PRIVACY STATEMENT
UPDATED: 17th December 2022
Urvin Compliance is committed to protecting user privacy. This Privacy Statement applies to the data provided to and collected by Urvin LLC (“Urvin Compliance”, “we” or “us”), 2234 N. Federal Highway #1135, Florida, USA through use of the Urvin Compliance services (the “Service” or “Services”).
PLIA.COM
Your Plia.com user profile is the profile you establish to use the Services. A company or organization may elect not to invite or provide access to its Plia.com account to users with email addresses not belonging to such company or organization’s email domain(s). For purposes of this Privacy Statement, a “Plia Account” is a Plia.com account comprising only one individual user of the Plia Services. With respect to a Plia User Account, references to “you” or “your” in this Privacy Statement refer to the individual user of the Services.
CUSTOMER DATA
“Customer Data” is all data, including text, sound, software or image files that you provide, or are provided on your behalf, to Urvin Compliance through your use of the Services. We make no claim of ownership to your Customer Data. Except as provided in this Privacy Statement or described in your agreements, we only use Customer Data to provide and enhance the Services we provide to you such as customization and suggestions. We do not share your Customer Data with any third parties except in the very limited circumstances described in the “Sharing Your Information” section below.
Without being provided with certain Customer Data, Urvin Compliance will not be able to provide you with the Services.
CONTACT DATA
“Contact Data” includes name, address, phone number, photograph, profile information, professional information, email address, title, time zone and other personal data and contact information that we may collect through your administration of the Services and use of the Services by you and others. Contact Data you provide as part of your Plia profile may be available to other users of your Plia Account and is collected for the purpose of providing you with the Services and ensuring that the Services provide users with meaningful and useful information.
Subject to your contact preferences, we may also use Contact Data to contact you regarding information and offers about the Service, other products and services or to request your feedback. If you do not wish to receive these communications, please indicate your preference by contacting us at support@plia.com when establishing your Plia Account or at such time you want to end these communications. Please see preferences within your Plia.com account for information on how to subsequently opt-in or opt-out of relevant notifications and configure other notification preferences.
USAGE DATA
We may use statistical data, analytics, trends and usage information derived from your use of the Services (“usage data”). Usage data includes, for example, aggregated quantitative information about active users, activity, topics, and groups, and individual log data, such as your Internet Protocol (IP) address and location, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data. We may also collect information about the devices accessing the Services, including type of device, device operating system and settings, application IDs, unique device identifiers and crash data. Some ways we use the usage data include operating, improving and personalizing the Services and our offerings, as well as other Urvin Compliance products and services. Except to provide reports to you or others in your organization, we do not disclose usage data in a way that is identifiable to your organization or individual users in your Plia Account.
SUPPORT DATA
“Support Data” is the information we collect when you submit a support request including information about hardware, software, and other details related to the support incident, such as: contactor authentication information, chat session personalization, information about the condition of the computer and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files.
Support may be provided through phone, e-mail, or online chat. We may use Remote Assisted Access (“RAA”), with your permission, to temporarily navigate your desktop. Phone conversations, online chat sessions, or RAA sessions with support professionals may be recorded and/or monitored with your consent. For online chat or RAA, you may end a session at any time of your choosing.
We use Support Data in the same way as we use your information, as described in this Privacy Statement. Additionally, we use it to resolve your support incident and for training purposes. Following a support incident, we may send you a survey about your experience and offerings. You must opt-out of support surveys separately from other communications provided by Urvin Compliance, by contacting Urvin Compliance’s support services or through the support e-mail footer.
To review and edit your personal information collected through our support services, and for any other inquiries regarding our support services, please contact us at support@plia.com.
SHARING YOUR INFORMATION
We will not disclose Customer Data or Contact Data (collectively, “Your Information”) outside of Urvin Compliance’s or its controlled subsidiaries and affiliates except as you direct, or as described in your agreement(s) with Urvin Compliance or this Privacy Statement.
We will never share any of Your Information with advertisers, but Urvin Compliance shall have the right to use the names and company logos of organizations and institutional subscribers in general lists of customers and may refer to such entities as users of the Services in Urvin Compliance’s own advertising and marketing materials. We occasionally contract with other companies to provide services (such as customer support, data management, and technical infrastructure services) on our behalf; a complete list of such companies within the Subprocessor section below.
Urvin Compliance Subprocessor
Urvin Compliance uses certain subprocessors to assist us in providing to our customers the services as described in the T&C. A subprocessor is a third-party data processor engaged by Urvin Compliance that has or potentially will have access to or process Your Information.
