At ITXPROS, we recognize the importance of protecting the privacy and security of
personal data in today's interconnected world. As an organization that conducts
business across borders, we are committed to upholding the highest standards of data
protection, particularly in our dealings with the European Union and the United States.
This EU-U.S. Data Privacy Policy establishes the framework through which we ensure the
lawful, fair, and transparent processing of personal data transferred between the EU and
the U.S. We understand that the transfer of personal data across international borders
requires careful consideration and adherence to applicable laws, regulations, and best
practices, including the General Data Protection Regulation (GDPR) in the EU and
relevant regulations in the US.
The protection of personal data is not only a legal obligation but also a fundamental
commitment to the individuals whose data we handle. We respect the privacy rights of
our customers, employees, business partners, and other stakeholders, and we strive to
maintain their trust by implementing robust data protection measures.
This policy outlines our approach to data protection, including the principles we follow,
the procedures we have in place, and the mechanisms we use to ensure compliance
with applicable laws and regulations. By adhering to these principles and practices, we
aim to mitigate risks, safeguard privacy, and foster trust in our data processing
activities.
We recognize that data protection is an ongoing journey, and we are dedicated to
continuously improving our practices in response to evolving legal requirements,
technological advancements, and stakeholder expectations. This policy serves as a
foundational document that guides our efforts to protect personal data and uphold
individuals' privacy rights in the EU-U.S. data transfer context.
Thank you for your interest in our commitment to data privacy. We encourage you to
review this policy carefully and reach out to us with any questions, concerns, or
feedback.
i)Personal Data: any information relating to an identified or identifiable natural
person ("data subject"). An identifiable person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier, or one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural, or social
identity of that person.
ii) Data Controller: The natural or legal person, public authority, agency, or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data.
iii) Data Processor: A natural or legal person, public authority, agency, or other body
which processes personal data on behalf of the data controller.
iv) Processing: Any operation or set of operations that is performed on personal data
or on sets of personal data, whether or not by automated means, such as collection,
recording, organization, structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or destruction.
v) Data Subject: An identified or identifiable natural person whose personal data is
processed by the data controller or processor.
vi) Consent: Any freely given, specific, informed, and unambiguous indication of the
data subject's wishes by which they, by a statement or by a clear affirmative action,
signify agreement to the processing of their personal data.
vii) Sensitive Personal Data: Personal data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, genetic data, biometric data to uniquely
identify a natural person, and data concerning health and data concerning a person's sex
life or sexual orientation
Cross-Border Data Transfer Mechanisms: Mechanisms, such as Standard
Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or participation in
recognized international data transfer frameworks, used to facilitate the transfer of
personal data between the European Union and the United States while ensuring an
adequate level of protection.
ix) Data Protection Officer (DPO): A designated individual within the organization
responsible for overseeing compliance with data protection laws and regulations,
providing guidance on data protection matters, and serving as a point of contact for
data protection authorities and data subjects.
i) General Data Protection Regulation (GDPR):
The GDPR is a comprehensive data protection regulation that governs the
processing of personal data within the European Union and the European Economic
Area. It establishes principles, rights, and obligations regarding the collection, use,
and transfer of personal data, and imposes strict requirements on organizations that
process personal data of EU residents.
ii) EU-U.S. Privacy Shield Framework :
As of July 10, 2023, the European Commission adopted the adequacy decision on the EU-US
Data Privacy Framework. This framework facilitates the transfer of personal data from the
EU to the US while ensuring an adequate level of protection. The EU-US Data Privacy
Framework replaces the previously invalidated EU-U.S. Privacy Shield and ensures
compliance with the GDPR requirements for cross-border data transfers.
iii) Standard Contractual Clauses (SCCs):
SCCs are sets of contractual terms and conditions approved by the European
Commission for transferring personal data from EU data controllers to data
processors outside the EU, including in the United States. These clauses ensure that
the data transfer complies with the requirements of the GDPR.
iv) Canada Data Protection Laws and Regulations:
(1) Personal Information Protection and Electronic Documents Act (PIPEDA):
(a) Applies to private sector organizations across Canada that collect, use, or
disclose personal information in the course of commercial activities.
(b) Organizations must obtain an individual's consent when they collect, use, or
disclose their personal information.
(c) Individuals have the right to access the personal information held by an
organization and challenge its accuracy.
(d) Organizations must protect personal information with appropriate
security safeguards.
(2) Provincial Privacy Laws:
(a) Organizations must protect personal information with appropriate
security safeguards.
(b) These laws generally follow similar principles to PIPEDA but may have
additional requirements.
(c) Some provinces have enacted their own privacy legislation that applies
to private sector organizations. These laws are considered
substantially similar to PIPEDA, and include:
(i) British Columbia's Personal Information Protection Act (PIPA)
(ii) Alberta's Personal Information Protection Act (PIPA)
(iii) Quebec's Act Respecting the Protection of Personal Information in
the Private Sector
(3) Privacy Act:
(a) Scope: Applies to federal government departments and agencies.
(b) Rights: Grants individuals the right to access and correct personal
information held by federal government institutions.
(c) Limitations: Set limits on how federal government institutions can
collect, use, and disclose personal information.
(4) Provincial Health Privacy Laws:
(a) Specific laws apply to the protection of personal health information.
These include:
(i) Ontario's Personal Health Information Protection Act (PHIPA)
(ii) New Brunswick's Personal Health Information Privacy and Access
Act (PHIPAA)
(iii) Manitoba's Personal Health Information Act (PHIA)
(b) These laws govern the collection, use, and disclosure of personal health
information by healthcare providers and other health-related organizations.
(5) Canada’s Anti-Spam Legislation (CASL):
(a) Scope: Regulates the sending of commercial electronic messages (CEMs)
and the installation of computer programs.
(b) Consent: Requires express or implied consent from recipients before sending
CEMs.
(c) Content Requirements: CEMs must include identification information and a
mechanism to unsubscribe.
(d) Penalties: Non-compliance with CASL can result in significant fines.
(1) Health Insurance Portability and Accountability Act (HIPAA):
HIPAA regulates the use and disclosure of protected health information (PHI) by
covered entities, such as healthcare providers, health plans, and healthcare
clearinghouses.
(2) Gramm-Leach-Bliley Act (GLBA):
GLBA requires financial institutions to protect the privacy and security of
consumers' personal financial information.
