Introduction
RazorERP is committed to conducting its business following all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. This policy sets forth the expected behavior of RazorERP’s staff, partners, and associates, concerning the collection, use, retention, transfer, disclosure, and destruction of any Personal Data or other data belonging to a RazorERP customer or partner. RazorERP may collect, store and process such data to aid it in performing the Services, including for testing and applying new product or system versions, patches, updates, and upgrades, and resolving bugs and other issues You have reported to Razor. RazorERP respects your right to ownership of such data created or provided by you, and unless specifically permitted by you, RazorERP will not adapt, modify, publish or distribute the data generated/provided by you or stored in your user account for RazorERP’s marketing or sales purposes. However, you hereby grant RazorERP permission to access, copy, distribute, store, transmit and reformat the content of your user account solely as required for providing the Services to you.
RazorERP, as a Data Controller, is responsible for ensuring compliance with the Data Protection requirements outlined in this policy. Non-compliance may expose RazorERP to complaints, regulatory action, fines, and/or reputational damage. RazorERP’s leadership is fully committed to ensuring continued and effective implementation of this policy and expects all its employees and partners to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.
Definitions
Aims & Goals
The ultimate goals of this policy are to protect RazorERP from the risks of a data breach, disclose how RazorERP stores and processes individuals’ data, protect the rights of RazorERP’s customers, staff, members, and stakeholders, and comply with all applicable regulations and international best practices concerning data collection, processing, storage, and protection.
This Data Policy applies worldwide to RazorERP and is based on globally accepted, basic principles of data protection. By creating strong data protection framework, RazorERP seeks to build its credibility and trustworthy relationships with its customers, partners, and associates. This Data Policy is drafted as a practical and easy-to-understand document to which all RazorERP customers, staff, and partners can easily refer.
Scope of Our Data Policy
This policy applies to all RazorERP Employees and all third its party associates and partners responsible for the processing of data on behalf of RazorERP.
Principles of Data Collection and Processing
RazorERP has adopted the following principles to govern its collection, use, retention, transfer, disclosure, and destruction of Personal Data and other data:
Consent
RazorERP will obtain every data only by lawful and fair means and, where appropriate with the knowledge and consent of the Data Subject. Where a need exists to request and receive the consent of an individual before the collection, use, or disclosure of their data, RazorERP will endeavor to use all approved legal means to obtain such consent.
Under certain circumstances, it shall be permissible to share data without the knowledge or consent of the Data Subject. Such cases include the prevention or detection of crime, the apprehension or prosecution of offenders, the assessment or collection of a tax or duty, by order of a court, or by any rule of law. If a RazorERP staff processes any data for one of these purposes, then it may apply an exception to the processing rules outlined in this Data Policy but only to the extent that not doing so would be likely to prejudice the case in question.
Legitimate Interest
Any data may also be processed in a manner necessary to enforce the legitimate interest of RazorERP. Legitimate interests are generally of a legal (such as filing, enforcing, or defending against legal claims), audit, or financial nature. However, no data will be processed based on a legitimate interest if, in individual cases, there is evidence that the interests of the individual merit protection. Before data is processed, it must be determined whether there are interests that merit protection. Control measures that require the processing of data can be taken only if there is a legal obligation to do so or there is a legitimate reason. Even where a legitimate reason exists, the proportionality of the control measure must also be examined. The justified interests of the organization in performing the control measure (e.g., compliance with legal provisions and internal rules of RazorERP) must be weighed against any interests meriting protection that the individual affected by the measure may have in its exclusion, and cannot be performed unless appropriate.
How We Use Data
RazorERP uses all data obtained to provide the Services, for the seamless administration of its work processes, and the administration and management of customers’ accounts.
RazorERP uses the data:
In achieving these purposes listed above, we might transmit your data to third parties with whom we have a data processing agreement. However, rest assured that we do not sell or transmit your personal information to third parties for marketing purposes.
Legal Framework
RazorERP’s legal basis for collecting and using every data described in this Data Policy depends on the sort of data we collect, the specific context in which we collect such data, and the applicable laws. This Data Policy complies with the United States data protection laws, the internationally accepted data privacy principles and laws like the GDPR, and all other laws applicable in the countries of our customers and Data Subjects. The relevant national law will take precedence if it conflicts with this Data Policy, or if it has stricter requirements than this Data Policy. The content of this Data Policy will also be observed in the absence of corresponding national legislation. The reporting requirements for data processing under national laws shall at all times be observed. In the event of conflicts between applicable legislation and this Data Policy, RazorERP will work with the relevant country offices to find a practical solution that meets the relevant purposes of this Data Policy.
What Data We Collect
We only collect the data you provide us with through any forms on our platforms and your accounts. We may also use cookies, where necessary.
