Effective Date: January 14th, 2025

This Privacy and Compliance Policy explains how TalosConnect (“we,” “us,” or “our”) collects, uses, and protects personal data when providing mass notification services to enterprise customers (“Customers”) who use our platform to communicate with their employees and consultants (“End Users”). This Privacy and Compliance Policy is
incorporated by reference into our TalosConnect Software-as-a-Service (SaaS) Terms of Service, which governs overall use of our platform.

Data Ownership and Control
●Data Controller: TalosConnect acts as the Data Processor on behalf of our Customers.
●Data Owner: The Customer is the Data Controller, determining the purposes and means of processing personal data.
●End Users: Employees and consultants of our Customers whose personal data is processed through our mass notification platform.

TalosConnect processes personal data solely under the instructions of our Customers and does not determine how personal data is used beyond fulfilling contractual obligations.

Data Collection and Use
Personal Data Collected:
We may collect the following types of personal data, as provided by the Customer through direct input or integrated systems:
●Full name
●Mobile number
●Email address
●Job title (if provided)
●Company affiliation
●Location data (if enabled for geotargeted notifications)
●Any additional information supplied by the Customer through integrated systems (e.g., HR and Vendor Management Systems)

Purpose of Data Processing:
Personal data is processed for the following purposes:

●To deliver account notifications, updates, and alerts to End Users
●To manage opt-in/opt-out preferences
●To provide technical support and assistance
●To ensure compliance with applicable legal and regulatory requirements
●To generate anonymized, aggregated data for service improvements (without identifying any individual)

We do not use personal data for marketing purposes or share it with third parties unless instructed by the Customer or required by law.

Data Retention
TalosConnect retains personal data only for as long as necessary to fulfill the purposes outlined in this policy or as instructed by the Customer. Retention periods may vary depending on:
●The duration of the Customer’s contract
●Legal obligations
●Customer-specific retention policies

Upon termination of services, TalosConnect will securely delete or return all personal data to the Customer, following industry best practices.

Data Security
We implement robust technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

●Data Encryption: Personal data is encrypted both in transit (TLS) and at rest (AES-256).
●Access Controls: Strict role-based access controls ensure that only authorized personnel have access to sensitive data.
●Authentication: Multi-factor authentication (MFA) is enforced for all internal systems handling personal data.
●Audit Logs: Comprehensive logging and monitoring systems track data access and modification.
●Regular Security Audits: External penetration tests and security assessments are conducted regularly.

End User Rights
As TalosConnect processes data on behalf of Customers, End Users should direct requests regarding their personal data (such as access, correction, or deletion) to the respective Customer. TalosConnect will assist Customers in responding to these requests as required by applicable data protection laws, including but not limited to:

●Right of access
●Right to rectification
●Right to erasure (right to be forgotten)
●Right to restrict processing
●Right to data portability
●Right to object

Additional End User Rights Procedures:
●Detailed Request Process: Customers are encouraged to provide a clear, step-by-step guide (via their privacy portal or documentation) for End Users to submit requests.
●Assistance Protocol: TalosConnect will support Customers in managing these requests, ensuring a prompt and compliant process.
●Communication Channels: Dedicated channels (e.g., specific email addresses or web forms) should be established to facilitate these requests.

Data Integrity and Update Procedures
TalosConnect is committed to ensuring the accuracy and completeness of personal data. To support this:
●Data Accuracy: Customers should regularly review and update the personal data they provide.
●Update Mechanism: Formal procedures are in place for End Users and Customers to request corrections or updates. TalosConnect will provide technical support and guidance to secure these modifications.
●Periodic Reviews: Regular data audits may be conducted to verify that stored information remains accurate and current.

Compliance with Regulations
TalosConnect is committed to ensuring that our data processing practices comply with relevant data protection laws and industry standards, including but not limited to:
●General Data Protection Regulation (GDPR) for customers and End Users in the European Union
●California Consumer Privacy Act (CCPA) for customers and End Users in California, USA

●Telephone Consumer Protection Act (TCPA) for SMS and mass notification services in the USA
●ISO 27001 principles for information security management
Our platform is designed to support our Customers in meeting their own compliance obligations, including secure data handling, record-keeping, and consent management.

Incident Response
In the event of a data breach or security incident, TalosConnect will promptly:

●Investigate the incident and mitigate any potential harm.
●Notify affected Customers without undue delay.
●Provide Customers with all necessary information to comply with legal notification requirements.
●Review and update security measures to prevent future incidents.

Disclaimers and Limitations of Liability
TalosConnect provides its services on an “as-is” basis. While we implement robust security and data management measures, we do not guarantee uninterrupted or error-free service. In no event shall TalosConnect be liable for:

●Any indirect, incidental, consequential, or punitive damages arising from the use or inability to use our services.
●Any loss or damage resulting from data inaccuracies or service interruptions, except as expressly provided by applicable law.
For further details regarding privacy-related disclaimers and limitations, please refer to our TalosConnect Software-as-a-Service (SaaS) Terms of Service.
Contact Information and Expanded Details
For any questions regarding this Privacy and Compliance Policy or our data protection practices, please contact us at:
●TalosConnect Privacy Team
●Email: privacy@talosconnect.com
 

For privacy-related inquiries or to exercise your rights, please also review the related procedures outlined in our TalosConnect Software-as-a-Service (SaaS) Terms of Service.
Review and Updates
This policy will be reviewed regularly and updated as necessary to reflect changes in our practices or legal requirements