HR Practitioners, Business Leaders, Athletes, Scientists, Psychologists, Developers, Engineers, Artists, Scholars, Soldiers, Officers, Teachers, Analysts, Students and Entrepreneurs have come together to provide a solution to solve complex, people challenges in an easy-to-deploy ripple-like format to make big waves. Our people care about individuals and providing the best possible environment and mindset for people to feel ready to perform.
Rippleworx Inc. is the data controller of your personal data. When we mention Ripple, we, us or our in this privacy notice, we mean Rippleworx Inc.
This privacy notice tells you how Ripple collects and processes information that may identify you (personal data) when you use our platform.
Our privacy notice was last updated on 15 October 2018. We’re likely to update in the future and we will let you know about any significant changes. Please come back and check from time to time. If you have questions about this privacy notice you can get in touch with us by emailing email@example.com.
We may collect the following information about you:
4.1 The Ripple platform collects name, email address, and optionally phone number about all users. This information is used for authentication purposes within the platform and can be extended for each tenant per the service agreement for said tenant. Any custom fields or data points specified and collected by the tenant are for the tenants own purposes and use and are not disseminated to any third parties without the written consent of said tenant.
4.2 Information that indirectly identifies you. We automatically receive and record information from your device or web browser when you interact with our website, for example your internet protocol (IP) address, mobile device ID, time zone setting, location data, language preference, operating system and platform.
4.3 Location data. The Ripple platform does not collect or store location data pertaining to the user. The platform does attempt to determine the localization settings for each user in order to show the appropriate language, time-zone and date settings.
4.4 Profile data. See 4.1
5.1 We aggregate personal data we collect, such as the number and frequency of your visits to our sites and apps, to produce metrics and statistical information. We may share this data with third parties. The Ripple platform aggregates the tenant specific custom fields and data-points into usable metric and statistical information. This aggregated metric and statistical information is not disseminated to any third parties without the written consent of said tenant
5.2 We do not share aggregated, anonymized, information with any third parties without written consent of said tenant.
5.3 We combine information about you with information about other users to create audience segments of aggregated data, for example, statistical, demographic and usage data. If we combine or connect aggregated data with personal data we treat the combined data as personal data and deal with it in accordance with this privacy notice. [CP1]
6.1 The personal data defined in 4.1 and by each tenant is collected via the Ripple Worx Platform.
6.2 Our platform continuously collects data about the actions of each user on the platform. This information is contained within encrypted log-files and is not easily available for consumption.
The RippleWorx platform does not use personal data for any other purposes than those written here-in or contained within a tenant’s service agreement.
8.1 We take steps to safeguard your information by putting in place appropriate security measures to prevent personal data from being accidentally lost, used, accessed in an unauthorized way (such as a breach), altered or disclosed.
8.2 Access to personal data is controlled and managed by tenant’s service agreement and the tenant’s platform security configuration. Ripple does not disseminate any tenant personal data to third parties without the written consent of said tenant.
8.3 We do not guarantee or warrant that security measures will prevent data breaches. We have procedures to deal with suspected data breaches. We will notify you and the relevant regulator of any data breach as legally required.
9.1 Personal data, backup and/or log retention policies and schedules are configured platform wide and may be customized to meet tenant and/or legal requirements. This is specified in the tenant’s service agreement.
9.2 We may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely.
Browsers and devices have tools that allow you to disable cookies on sites and apps. If you disable cookies you may not be able to access all the features of our services. We suggest that you keep our essential cookies (described below) active for a better user experience and to help us keep improving and developing our products and services.
10.1 Essential Cookies
Session cookies remember you during your session on our sites and apps they are deleted when you log out of the site and when you close your web browser
Analytics cookies are used by us and by third parties who process data for us for data analytics purposes (for example Google Analytics) so that we can manage and improve the performance and design of our sites and apps and for monitoring, auditing, research and reporting
We may collect the following personal data through essential cookies: a unique ID assigned to your device; IP address; device and browser type; operating system; referring URLs; content viewed or other actions taken on our sites and apps; time and date of those actions; country and language selected.
You have the right to complain about data privacy matters to the relevant data protection regulator in your country of residence. We invite you to raise your concerns with us first, so that we can try to resolve them.