(3) Federal Trade Commission (FTC) Act:
The FTC Act prohibits unfair or deceptive acts or practices in commerce,
including deceptive data privacy and security practices. The FTC enforces
privacy-related provisions of various laws and regulations.
(4) Omnibus Rule:
The Omnibus Rule, issued in 2013, made several modifications to the HIPAA
Privacy, Security, and Breach Notification Rules. It addressed areas such as the
use of patient information for marketing purposes, restrictions on the sale of PHI,
and increased enforcement.
vi) Florida Data Protection Laws:
(1) Florida Information Protection Act (FIPA):
FIPA is a state law that addresses the security breach notification requirements
for various types of personal information, including medical information. It
requires covered entities to notify individuals and the Florida Department of
Legal Affairs in the event of a breach involving unencrypted personal information.
(2) Florida Substance Abuse Confidentiality Law (SACL):
SACL, also known as Florida Statutes Chapter 397, provides privacy protections
for individuals seeking or receiving substance abuse treatment. It restricts the
disclosure of substance abuse treatment information without the individual's
consent, except in specific circumstances outlined in the law.
(3) Florida Substance Abuse Confidentiality Law (SACL):
SACL, also known as Florida Statutes Chapter 397, provides privacy protections
for individuals seeking or receiving substance abuse treatment. It restricts the
disclosure of substance abuse treatment information without the individual's
consent, except in specific circumstances outlined in the law.
(4) Florida Administrative Code (FAC) Rule 64B8-10.003:
This rule establishes standards for the confidentiality and security of patient
medical records maintained by healthcare practitioners licensed by the Florida
Board of Medicine.
(5) Florida Health Information Exchange (HIE):
Florida has implemented health information exchange initiatives to facilitate the
secure exchange of patient health information among healthcare providers.
These initiatives are governed by laws and regulations specific to the operation
and protection of health information within the HIE network.
vii) The California Consumer Privacy Act (CCPA):
CCPA is a state statute intended to enhance privacy rights and consumer protection
for residents of California, United States. Enacted in 2018 and effective from January
1, 2020, CCPA grants California consumers various rights regarding their
personal information, including:
1. Right to Know: Consumers can request that businesses disclose what personal
information they collect, use, disclose, and sell about them.
2. Right to Delete: Consumers can request that businesses delete their personal
information, with certain exceptions.
3. Right to Opt-Out: Consumers can opt-out of the sale of their personal information.
4. Right to Non-Discrimination: Businesses cannot discriminate against consumers who
exercise their CCPA rights.
5. Right to Access: Consumers have the right to access their personal information held
by businesses.
CCPA applies to businesses that meet certain criteria, such as those that do business in
California, collect personal information from California consumers, and meet certain
revenue or data processing thresholds.
i) Notice
ITXPROS is committed to protecting your privacy and ensuring the security of your
personal information. This Privacy Notice explains how we collect, use, and protect
your data in accordance with global data protection regulations, including GDPR, CCPA,
and other relevant laws.
Example: When a new service is launched, users are provided with a clear and
concise notice explaining what personal data will be collected, how it will be used,
and the legal basis for processing. This notice is accessible through multiple
channels, such as email, website pop-ups, and the service’s user interface.
Information We Collect:
a) names
b) phone numbers
c) email addresses
d) mailing addresses
e) contact preferences
f) billing addresses
g) debit/credit card numbers
h) contact or authentication data
i) job titles
Information collected from other sources
● In order to enhance our ability to provide relevant marketing, offers, and
services to you and update our records, we may obtain information about you
from other sources, such as public databases, joint marketing partners,
affiliate programs, data providers, and from other third parties. This
information includes mailing addresses, job titles, email addresses, phone
numbers, intent data (or user behavior data), Internet Protocol (IP)
addresses, social media profiles, social media URLs, and custom profiles, for
purposes of targeted advertising and event promotion.
Data Privacy Principles
We adhere to the following key principles in our handling of personal data:
a) Purpose Limitation
● We will only collect and use personal data for specified, explicit, and
legitimate purposes that are communicated to individuals, ensuring
compliance with the GDPR principle and HIPAA of purpose limitation.
b) Data Minimization
● We will limit the personal data we collect and process to what is adequate,
relevant, and necessary for the intended, purposes in line with GDPR, HIPAA
and other data minimization principles.
c) Accuracy
● We will take reasonable steps to ensure the personal data we process is
accurate and up-to-date, in accordance with GDPR, HIPAA, and industry
standards.
d) Storage Limitation
● We will retain personal data only for as long as necessary to fulfill the
intended purposes in compliance with GDPR, HIPAA, and relevant data
retention regulations.
e) Integrity and Confidentiality
● We implement appropriate technical and organizational measures to protect
personal data from unauthorized access, destruction, or damage.
f) Accountability
● We are responsible for and can demonstrate compliance with these data
privacy principles maintaining records and documentation as required by
GDPR, HIPAA and other regulations.
g) Data Subject Rights
● Individuals whose personal data is processed under this framework have the
following rights:
● Right of access to their personal data
● Right to rectify inaccurate personal data
● Right to erase their personal data
● Right to restrict the processing of their personal data
● Right to data portability
● Right to object to the processing of their personal data
● Rights under applicable local laws such as FIPA.
h) Redress Mechanisms
Individuals have access to the following redress mechanisms if they have concerns
about how their personal data is handled:
(1) Complaint handling process with the U.S. Department of Commerce
(2) Binding arbitration through the DPF Arbitration Panel
(3) Referral to the U.S. Federal Trade Commission for enforcement
ii) Choice
At ITXPROS, we respect your privacy and are committed to giving you choices about
how your personal information is collected and used. This Choice Notice explains
your options regarding the collection and processing of your data in accordance with
EU-U.S. Data Privacy Principles.
Consent
By providing your explicit consent, you authorize us to collect, process, and use your
personal data for specific purposes outlined in our Privacy Notice.
Withdrawal of Consent
● You have the right to withdraw your consent for data transfers at any time by
contacting us by phone at “+1-904-9002564” or by filling out this contact
form https://www.itxpros.com/contact.
● Please note that withdrawal of consent may impact your access to certain
products, services, or features.
