Privacy Policy
Our data privacy policy outlines how we collect, use, and protect your personal information. We are committed to safeguarding your data and ensuring your privacy. By using our services, you agree to the terms of our privacy policy
Neopraxis Innovations Data Privacy Policy
1. Purpose
Neopraxis Innovations recognises the importance of protecting data privacy and is committed to ensuring that personal information accessed through our client projects is treated with the utmost care. This policy outlines the principles, rules, and responsibilities for the handling of personal data, in alignment with applicable data protection regulations.
Example:
Suppose Neopraxis employees access customer shipping information while setting up a BigCommerce store. In that case, that data must only be used for the specific purpose of completing tasks related to the store’s functionality, such as setting up order fulfilment processes. It must never be copied or used for any other purposes.
2. Scope
This policy applies to all employees, contractors, vendors, or third parties who may have access to personal data through any of our projects involving client systems, especially BigCommerce implementations. The data we interact with may include personally identifiable information (PII) such as names, addresses, email addresses, and phone numbers.
What This Means:
Even if you only access a customer’s email address as part of your job, you are responsible for protecting that information according to this policy.
3. Data Collection and Access
Neopraxis Innovations does not collect or store any customer data from our clients on our systems. However, our employees may be required to access certain types of personal data stored on client platforms for operational purposes. We emphasize that no sensitive information like banking details or payment methods is accessed or handled by our team.
Examples of Data We Access:
-
Names of customers when troubleshooting order management in BigCommerce.
-
Addresses when testing shipping integrations.
-
Phone numbers when setting up order confirmation or SMS notifications.
What We Don’t Access:
We do not have access to customer financial data (e.g., credit card numbers) or highly sensitive personal data (e.g., social security numbers).
4. Employee Responsibilities
Employees of Neopraxis Innovations must uphold the highest standards of confidentiality and security when handling personal data.
-
Confidentiality:
All personal data must remain confidential. Employees are not allowed to disclose customer information to anyone outside the company unless authorized by the client.
Example:
If you are troubleshooting a shipping issue for a client’s customer, you may view the customer’s address to verify the problem. However, you should not share this address with anyone outside of the project team, or use it for any non-work-related purposes. -
Limited Access:
Only those employees who need access to personal data to perform their tasks are permitted to access it. We enforce a "least privilege" policy to minimize unnecessary access.
Example:
If you are responsible for setting up SEO features in a BigCommerce store, you will not have access to customer orders or shipping addresses. -
Prohibition on Local Storage:
Employees are not permitted to download or store customer data on personal devices, USB drives, or any system not explicitly approved by Neopraxis Innovations.
Example:
If you need to share customer data with another team member, you must do so through the client’s system or a secure, company-approved platform (e.g., a secure Google Drive link). -
Use of Secure Systems:
All access to client data must be done using secure systems approved by Neopraxis Innovations or provided by the client. Unauthorized access through unsecure means is strictly prohibited.
Example:
Using a public Wi-Fi network without proper encryption or security measures to access client systems would be a violation of this policy.
5. Data Security
Neopraxis Innovations takes appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
-
Encryption:
We require encryption for all communications involving sensitive data. This ensures that even if information is intercepted, it cannot be read without the encryption key.
Example:
If you're discussing customer data with a colleague, use secure email services or internal communication platforms that encrypt messages. -
Password Protection:
Systems that store or provide access to personal data must be protected by strong passwords. Employees are required to use two-factor authentication (2FA) where available to enhance security.
Example:
If you're logging into the client’s BigCommerce store, you should use a complex password combined with a second authentication factor like an SMS code or authenticator app. -
Monitoring and Auditing:
We regularly monitor and audit access to systems that contain personal data. Employees must be aware that their access to data is logged and subject to review to ensure compliance.
Example:
If you access customer order data, the system will log your activity for future audit reviews.
6. Data Breaches
In the event of a data breach or suspected breach involving personal data, Neopraxis Innovations will take immediate action to:
-
Notify the client about the breach.
-
Investigate the breach to identify the root cause and affected data.
-
Take steps to prevent further breaches, such as changing access credentials or implementing additional security measures.
-
Report the breach to regulatory authorities, if required by law.
Example:
If an employee's laptop containing access credentials for a client system is lost or stolen, Neopraxis will immediately notify the client and take steps to change the credentials, ensuring the data is protected.
7. Training
Neopraxis Innovations provides mandatory training to all employees who have access to client data. The training covers:
-
Understanding data privacy and its importance.
-
How to securely handle personal data.
-
How to recognize and report data breaches.
-
Compliance with applicable data protection laws.
Example:
New employees who will work on BigCommerce implementations receive training on how to securely access customer data through client systems without breaching privacy policies.
8. Compliance
We adhere to all relevant privacy regulations, including:
-
GDPR for European clients, where applicable.
-
Data Protection Laws in regions where our clients or their customers are based.
Neopraxis Innovations ensures compliance by regularly reviewing and updating our data handling procedures to align with changes in these laws.
Example:
For clients in Europe, any data processing agreements we enter into with subcontractors will comply with the GDPR's rules on data transfers.
9. Policy Updates
As data privacy laws and security practices evolve, Neopraxis Innovations will review and update this policy. Changes may occur due to:
-
New data privacy regulations.
-
Changes in client requirements.
-
New internal security practices.
Employees will be notified of any significant changes, and additional training may be provided if necessary.
Example:
If a new law requires stricter control over how email addresses are handled, we may update this policy to include new measures such as encryption standards for emailing.
10. Reporting Concerns
Employees are encouraged to report any concerns, breaches, or potential violations of this policy to their manager or the designated Data Privacy Officer (DPO). Reports may be made confidentially if necessary, and Neopraxis Innovations will ensure that any reported issues are investigated and addressed promptly.
Example:
If you notice that a colleague is improperly storing customer data on a personal device, you should report it to the DPO immediately, so corrective actions can be taken.