California privacy rights Under California Civil Code sections 1798.83- 1798.84, California residents are entitled to ask for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties.
- By registering for and/or using the Services in any manner, including but not limited to visiting or browsing the Site, you agree to this User Agreement and all other operating rules, policies and procedures that may be published from time to time on the Site by us, each of which is incorporated by reference and each of which may be updated from time to time without notice to you.
- Certain of the Services may be subject to additional terms and conditions specified by us from time to time; your use of such Services is subject to those additional terms and conditions, which are incorporated into this User Agreement by this reference.
- This User Agreement applies to all users of the Services.
- ARBITRATION NOTICE AND CLASS ACTION WAIVER: EXCEPT FOR CERTAIN TYPES OF DISPUTES DESCRIBED IN THE ARBITRATION SECTION BELOW OR WHERE PROHIBITED BY APPLICABLE LAW, YOU AGREE THAT DISPUTES BETWEEN YOU AND US WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION AND YOU WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.
If you are below the age of consent under applicable law in the country in which you reside, then your parent or legal guardian must read and accept the terms and conditions of this User Agreement in your name and on your behalf.
You represent and warrant that you are at least 13 years of age. If you are under age 13, you may not, under any circumstances or for any reason, use the Services. This site is not targeted to nor meant for anyone who has not reached 13 years of age. If you become aware of anyone using the Ripple services who is under the age of 13, please report this to: firstname.lastname@example.org. We will not knowingly collect information from anyone under the age of 11.
We may, in our sole discretion, refuse to offer the Services to any person or entity and change its eligibility criteria at any time.
You are solely responsible for ensuring that your use of the Services is in compliance with all laws, rules and regulations applicable to you. If the applicable law in the country in which you reside requires that you must be older than 13 to receive certain services, then the minimum age is the legally defined one. If you are a minor, you may wish to consult your parents about what portions of the site are appropriate for you. The right to access the Services is revoked where this User Agreement or use of the Services is prohibited or to the extent offering, sale or provision of the Services conflicts with any applicable law, rule or regulation.
Further, the Services are offered only for your use, and not for the use or benefit of any third party.
Definition. For purposes of this User Agreement, the term "Content" includes, without limitation, information, data, text, photographs, videos, audio clips, written posts, articles, comments, software, scripts, graphics, and interactive features generated, provided, or otherwise made accessible on or through the Services.
You acknowledge that all Content accessed by you using the Services is at your own risk and you will be solely responsible for any damage or loss to you or any other party resulting therefrom. We do not guarantee that any Content you access on or through the Services is or will continue to be accurate.
Intellectual Property Rights. The Services may contain Content specifically provided by us or our partners and such Content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. You shall abide by all copyright notices, information, and restrictions contained in any Content accessed through the Services. The trademarks, logos, trade names and service marks, whether registered or unregistered (collectively the “Trademarks”) displayed on the Site are Trademarks of Ripple and its third party partners. Nothing contained on Ripple Site shall be construed as granting by implication or otherwise, any license or right to use any Trademark displayed on the Ripple Site without the written permission of Ripple or such third party that may own the Trademark.
Any unauthorized commercial use of the Content, including Trademarks, will violate the intellectual property rights of Ripple and/or third parties associated with Ripple and will be subject to Ripple’s and/or those third party’s full legal rights and remedies.
Use License. Subject to this User Agreement, we grant each user of the Services a worldwide, non-exclusive, revocable, non-sublicensable and non-transferable license to view, print, download, and display locally Content, to the extent we hold such rights, solely for purposes of using the Services. Use, reproduction, modification, distribution or storage of any Content for other than purposes of using the Services is expressly prohibited without prior written permission from us. You shall not sell, license, rent, or otherwise use or exploit any Content for commercial use or in any way that violates any third party right.
Availability of Content. We do not guarantee that any Content will be made available on the Site or through the Services. We reserve the right to, but do not have any obligation to, (i) remove, edit, modify or otherwise manipulate any Content in our sole discretion, at any time, without notice to you and for any reason (including, but not limited to, upon receipt of claims or allegations from third parties or authorities relating to such Content or if we are concerned that you may have violated this User Agreement), or for no reason at all and (ii) to remove or block any Content from the Services.
- infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any other person or entity or violates any law or contractual duty;
- you know is false, misleading, untruthful or inaccurate;
- is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, tortuous, obscene, vulgar, pornographic, offensive, profane, contains or depicts nudity, contains or depicts sexual activity, or is otherwise inappropriate as determined by us in our sole discretion;
- constitutes unauthorized or unsolicited advertising, junk or bulk e-mail ("spamming");
- contains software viruses or any other computer codes, files, or programs that are designed or intended to disrupt, damage, limit or interfere with the proper function of any software, hardware, or telecommunications equipment or to damage or obtain unauthorized access to any system, data, password or other information of ours or of any third party;
- impersonates any person or entity, including any of our employees or representatives; or
- includes anyone's identification documents or sensitive financial information.
You shall not: (i) take any action that imposes or may impose (as determined by us in our sole discretion) an unreasonable or disproportionately large load on our (or our third party providers') infrastructure; (ii) interfere or attempt to interfere with the proper working of the Services or any activities conducted on the Services; (iii) bypass, circumvent or attempt to bypass or circumvent any measures we may use to prevent or restrict access to the Services (or other accounts, computer systems or networks connected to the Services); (iv) run any form of auto-responder or "spam" on the Services; (v) use manual or automated software, devices, or other processes to "crawl" or "spider" any page of the Site; (vi) harvest or scrape any Content from the Services; or (vii) otherwise take any action in violation of our guidelines and policies.
You shall not (directly or indirectly): (i) decipher, decompile, disassemble, reverse engineer or otherwise attempt to derive any source code or underlying ideas or algorithms of any part of the Services (including without limitation any application), except to the limited extent applicable laws specifically prohibit such restriction, (ii) modify, translate, or otherwise create derivative works of any part of the Services, or (iii) copy, rent, lease, distribute, or otherwise transfer any of the rights that you receive hereunder. You shall abide by all applicable local, state, national and international laws and regulations.
We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this User Agreement, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect the rights, property or safety of us, our users and the public.
Termination. We may terminate your access to all or any part of the Services at any time, with or without cause, with or without notice, effective immediately, which may result in the forfeiture and destruction of all information associated with your membership. If you wish to terminate your Account, you may do so by following the instructions on the Site or through the Services. All provisions of this User Agreement which by their nature should survive termination shall survive termination, including, without limitation, licenses of User Content, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
We have no special relationship with or fiduciary duty to you. You release us from all liability for you having acquired or not acquired Content through the Services. We make no representations concerning any Content contained in or accessed through the Services. Except where such disclaimer of liability is prohibited by applicable law, we will not be responsible or liable for the accuracy, copyright compliance, or legality of material or Content contained in or accessed through the Services.
THE SERVICES AND CONTENT ARE PROVIDED "AS IS", "AS AVAILABLE" AND WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE OR USAGE OF TRADE, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. WE, AND OUR DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, PARTNERS AND CONTENT PROVIDERS DO NOT WARRANT THAT: (I) THE SERVICES WILL BE SECURE OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; (II) ANY DEFECTS OR ERRORS WILL BE CORRECTED; (III) ANY CONTENT OR SOFTWARE AVAILABLE AT OR THROUGH THE SERVICES IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (IV) THE RESULTS OF USING THE SERVICES WILL MEET YOUR REQUIREMENTS. YOUR USE OF THE SERVICES IS SOLELY AT YOUR OWN RISK. PLEASE NOTE THAT SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.
Limitation of Liability. IN NO EVENT SHALL WE NOR OUR AFFILIATES, NOR OUR OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, PARTNERS, CONTRACTORS, OR SUPPLIERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SERVICES (I) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, COMPENSATORY OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (III) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) $500.00. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY OR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
ARBITRATION CLAUSE AND CLASS ACTION WAIVER—IMPORTANT—PLEASE REVIEW AS THIS AFFECTS YOUR LEGAL RIGHTS.