AWS
EU
Data hosting and document storage
Heroku
USA
Code deployment and hosting
Mandrill / MailChimp
USA
Email provider
USA
Email provider
SendGrid
USA
Email provider
Zendesk
USA
Customer Support
We may provide these companies with access to Your Information where necessary for their engagement. These companies are required to maintain the same level of confidentiality as Urvin Compliance and are prohibited from using it for any purpose other than that for which they are engaged by Urvin Compliance. As part of their engagement, they will be required to enter into confidentiality and non-disclosure agreements. Please refer to the Data Location and International Transfers section below in reference to Urvin Compliance’s liabilities as regards onward transfers to third parties under the EU-U.S. Privacy Shield Framework.
We will not disclose your information to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless otherwise required by applicable law, including the obligation to do so to meet national security or law enforcement requirements. Should a third party contact Urvin Compliance with a request for your information, we will attempt to redirect the third party to request such information directly from you. As part of that process, we may provide your basic contact information to the third party. If legally compelled to disclose your information to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.
We will not substantively respond to data protection and privacy requests in respect of your information without your prior written consent, unless required by applicable law. Please note that the Services may include links to or allow you to install third-party or other Urvin Compliance products and services of which such privacy practices may differ from that of the Services. Your use of such products or services, and any information you provide to a third party, is governed by their privacy statements. We encourage you to carefully review these other privacy statements.
We reserve the right to disclose your personal information to relevant third parties in connection with:
-
Urvin Compliance selling or buying any business
-
The acquisition or proposed acquisition of Urvin Compliance or a material part of its assets or business
-
Any agreement, collaboration or joint venture with any third party to improve the Services or generally done or concluded in the reasonable conduct of Urvin Compliance's business.
ACCESSING, CORRECTING AND DELETING YOUR INFORMATION
You may access, correct or delete User Data or Contact Data you have provided to us by using the tools within the Services (for example, editing your profile information on the Service) or by contacting us at support@plia.com. Changes you make to your information on the Service take immediate effect on your Plia.com account, but data will be retained in secure storage for a limited period afterward as part of our standard data backup process.
SECURITY
Urvin Compliance has implemented and will maintain certain technical and organizational measures, internal controls and information security routines intended to protect your information against accidental loss, destruction or alteration, unauthorized disclosure or access, or unlawful destruction. However, given the nature of communications and information processing technology, Urvin Compliance cannot guarantee that your information, during transmission through the Internet or while stored on our systems, will be absolutely safe from intrusion.
DATA LOCATION AND INTERNATIONAL TRANSFERS
Your Services’ data may be transferred to, stored and processed in any other country where Urvin Compliance or its affiliates, subsidiaries or service providers maintain facilities. If you are situated within the European Economic Area, this may involve the transfer of your personal data to the United States of America, and other countries outside the European Economic Area, within which the level of data protection provided may be lower than the level provided within the European Economic Area. Urvin Compliance’s privacy policies, however, meet current German and European standards and are applied globally. Urvin Compliance has also taken steps to ensure compliance with the E.U. General Data Protection Regulation (GDPR), which went into effect May 25, 2018.
Urvin Compliance commits to resolve complaints about our collection or use of your information. E.U. users with inquiries or complaints regarding our Privacy Shield policy should first contact us via the details set out in “How to contact us” below. In the event of a continued dispute, Urvin Compliance has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information, to file a complaint, or to determine your entitlement to invoke binding arbitration. The services of JAMS are provided at no cost to you.
Your information will be treated securely at all times in accordance with this Privacy Statement.
CHANGES TO THIS PRIVACY STATEMENT
We will occasionally update this Privacy Statement to reflect customer feedback, changes in our Services, and updates to applicable data privacy laws and regulations. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to this Privacy Statement or to how Urvin Compliance will use your information, you will be notified by either posting a notice of such changes on the Plia.com website before such changes take effect or by direct notification. We encourage you to periodically review this Privacy Statement to learn how Urvin Compliance is protecting your information.
ACCESS TO PERSONAL INFORMATION
You may undertake the following in respect of your information, as protected by applicable law:
-
Be informed of the kinds of personal information held by Urvin Compliance
-
Ascertain whether Urvin Compliance holds personal information about you
-
Access your personal information
-
Require Urvin Compliance to correct any personal information of yours which is inaccurate
-
Find out about Urvin Compliance’s policies and practices in relation to your personal information
-
Request Urvin Compliance to delete your personal information.
If you wish to request access to and/or correct your information held by us, please do so in writing. Our contact details are set out in “How to contact us” below.
If you request Urvin Compliance to delete your personal information, please note that the deletion of your data will prevent you from using the Services.