Choice to Opt-Out of Data Transfers
● As part of our commitment to the EU-U.S. Data Privacy Framework, we offer
you the choice to opt-out of having your personal data transferred from the
EU to the United States.
If you choose to opt-out:
● We will not transfer your personal data from the EU to the US under this
framework.
● Your personal data will continue to be processed and protected according to
EU data protection laws.
● You will not be able to access certain products, services, or features that rely
on trans-Atlantic data flows.
How to Exercise Your Choice
● To opt-out of having your personal data transferred from the EU to the US
under the DPF, please call us at “+1-904-9002564” or by filling out this
contact form https://www.itxpros.com/contact.
● If you do not opt-out, we will proceed with transferring your personal data to
the United States in compliance with the DPF principles and requirements.
Limited Data Sharing:
● You can choose to limit the sharing of your personal data with third parties
for marketing purposes or other non-essential activities.
● call us at “+1-904-9002564” or fill out this contact form
https://www.itxpros.com/contact.
iii) Accountability for Onward Transfers
As part of our commitment to protecting your privacy and ensuring the security of
your personal information, ITXPROS adheres to the EU-U.S. Data Privacy Principles,
including the principle of Accountability for Onward Transfers. This Notice explains
how we ensure the accountability and protection of your data when transferred to
third parties.
Onward Transfers
● As part of our operations, we may need to transfer personal data that we
receive from the European Union to third-party service providers or other third
parties located in the United States. These onward transfers are made in
compliance with the DPF.
Onward Transfer Principles
We are committed to ensuring that any onward transfers of personal data to third
parties are conducted in compliance with the latest legal standards, including the
use of updated Standard Contractual Clauses (SCCs). This ensures that personal
data is protected and that third parties adhere to the same level of data protection as
required by GDPR and other relevant regulations.
● Updated Standard Contractual Clauses (SCCs):
➢ Contracts with Third Parties: All contracts with third parties that involve the
transfer of personal data are updated to include the latest SCCs approved by the
European Commission. These clauses ensure that the data transfer complies with
GDPR requirements and provides an adequate level of protection.
● Legal Changes and Compliance:
➢ Reflecting Recent Legal Changes: Our contracts are regularly reviewed and
updated to reflect any recent legal changes in data protection regulations. This
includes changes in GDPR, CCPA, and other relevant laws.
● Accountability and Verification
➢ Verification of Compliance: We periodically verify that third-party recipients of
personal data comply with their contractual obligations, including adherence to
SCCs and data protection regulations.
Individuals' Rights
● Individuals whose data is transferred under the DPF have the same rights,
including rights of access, rectification, erasure and objection, for data that is
onwardly transferred.
Redress Mechanisms
● Individuals can utilize the same redress mechanisms available under the
DPF, including the complaint handling process with the U.S. Department of
Commerce and binding arbitration, for issues related to onward transfers.
● Liability and Redress: We remain liable for the protection of personal data
even when it is transferred to third parties. In case of any breaches or non
compliance by the third party, we take appropriate action to address the issue
and mitigate any impact.
● Please contact “support@itxpros.com” or call us at call us at “+1-904
9002564” or by filling out this contact form
https://www.itxpros.com/contact. if you have any questions or concerns
about our accountability for onward transfers under the EU-U.S. Data Privacy
Framework.
Ensuring Data Protection Standards
● Data Minimization and Purpose Limitation: Third-party service providers are
required to adhere to the principles of data minimization and purpose
limitation, ensuring that personal data is processed only for the specified
purposes and retained only as long as necessary.
● We reserve the right to update this section periodically to reflect changes in our onward
transfer practices or regulatory requirements. Any updates will be communicated
through our website or other appropriate means.
At ITXPROS, we prioritize the security of your personal information and continuously
update our security measures to reflect technological advancements and new
threats. This Security Notice outlines the comprehensive yet accessible measures
we have implemented to protect your data in accordance with global data protection
regulations, including GDPR, HIPAA, and other relevant laws.
Security Principles
In accordance with the DPF's "Integrity and Confidentiality" principle, we have
implemented the following technical and organizational security measures to
protect personal data:
● Technical Safeguards: We employ industry-standard encryption, access
controls, and authentication mechanisms to safeguard your personal data
from unauthorized access, alteration, disclosure, or destruction.
● Encryption: We encrypt personal data in transit and at rest using industry
standard encryption algorithms and protocols, we use industry-standard
encryption protocols to protect personal data both in transit and at rest. This
ensures that data is unreadable to unauthorized parties during transmission
and storage.
● Monitoring and Logging: We monitor access and activity on our systems that
process personal data, and maintain detailed logs for auditing and incident
response purposes.
● Data Minimization: We only collect and retain personal data that is necessary
for the purposes outlined in our Privacy Notice. Unnecessary data is securely
disposed of to minimize the risk of data breaches.
● Vulnerability Management: We regularly scan for and remediate security
vulnerabilities in our systems and software that could expose personal data.
● Incident Response: We have an incident response plan to quickly detect,
investigate, and mitigate any security incidents or data breaches involving
personal data.
● Employee Training: We provide regular training to our employees on data
privacy and security best practices.
● Third-Party Oversight: We conduct security assessments of any third-party
service providers that handle personal data on our behalf to ensure they meet
our security requirements.
● Access Controls: We implement robust access controls to ensure that only
authorized personnel have access to personal data. Access is granted based
on role-based permissions, minimizing the risk of unauthorized data access.
● Authentication Mechanisms: Multi-Factor Authentication (MFA) is enforced
for accessing sensitive systems and data, adding an extra layer of security by
requiring additional verification methods.
Organizational Measures
● Security Policies and Procedures: We have established comprehensive
security policies and procedures that outline our approach to data protection.
These documents are regularly reviewed and updated to ensure compliance
with the latest regulations and best practices.
● Employee Training: Regular training sessions are conducted to educate employees
about data privacy and security best practices. This ensures that all staff are aware of
their responsibilities in protecting personal data.
Monitoring and Incident Response
● Monitoring and Logging: We continuously monitor our systems for suspicious
activity and maintain detailed logs for auditing and incident response purposes. This
enables us to detect and respond to potential security incidents promptly.
● Incident Response Plan: A comprehensive incident response plan is in place to
address potential security breaches. This plan includes procedures for detecting,
investigating, and mitigating incidents, as well as notifying affected individuals and
authorities as required.
