Biz-Tech Services Privacy Statement

Last Updated July 6, 2020

Your privacy is important to us. To better protect your privacy Biz-Tech Services, Inc. (“Biz-Tech”, “us” or “we”) provides this privacy statement (“Privacy Statement”) to describe the privacy practices that we follow when collecting and using information about you on our website (https://biz-techservices.com/), Acumatica or Sage  Marketplaces with Biz-Tech applications and integrations, and any other channel, application, or mobile feature that we operate (collectively, the “Services”). Please read this Privacy Statement closely before using the Services. It explains what information Biz-Tech Services collects, how Biz-Tech Services uses information that it has collected from or about you and others, and what we do to protect it. When you access or use the Services, certain information, including your Personal Information, may be collected, transferred, processed, stored, and in certain circumstances, disclosed as described in this Privacy Statement. This Privacy Statement complies with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Privacy Statement.

BY CREATING AN ACCOUNT ON OUR WEBSITE OR OTHERWISE PROVIDING US WITH YOURS OR OTHERS’ PERSONAL INFORMATION, YOU EXPRESSLY CONSENT TO THE INFORMATION HANDLING PRACTICES DESCRIBED IN THIS PRIVACY STATEMENT AND YOU ACKNOWLEDGE AND CONFIRM THAT YOU HAVE PERMISSION TO PROVIDE US WITH ALL PERSONAL INFORMATION PROVIDED. IF YOU DO NOT AGREE WITH THIS PRIVACY STATEMENT OR OUR TERMS OF USE, PLEASE DO NOT ACCESS, USE, OR REGISTER FOR AN ACCOUNT ON, THE SERVICES.

1. Information Biz-Tech Services Collects

 1.1. When Biz-Tech Services Collects Information

We collect data to provide the products and services you request on the Services, ease your navigation on the Services, communicate with you, and improve your experience using the Services. Some of this information is provided by you directly to us, such as when you:

• Register for an account;
• Purchase a product or service;
• Provide information through the use of an Acumatica or Sage subscription SaaS service or private cloud Enterprise Resource Planning (“ERP”) instance;
• Provide information to your Biz-Tech Services support team;
• Provide Biz-Tech Services feedback; or
• Sync, link, or otherwise connect with third party applications through your Acumatica subscription SaaS or Sage service or private cloud ERP.

Some of the information is collected through your interactions with the Services or third party websites and applications. We collect such data using technologies like Cookies and other tracking technologies, error reports, and usage data collected when you interact with our Services. Some of the information is collected from your use of, and interactions with, us and others on social media, including but not limited to YouTube®, Twitter®, Facebook®, and LinkedIn® (collectively, “Social Media”).

The Services may change over time and Biz-Tech Services may introduce new features that may collect new or different types of information. The data we collect depends on the products, services, and features of the Services that you use, and includes the following:

1.2. Personal Information

When you visit the Services without creating an account, you can browse without submitting Personal Information about yourself. In general, we collect Personal Information that you submit to us in the process of creating or editing your account and user profile on the Services or that you submit to us voluntarily through your use of the Services. Information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household is “Personal Information.”

In particular, the Services has collected the following categories of Personal Information from users in the last twelve (12) months. We obtain these categories of Personal Information with the methods described in more detail below.

	Category Of Personal Information	Do we collect? / Do we disclose for Business Purposes?
A.	Name, contact information, and other identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.	Yes	Yes
B.	Customer records such as other paper and electronic customer records containing Personal Information, such as name, signature, physical characteristics or description, address, telephone number.	Yes	Yes
C.	Characteristics of protected classifications under California or federal law such as characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, and disability.	Yes	Yes
D.	Commercial information such as records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.	Yes	Yes
E.	Biometric Information such as physiological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including facial recognition (subject to applicable laws and where relevant to the Services we provide to you).	Yes	Yes
F.	Usage data such as internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.	Yes	Yes
G.	Geolocation data such as precise geographic location information about a particular individual or device.	Yes	Yes
H.	Audio, video, sensory and other electronic data: audio, electronic, visual, or similar information such as, video footage, photographs, and call recordings.	Yes	Yes
I.	Professional or employment-related information, such as current or past job history or performance evaluations.	Yes	Yes
J.	Non-public education information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No	No
K.	Profiles and Inferences such as inferences drawn from Personal Information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.	Yes	Yes

Personal Information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA’s scope including, without limitation:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We may also collect Personal Information from third parties, such as Social Media, Payment Processors, product vendors, and other partners. Our collection of this information allows us to provide you with our products and services, establish, maintain and support your user account on the Services, and communicate with you in accordance with our Terms of Use.

