top of page

Safety &
Security

Privacy Policy

Effective Date: 07/23/2024

​​

Privacy Notice

Introduction
Global Impact Assessment (GIA) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, and share your personal data in compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Commitment to DPF Principles
GIA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. GIA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. GIA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Types of Data Collected
We collect various types of personal data, including but not limited to names, contact information, demographic information, and HR data.

Purpose of Data Processing
Global Impact Assessment (GIA) processes personal data for the purpose of measuring and analyzing the social and environmental impacts of various programs and interventions, sales, marketing, order fulfillment, and research. The types of personal data processed include customer/client data, visitor data, and HR data. If applicable, personal data may be disclosed to third parties such as data analytics partners and research collaborators to support these activities. This processing is done in compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Individual Rights
Individuals have the right to access, correct, or delete their personal data. To exercise these rights, please contact us at hr@globalimpactassessment.com.

Choice
Individuals can limit the use and disclosure of their personal data by contacting us at hr@globalimpactassessment.com.

Third-Party Sharing
We may share personal data with business partners, advertisers, and vendors to support our activities. For a full list of third parties, please contact us.

Government Access
GIA may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Onward Transfer
GIA is liable for onward transfers of personal data to third parties, ensuring that such transfers comply with the accountability principles outlined in the DPF.

Complaint Contact
For privacy inquiries and complaints, please contact hr@globalimpactassessment.com.

Independent Recourse Mechanism
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GIA commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact GIA at hr@globalimpactassessment.com.

Cooperation with Data Protection Authorities
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GIA commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Binding Arbitration
Under certain conditions, individuals may invoke binding arbitration for residual claims not resolved by other redress mechanisms. For more details, see https://www.dataprivacyframework.gov.

Enforcement
GIA is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Contact Us
For any questions or concerns regarding this Privacy Notice or our data practices, please contact us at:

Global Impact Assessment


Email: hr@globalimpactassessment.com

Global Impact Assessment Data Security Policy

​Effective Date: 07/07/2024

Introduction: At Global Impact Assessment (GIA), we are committed to ensuring the security and confidentiality of the personal and professional data we collect and process. This Data Security Policy outlines the measures we have implemented to protect data from unauthorized access, breaches, and other security threats.

1. Data Security Measures:

  • Encryption: We use industry-standard encryption protocols to protect data during transmission and storage. Sensitive data is encrypted using advanced encryption techniques to ensure confidentiality and integrity.

  • Access Controls: We have established strict access controls to limit access to data based on the principle of least privilege. Only authorized personnel with a legitimate need to access data are granted access.

  • Authentication: Multi-factor authentication (MFA) is implemented for all systems and applications to ensure that only authorized users can access data.

  • Regular Security Assessments: We conduct regular security assessments, including vulnerability scans, penetration testing, and security audits, to identify and mitigate potential risks.

  • Firewall Protection: Robust firewall systems are in place to protect our network from unauthorized access and cyber threats.

  • Intrusion Detection and Prevention: We utilize intrusion detection and prevention systems (IDPS) to monitor network traffic for suspicious activity and respond to potential threats in real-time.

2. Data Handling and Storage:

  • Data Minimization: We collect and process only the data necessary for specific purposes. Unnecessary data is not collected or retained.

  • Data Retention: Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once no longer needed, data is securely deleted or anonymized.

  • Secure Storage: All data is stored in secure environments with appropriate physical and technical safeguards to prevent unauthorized access and data breaches.

3. Employee Training and Awareness:

  • Security Training: All employees undergo regular security training to stay informed about the latest security threats and best practices for data protection.

  • Security Policies: Employees are required to adhere to our internal security policies and procedures, including guidelines for handling sensitive data and reporting security incidents.

4. Incident Response:

  • Incident Response Plan: We have an established incident response plan to promptly address and mitigate the impact of any security incidents. The plan includes procedures for identifying, containing, eradicating, and recovering from incidents.

  • Reporting Incidents: Employees and partners are encouraged to report any suspected security incidents or breaches immediately to our security team for investigation and response.

5. Third-Party Security:

  • Vendor Management: We evaluate the security practices of third-party vendors and service providers to ensure they meet our security standards. Contracts with third parties include data protection and security clauses.

  • Third-Party Audits: We conduct regular audits and assessments of third-party vendors to verify their compliance with our security requirements.

6. Compliance and Governance:

  • Regulatory Compliance: Our data security practices comply with relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR), the EU-U.S. Data Privacy Framework (DPF), and other applicable standards.

  • Security Governance: We have a dedicated security team responsible for overseeing and implementing our data security strategy. The team regularly reviews and updates security policies and procedures to address evolving threats.

7. Continuous Improvement:

  • Ongoing Monitoring: We continuously monitor our systems and processes to detect and respond to emerging security threats.

  • Security Enhancements: We regularly review and enhance our security measures to stay ahead of new vulnerabilities and cyber threats.​

Contact Us: If you have any questions or concerns about our data security practices, please contact us at:
client.support@globalimpactassessment.com

bottom of page