Regular Security Assessments
● Vulnerability Scanning and Penetration Testing: Regular vulnerability scans and
penetration tests are conducted to identify and remediate potential security weaknesses
in our systems. This proactive approach helps to mitigate risks before they can be
exploited.
● Third-Party Assessments: We conduct security assessments of third-party service
providers who handle personal data on our behalf to ensure they meet our security
standards.
Your Role in Data Security:
We encourage you to take an active role in safeguarding your personal
information by:
● Using Strong Passwords: Use unique, strong passwords for your
accounts and enable multi-factor authentication where available.
● Being Mindful of Phishing Attempts: Exercise caution when responding
to unsolicited emails or messages and avoid clicking on suspicious links
or attachments.
● Keeping Software Updated: Regularly update your devices and software
to ensure they are protected against known security vulnerabilities.
Contact Us:
If you have any questions or concerns about our data security practices or
suspect unauthorized access to your personal information, please contact us
immediately at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact
Changes to this Notice:
We reserve the right to update this Security Notice periodically to reflect changes
in our security practices or regulatory requirements. Any updates will be
communicated to you through our website or other appropriate means.
At ITXPROS, we prioritize the security and privacy of your personal information. This
Security Incident Reporting Notice outlines the process for reporting and handling
security incidents involving your data in accordance with EU-U.S. Data Privacy
Principles.
Definition of Security Incident:
● A security incident refers to any unauthorized access, disclosure, alteration,
or destruction of personal data that may compromise its confidentiality,
integrity, or availability.
Reporting Process:
● If you suspect or become aware of a security incident involving your personal
data, please follow these steps:
a) Immediate Notification: Notify our designated security incident response
team immediately upon discovering the incident.
b) Detailed Incident Report: Provide a detailed description of the incident,
including the date and time of occurrence, nature of the incident, type of data
affected, and any potential impact.
c) Contact Information: Contact our security incident response team at “+1-904
9002564” or by filling out this contact form/Security officers
https://www.itxpros.com/contact to report the incident/
Response and Investigation:
Upon receiving a report of a security incident, we will take the following actions:
● Investigation: Conduct a thorough investigation to assess the scope and
severity of the incident, identify the root cause, and implement corrective
measures.
● Notification: Notify relevant authorities and affected individuals as required
by law or regulation, keeping you informed throughout the process.
● Mitigation: Take immediate steps to mitigate the impact of the incident and
prevent further unauthorized access or disclosure of personal data.
Your Role:
● We encourage you to report any suspicious activities or security concerns
promptly to help us maintain the security of your personal information.
Confidentiality and Transparency:
● We are committed to handling security incidents with the utmost
confidentiality while maintaining transparency with affected individuals and
regulatory authorities.
Contact Us:
If you have any questions or concerns about reporting security incidents or need
assistance regarding a potential incident, please contact our security incident
response team at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact
Changes to this Notice:
We reserve the right to update this Security Incident Reporting Notice periodically to
reflect changes in our incident response procedures or regulatory requirements. Any
updates will be communicated to you through our website or other appropriate
means.
At ITXPROS, we are committed to maintaining the integrity and limiting the purposes
of your personal data in accordance with EU-U.S. Data Privacy Principles. This Notice
explains how we ensure the accuracy, relevance, and appropriate use of your data.
Data Integrity
In accordance with the DPF's "Data Integrity" principle, we take the following
measures to ensure the reliability and integrity of personal data:
● Data Quality: We only collect personal data that is relevant, accurate,
complete, and current for the intended purposes. We regularly review and
update personal data as needed.
● Retention Policies: We maintain personal data only for as long as necessary
to fulfill the purposes for which it was collected or as required by law. We
have documented retention and deletion policies.
● Secure Storage: We store personal data in a secure manner, using technical
and organizational safeguards to protect against loss, destruction, or
unauthorized access.
● Data Minimization: We only collect and retain personal data that is necessary
for the purposes outlined in our Privacy Notice. We do not collect or process
more data than is required for those specified purposes.
Purpose Limitation
Consistent with the DPF's "Purpose Limitation" principle, we only process personal
data for the following specified, explicit, and legitimate purposes:
● Original Purpose: We collect and process your personal data only for the
specific purposes that we have informed you about at the time of collection
or as otherwise permitted by law.
● Consent: If we intend to use your personal data for purposes other than those
originally communicated, we will seek your explicit consent before doing so,
unless such use is required or permitted by law.
Individual Rights
● You have the right to access, correct, or delete your personal data if it is
inaccurate, incomplete, or no longer necessary for the purposes for which it
was collected.
● If you have any questions or concerns about the accuracy or purposes of
your personal data, please contact us at “+1-904-9002564” or by filling out
this contact form https://www.itxpros.com/contact.
Onward Transfers
● Any onward transfers of personal data to third parties are subject to
contractual clauses that require the third party to adhere to the same data
integrity and purpose limitation principles.
Contact Us:
● If you have any questions or concerns about our data integrity and purpose
limitation practices, please contact us at “+1-904-9002564” or by filling out
this contact form https://www.itxpros.com/contact
Changes to this Notice:
● We reserve the right to update this Data Integrity and Purpose Limitation
Notice periodically to reflect changes in our data management practices or
regulatory requirements. Any updates will be communicated to you through
our website or other appropriate means.
At ITXPROS, we respect your privacy and are committed to transparency regarding
the personal data we collect and process. This Access Rights Notice explains how
you can exercise your rights to access your personal data under EU-U.S. Data Privacy
Principles.
Right of Access
In accordance with the DPF's "Access" principle, individuals whose personal data is
transferred from the EU to the US have the right to:
● Obtain confirmation from us as to whether or not we are processing their
personal data.
● Access and obtain a copy of their personal data that we have processed.
● Learn about the purposes of the processing, the categories of data
processed, and the recipients or categories of recipients to whom the data
has been or will be disclosed.
● Challenge the accuracy of their personal data and have it rectified,
completed, or amended as appropriate.
How to Exercise Your Access Rights
● Submitting a Request: To request access to your personal data held by
ITXPROS, please submit a written request to our designated contact point at
“+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact You may also use the online access
request form available on our website.
● Verification: For security purposes, we may require you to provide certain
information to verify your identity before processing your access request.