1.3. Automatically Collected Usage and Device Information

Similar to other websites, we use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit the Services. This data may include, but is not limited to, your Internet Protocol (“IP”) address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below, allows us to provide more personalized high-quality services to you and to track usage of the Services.

A. Cookies. We automatically derive and collect certain data based on your interactions with us on the Services using cookies and similar technologies (collectively, “Cookies”). Our collection of data through Cookies includes information about your browser and Services usage patterns, which may include your IP address, browser type, browser language, referring/exit pages and URLs, pages viewed, links clicked, whether you opened an email, and information about the device you use to access the Services. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the Services to you, to “remember” whether or not you are signed in, and to provide better technical support to you.

Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Services may not operate properly, and you may not have access to certain services or parts of the Services. We shall not be liable for any interruption in, or inability to use, the Services or our services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.

1.4. Information from Other Sources

We may obtain both personal and non-personal information about you from business partners, contractors, suppliers, and other third parties and add it to your account information or other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Services, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.

1.5. Location Information

We collect precise geolocation data from you or your device, as well as your address information, e.g., shipping and billing address, when you set up your account and order our products. We also collect and use information about your general location (e.g., your state of residence) and can infer your approximate location based on your IP address in order to track our general Services usage or to tailor any pertinent aspects of your user experience to the region where you are located.

1.6. Social Media

If you interact with us or our other users regarding ERP and its products and services on any Social Media: (a) the Personal Information that you submit by and through such Social Media can be read, collected or used by us (depending on your Social Media privacy settings) as described in this Privacy Statement, and (b) where Biz-Tech Services responds to any interaction with you on Social Media, your account name/handle may be viewable by any and all members or users of Biz-Tech Services’ Social Media accounts. We are not responsible for the Personal Information that you choose to submit or link on any Social Media. Social Media operates independently from Biz-Tech Services, and we are not responsible for Social Media interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of any Social Media with which you interact to help you understand their privacy practices. If you have questions about the security and privacy settings of any Social Media that you use, please refer to the applicable privacy notices or policies.

2. Third Party Analytics Providers

We also use Google Analytics and other third party analytics providers (“Analytics Providers”) to collect information about Services usage and the users of the Services. Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Services, including information about the pages where users enter and exit the Services and what pages users view on the Services, time spent, browser, operating system, and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Services and when the user visits other websites. Analytics Providers use the information they collect from the Services and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit the Services and other websites and purchase items. For more information regarding Google’s use of Cookies, collection and use of information, and how to opt-out of tracking, see Google’s privacy policy, available at https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on is available at https://tools.google.com/dlpage/gaoptout.

3. External Links

The Services contains links to third party websites and services, including links to Social Media and other business partner websites. We are not responsible for any of the content or features or functionality of other linked websites or services. We are also not responsible for the privacy practices and the terms and conditions of use for any external websites or services. The linked websites and services may collect Personal Information from you that is not subject to our control. The data collection practices of linked third party websites and services will be governed by that third party’s privacy policy and terms of use.

4. Connecting or Linking Your Database with Third Party Services

Biz-Tech works with other companies or developers who provide products and services that you may choose to sync, link or otherwise connect with your ERP account. If you choose to make use of such related products or services, Biz-Tech may exchange that information, including your Personal Information, information from your account, and information about how you interact with each company’s service or product with one or more third parties. This routine exchange of information is necessary to maintain business operations and to provide the requested services.