Rights of Data Subjects
All Data Subjects are entitled to request information on which data relating to him/her has been stored, how the data was collected, and for what intended purpose. If any personal data is transmitted to third parties the affected Data Subject shall be informed of such a possibility. If personal data is incorrect or incomplete, the Data Subject can demand that it be corrected or supplemented. Every Data Subject may also request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be observed. Finally, every Data Subject has the right to object to his/her data being processed, and this must be taken into account if the protection of his/her interests takes precedence over the interest of the data controller owing to a particular personal situation. This does not apply if a legal provision requires such data to be processed.
Transmission of Data
Transmission of personal data to recipients outside or within RazorERP is subject to the need to provide the Services to the customer and compliance by such recipients with this Data Policy. The data recipient must be required to use the data only for the defined purposes. This does not apply if the transmission is based on a legal obligation.
Retention of Data
For the convenience of re-enrolling you to the RazorERP Services, we retain data inputted into your RazorERP Service account for twelve (12) months after termination of the Service Agreement. Thereafter, RazorERP deletes the customer’s data. RazorERP makes no guarantees, nor assumes any liability, for any data deleted before the twelfth month after termination of the Service Agreement.
Confidentiality of Data
RazorERP will adopt physical, technical, and organizational measures to ensure the security of every piece of data. This includes the prevention of loss or damage, unauthorized alteration, access or processing, and other risks to which it may be exposed by human action or the physical or natural environment. All data shall be subject to data secrecy. RazorERP will ensure that any unauthorized collection, processing, or use of such data by any RazorERP employee is prohibited. RazorERP will also strive to ensure that its employees, associates, and partners are prohibited from using any data for private or commercial purposes, from disclosing any data to unauthorized persons, or making it available in any other way.
Security Framework
All data shall be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction. This applies regardless of whether any data is processed electronically or in paper form. Before the introduction of new methods of data processing, particularly new IT systems, technical and organizational measures to protect personal data must be defined and implemented. These measures must be based on the state of the art, the risks of processing, and the need to protect the data (determined by the process for information classification).
Compliance Checks
To confirm that an adequate level of compliance is being achieved by RazorERP concerning this Data Policy and all applicable data protection laws, the Team will carry out an annual data protection compliance audit for all such RazorERP data processes. The results of the audit shall be reported to the RazorERP Chief Executive Officer. The relevant data protection authority may also perform its audit of compliance with the regulations of this Policy, as permitted under any applicable law.
Violations and Sanctions
Any failure to comply with the current policy or to deliberately violate the rules set in the policy will result in the launch of an appropriate investigation by RazorERP. Depending on the gravity of the suspicion or accusations, RazorERP may suspend the affected staff or relations with the affected associate or partner pending the conclusion of the investigation, and this action will not be subject to challenge. Depending on the outcome of the independent investigation, if it comes to light that anyone associated with IMPACT has deliberately violated the rules set in the policy for its profit or any other usage of personal data, or has systematically and deliberately contravened with the principles and standards contained in this document, IMPACT will take immediate disciplinary action and any other action which may be appropriate to the circumstances. This may include disciplinary action/dismissal of erring staff, ending any partnership with an offending partner, or withdrawal of funding/support from such partner. Furthermore, RazorERP may, depending on the nature, circumstances, and location of the case and violation, consider involving authorities such as the police to ensure the protection of data and victims.
Implementation of this Policy
This policy has been approved by RazorERP’s Chief Executive Officer on January 1, 2022, and comes into effect immediately. It is subject to periodic review.
Availability of Data Policy
RazorERP seeks to ensure that all its customers are aware that their data is being processed and that they understand how the data is being used and how to exercise their rights. Thus, this Data Policy is made available to all RazorERP staff and available on request by individuals.
Data Policy Enforcement
To demonstrate our commitment to data protection, and to enhance the effectiveness of our compliance efforts, RazorERP actively employs individuals to oversee the administration of all activities related to data collection, processing, storage, and retention/deletion.
Data Subjects with a complaint about the Processing of their data should put forward the matter in writing to the Razor Support Team. An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The Team will inform the Data Subject of the progress and the outcome of the complaint within a reasonable period. If the issue cannot be resolved through consultation between the Data Subject and the Team, then the Data Subject may, at their option, seek redress by sending a formal complaint to the management of RazorERP.
Changes to this Policy
RazorERP reserves the right to update or change this Data Policy at any time and when we do, we shall give you notice of such changes and how they may affect you. Your continued use of our platforms and Services after such changes will constitute your acknowledgment of the changes and your consent to abide and be bound by the modified Data Policy.
Contact Us
If you have any questions or concerns about this Data Policy, please contact us at info@razorerp.com