Privacy Policy

Diamax Information Systems Corporation (“Diamax,” “we,” “us,” or “our”) is a participant of the EU-US and Swiss-US Privacy Shield Frameworks, and adheres to the Privacy Shield Principles as designed by the U.S. Department of Commerce. To learn more about these frameworks and the associated Data Protection Authorities visit www. privacyshield.gov, and to verify our membership visit the Privacy Shield List.


Overview

The Purpose of this Privacy Policy is to announce that Diamax Information Systems Corporation is in compliance with the Privacy Shield Frameworks, and to notify our existing and potential clients of our commitment to subject to the Privacy Shield Principles all personal data received from the EU and/or Switzerland, as well as other jurisdiction where applicable. We believe our membership in this framework is in line with our traditional and continued values of transparent and principled handling of customer data and service.

In addition to demonstrating compliance with the Privacy Shield Frameworks, this policy is designed to help you understand what kinds of data is being used, how we treat that data, and some of the services and media used in capture and handling of that information. For a more thorough understanding of different laws and policies regarding your information, data, and rights, you are encouraged to visit the primary legal resource appropriate to your jurisdiction.

Given the recent and evolving nature of data protection legislation and the complexities involved, we routinely update the information in this Privacy Policy. We strongly advise any potential or existing clients to read it thoroughly and revisit it routinely. If changes to this Privacy Policy are deemed to be materially significant by us, Diamax will send an email to all participating clients notifying them that the Privacy Policy has been significantly changed and that they need to review the Privacy Policy to assess any potential impact it may have on their data usage and business policies and practices.

Data Processor- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Diamax is the data processor for your Personal Data, but may not be the only one. This privacy policy applies exclusively to Diamax Data Processing and any subsidiaries or third parties Diamax is responsible for. Diamax is not responsible or liable for other Data Processors that your Data Controller may contract with.

Data Controller- A data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Third Party-means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.


EU Data Subjects

Scope- This section applies if you are an individual located in the European Union (“EU”) (“EU Data Subject”). For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland.


Privacy Rights

  1. Right to withdraw consent. To the extent Diamax requests and you provide your consent to the processing of your Personal Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
  2. Right of access to and rectification of your Personal Information.​ Our technology allows individuals to access, edit, and manage their data based on the agreements with their Data Controller. In situations where the client is not able to edit or rectify their information, their Data Controller can request that we change this data so long as it is in line with agreed policies and contracts and not unlawful.
  3. Right to erasure (or, “Right to be Forgotten”).​ Our technology allows your information to be fully erased from our system and ensures your right to erasure. However, requests to have your data removed are dependent upon the specific contracts and policies that are in force with your Data Controller.
  4. Right to data portability. Diamax Technology allows for the export of data so that you can obtain pertinent Personal Information that you have consented to give for processing. However, the formatting and structure of the data being given to you may be dependent on the contract between the Diamax and your Data Controller.
  5. Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by your Data Controller (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) Your Data Controller no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether your Data Controller’s legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
  6. Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described by your Data Controller you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
  7. Retention of your Personal Information. Diamax retains all Personal Data unless (a) the technology is configured in a way where the individual has the ability to delete their account (b) the Data Controller has requested that the data be deleted on behalf of the individual (c) retaining the information is in violation of applicable laws.


The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:

  • cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
  • breach or prejudice the rights of confidentiality and security of others;
  • prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
  • otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.


Data Processed

Diamax is a Software as a Service company and Data Processor that provides data processing services to our clients, both solely and in conjunction with other data processing services. The types of Personal Data collected for processing is dependent upon what the Data Controller collects and what they send to us for Data Processing. The collection of Personal Data may not be equivalent with the data we process, so interested individuals should contact their applicable Data Controller to get specifics about collection of Personal Data.

Generally, Personal Data sent to us for processing includes data such as names, phone numbers, company name, job titles, email addresses, etc.; and is derived from customers, partners, vendors, and employees of our client.

Diamax may or may not be responsible for the method that the Data Controller gathers Personal Data, and individuals interested in understanding how this data is captured should contact their applicable Data Controller or review the applicable Data Controller’s Privacy Policy or Terms of Service.

Generally, our clients collect personal data through voluntary divulgence, third party publicly available databases or services, third party private purchases, third party nomination or submission, and automatically collected data (cookies, IP/URL tracking, etc.).