Information Provided:
Upon receiving a valid access request, we will provide you with:
● Confirmation of Data Processing: Confirmation of whether we are processing
your personal data and, if so, details of the categories of personal data being
processed.
● Access to Data: Access to a copy of your personal data held by us, along with
information about the purposes of the processing, categories of recipients,
and any available retention periods.
● Explanations: Explanations of any technical or complex aspects of the data
processing, if requested.
Response Time:
● We will respond to your access request without undue delay and, in any
event, within 30 days of receiving your request
Exceptions:
Please note that there may be circumstances where we are unable to provide access
to certain personal data, such as:
● Data that is exempt from disclosure under applicable law or regulation.
● Data that could compromise the rights and freedoms of others.
● Data that is subject to legal privilege or confidentiality obligations.
Contact Us:
● If you have any questions or concerns about exercising your access rights or
need assistance with your access request, please contact us at “+1-904
9002564” or by filling out this contact form
https://www.itxpros.com/contact.
Changes to this Notice:
We reserve the right to update this Data Access Rights Notice periodically to reflect
changes in our access request procedures or regulatory requirements. Any updates
will be communicated to you through our website or other appropriate means.
At ITXPROS, we are committed to protecting your privacy and ensuring compliance
with EU-U.S. Data Privacy Principles. This Recourse, Enforcement, and Liability
Notice outlines the mechanisms available to individuals for addressing grievances
related to data privacy violations and our accountability in ensuring compliance with
data protection laws.
Recourse Mechanisms
In accordance with the DPF's "Recourse, Enforcement and Liability" principle, we
provide the following recourse mechanisms for individuals to address any
complaints or concerns about the processing of their personal data:
● Internal Dispute Resolution: Individuals can first submit their complaints to
our internal privacy team at “+1-904-9002564” or by filling out this contact
form https://www.itxpros.com/contact We will work to investigate and
resolve any issues in a timely manner maximum of 45 days.
● Alternative Dispute Resolution: If the internal dispute resolution process
does not resolve the issue, individuals can submit their complaints to an
independent alternative dispute resolution (ADR) provider at no cost to the
individual. The ADR provider we have designated is
● Binding Arbitration: As a final recourse, individuals can invoke binding
arbitration through the DPF Arbitration Program. This allows individuals to
seek a binding decision from a neutral arbitrator.
● Regulatory Oversight: Individuals also have the right to lodge a complaint
with their local data protection authority, which can investigate and enforce
compliance with the DPF principles.
Enforcement and Liability
● Legal Obligations: We are committed to complying with all applicable data
protection laws and regulations, including the EU-U.S. Data Privacy Principles.
Failure to do so may result in legal consequences, including fines, penalties,
and other enforcement actions.
● Liability: We acknowledge our responsibility for the processing of personal
data in accordance with the principles outlined in our Privacy Notice. In the
event of a data breach or privacy violation, we will take appropriate steps to
mitigate the impact and address any resulting liabilities.
Contact Us:
● If you have any questions or concerns about our grievance handling process,
enforcement mechanisms, or liability for data privacy violations, please
contact us at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact
Changes to this Notice:
● We reserve the right to update this Recourse, Enforcement, and Liability
Notice periodically to reflect changes in our grievance handling procedures or
regulatory requirements. Any updates will be communicated to you through
our website or other appropriate means.
a) Sensitive Data:
At ITXPROS, we recognize the importance of safeguarding sensitive personal
data and are committed to ensuring its confidentiality, integrity, and security. This
Supplemental Principles Notice explains how we handle and protect sensitive
data in accordance with data privacy regulations and best practices.
Definition of Sensitive Data:
Sensitive data refers to personal information that requires heightened protection
due to its sensitive nature and potential for harm if disclosed or misused. This
may include, but is not limited to:
● Health information
● Financial information
● Racial or ethnic origin
● Religious or philosophical beliefs
● Political opinions
● Trade union membership
● Genetic data
● Biometric data
● Sexual orientation or activity
Handling Procedures:
● Purpose Limitation: We collect and process sensitive data only for
specific, legitimate purposes and with appropriate legal grounds, such as
consent, legal obligations, or vital interests.
● Enhanced Security Measures: We implement robust technical and
organizational measures to protect sensitive data from unauthorized
access, disclosure, alteration, or destruction. These measures may
include encryption, access controls, and regular security assessments.
● Restricted Access: Access to sensitive data is restricted to authorized
personnel who have a legitimate need to know for performing their duties.
Access is granted based on role-based permissions and is monitored and
audited regularly.
● Data Minimization: We limit the collection, storage, and retention of
sensitive data to what is necessary for the specified purposes. We
regularly review our data processing activities to ensure data minimization
principles are upheld.
Data Subject Rights:
● Individuals have the right to access, rectify, or erase their sensitive data,
as well as the right to restrict or object to its processing, where applicable.
● We provide mechanisms for individuals to exercise their rights regarding
their sensitive data, and we respond to such requests in a timely and
transparent manner.
Incident Response and Notification:
● In the event of a security incident involving sensitive data, we have
established procedures for promptly assessing, containing, and mitigating
the impact of the incident. We also notify affected individuals and relevant
authorities as required by applicable data protection laws.
b) Journalistic Exceptions:
At ITXPROS, we recognize the importance of upholding freedom of expression
and information, particularly in journalistic activities. This Supplemental Principles
Notice outlines our commitment to respecting the rights of journalists and
balancing them with data privacy considerations.
Journalistic Exceptions:
● Legal Basis: We acknowledge that the processing of personal data for
journalistic purposes is often protected under applicable data protection
laws, including provisions that safeguard freedom of expression and
information.
● Balancing Rights: While respecting journalistic freedom, we also
recognize the importance of protecting individuals' privacy rights. We
strive to strike a balance between these rights, ensuring that journalistic
activities are conducted responsibly and in compliance with applicable
laws and ethical standards.
Data Protection Measures:
● Purpose Limitation: We process personal data for journalistic purposes
only to the extent necessary for the performance of journalistic activities.
We do not use personal data for purposes incompatible with journalism.
● Accuracy and Fairness: We take measures to ensure the accuracy and
fairness of our journalistic content, including verifying the information
obtained and providing opportunities for individuals to respond to
inaccuracies.
● Sensitive Data Handling: When processing sensitive personal data for
journalistic purposes, we apply heightened security measures and ethical
considerations to minimize the risk of harm to individuals.