To the extent permitted by applicable law, Urvin Compliance may charge a reasonable fee for the processing of any request to access personal information.
HOW TO CONTACT US
Urvin Compliance welcomes your comments. If you have questions about Urvin Compliance’s privacy and security commitments, or if you have other technical or other customer support questions, please contact us at support@plia.com. Alternatively, you may contact us by mail:
Urvin LLC, 2234 N. Federal Highway, Suite 1135, Boca Raton, FL USA 33431
SECURITY POLICY
UPDATED: 17th December 2022
SECURE CONNECTIVITY
All connections to Urvin Compliance are secured via SSL/TLS. All connection attempts to Plia.com are redirected to HTTPS automatically.
APPLICATION SECURITY
Urvin Compliance strongly believes in secure development best practices that implement and consider security reviews throughout our design, prototyping, and testing and deployment cycle.
CUSTOMER DATA PROTECTION
All data is classified as strictly confidential and treated as such, subject to the terms of our agreement(s) with you and the Urvin Compliance Privacy Statement. Access to information is strictly controlled throughout the entire organization. We make extensive use of encryption, firewalls and sophisticated networking tools to ensure data leaks do not occur via inbound/outbound traffic.
HARDENED OPERATING SYSTEM
Urvin Compliance runs on hardened Windows servers. Externally exposed critical patches are addressed within 24 hours.
DATA CENTER SECURITY
Urvin Compliance’s offsite SSAE16 SOC1/SOC2/SOC3 data centers provide 24/7/365 video surveillance, biometric-based locks, strict personnel access controls, and detailed visitor entry logs.
INTERNAL AND THIRD-PARTY TESTING
Urvin Compliance routinely runs internal and external vulnerability scans and penetration tests. Third-party firms are utilized to perform regular in-depth security reviews.
BUSINESS CONTINUITY
User data is backed up multiple times a day and protected with encryption on disk.
DATA RETENTION
All user data, account data, usage statistics and content is backed up, archived and stored at a secure location for a minimum period of 7 years [or such shorter period as is reasonable to the extent that it comprises such personal data].
ADDITIONAL TOOLS FOR SECURITY AND CONTROL USER PROVISIONING
Urvin Compliance administration tools enable system Administrators to control user access, permissions and remove users permanently.
LOGICAL FIREWALL
Users may choose to restrict access to a specified IP range so that the user’s network is only accessible at designated physical locations or through the user organization’s VPN.
GDPR STATEMENT
UPDATED: 17th December 2022
GDPR BASICS
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that went into effect on May 25, 2018. It will replace the EU Data Protection Directive in the territory to strengthen the protection of personal data and privacy rights of individuals and serve as a single set of rules to govern the processing and retention of EU data. This applies not only to entities within the EU, but extends to any organization that stores or processes “personally identifiable data” of EU citizens. The regulation identifies three pertinent entities:
-
Data Subjects – Individual living persons whose personal data is collected
-
Data Processors – Organizations tasked with processing the information collected
-
Data Controllers – Any organization or individual that determines the purpose and manner of data processing
PRIVACY AND SECURITY
Urvin Compliance operates both as a Data Controller and Data Processor by way of different services offered. We have thoroughly reviewed and updated our security and data management processes to ensure compliance with GDPR. In addition to existing safeguards and processes, we are employing additional encryption processes for all data transmissions and are addressing specific guidelines mandated by the new rules.
DATA DELETION AND EXPORT CAPABILITY
The GDPR will enable Data Subjects to better control who stores their data. Urvin Compliance currently provides data export functionality and the ability to delete customer data via request to our support team.
UPDATED PRIVACY POLICY AND DATA PROTECTION
Our updated privacy policy shares our privacy commitments and sets out further Urvin Compliance’s practices to meet GDPR requirements.
VENDOR COMPLIANCE
In addition to storing limited quantities of data in-house, we also engage a limited set of third-party vendors to provide services such as customer support, data management, and technical infrastructure work on our behalf. Urvin Compliance works to ensure that each such vendor which stores or processes personal data of our Data Subjects is also GDPR-compliant. Our vendors have undergone a thorough privacy and security review by Urvin Compliance’s security team, such that we are confident all such data is protected by robust security programs and appropriate security certifications.
Urvin Compliance recognizes the importance of protecting all personal data, regardless of whether subject to GDPR governance or otherwise. We will maintain strict security and encryption measures via routine audits of our internal systems and continue working with our vendors, institutional customers and individual users to ensure we provide a secure service at all times. Please do not hesitate to contact us for any queries regarding Urvin Compliance’s ongoing commitment to personal data privacy and protection.