Your privacy and trust are important to us at Touchtone Corporation. We are committed to do our part to safeguard your data and documents, although your cooperation will also be needed to secure them.
Information You Provide
The information collected when you provide it to us and when you use our service is described below:
Account and Profile Information: The information collected about you when you register for an account, create or update your profile, sign-up or subscribe to our service. The information includes contact information such as name, company, job title, email, phone, address, account log-in details, and billing information when subscribing to our service. You also have the option to add a profile photo and other details to your profile information.
Information Automatically Collected or Generated
Some of your data and documents are cached in Web browsers and mobile devices for functional and performance reasons. Please be aware any such cached information may be vulnerable to unauthorized access. For this reason, after using a shared Web browser or public device, it’s imperative that you clear this cached information.
Customer Data containing Personal Information
Data Processor and Data Controller
Certain data protection laws and regulations, such as the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) GDPR or the California Consumer Privacy Act (CCPA), typically distinguish between two main roles for parties processing Personal Data: the “Data Controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “Data Processor” (or under the CCPA, “service provider”), who processes the data on behalf of the Data Controller (or business). Below we explain how these roles apply to our Service, to the extent that such laws and regulations apply.
Customer will be responsible for meeting any legal requirements applicable to Data Controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).
Touchtone Corporation is deemed the “Data Controller” (solely to the extent applicable under law) when its Web site Visitors’ input profile and contact details into its Web site forms. Any service providers used to process engagement and analytics data will assume the role of “Data Processor”.
How Do We Use Your Data
We use your data to process your request and manage your account. We use your personal data as necessary for the performance of our Service; to comply with our legal and contractual obligations; and to maintain and improve the features of our Service. We may also email you with new product offers and services we think you might like.
Data Storage and Retention
Data Storage: Your organization’s data and documents are stored within a separate database and file storage directory, respectively. We do not share them with any other entity, and, within our company, limit access to them to just a few trusted employees, who either support your account or service our cloud infrastructure.
Data Retention: We retain information as applicable with law, as follows:
- - All customer data for Closed Accounts are deleted within 6 months of date of closure
- - Rotating daily backups are kept for 7 days
- - Billing information is retained for at least 7 years
- - Information on legal transactions between customer and Touchtone Corporation are retained for at least 7 years
We secure data using industry-standard physical, procedural and technical security measures, including encryption of data at both rest and transmission. Please note that absolute protection and security of any personal data cannot be guaranteed regardless of security measures in place.
Infrastructure: We use Amazon Web Services (AWS) as our cloud infrastructure. AWS is Privacy Shield certified (AWS Certifications) and compliant with the EU’s General Data Protection Regulation (GDPR). In addition, Touchtone Corporation has entered into a HIPAA Business Associate Agreement (BAA) with AWS.
Health Insurance Portability and Accountability Act (HIPAA)
In operating our service, and as it relates to Protected Health Information (PHI), Touchtone Corporation attempts to achieve compliance with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In accordance with HIPAA, all healthcare-related customers that Touchtone Corporation receives information about patients may be Covered Entities (as defined under HIPAA), and we may serve as their Business Associate (as defined under HIPAA) and comply with the HIPAA Privacy Rule and the HIPAA Security Rule.
Your Data Protection Rights
Individuals have rights concerning their personal data. If you wish to exercise your rights under any applicable law, including the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), such as the right to request access to, and rectification or erasure of your Personal Data held with Touchtone Corporation, please contact us below.
Changes and Updates to this Policy
Please contact us with any questions or requests related to this Policy:
PO Box 5719
Irvine, CA 92616-5719 USA
Updated: January 5, 2023