Data Protection & Privacy Policy
Effective: November 1, 2023 | Last Updated: March 15, 2024
1. Data Collection Scope
Account Information
- Enterprise contact details
- SSO configuration metadata
- License entitlement records
Security Data
- Network flow logs
- Endpoint detection alerts
- Cloud infrastructure telemetry
2. Data Utilization
Threat Intelligence
Security event correlation across 150+ log sources to detect advanced persistent threats (APTs) and zero-day exploits
Incident Response
Forensic analysis using process execution trails, user/entity behavior analytics (UEBA), and MITRE ATT&CK pattern matching
3. Global Data Transfers
Transfer Mechanisms
EU-US Transfers
EU Standard Contractual Clauses (SCCs) with supplementary measures
APAC Transfers
CBPR system certification for Asia-Pacific cross-border flows
4. Security Safeguards
Encryption
AES-256 at rest, TLS 1.3 in transit with HSM-backed key management
Access Control
RBAC with JIT provisioning and mandatory MFA enforcement
Auditing
Blockchain-verified audit trails with 90-day retention
5. Individual Rights
GDPR Compliance
Right to Access
DSAR portal with automated report generation
Right to Erasure
Anonymization workflows for PII across distributed systems
CCPA Compliance
Annual metrics disclosure: 98.7% valid consumer requests processed within 10 business days
6. Contact & Enforcement
Data Protection Officer
Email: commando@commandonetworks.com
Phone: +971509242643
Postal: 550 Security Blvd, NYC 10001
Regulatory Authority
EU Representative: SIEM Privacy Ltd
Registered with Irish Data Protection Commission (DPC)
Certifications
ISO 27001:2022
Cert #: CMS-123456
SOC 2 Type II
Audit Period: Q4 2023
GDPR Article 30
ROPA ID: 2023-SIEM-7890