5. How Biz-Tech Services Uses the Information It Collects

 5.1. General

We may use or disclose the Personal Information identified above for one or more of the following business purposes (“Business Purpose”):

• To fulfill or meet the reason you provided the information (e.g., to send you product and service information).
• To personalize and develop our Services and the services we provide to you, and improve our offerings.
• To provide certain features or functionalities on the Services.
• For marketing and promotions.
• To create, maintain, customize, and secure your account with us.
• To provide you with support, to communicate with you and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your experience and to deliver content and product and service offerings, products, and services relevant to your interests.
• To help maintain the safety, security, and integrity of our Services, services, databases, other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve the Services, and our products and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• To prevent illegal activity, fraud, and abuse.
• As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users is among the assets transferred or liquidated. 

5.2. Account-Related Emails

When you create an account with us and provide us with your email we may, subject to applicable law, use your email address to send you Services-related notices (including any notices required by law, in lieu of communication by postal mail), updates, news, and marketing messages. For example, when you register, you will receive a welcome email. If the Services or our services are temporarily unavailable, we may also send you an email.

Email communications you receive from us will generally provide an unsubscribe link or instructions allowing you to opt out of receiving future emails or to change your contact preferences. If you have an account with us, you can also change your contact preferences by updating your contact information within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your account and the Services. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.

5.3. Non-Personally Identifiable Information

We may use non-personally identifiable information, such as anonymized or aggregated Services usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Services, including to develop new features, functionality, and services, to conduct internal research, to better understand Services usage patterns, to resolve disputes, to troubleshoot problems, to fulfill user requests, or for security and compliance purposes. Any non-personally identifiable information that is combined with Personal Information will be treated by us as Personal Information.

5.4. Payment Processors

If you purchase or pay for products or services via the Services, the transaction may be handled by our service providers or third party vendor(s) responsible for processing your payment (“Payment Processors”). These entities have their own privacy policies and those terms will apply to you. Please be sure to review them at the links provided during payment processing.

6. When Biz-Tech Services Shares the Information It Collects

When we disclose Personal Information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and use only for performance of the contract, and not for any other purpose. We share or make your information available, including any Personal Information, in the circumstances described below.

6.1. Disclosures of Personal Information in the Last Twelve Months

In the preceding twelve (3) months, we have disclosed the following categories of Personal Information for a Business Purpose, as more fully described in Section 5:

• Category A: Identifiers
• Category B: California Customer Records personal information categories
• Category C: Protected classification characteristics under California or federal law
• Category D: Commercial information
• Category E: Biometric Information
• Category F: Internet or other similar network activity
• Category G: Geolocation data
• Category H: Sensory data
• Category I: Professional or employment-related data
• Category J: Educational Information data
• Category K: Profiles and Inference data

We disclose your Personal Information for a Business Purpose to the following categories of third parties:

• Social Media
• Analytics Providers
• Payment Processors
• Other third party marketing service providers
• Affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Services. Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us with the above. Use of information by affiliated persons and third party service providers will be subject to this Privacy Statement or an agreement that is at least as restrictive as this Privacy Statement.

6.2. Sales of Personal Information in the Last Three Months

Under the CCPA, the sale of Personal Information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to another business or a third party for monetary or other valuable consideration.” (Cal. Civ. Code § 1798.140(t) (1)). We make your Personal Information available to third parties, subject to your right to opt-out. In the preceding twelve (12) months, we have made available the following categories of Personal Information:

• Category A: Identifiers
• Category B: California Customer Records personal information categories
• Category C: Protected classification characteristics under California or federal law
• Category D: Commercial information
• Category I: Professional or employment-related data

We make your Personal Information available to the following categories of third parties:

• Analytics Providers
• Payment Processors
• Other third party marketing service providers
• Affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Site. Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us with the above. Use of information by affiliated persons and third party service providers will be subject to this Privacy Policy or an agreement that is at least as restrictive as this Privacy Policy.

6.3. Legal Requirements

We reserve the right to disclose all information collected via the Services, internally, to affiliates, or to third parties, for any lawful purpose or to prevent harm to us or others. For example, and without limitation, in our discretion, we may disclose information to government regulators, law enforcement authorities or alleged victims of identity theft. We will notify you in the event of a government or legal request for your information unless otherwise prohibited by law.