Arbitration. YOU AGREE THAT ALL DISPUTES BETWEEN YOU AND US (WHETHER OR NOT SUCH DISPUTE INVOLVES A THIRD PARTY) WITH REGARD TO YOUR RELATIONSHIP WITH US, INCLUDING WITHOUT LIMITATION DISPUTES RELATED TO THIS USER AGREEMENT, YOUR USE OF THE SERVICES, AND/OR RIGHTS OF PRIVACY AND/OR PUBLICITY, WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION UNDER THE AMERICAN ARBITRATION ASSOCIATION'S RULES FOR ARBITRATION OF CONSUMER-RELATED DISPUTES AND YOU AND WE HEREBY EXPRESSLY WAIVE TRIAL BY JURY. DISCOVERY AND RIGHTS TO APPEAL IN ARBITRATION ARE GENERALLY MORE LIMITED THAN IN A LAWSUIT, AND OTHER RIGHTS THAT YOU AND WE WOULD HAVE IN COURT MAY NOT BE AVAILABLE IN ARBITRATION. Neither you nor we will participate in a class action or class-wide arbitration for any claims covered by this agreement to arbitrate. YOU ARE GIVING UP YOUR RIGHT TO PARTICIPATE AS A CLASS REPRESENTATIVE OR CLASS MEMBER ON ANY CLASS CLAIM YOU MAY HAVE AGAINST US INCLUDING ANY RIGHT TO CLASS ARBITRATION OR ANY CONSOLIDATION OF INDIVIDUAL ARBITRATIONS. You also agree not to participate in claims brought in a private attorney general or representative capacity, or consolidated claims involving another person's account, if we are a party to the proceeding. This dispute resolution provision will be governed by the Federal Arbitration Act and not by any state law concerning arbitration. In the event the American Arbitration Association is unwilling or unable to set a hearing date within one hundred and sixty (160) days of filing the case, then either we or you can elect to have the arbitration administered instead by the Judicial Arbitration and Mediation Services. Judgment on the award rendered by the arbitrator may be entered in any court having competent jurisdiction. Any provision of applicable law notwithstanding, the arbitrator will not have authority to award damages, remedies or awards that conflict with this User Agreement.
Modification. We reserve the right, in our sole discretion, to modify or replace any part of this User Agreement, or change, suspend, or discontinue the Services (including without limitation, the availability of any feature, database, or content) at any time by posting a notice on the Site or by sending you notice through the Services, via e-mail or by another appropriate means of electronic communication. We may also impose limits on certain features and services or restrict your access to parts or all of the Services without notice or liability. While we will timely provide notice of modifications, it is also your responsibility to check this User Agreement periodically for changes. Your continued use of the Services following notification of any changes to this User Agreement constitutes acceptance of those changes.
Entire Agreement and Severability. This User Agreement is the entire agreement between you and us with respect to the Services, including use of the Site, and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between you and us with respect to the Services. If any provision of this User Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this User Agreement will otherwise remain in full force and effect and enforceable.
Force Majeure. We shall not be liable for any failure to perform our obligations hereunder where such failure results from any cause beyond our reasonable control, including, without limitation, mechanical, electronic or communications failure or degradation.
Assignment. This User Agreement is personal to you, and is not assignable, transferable or sublicensable by you except with our prior written consent. We may assign, transfer or delegate any of our rights and obligations hereunder without consent.
Agency. No agency, partnership, joint venture, or employment relationship is created as a result of this User Agreement and neither party has any authority of any kind to bind the other in any respect.
No Waiver. Our failure to enforce any part of this User Agreement shall not constitute a waiver of our right to later enforce that or any other part of this User Agreement. Waiver of compliance in any particular instance does not mean that we will waive compliance in the future. In order for any waiver of compliance with this User Agreement to be binding, we must provide you with written notice of such waiver through one of our authorized representatives.
Contact and Company details. Rippleworx, Inc. is a Delaware corporation with its headquarters at 1102 Towne Creek Place, Huntsville, AL 35806. You may contact us at the following address: 1102 Towne Creek Place, Huntsville, AL 35806, or at the following email address: email@example.com.
Contact and Company Details:
Rippleworx, Inc. is a Delaware corporation with its headquarters at: 1102 Towne Creek Place, Huntsville, AL 35806.
