Updated June 8, 2020
The Abacus Insights Website is primarily informational and only allows collection of data for employment purposes, for certain inquiries, and to improve the functioning of the website. Abacus Insights understands your concerns about the privacy and security of data you may submit through the Abacus Insights Website. This notice provides you information about what type of information is gathered and tracked on the Website, how the information is used, with whom the information is shared, how the data is protected, and how you may make inquiries regarding the privacy and security of the data.
Please read this Policy carefully and ensure that you understand it before you start to use our services. We reserve the right to change and update this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access our Services or otherwise interact with us in order to stay informed about our information practices and the ways you can help protect your privacy.
Information Collected from the website
We may collect information about you directly from you and from third parties, as well as automatically through your use of our Site.
Information We Collect Directly from You
Abacus Insights collects and processes information you provide directly to us via the Site. Personal information submitted through the Site includes the details you submit when you apply for a job with us on and through the Site, or otherwise communicate with us. The types of information we may collect include your name, email address, company name, postal address, phone number, job history, job qualifications, and any other information you choose to provide.
Cookies and Tracking Technologies
Abacus Insights uses a minimal number of cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about our user base as a whole. Please visit the following page for more information: Cookies and Tracking Technologies
We use your personal information to communicate with you about your employment inquiry, to process your employment inquiry, to respond to your inquiries, or to improve the functioning of the website.
You are entitled to request that Abacus Insights:
- provide you with a copy of your Personal Information that it holds;
- correct any errors in that Personal Information; and
- update that Personal Information as required.
Notice to California Residents.
If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) may grant you certain additional rights. Please visit the following page for more information: Your California Privacy Rights.
How Abacus Insights Protects Your Data
Customer Security overview
Abacus Insights takes the security of customer data very seriously. Customers depend on Abacus Insights to maintain customer data integrity, establish sound business continuity plans, and protect the privacy and security of their data. Abacus Insights uses a tiered security approach leveraging Amazon Web Services (“AWS”) security, Microsoft Azure (“Azure”) security, as well as its own security processes and systems.
Abacus Insights hosts its data within AWS and Azure data centers only.
Hosting Vendor Data Center Access
AWS and Azure follow current industry practices with regard to physical access.
- Nondescript facilities
- Physical access is strictly controlled
- Video surveillance at perimeter and ingress points
- Professional security staff
- Intrusion detection systems
- Two-factor authentication required to access data center floors
- All visitors monitored
- Access is logged
AWS and Azure follow the principle of least privilege. Access is granted for legitimate business needs and only to the minimum required to complete the work. Access is revoked when staff leave or change positions.
Hosting Vendor Physical Controls
AWS and Azure support physical controls to safeguard the assets in the facility including:
- Fire Detection and Suppression equipment
- 24 hour support for power generation. UPS backups for temporary, isolated outages and generators for longer outages affecting the power grid.
- Climate control
Hosting Vendor Monitoring and Management
AWS and Azure monitor electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment. AWS and Azure’s decommissioning procedures prevent customer data from being exposed to unauthorized individuals. For more information on hosting vendor security see AWS’s web site here, and Azure here.
Abacus Insights ensures all data transmissions are encrypted. Abacus Insights protects sessions and uses current industry practices to secure communications.
Abacus Insights leverages AWS and Azure security as well as its own tools for ensuring the network is protected. Abacus Insights, AWS, and Azure have installed firewall rules and security groups which enable Abacus Insights to secure its website, applications and databases. Abacus Insights uses intrusion detection systems to further monitor activity and alert Abacus Insights security staff of anomalous activity. Abacus Insights security monitors any security events and ensures that any anomalous activity is addressed.
Abacus Insights encrypts customer data at rest. Data is encrypted to AES-256 bit encryption. Data may only be accessed through proper authentication through the User Interface or through proper authentication through the Abacus Insights systems. Administrative tasks can be completed only by authorized Abacus Insights employees that are provided access through the principle of Least Privilege.
Logical Data Separation
Abacus Insights does not combine or co-mingle data across different data partners or customers. Partners and customers must authenticate against a specific customer tenant. Each tenant requires unique credentials to access the system.
Business Continuity and Disaster Recovery
Abacus Insights has developed and maintains a Business Continuity and Disaster Recovery Strategy and Plan. Abacus Insights Information Security group in collaboration with other Abacus Insights departments tests its Business Continuity and Disaster Recovery Plans annually. Abacus Insights backs up data.
Third Party Penetration Testing
Abacus Insights engages a reputable penetration testing firm to review the Abacus Insights production environment for vulnerabilities. Testing includes network vulnerability scans for production and non-production servers, application vulnerabilities, and a full automated code review.
Abacus Insights Security Operation Policies and Procedures
Abacus Insights maintains written security policies and procedures and enforces these policies and procedures throughout the organization. Abacus Insights Security Operating Policies and Procedures cover:
- The overall Information Security Program
- Acceptable Use
- Access Control
- Audit Logging and Monitoring
- Business Continuity Planning and Disaster Recovery
- Contract Management
- Cyber Risk Analysis
- Data Handling and Storage
- Encryption and Transmission Protection
- Endpoint Protection
- Facilities Management
- Incident Management
- Insider Threat Program
- IT Change Control
- Mobile Device Security
- Network Access
- Password Management
- People and Culture – HR
- Software Development Life Cycle standards
- Security Awareness Training
- Vendor Risk Management
- Vulnerability Management
If you have questions, comments or complaints regarding our security or data protection contact our Security team or Senior Security Officer at: email@example.com.
If you have questions, comments or complaints regarding the privacy of your data or the manner in which we treat your Personal Information, or to access, correct or update Personal Information in our records, contact us or our Senior Privacy Officer at: firstname.lastname@example.org.