6.4. Organizational Transitions

If we should ever transfer or restructure the operational ownership of the Services, such as through a merger with another entity or a reorganization of all or a part of our operational responsibilities or assets, we may disclose, transfer, assign our rights, and/or delegate our duties to your information without notice and consent, including to prospective or actual recipient or acquiring entities. Should this occur, we will require any third party receiving your Personal Information as described under this subsection to be contractually required to provide the same level of privacy compliance as provided by us under this Privacy Statement.

6.5. Disclaimer

We cannot ensure that all of your Personal Information will be disclosed only in the ways described in this Privacy Statement. For example, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Information that they collect from the Services. Even with the most rigorous information security standards, no transmission of data over the internet can be 100% secure.

7. Your Choice and Options Relating to Biz-Tech Services’ Collection

You can choose not to provide Personal Information. You may always decline to provide your Personal Information to us. Registering for an account is not required to access some of our online content. If you decide to register, you can choose to provide information that does not reasonably identify you to others by selecting a username that is not related to your actual name. You can also decline to provide any optional information in your account. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (for example, we cannot send you product and services information if you do not provide your email address).

7.1. You May Decline Other Requests

We use your Personal Information as needed for the purposes for which it was collected or where you have consented to our use of such information. If you do not wish to provide information to us or do not wish to consent to the uses described in this Privacy Statement, please do not use the Services, set up an account, or supply the requested information to us.

7.2. Right to Access Specific Information and Data Portability Right

You may have the right under the CCPA to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of Personal Information that we have collected about you.
• The categories of sources for the Personal Information that we have collected about you.
• Our business or commercial purpose for collecting or making available that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• The specific pieces of Personal Information that we have collected about you (also called a data portability request).
• If we disclosed your Personal Information for a Business Purpose, the Business Purpose for which such Personal Information was disclosed, and the Personal Information categories that each category of recipient obtained.
• If applicable, (1) the categories of your Personal Information that we have made available for valuable consideration; (2) the categories of third parties to whom such Personal Information was made available; and (3) the category or categories of Personal Information that we have made available to each category of third parties.

7.3. Right to Delete

You may have the right under the CCPA to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation or legal order.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

7.4. Right to Opt-Out

If you are 16 years of age or older, you may have the right under the CCPA to direct us not to make your Personal Information available for valuable consideration at any time (the “right to opt-out”). We do not make available the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in may opt-out at any time.

To exercise the right to opt-out or right to opt-in, you (or your authorized representative) may submit a request to us by sending us an e-mail at support@biz-techservices.com or by completing and submitting a mail . Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize certain information sharing practices. However, you may change your mind and opt back in at any time by sending us an e-mail at support@biz-techservices.com. We will only use Personal Information provided in an opt-out request to review and comply with the request.

7.6. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

7.7. Online Tracking Choices

Most web browsers are initially set up to accept Cookies, but you can reset your browser to refuse Cookies or to indicate when a Cookie is being sent. However, some features and services of the Services (particularly those that require sign-in) may not function properly if your Cookies are disabled. Similarly, if you choose to delete session objects from the Services, you may not be able to access or use all or part of the Services or benefit from some or all of the information or features and services offered.

Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have the user’s online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about that browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operations, including the Services, do not respond to DNT signals.

8. Security

Biz-Tech Services is committed to protecting the security of your information. Biz-Tech Services uses a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, Biz-Tech Services stores the information you provide on computer systems with limited access, which are located in controlled facilities.

If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always choose to log out before leaving a site or service to protect access to your information from subsequent users.

8.1 Network Protection. Biz-Tech Services implement network protection controls including network firewalls and network access control lists to deny access to unauthorized IP addresses. Biz-Tech Services Inc. implement anti-virus and anti-malware software on end-user devices. Biz-Tech Services Inc. restrict public access only to approved users.

8.2 Access Management. Biz-Tech Services assign a unique ID to each person with computer access to Information. Biz-Tech Services Inc. not create or use generic, shared, or default login credentials or user accounts. Biz-Tech Services Inc. implement baselining mechanisms to ensure that at all times only the required user accounts access Information. Biz-Tech Services review the list of people and services with access to Information at least quarterly, and remove accounts that no longer require access. Biz-Tech Services restrict employees and contractors from storing Information on personal devices. Biz-Tech Services maintain and enforce “account lockout” by detecting anomalous usage patterns and log-in attempts, and disabling accounts with access to Information as needed.

