This document provides an overview of the DATA SECURITY POLICY of Policy Saver Insurance, (PSI) its subsidiaries, and affiliates. It is the intention of PSI to protect the confidential and personally identifiable information (PII) of its clients, users, partners and customers, (together “Users”), as well as its own confidential and proprietary business information, from unauthorized access both outside of and within the company. This Policy applies to all employees and contractors (together, “Personnel”).
For the purposes of performing services to users, PSI may receive User Personal Information, including but not limited to User PII. All User Data shall be protected by commercially-acceptable standards — standard administrative, technical and physical security measures to preserve the confidentiality (authorized access), integrity and availability of User Data — and no less rigorously than it protects its own confidential information.
PSI may have access to and/or receive User Data through the course of the engagement with the User. Data may also be shared with PSI by Clients through secure Cloud Storage, SFTP (SSH File Transfer Protocol, Secure File Transfer Protocol), or other means as discussed and agreed upon by Client and PSI.
PSI uses User Data to provide relevant written and verbal outreach to connect users with relevant opportunities based on their past engagement with PSI or PSI Clients.
PSI guarantees it will not share User Data and opt-out information with any third-party unless required by law.
User PII is stored in third-party secure Cloud Storage of the highest commercial standards, including, but not limited to, the following: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, PCI DSS, FedRAMP Moderate, DoD IL2, DoD IL4, NIST SP 800-171, HIPAA, HITRUST, Financial Services Compliance - USA, Privacy Shield, TRUSTe Certified Privacy Seal, UK Cyber Essentials.
Access to User Data and User Personal Information, including User PII, is restricted in scope by role and requirements.
Auditing and Monitoring:
All access to User PII and Confidential Information will be logged, audited and regularly monitored.
User PII and Confidential Information will be destroyed upon the completion of the engagement between User and PSI, or upon request.