You may contact us at the following address: 1102 Towne Creek Place, Huntsville, AL 35806.
Rippleworx processes customer personal data for the purpose of consulting and support of our applicant and employee management software. Rippleworx accesses personal data at the direction of customers for the purpose of fulfilling its contractual obligations and limits the processing of data to the purpose stipulated in the contract. Therefore, when we receive personal data at the direction of customers from the European Union, the United Kingdom, and Switzerland, we may use such data in order to:• Provide technical support to fulfill our contractual obligations;• Evaluate the quality of our services;• For internaladministrative and analytics purposes; and• Comply with our legal obligations, policies and procedures.
Rippleworx accesses personal data as defined below:
1. Employee details:
• Personnel Master Data (title, last name, first name, dateof birth, address, email address.
• Personnel data (CV, assessments, interim reports, training, certifications, events, notes, personnel number, entry date).
2. Details of applicants:
• Applicants‘ Master Data (title, last name, first name, date of birth, address, country, profile picture, title, LinkedIn profile)
• Application data (CV, certificates, evaluations, application type contact details, email address,
• Applicant first name
• Applicant last name
• Date of birth
• Profile picture
• Application type
• Telephone (office), mobile phone
We do not collect special categories of personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield Frameworks.
We may share personal data with affiliates, but only to effectuate the limited purposes stated above.
In case of questions or complaints with regard to the covered data, please contact:
In the U.S.:
Data Protection Coordinator
315 Franklin Street
Huntsville, AL 35801
Rippleworx will respond within 45 days of receiving a complaint.We have committed to cooperate and comply with JAMS with regard to unresolved Privacy Shield complaints regarding personal data transferred from the European Union, the United Kingdom,and Switzerland.If you have not received a timely or satisfactory response from Rippleworx to your question or complaint, please contact the independent recourse mechanism (at no cost) listed below.JAMS: https://www.jamsadr.com/eu-us-privacy-shieldIf you have any complaints regarding Rippleworx’s compliance with the Privacy Shield, you should first contact us as provided above. If Rippleworx does not resolve your complaint, you may raise your complaint with JAMS. The dispute resolution process shall be conducted in English.If neither Rippleworx nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration.Under the Privacy Shield, Rippleworx is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Rippleworx has implemented physical and technical measures to ensure personal information is adequately secured against loss, unauthorized access, use, modification, destruction, disclosure, and other misuse while at rest, in motion, and in process. Personal electronic data is subject to appropriate stringent controls, such as passwords, encryption,access logs, back-ups, etc.
Rippleworx does not disclose personal data to third parties. Liability for the actions of agent processors does not apply since we do not transfer information to third parties and only access personal data at the direction of our customers based on contractual obligations.
Rippleworx will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Rippleworx provides consumers, customers, suppliers and others with confirmation of whether or not Rippleworx is processing personal data relating to them and reasonable access to personal data maintained about them. We also provide a reasonable opportunity to correct, amend or delete that information where it is inaccurate. We may limit or deny access to personal data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield Principles. Rippleworx can only access personal data at the direction of customers in order to fulfill contractual obligations. If you wish to request access, to limit use, or to limit disclosure, please provide the name of the Rippleworx customer who submitted your data to our services. We will refer your request to that customer and support that customer as needed responding to your request.
Rippleworx does not disclose personal data to third parties and we do not use personal data for purposes incompatible with the purposes for which the information was originally collected. If we ever were to do either of the above activities, we would notify the relevant data subjects with an opportunity to optout of such uses and disclosures. Rippleworx also reserves the right to transfer personal data in the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, Rippleworx will use reasonable efforts to direct the transferee to use personal data in a manner that is consistent with this policy. Following such a sale or transfer, consumers may contact the entity to which Rippleworx transferred their personal data with any inquiries concerning the processing of that information.