● Transparency: We are transparent about our journalistic practices,
including how personal data is collected, processed, and used in our
reporting. We provide clear information to individuals about their rights
and how they can exercise them in relation to journalistic activities.
c) Secondary Liability:
At ITXPROS, we understand the importance of accountability and liability in
ensuring the protection of personal data. This Supplemental Principles Notice
outlines our approach to managing secondary liability for the actions of third
parties in processing personal data.
Definition of Secondary Liability:
● Secondary liability refers to the responsibility that organizations bear for
the actions of third parties, such as service providers or affiliates, in
processing personal data on their behalf.
Principles of Secondary Liability:
● Oversight and Accountability: We maintain oversight and accountability
for the processing of personal data by third parties acting on our behalf.
This includes conducting due diligence on potential partners,
implementing contractual safeguards, and monitoring compliance with
data protection requirements.
● Contractual Obligations: We enter into written agreements with third
parties that clearly define their obligations regarding the processing of
personal data. These contracts include provisions requiring compliance
with applicable data protection laws and standards, as well as
mechanisms for auditing and monitoring compliance.
● Risk Management: We assess the risks associated with engaging third
parties in the processing of personal data and implement appropriate
measures to mitigate those risks. This may include selecting reputable
partners with strong data protection practices, implementing technical and
organizational security measures, and conducting regular risk
assessments.
● Remediation and Enforcement: In the event of non-compliance or
breaches of data protection obligations by third parties, we take prompt
remedial action to address the issue and mitigate any harm to individuals.
This may include terminating contracts, imposing sanctions, or seeking
legal remedies as necessary.
d) Human Resources Data:
At ITXPROS, we recognize the importance of protecting the privacy and rights of
our employees' personal data. This Supplemental Principles Notice outlines our
approach to handling and safeguarding human resources (HR) data in
compliance with EU-U.S. Data Privacy Principles.
Scope of HR Data:
HR data refers to personal information collected, processed, and stored by
ITXPROS in relation to its employees, contractors, job applicants, and other
individuals engaged in employment-related activities. This may include, but is not
limited to:
● Personal identification information (e.g., name, address, contact details)
● Employment history and qualifications
● Compensation and benefits information
● Performance evaluations and disciplinary records
● Health and medical information
● Immigration and work authorization documents
Principles for HR Data Processing:
● Lawful Basis: We process HR data on the basis of legal grounds
permitted under applicable data protection laws, such as the necessity for
the performance of employment contracts, compliance with legal
obligations, or legitimate interests pursued by the organization.
● Purpose Limitation: We collect and process HR data only for specified,
explicit, and legitimate purposes related to employment or contractual
obligations. We do not use HR data for purposes incompatible with those
purposes without appropriate legal authorization or consent.
● Data Minimization: We limit the collection, processing, and retention of
HR data to what is necessary and relevant for the purposes for which it
was collected. We regularly review and update our HR data processing
practices to ensure compliance with data minimization principles.
● Confidentiality and Security: We implement appropriate technical and
organizational measures to protect HR data against unauthorized access,
disclosure, alteration, or destruction. Access to HR data is restricted to
authorized personnel on a need-to-know basis, and confidentiality
obligations are enforced.
Data Subject Rights:
● Employees and other individuals whose personal data is processed by
ITXPROS have the right to access, rectify, or erase their HR data, as well
as the right to restrict or object to its processing, where applicable. We
provide mechanisms for individuals to exercise their rights regarding their
HR data and respond to such requests in accordance with applicable data
protection laws.
e) Obligatory Contracts:
At ITXPROS, we recognize the importance of ensuring compliance with data
protection obligations when engaging third parties in the processing of personal
data. This Supplemental Principles Notice outlines our approach to establishing
obligatory contracts with third parties to safeguard personal data in accordance
with EU-U.S. Data Privacy Principles.
Definition of Obligatory Contracts:
● Obligatory contracts refer to written agreements entered into between
ITXPROS and third-party data processors, controllers, or other entities
involved in the processing of personal data. These contracts establish
legal obligations and requirements for protecting personal data and
ensuring compliance with applicable data protection laws.
Key Elements of Obligatory Contracts:
● Purpose and Scope: The contract clearly defines the purposes for which
personal data is processed and outlines the scope of the data processing
activities to be performed by the third party on behalf of ITXPROS
● Data Protection Obligations: The contract sets out specific data
protection obligations and responsibilities for both parties, including
requirements for maintaining the security and confidentiality of personal
data, implementing appropriate technical and organizational measures,
and cooperating with data protection authorities.
● Data Subject Rights: The contract addresses the rights of data subjects
and establishes procedures for responding to data subject requests, such
as access, rectification, or erasure of personal data.
● Subcontracting: If the third party engages subcontractors to assist in the
processing of personal data, the contract requires the third party to
ensure that subcontractors adhere to the same data protection standards
and obligations as set out in the contract.
● Audit and Compliance: The contract may include provisions allowing
ITXPROS to audit the third party's data processing activities to verify
compliance with contractual obligations and applicable data protection
laws.
Compliance and Enforcement:
ITXPROS monitors compliance with obligatory contracts and takes appropriate
measures to enforce contractual obligations. Non-compliance with contractual
obligations may result in termination of the contract and other legal remedies as
necessary.
f) Dispute Resolution and Enforcement:
At ITXPROS, we are committed to upholding the highest standards of data
privacy and ensuring compliance with EU-U.S. Data Privacy Supplemental
Principles. This Supplemental Principles Notice outlines the mechanisms
available for resolving disputes related to data privacy violations and enforcing
compliance with data protection obligations.
Dispute Resolution Mechanisms:
● Internal Complaints Procedure: If you believe that your data privacy
rights have been violated or have any concerns regarding the processing
of your personal data by [ITXPROS], please contact our Data Protection
Officer at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact We will investigate your complaint
promptly and provide a transparent response.
● Alternative Dispute Resolution (ADR): If the internal dispute resolution
process does not resolve the issue, individuals can submit their
complaints to an independent alternative dispute resolution (ADR)
provider at no cost to the individual. The ADR provider we have
designated is Corporate@eldashlaw.com.
● Third-Party Mediation or Arbitration: If you are not satisfied with our
response or believe that your concerns have not been adequately
addressed, you may seek recourse through independent dispute
resolution mechanisms, such as mediation or arbitration.
