firewall rules and security groups which enable Abacus Insights to secure its website, applications and databases.  Abacus Insights uses intrusion detection systems to further monitor activity and alert Abacus Insights security staff of anomalous activity.  Abacus Insights security monitors any security events and ensures that any anomalous activity is addressed.

Data Encryption

Abacus Insights encrypts customer data at rest.  Data is encrypted to AES-256 bit encryption.  Data may only be accessed through proper authentication through the User Interface or through proper authentication through the Abacus Insights systems.  Administrative tasks can be completed only by authorized Abacus Insights employees that are provided access through the principle of Least Privilege.

Logical Data Separation

Abacus Insights does not combine or co-mingle data across different data partners or customers. Partners and customers must authenticate against a specific customer tenant.  Each tenant requires unique credentials to access the system.

Business Continuity and Disaster Recovery

Abacus Insights has developed and maintains a Business Continuity and Disaster Recovery Strategy and Plan.  Abacus Insights Information Security group in collaboration with other Abacus Insights departments tests its Business Continuity and Disaster Recovery Plans annually.  Abacus Insights backs up data.

Third Party Penetration Testing

Abacus Insights engages a reputable penetration testing firm to review the Abacus Insights production environment for vulnerabilities.  Testing includes network vulnerability scans for production and non-production servers, application vulnerabilities, and a full automated code review.

Abacus Insights Security Operation Policies and Procedures

Abacus Insights maintains written security policies and procedures and enforces these policies and procedures throughout the organization.   Abacus Insights Security Operating Policies and Procedures cover:

  • The overall Information Security Program
  • Acceptable Use
  • Access Control
  • Audit Logging and Monitoring
  • Business Continuity Planning and Disaster Recovery
  • Contract Management
  • Cyber Risk Analysis
  • Data Handling and Storage
  • Encryption and Transmission Protection
  • Endpoint Protection
  • Facilities Management
  • Incident Management
  • Insider Threat Program
  • IT Change Control
  • Mobile Device Security
  • Network Access
  • Password Management
  • People and Culture – HR
  • Sanctions
  • Software Development Life Cycle standards
  • Security Awareness Training
  • Vendor Risk Management
  • Vulnerability Management

Changes To The Privacy Policy, Customer Security, and Notice

We reserve the right to change this Privacy Policy, Customer Security, and Notice at any time without notice to you. Any changes will be effective immediately upon the posting of the revised Privacy Policy, Customer Security, and Notice. Your use of Abacus Insights’ Service indicates your consent to the Privacy Policy, Customer Security, and Notice posted at the time of use. To the extent any provision of this Privacy Policy, Customer Security, and Notice is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

Contact

If you have questions, comments or complaints regarding our security or data protection contact our Security team or Senior Security Officer at: privacy@abacusinsights.com.

If you have questions, comments or complaints regarding the privacy of your data or the manner in which we treat your Personal Information, or to access, correct or update Personal Information in our records, contact us or our Senior Privacy Officer at: privacy@abacusinsights.com.