Last Updated: 07/01/2020
The purpose of the policy is to establish the goals and the vision for the breach response process. This policy will clearly define to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms. The policy shall be well publicized and made easily available to all personnel whose duties involve data privacy and security protection. RippleWorx, Inc Information Security's intentions for publishing a Data Breach Response Policy are to focus significant attention on data security and data security breaches and how RippleWorx, Inc’s established culture of openness, trust and integrity should respond to such activity. RippleWorx, Inc’s Information Security is committed to protecting RippleWorx, Inc employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
This policy mandates that any individual who suspects that a theft, breach or exposure of RippleWorx, Inc Protected data or RippleWorx, Inc Sensitive data has occurred must immediately provide a description of what occurred via e-mail to firstname.lastname@example.org, by contacting your RippleWorx Project Manager, or through the use of the help desk reporting web page at FreshDesk Support.
This e-mail address, phone number, and web page are monitored by the RippleWorx, Inc Information Security Administrator. This team will investigate all reported thefts, data breaches and exposures to confirm if a theft, breach or exposure has occurred. If a theft, breach or exposure has occurred, the Information Security Administrator will follow the appropriate procedure in place.
This policy applies to all whom collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle personally identifiable information or Protected Health Information (PHI) of RippleWorx, Inc members. Any agreements with vendors will contain language similar that protects the fund.
As soon as a theft, data breach or exposure containing RippleWorx, Inc’s Protected data or RippleWorx, Inc’s Sensitive data is identified, the process of removing all access to that resource will begin. The Executive Director will chair an incident response team to handle the breach or exposure. The team will include members from:
• IT Infrastructure
• IT Applications
• Finance (if applicable)
• Member Services (if Member data is affected)
• Human Resources
• The affected unit or department that uses the involved system or output or whose data may have been breached or exposed
• Additional departments based on the data type involved, Additional individuals as deemed necessary by the Executive Director
Confirmed theft, breach or exposure of RippleWorx, Inc’s data
The Executive Director will be notified of the theft, breach or exposure. IT, along with the designated forensic team, will analyze the breach or exposure to determine the root cause.
Work with Forensic Investigators
As provided by RippleWorx, Inc’s cyber insurance, the insurer will need to provide access to forensic investigators and experts that will determine how the breach or exposure occurred; the types of data involved; the number of internal/external individuals and/or organizations impacted; and analyze the breach or exposure to determine the root cause.
Develop a communication plan
Work with RippleWorx, Inc’s communications, legal and human resource departments to decide how to communicate the breach to: a) internal employees, b) the public, and c) those directly affected.
Roles & Responsibilities
• Sponsors - Sponsors are those members of the RippleWorx, Inc community that have primary responsibility for maintaining any particular information resource. Sponsors may be designated by any RippleWorx, Inc’s Executive in connection with their administrative responsibilities, or by the actual sponsorship, collection, development, or storage of information.
• Information Security Administrator is that member of the RippleWorx, Inc community, designated by the Executive Director or the Director, Information Technology (IT) Infrastructure, who provides administrative support for the implementation, oversight and coordination of security procedures and systems with respect to specific information resources in consultation with the relevant Sponsors.
• Users include virtually all members of the RippleWorx, Inc community to the extent they have authorized access to information resources, and may include staff, trustees, contractors, consultants, interns, temporary employees and volunteers.
• The Incident Response Team shall be chaired by Executive Management and shall include, but will not be limited to, the following departments or their representatives: IT-Infrastructure, IT-Application Security; Communications; Legal; Management; Financial Services, Member Services; Human Resources.
Any RippleWorx, Inc personnel found in violation of this policy may be subject to disciplinary action, up to and including termination of employment. Any third party partner company found in violation may have their network connection terminated.
Encryption or encrypted data – The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text;
Plain text – Unencrypted data.
Hacker – A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s).
Protected Health Information (PHI) - Under US law is any information about health status, provision of health care, or payment for health care that is created or collected by a "Covered Entity" (or a Business Associate of a Covered Entity), and can be linked to a specific individual.
Personally Identifiable Information (PII) - Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered
Protected data - See PII and PHI
Information Resource - The data and information assets of an organization, department or unit.
Safeguards - Countermeasures, controls put in place to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Safeguards help to reduce the risk of damage or loss by stopping, deterring, or slowing down an attack against an asset.
Sensitive data - Data that is encrypted or in plain text and contains PII or PHI data. See PII and PHI above.
Date of Revision: July 9th, 2019
Author: Jason DeVine
Description of Changes: Initial Version