Enforcement Measures:
● Legal Obligations: We are committed to complying with all applicable
data protection laws and regulations, including EU-U.S. Data Privacy
Supplemental Principles. Failure to do so may result in legal
consequences, including fines, penalties, and other enforcement actions.
● Liability: We acknowledge our responsibility for the processing of
personal data in accordance with the principles outlined in our Privacy
Notice and Supplemental Principles. In the event of a data breach or
privacy violation, we will take appropriate steps to mitigate the impact and
address any resulting liabilities.
Transparency and Accountability:
● We are transparent about our data processing practices and accountable
for our compliance with data protection obligations. We maintain records
of our data processing activities and regularly review and update our
policies and procedures to ensure compliance with applicable laws and
regulations.
g) Self-Certification
At ITXPROS, we are committed to upholding data privacy standards and
complying with EU-U.S. Data Privacy Supplemental Principles. This Self
Certification Notice outlines our process for self-certifying our compliance with
these principles.
Self-Certification Process:
● Review of Principles: We conduct a comprehensive review of the EU
U.S. Data Privacy Supplemental Principles to ensure a thorough
understanding of the requirements and obligations.
● Assessment of Current Practices: We assess our current data privacy
practices, policies, and procedures to identify areas of compliance and
areas needing improvement.
● Gap Analysis: We perform a gap analysis to identify any discrepancies
between our current practices and the requirements outlined in the
Supplemental Principles.
● Remediation Plan: Based on the results of our assessment and gap
analysis, we develop a remediation plan to address any identified gaps
and bring our practices into compliance with the Supplemental Principles.
● Implementation: We implement the necessary changes and updates to
our data privacy practices, policies, and procedures as outlined in the
remediation plan.
● Documentation: We maintain detailed documentation of our self
certification process, including the results of our assessment, gap
analysis, remediation plan, and implementation efforts.
● Attestation: Upon completion of the self-certification process and
implementation of necessary changes, we attest to our compliance with
the EU-U.S. Data Privacy Supplemental Principles.
Ongoing Compliance Monitoring:
● We conduct regular reviews and audits of our data privacy practices to
ensure ongoing compliance with the Supplemental Principles. Any
updates or changes to our practices are documented and reflected in our
self-certification.
Transparency and Accountability:
● We are transparent about our self-certification process and make our
attestation available to relevant stakeholders, such as customers,
partners, and regulatory authorities, upon request.
h) Verification
At ITXPROS, we are committed to ensuring compliance with EU-U.S. Data
Privacy Supplemental Principles. This Verification Notice outlines our process for
verifying our compliance with these principles.
Verification Process:
● Internal Assessment: We conduct a comprehensive internal
assessment of our data privacy practices, policies, and procedures to
ensure alignment with the EU-U.S. Data Privacy Supplemental Principles.
● Documentation Review: We review documentation related to our data
processing activities, including privacy policies, data processing
agreements, and records of data subject requests and responses.
Interviews and Discussions: We engage with key stakeholders within
the organization to gather insights into our data privacy practices and
identify areas for improvement.
● External Review: In some cases, we may engage external auditors or
consultants to conduct an independent review of our data privacy
practices and provide recommendations for improvement.
● Gap Analysis: Based on the results of our assessment and review, we
perform a gap analysis to identify any discrepancies between our current
practices and the requirements outlined in the Supplemental Principles.
● Remediation Plan: We develop a remediation plan to address any
identified gaps and bring our practices into compliance with the
Supplemental Principles.
● Implementation: We implement the necessary changes and updates to
our data privacy practices, policies, and procedures as outlined in the
remediation plan.
● Verification Testing: We conduct verification testing to ensure that the
implemented changes are effective in addressing the identified gaps and
achieving compliance with the Supplemental Principles.
● Documentation and Reporting: We maintain detailed documentation of
our verification process, including the results of our assessment, gap
analysis, remediation plan, implementation efforts, and verification
testing. This documentation is used to demonstrate our compliance with
the Supplemental Principles to relevant stakeholders, such as customers,
partners, and regulatory authorities.
Ongoing Monitoring and Review:
● We conduct regular reviews and audits of our data privacy practices to
ensure ongoing compliance with the Supplemental Principles. Any
updates or changes to our practices are documented and reflected in our
verification process.
Transparency and Accountability:
● We are transparent about our verification process and make our
verification results available to relevant stakeholders upon request.
i) Dispute Resolution and Enforcement
At ITXPROS, we are committed to upholding data privacy standards and
ensuring compliance with EU-U.S. Data Privacy Supplemental Principles. This
Supplemental Principles Notice outlines the mechanisms available for resolving
disputes related to data privacy violations and enforcing compliance with data
protection obligations.
Page25
Dispute Resolution Mechanisms:
Internal Complaints Procedure: If you believe that your data privacy rights
have been violated or have any concerns regarding the processing of
your personal data by ITXPROS, please contact our Data Protection
Officer at “+1-904-9002564” or by filling out this contact form/Security
officers https://www.itxpros.com/contact to report the incident/
● We will investigate your complaint promptly and provide a transparent
response.
● Third-Party Mediation or Arbitration: If you are not satisfied with our
response or believe that your concerns have not been adequately
addressed, you may seek recourse through independent dispute
resolution mechanisms, such as individuals can submit their complaints to
an independent alternative dispute resolution (ADR) provider at no cost to
the individual. The ADR provider we have designated is
Enforcement Measures:
● Legal Obligations: We are committed to complying with all applicable data
protection laws and regulations, including EU-U.S. Data Privacy
Supplemental Principles. Failure to do so may result in legal
consequences, including fines, penalties, and other enforcement actions.
● Liability: We acknowledge our responsibility for the processing of
personal data in accordance with the principles outlined in our Privacy
Notice and Supplemental Principles. In the event of a data breach or
privacy violation, we will take appropriate steps to mitigate the impact and
address any resulting liabilities.
Transparency and Accountability:
● We are transparent about our data processing practices and accountable
for our compliance with data protection obligations. We maintain records
of our data processing activities and regularly review and update our
policies and procedures to ensure compliance with applicable laws and
regulations.
j) Medical Products
At ITXPROS, we understand the importance of protecting the privacy and
confidentiality of personal data related to medical products. This Supplemental
Principles Notice outlines our approach to handling and safeguarding medical
product data in compliance with EU-U.S. Data Privacy Supplemental Principles.
