Effective: June 9th, 2020

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-US DPF, & the Swiss-U.S. Data Privacy Framework Privacy Policy:

Axiom Consulting Group, Inc. (“Axiom,” “we,” “us,” “our”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Axiom has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the UK (including Gibraltar) in reliance on the UK Extension to the EU-US DPF. Axiom has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Definitions:

“Client” means an organization or individual who retains Axiom to provide telecommunications services or act on their behalf in telecommunications matters.

“Personal Information” means any telecommunications data, including, but not limited to, invoices, customer service records or call detail records relating to any Client.

EU-US Data Privacy Framework Principles:

Axiom’s practices regarding the collection, storage, transfer, use and other processing of Personal Information comply with the EU-US Data Privacy Framework (EU-US DPF) Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.

Notice:

Axiom is in the business of providing telecom services including, but not limited to, strategic audit, sourcing, site survey, inventory and device management. To perform these services, Axiom must obtain the necessary data with which to work. The types of data that Axiom collects includes, but not limited to, telecom invoices, customer service records and call detail records. Each of which may contain information regarding a Client or individual’s name, address, email, phone number, bank account information or telecommunication service usage. Axiom only obtains Personal Information from Clients that have unambiguously consented to in writing, through a master services agreement and a statement of work.

Choice:

If Personal Information covered by this DPF Policy is to be disclosed to a third party or used for a new purpose that is materially different from that for which the Personal Information was originally collected or subsequently authorized, Axiom will obtain Client consent, and provide the Client with an opportunity to choose whether to have their Personal Information so used or disclosed. This choice will be manifested in the form of an amendment to either the previously established master services agreement or statement of work.

Accountability for Onward Transfer:

Axiom occasionally uses a third party as a vendor to help provide its core telecom services. In the event Axiom transfers Personal Information covered by this Data Privacy Framework Policy to a third party acting as a vendor, Axiom will do so only if the third party has provided contractual assurances that it will (i) process the Personal Information for limited and specified purposes consistent with any consent provided by the Client, (ii) provide at least the same level of protection as is required by the DPF Principles and notify Axiom if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Information or take other reasonable and appropriate steps to remediate if it makes such a determination. If Axiom has knowledge that a third party acting as a vendor is processing Personal Information covered by this DPF Policy in a way that is contrary to the DPF Principles, Axiom will take reasonable steps to prevent or stop such processing.

With respect to the vendors, Axiom will transfer only the Personal Information covered by this Policy needed for a vendor to deliver the requested service. Furthermore, Axiom will (i) permit the vendor to process such Personal Information only for limited and specified purposes; (ii) require the vendor to provide at least the same level of privacy protection as is required by the Data Privacy Framework Principles; (iii) take reasonable and appropriate steps to ensure that the vendor effectively processes the Personal Information transferred in a manner consistent with Axiom’s obligations under the DPF Principles; and (iv) require the vendor to notify Axiom if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles. Upon receiving notice from a vendor that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, Axiom will take reasonable and appropriate steps to stop and remediate unauthorized processing.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Axiom remains liable under the Data Privacy Framework Principles if a vendor processes Personal Information covered by this DPF Policy in a manner inconsistent with the principles, except where Axiom is not responsible for the event giving rise to the damage.

Security:

Axiom takes reasonable and appropriate measures to protect Personal Information covered by this Policy from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Data Integrity and Purpose Limitation:

Axiom limits the collection of Personal Information to what is relevant for the purposes for which it is to be used. Axiom takes reasonable steps to ensure that such Personal Information is reliable for its intended use, accurate, complete, and current. Axiom takes reasonable and appropriate measures to comply with the requirement under the Data Privacy Framework to retain Personal Information in identifiable form only for as long as it serves its purpose.

Axiom may be required to disclose a Client’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Access:

Clients whose Personal Information is covered by this Policy have the right to access such Personal Information and to correct, amend, or delete such Data if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Client’s privacy, or where the rights of persons other than the Client would be violated). Requests for access, correction, amendment, or deletion should be sent to: [email protected].

Recourse, Enforcement and Liability:

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Axiom commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact:

Email: [email protected]
Phone: 410.489.0050
Mailing Address: Axiom Consulting Group, Inc.
14541 Edgewoods Way Glenelg, MD 21737

Axiom has further committed to refer unresolved DPF Principles-related complaints to an independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Axiom is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). To learn more about the EU-U.S. & Swiss-U.S. Data Privacy Framework program, or to view Axiom’s certification, please visit https://www.dataprivacyframework.gov/.