8.3 Least Privilege Principle. Biz-Tech Services implement fine-grained access control mechanisms to allow granting rights to any party using the Application and the Application’s operators following the principle of least privilege. Access to Information is granted on a “need-to-know” basis.

8.4 Password Management. Biz-Tech Services establish minimum password requirements for personnel and systems with access to Information. Password requirements must be a minimum of eight (8) characters, contain upper and lower case letters, contain numbers, contain special characters, and rotated at least quarterly.

8.5 Encryption in Transit. Biz-Tech Services encrypt all Information in transit with secure protocols such as TLS 1.2+, SFTP, and SSH-2. Biz-Tech Services enforce this security control on all applicable internal and external endpoints. Biz-Tech Services use data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).\

8.6 Incident Response Plan. Biz-Tech Services create and maintain a plan and/or runbook to detect and handle Security Incidents. Such plans identify the incident response roles and responsibilities, define incident types that may affect Amazon, define incident response procedures for defined incident types, and define an escalation path and procedures to escalate Security Incidents to Partners. Biz-Tech Services review and verify the plan every six months and after any major infrastructure or system change, including changes to the system, controls, operational environments, risk levels, and supply chain. Biz-Tech Services notify Partners ( for example Acumatica, Sage, Amazon, etc…) within 24 hours of detecting Security Incident or suspecting that a Security Incident has occurred. Biz-Tech Services investigate each Security Incident, and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence. Biz-Tech Services maintain the chain of custody for all evidences or records collected, and such documentation is available to Partners upon request (if applicable).

8.7 Request for Deletion or Return. Biz-Tech Services permanently and securely delete or return Information upon and in accordance with partner’s notice requiring deletion or return within 72 hours of partner’s requests unless the data is necessary to meet legal requirements, including tax or regulatory requirements. Secure deletion must occur in accordance with industry-standard sanitization processes such as NIST 800-88. Biz-Tech Services also permanently and securely delete all live (online or network accessible) instances of Information 90 days.

8.8. Additional Security Requirements Specific to Personally Identifiable Information

The following additional Security Requirements is met for Personally Identifiable Information (“PII“). PII is granted to Biz-Tech Services for select tax and merchant fulfilled shipping purposes, on a must-have basis. If an WEB Services API contains PII, or PII is combined with non-PII, then the entire data store comply with the following requirements:

8.8.a Data Retention. Biz-Tech Services retain PII for no longer than 30 days after order delivery and only for the purpose of, and as long as is necessary to fulfill orders, calculate and remit taxes, produce tax invoices, or meet legal requirements, including tax or regulatory requirements. If is required by law to retain archival copies of PII for tax or other regulatory purposes, PII is stored as a “cold” or offline encrypted backup (e.g., not available for immediate or interactive use).

8.8.b Data Governance. Biz-Tech Services create, document, and abide by a privacy and data handling policy for their Applications or services, which govern the appropriate conduct and technical controls to be applied in managing and protecting information assets. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII should be maintained to establish accountability and compliance with regulations. Biz-Tech Services establish a process to detect and comply with privacy and security laws and regulatory requirements applicable to their business and retain documented evidence of their compliance. Biz-Tech Services establish and abide by their privacy policy for customer consent and data rights to access, rectify, erase, or stop sharing/processing their information where applicable or required by data privacy regulation.

8.8.c Asset Management. Biz-Tech Services keep inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and update quarterly. Physical assets that store, process, or otherwise handle PII abide by all of the requirements set 8.8.d in this policy. Biz-Tech Services not store PII in removable media, personal devices, or unsecured public cloud applications (e.g., public links made available through Google Drive) unless it is encrypted using at least AES-128 or RSA-2048 bit keys or higher. Biz-Tech Services securely dispose of any printed documents containing PII.

8.8.d Encryption at Rest. Biz-Tech Services encrypt all PII at rest using at least AES-128 or RSA with 2048-bit key size or higher. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities (e.g. daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs) used for encryption of PII at rest are only accessible to the Biz-Tech Services processes and services.