Scope of Medical Products Data:
Medical product data refers to personal information collected, processed, and
stored by ITXPROS in relation to medical devices, pharmaceuticals, and other
healthcare products. This may include, but is not limited to:
● Patient health information
● Medical device usage data
● Pharmaceutical sales and distribution records
● Clinical trial data
● Adverse event reports
Principles for Medical Products Data Processing:
● Legal Basis: We process medical product data on the basis of legal
grounds permitted under applicable data protection laws, such as the
necessity for the performance of contracts, compliance with legal
obligations, or consent where required.
● Purpose Limitation: We collect and process medical product data only
for specified, explicit, and legitimate purposes related to the provision of
healthcare products or services. We do not use medical product data for
purposes incompatible with those purposes without appropriate legal
authorization or consent.
● Data Minimization: We limit the collection, processing, and retention of
medical product data to what is necessary and relevant for the specified
purposes. We regularly review and update our data processing practices
to ensure compliance with data minimization principles.
● Confidentiality and Security: We implement appropriate technical and
organizational measures to protect medical product data against
unauthorized access, disclosure, alteration, or destruction. Access to
medical products data is restricted to authorized personnel on a need-to
know basis, and confidentiality obligations are enforced.
Data Subject Rights:
Individuals whose personal data is processed by ITXPROS have the right to
access, rectify, or erase their medical product data, as well as the right to restrict
or object to its processing, where applicable. We provide mechanisms for
individuals to exercise their rights regarding their medical product data and
respond to such requests in accordance with applicable data protection laws.
Complaints and Inquiries:
If you have any questions, concerns, or complaints regarding the handling of
medical product data or wish to exercise your data subject rights, please contact
our Data Protection Officer at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact. We will investigate your inquiry promptly and
provide a transparent response.
k) Public Record and Publicly Available Information
At ITXPROS, we understand the importance of respecting privacy rights while
acknowledging that certain personal data may be publicly available. This
Supplemental Principles Notice outlines our approach to handling public records
and publicly available information in accordance with EU-U.S. Data Privacy
Supplemental Principles.
Scope of Publicly Available Information:
Publicly available information refers to personal data that is lawfully and
legitimately accessible to the general public through public records, government
databases, publications, websites, or other publicly accessible sources. This may
include, but is not limited to:
● Professional or business contact information (e.g., name, email address,
phone number)
● Educational or professional qualifications
● Publicly disclosed financial information
● Information published in news articles or press releases
● Social media profiles and posts
Principles for Handling Publicly Available Information:
● Lawfulness and Legitimacy: We process publicly available information
only to the extent permitted by law and in accordance with applicable data
protection regulations. We do not collect or use publicly available
information in violation of individuals' privacy rights.
● Transparency: We are transparent about the sources and types of
publicly available information we collect and process. We provide clear
and accessible information to individuals about our data processing
activities, including the purposes for which we use publicly available
information.
● Purpose Limitation: We collect and process publicly available
information only for specific, legitimate purposes, such as recruitment,
marketing, or public relations. We do not use publicly available
information for purposes incompatible with those purposes without
appropriate legal authorization or consent.
● Data Minimization: We limit the collection, processing, and retention of
publicly available information to what is necessary and relevant for the
specified purposes. We regularly review and update our data processing
practices to ensure compliance with data minimization principles.
Data Subject Rights:
Individuals whose publicly available information is processed by ITXPROS have
the right to access, rectify, or erase their data, as well as the right to restrict or
object to its processing, where applicable. We provide mechanisms for
individuals to exercise their rights regarding their publicly available information
and respond to such requests in accordance with applicable data protection laws.
Complaints and Inquiries:
If you have any questions, concerns, or complaints regarding the handling of
publicly available information or wish to exercise your data subject rights, please
contact our Data Protection Officer at “+1-904-9002564” or by filling out this
contact form https://www.itxpros.com/contact We will investigate your inquiry
promptly and provide a transparent response.
l) Access Requests by Public Authorities
At ITXPROS, we are committed to upholding data privacy standards and
complying with EU-U.S. Data Privacy Supplemental Principles. This
Supplemental Principles Notice outlines our approach to handling access
requests by public authorities for personal data.
Scope of Access Requests:
Access requests by public authorities refer to requests made by government
agencies, law enforcement authorities, regulatory bodies, or other public entities
for access to personal data held by At ITXPROS. These requests may be made
in accordance with applicable laws, regulations, or legal processes.
Principles for Handling Access Requests:
● Legal Compliance: We comply with all applicable laws, regulations, and
legal processes governing access requests by public authorities. This
includes but is not limited to requests for information related to national
security, law enforcement, public safety, or regulatory compliance.
● Transparency: We are transparent about our procedures for handling
access requests by public authorities. We maintain clear and accessible
policies and procedures for responding to such requests, including the
circumstances under which we may disclose personal data to public
authorities.
● Data Minimization: We limit the disclosure of personal data to public
authorities to what is strictly necessary and proportionate to the purpose
of the request. We do not disclose personal data in response to access
requests that are vague, overly broad, or not supported by sufficient legal
authority.
● Legal Review: We conduct a legal review of each access request
received from public authorities to ensure that it complies with applicable
legal requirements and safeguards the rights and interests of data
subjects.
● Transparency Reports: We may publish periodic transparency reports
documenting the number, nature, and outcomes of access requests
received from public authorities, subject to any legal restrictions on
disclosure.
Data Subject Notification:
● In cases where disclosure of personal data to public authorities is
permitted by law, we may notify affected data subjects of the disclosure
unless prohibited by law or legal process. Notification may be provided to
the extent feasible and consistent with legal requirements.
Complaints and Inquiries:
● If you have any questions, concerns, or inquiries regarding our handling
of access requests by public authorities, please contact our Data
Protection Officer at “+1-904-9002564” or by filling out this contact form
https://www.itxpros.com/contact We will investigate your inquiry
promptly and provide a transparent response.
ITXPROS
Nationally Approved PACE Program Provider for FAGD/MAGD Credit.
Provider does not imply acceptance by any regulatory authority or AGD endorsement.
7/1/24 to 6/30/25.
Provider ID # 422830
