Excelsior Personal Information Policy

1. Introduction

1.1 Purpose This Personal Information Policy outlines the principles and guidelines governing the collection, use, disclosure, and protection of personal information by Excelsior.

1.2 Scope This policy applies to all employees, contractors, and third-party service providers who may have access to personal information in the course of their duties.

2. Definitions

2.1 Personal Information For the purpose of this policy, "personal information" refers to any information that identifies or can be used to identify an individual, including but not limited to name, contact information, identification numbers, and online identifiers.

3. Collection of Personal Information

3.1 Consent Whenever possible, we will obtain the explicit consent of individuals before collecting their personal information. Consent may be obtained through written, verbal, or electronic means.

3.2 Purpose Limitation Personal information will only be collected for specified, explicit, and legitimate purposes. Any additional use of the information will require further consent from the individual.

4. Use and Disclosure of Personal Information

4.1 Limited Access Access to personal information will be restricted to employees, contractors, and third-party service providers on a need-to-know basis.

4.2 Third-Party Disclosure We will not disclose personal information to third parties without the explicit consent of the individual, except where required or permitted by law.

5. Data Security

5.1 Data Protection Measures We will implement reasonable and appropriate security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction.

5.2 Data Breach Response In the event of a data breach involving personal information, we will promptly assess the situation, take appropriate remedial action, and notify affected individuals and relevant authorities as required by law.

6. Data Retention

6.1 Retention Period Personal information will only be retained for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

7. Individual Rights

7.1 Access and Correction Individuals have the right to access their personal information and request corrections where necessary.

7.2 Right to be Forgotten Individuals have the right to request the deletion of their personal information when it is no longer necessary for the purposes for which it was collected.

8. Compliance and Training

8.1 Compliance with Laws We will comply with all applicable privacy laws and regulations.

8.2 Employee Training Employees will receive training on the responsible handling of personal information and the requirements of this policy.

9. Review and Update

9.1 Regular Review This policy will be regularly reviewed and updated to ensure its continued relevance and compliance with privacy laws.

10. Contact Information

For questions or concerns regarding this Personal Information Policy, please contact us

Date of Last Revision: 11/19/2023

By adopting and implementing this Personal Information Policy, Excelsior aims to demonstrate its commitment to the responsible and ethical handling of personal information.