8.8.e Logging and Monitoring. Biz-Tech Services gather logs to detect security-related events to their Applications and systems including success or failure of the event, date and time, access attempts, data changes, and system errors. Biz-Tech Services implement this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Information. All logs have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs not contain PII unless the PII is necessary to meet legal requirements, including tax or regulatory requirements. Logs are retained for at least 90 days for reference in the case of a Security Incident. Biz-Tech Services build mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). Biz-Tech Services implement monitoring alarms to detect if Information is extracted from its protected boundaries. Biz-Tech Services perform investigation when monitoring alarms are triggered, and this is documented in the Biz-Tech Services ’s Incident Response Plan.

8.8.f Vulnerability Management. Biz-Tech Services create and maintain a plan and/or runbook to detect and remediate vulnerabilities. Biz-Tech Services protect physical hardware containing PII from technical vulnerabilities by performing vulnerability scans and remediating appropriately. Biz-Tech Services conduct vulnerability scanning or penetration tests at least every 180 days and scan code for vulnerabilities prior to each release. Furthermore, Biz-Tech Services control changes to the storage hardware by testing, verifying changes, approving changes, and restricting access to who may perform those actions.

9. International Data Transfers

Please be aware that we are headquartered in the United States. The Services are governed by United States law. In accordance with, and as permitted by applicable law and regulations, Acumatica Biz-Tech Services reserves the right to transfer your information, process and store it outside your country of residence to wherever Acumatica Biz-Tech Services or its third party service providers operate. If you reside outside the United States your information will be transmitted, processed, and stored there under United States privacy standards. The United States might not offer the same level of privacy protection as the country where you reside or are a citizen. BY USING THE SERVICES, COMMUNICATING WITH US VIA MAIL, EMAIL OR TELEPHONE, OR OTHERWISE PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO, AND PROCESSING OF, YOUR INFORMATION IN THE UNITED STATES.

10. California Shine the Light Law

California Civil Code § 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed Personal Information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to support@biz-techservices.com. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address or physical address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.

11. California Minors

While the Services is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at support@biz-techservices.com. When requesting removal, you must specify the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you do not follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your information from the Services does not ensure complete or comprehensive removal of that information from our systems or the systems of our service providers. We are not required to delete information posted by you; our obligations under California law are satisfied so long as we anonymize the information or render it invisible to other users and the public.

12. Canada Residents

The Services and our privacy practices are compliant with The Personal Information Protection and Electronic Documents Act (“PIPEDA”) fair information principles. In addition to the disclosures made above, we:

• Have appointed a privacy officer to monitor our compliance with PIPEDA.
• Only collect Personal Information for the uses described herein.
• Only use and disclose Personal Information as described herein.
• Take reasonable steps to verify the accuracy of the Personal Information that we collect.
• Take appropriate safeguards to protect the Personal Information, as further described herein.

If you are a Canada resident, you have the right to request access to the existence, use and disclosure of your Personal Information. Additionally, you have the right to challenge the accuracy and completeness of the information and request to have it amended as appropriate. Finally, you have the right to challenge Biz-Tech’s compliance with the PIPEDA fair information principles by contacting our privacy officer. To exercise your rights under this Section, please send an e-mail to support@biz-techservices.com or write us at the address listed.

13. Changes to This Privacy Statement

Biz-Tech Services will occasionally update this Privacy Statement to reflect changes in services, laws and regulations, or privacy practices, as well as customer feedback. When Biz-Tech Services posts changes to this Privacy Statement, the “last updated” date at the top of this Privacy Statement will be revised. If there are material changes to this Privacy Statement or in how Biz-Tech Services will use your Personal Information, Biz-Tech Services will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. Biz-Tech Services encourages you to periodically review this Privacy Statement to be informed of how Biz-Tech Services is protecting your information.

14. Contacting Us

Biz-Tech Services welcomes your comments regarding this Privacy Statement. If you have questions about this Privacy Statement or believe that Biz-Tech Services has not adhered to it, please contact Biz-Tech Services at:

Email: sales@biz-techservices.com

  support@biz-techservices.com
Phone: (818) 484-5004

Mail: Biz-Tech Services, Inc.

Attn: Biz-Tech Services Privacy

Biz-Tech Services, Inc.

1314 West Glenoaks Blvd, Suite 104

Glendale, California 91201