Capsicum Group, LLC (“Capsicum Group”, “we”, “us”) provides digital forensics, electronic discovery, cyber-security, security audits, remediation, data hosting and related services to companies and the law firms that represent them. As an industry leader in the investigation, acquisition, management and analysis of critical data, Capsicum Group adheres to the highest ethical standards in providing outstanding service to its customers. At no other time in history has access to, and dissemination of, information been such a critical element of business and commerce in the United States and throughout the world. At the same time, public concern, especially in the area of privacy, is also running at a high level. Capsicum Group remains committed to the responsible use of personally identifiable information and to the safeguarding of individual privacy. We comply with all applicable laws regarding the collection, use, and distribution of personally identifiable information.
II. INFORMATION COLLECTION, SHARING, USE & STORAGE
a. Personally identifiable information
The Web Site only collects personally identifiable information from you if you choose to provide this information to Capsicum Group. Personally identifiable information collected with your consent may include, but is not limited to, your name, mailing address, e-mail address, telephone number, facsimile number, username and password used to verify identity (if applicable), resume information, social media username and/or handle, any responses you choose to provide through Web Site survey questions, or any inquiries you may make through the Web Site and any other web sites owned and operated by Capsicum Group.
Capsicum Group may share personally identifiable information with certain personnel and organizations, including but not limited to: authorized partners who perform services for us based upon our instructions and third parties with your consent. Capsicum Group may also disclose personally identifiable information if required to do so by law, in response to government agency requests, as required for national security purposes, and/or in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability. Note that if and when Capsicum Group shares personally identifiable information with a third party, they must contractually agree to comply with standards of privacy and security that are on par with those of Capsicum Group. However, if you provide personally identifiable information to a third party directly, privacy and security issues shall be addressed consistent with that third party’s standards, and your own independent relationship with that third party.
The time periods for which Capsicum Group shall retain your personally identifiable information depends upon the purposes for which we use it. The personally identifiable information Capsicum Group collects may be stored and processed in servers in the United States and wherever Capsicum Group and its related service providers have facilities abroad.
c. Non-personally identifiable information
The Web Site also collects non-personally identifiable information. For example, as you browse the Web Site, we may collect information about your visit, but not about you personally. Via web server logs, for example, Capsicum Group may monitor statistics such as: the number of people that visit the Web Site, which page(s) are visited on the Web Site, from which domain our visitors come (e.g., www.google.com, www.hotmail.com, etc.), and which Internet browsers people use to visit our site (e.g., Google Chrome, Firefox, Microsoft Internet Explorer, etc.). The Web Site uses an outsourcing program to assist Capsicum Group in analyzing this data to better tailor the Web Site.
Capsicum Group takes steps to protect against the loss, misuse, or unauthorized alteration of personally identifiable information collected through the Web Site. We recognize the importance of security for all personally identifiable information collected by the Web Site. We exercise care in providing secure transmission of your information to Capsicum Group servers. Once we receive personally identifiable information, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, we use industry standard, secure socket layer (“SSL”) encryption. Furthermore, Capsicum Group regularly tests the Web Site, data centers, systems, and other capabilities to ensure that we maintain top-of-the-line security. We limit access to personally identifiable information to those Capsicum Group employees who require access in order to carry out their job responsibilities.
Capsicum Group is committed to maintaining the privacy and confidentiality of Client Personal Data (“Client Personal Data”) entrusted to Capsicum Group by our clients and their legal counsel. Capsicum Group complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Capsicum Group has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Capsicum Group’s certification, please visit http://www.export.gov/safeharbor/.
Client Personal Data is information from equipment and networks owned, controlled or operated by our clients that is received by Capsicum Group for purposes of collection, processing, storage and analysis in accordance with the instructions of the clients and/or their legal advisors and in order to assist clients in meeting their legal or professional obligations, protecting their vital interests or carrying out other legitimate activities. Capsicum Group will not use Client Personal Data for any purposes other than for those specifically outlined in the client contract.
b. Seven Safe Harbor Privacy Principles adhered to by Capsicum Group
- Notice: When Capsicum Group collects or receives Client Personal Data for processing pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
- Choice (Opt Out): When Capsicum Group receives Client Personal Data from individuals in the European Union or Switzerland pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide the choice for individuals to opt out regarding the collection and use of their personal data. Our clients remain responsible for providing the choice to opt out, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
- Security: Capsicum Group is committed and takes reasonable precautions to protect Client Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity: Capsicum Group controls Client Personal Data only in ways that are consistent with the purposes for which it was collected or subsequently directed or authorized by clients or their legal counsel to fulfill services requested by them.
- Access and Correction: Client Personal Data is accessible by only those Capsicum Group employees and contractors who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. Our employees and contractors do enter into confidentiality and non-disclosure agreements requiring that they maintain the confidentiality of Client Personal Data.Capsicum Group will provide individuals with access to his or her own Client Personal Data in order to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. However, where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, or where the rights of persons other than the individual would be violated, such access will not be granted.
c. Limitation on Application of Principles
Adherence by Capsicum Group to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
This policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be available upon request.
V. CHILDREN’S PRIVACY
Capsicum Group complies with the Children’s Online Privacy Protection Act of the United States of America (which is available here: http://www.coppa.org/coppa.htm). We do not knowingly collect personal information from children under the age of thirteen (13) years without proper parental consent.
VII. CONTACT US