Data Usage

The use of Personal Data is dependent upon the Data Controller and may be affected by the specific Terms of Use or client conditions. Diamax conforms its data processing to the specific requests and needs of the Data Controller, contractual obligations, and redressing of technical problems (unless prohibited by law).

Generally, data processing is used for providing member services and support, marketing, profiling (including user experience and design), and integration with Third Parties.


Inquiries or Complaints

When you make a request, we may verify your identity to protect your privacy and security.

If you have any questions or complaints regarding our Privacy Policy or our role in handling your data, please contact our Data Protection Officer:

E-Mail: privacy@diamax.com

Mailing Address:              ATTN: Data Protection Officer

                                      Diamax Information Systems

                                      1934 Old Gallows Road, Suite 350

               Tysons Corner, VA 22182

 

Third Party Disclosure

Diamax uses a limited number of third-party service providers, which may include services centered around support, network and technical operations, as well as online shopping and Targeted Advertising. The specific Third Parties Diamax contracts with are dependent upon the Data Controller and the specific requirements for integrations and Third Party usage stipulated in their contract.

In these cases where an Onward Transfer of your personal data occurs, Diamax does so under the standards for EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield programs, which require us to follow the Privacy Shield Principles of notice, choice, accountability for onward transfers, security, data integrity, and purpose limitation, access, recourse, enforcement, and liability.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individuals located in Europe or Switzerland who believe we are not following the Privacy Shield Principles are encouraged to contact us at Privacy@diamax.com. In cases where you believe your privacy concerns are not being addressed, you can also contact the International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA). ICDR/AAA provides independent dispute resolution services at no charge to you. If you feel that your concerns have not been resolved after reaching out to ICDR/AAA, you can request that your complaint be resolved through binding arbitration.

Linked Websites: Diamax provides links to third party websites operated by organizations not affiliated with Diamax. Diamax does not disclose your information to organizations operating such linked third party websites. Diamax does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by or given to Diamax on behalf of the Data Collectors.


Rights of Individuals to Access their Data

Diamax acknowledges the rights of EU individuals to access their Personal Data and limit the use and disclosure of it. Diamax respects individual data rights and has committed to them through the Privacy Shield Frameworks. Upon reasonable request to rectify, edit, request access, or limit disclosure of your Personal Data, you may contact Diamax with your request and specific Data Controller, and we will contact them about responding to your request. Likewise, you can directly contact your Data Controller and they can contact us about your requests. We will respond to requests as required and within 30 days.


Choices for Limiting Disclosure of Personal Data

As a Data Processor Diamax is limited in its ability to delete or alter any information entrusted to us by any person organization other than the authorized Data Controller or government authority. Individuals concerned about disclosure of their Personal Data should look at the specific disclosure terms of their Data Controller. The Data Controller should have direct marketing, cookie, and other “opt-out” features to allow individuals to control the disclosure and erasure of Personal Data.

In cases where Personal Data is deemed to have been unlawfully collected or a material breech of the Data Controller’s stated policies have occurred, Diamax may be obligated to alter Personal Data to remain in compliance with the Privacy Shield Principles.


How We Secure Information

Diamax implements security measures and systems to ensure confidentiality, integrity, and availability of our data. Our team follows industry standard best practices and protocols which include, but are not limited to, Security Audits, Encryption, and Limiting Data Access. For a more comprehensive look at our security policies, please visit our Security Policy page.


Your Responsibilities: Please recognize that protecting your Personal Data is also your responsibility. We ask you to be responsible for safeguarding your password, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Diamax of any unauthorized use of your password. Diamax cannot secure Personal Information that you release on your own or that you request us to release.

Your information collected through the Service may be stored and processed in the United States or any other country in which Diamax or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.


Children's Privacy

Diamax is committed to protecting the privacy of children as well as adults. While Diamax Technologies are not purchased or licensed by anyone under the age of 18, some Data Collectors target audience may be children. In these cases, a review of the site to make sure that they are COPPA (Children’s Online Privacy Protection Act) and GDPR compliant is undertaken.


Governing Body

Diamax’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.


Third Party Arbitration

In the event of a complaint that requires third party arbitration, a complaint may be filed here https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim with JAMS Mediation, Arbitration, and ADR Services (https://www.jamsadr.com/eu-us-privacy-shield)