data security

Vinetegrate (“Company”) is committed to ensuring the security of the data of its customers who use the web-based SaaS application “VineConnect” (“Application”). This Data Security Policy sets forth the measures that Company takes to safeguard customer data.

Data Collection and Use
Company collects and uses customer data solely for the purpose of providing the Application to its customers. The data collected may include personal information, business information, and other data related to the use of the Application. Company uses this data to provide the Application to its customers and to improve the functionality and performance of the Application.

Data Storage and Retention
Company stores customer data in secure servers located in the United States. Company retains customer data for as long as necessary to provide the Application to its customers and for a reasonable period thereafter for backup and archival purposes. Company takes appropriate measures to protect customer data from unauthorized access, disclosure, alteration, and destruction.

Data Security Measures
Company takes the following data security measures to safeguard customer data:

• a) Encryption: Company encrypts customer data both in transit and at rest using industry-standard encryption protocols.
• b) Access Control: Company restricts access to customer data to authorized personnel who have a need-to-know and who have undergone appropriate security training. Access to customer data is granted on a need-to-know basis and is strictly monitored and audited.
• c) Monitoring and Alerting: Company monitors the Application for any unusual activity or suspicious behavior and takes appropriate action to investigate and mitigate any potential threats.
• d) Incident Response: Company has an incident response plan in place to promptly respond to and mitigate any security incidents or breaches involving customer data.

Third-Party Service Providers
Company may engage third-party service providers to assist in providing the Application to its customers. Company takes appropriate measures to ensure that such service providers have appropriate data security measures in place and comply with applicable data privacy laws and regulations.

Compliance with Data Privacy Laws
Company complies with all applicable data privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Company takes appropriate measures to protect the privacy rights of its customers and to ensure that customer data is processed lawfully and fairly.

Employee Training and Awareness
Company provides its employees with appropriate security training and awareness programs to ensure that they understand the importance of data security and are able to identify and respond to potential security threats.

Updates to Data Security Policy
Company may update this Data Security Policy from time to time to reflect changes in applicable laws, regulations, or security best practices. Company will notify its customers of any material changes to this Data Security Policy.

If you have any questions or concerns regarding the security of your data in connection with the Application, please contact our DataOps team at dm@vinetegrate.com.

This Data Security Policy was last updated on March 1st, 2023.