The purpose of the policy is to establish the goals and the vision for the breach response process. This policy will clearly define to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g. to enable prioritisation of the incidents), as well as reporting, remediation, and feedback mechanisms.
Subscribers give consent by opting to receive emails from Exchange Invest Daily Newsletter, providing their full name and email address. While being one of the more well-known legal bases for processing personal data, consent is only one of six bases mentioned in the General Data Protection Regulation (GDPR). Subscribers have an option to change how they want to receive these emails, by updating their preferences, we ensure emails we send complies with CAN-SPAM Act. Subscribers also have an option to unsubscribe from the newsletter and their data will be removed from the company’s list of subscribers.
The Subscriber Data stored amounts to:
- Subscriber’s Name (Christian Name / Surname)
- Subscriber email address
- Date of subscription
- Address for Invoicing (for individual subscribers) and a corporate address for invoicing group/company subscriptions.
- There is no further personal data stored and the database does not include telephone or other contact details nor any personal information concerning the subscribers other than the above.
Subscriber data is securely stored in the company’s Subscriber Database. This information is shared only in Exchange Invest and not in whole or part with any other third parties. Any person who is authorised to process any kind of data (including staff) must undertake the appropriate obligation of confidentiality. Exchange Invest Daily Newsletter is strictly intended for the named subscriber and does not permit reproduction, copying or sharing of material by any means.
In practice, only the Database Manager and the Publisher can access the full database of Subscriber Names.
II. Email and Password Protection
Exchange Invest email account should be used primarily for Exchange Invest business-related purposes; personal communication is permitted on a limited basis, but non-Exchange Invest related commercial uses are prohibited. All Exchange Invest data contained within an email message or an attachment must be secured according to the Data Protection Standard.
Employees are prohibited from using personal email or any accounts other than those provided them with. They shall have no expectation of privacy in anything they store, send or receive on the company’s email system. An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
III. Acceptable Use
All Exchange Invest subscribers must follow this policy.
In order to use this service:
- You must be 18 years of age and above.
- Completed the registration process.
- Agree to the terms and conditions; and
- Provided true, complete, up to date contact and billing information to Exchange Invest.
- By the very nature of its specialist content, readers of Exchange Invest newsletter are invariably designated Professional (usually institutional) investors in their market understanding and at least High Net Worth experienced individuals as the content is not of interest to less sophisticated retail investors (and the content is anyway B2B business in its approach as opposed to being an investment newsletter or similar).
By subscribing to our product, you represent and warrant that you meet all of the requirements listed above, and that you won’t use our product that violates any laws and regulations.
- Reproduce, copying, forwarding or sharing this material by any means.
- Use any misleading or incorrect name, email address, and other information on Exchange Invest.
- Set up multiple accounts for any entity in order to send similar content.
- Providing information, about or any list of Exchange Invest employees to parties outside Exchange Invest.
Any contraventions of our policies will be subject to a reseller rights agreements with infringements being liable for a minimum of USD$100,000 opening charge plus rights on all copies we deem the third party to have resold - in line with general vendor policies.
IV. Risk Assessment
We conduct a risk assessment on a regular basis to identify potential risks associated with our paid newsletter. Our risk assessment process includes the following steps:
- Identify potential risks: We identify potential risks associated with our paid newsletter, such as data breaches, payment fraud, or unauthorized access to subscriber information.
- Assess the likelihood of each risk: We assess the likelihood of each potential risk occurring based on factors such as the likelihood of a data breach, the security of our payment processing system, and the potential impact of unauthorized access to subscriber information.
- Assess the impact of each risk: We assess the potential impact of each risk on our subscribers, our business, and our reputation.
- Monitor and review risks: We monitor and review potential risks on an ongoing basis to ensure that our risk management strategies are effective and up-to-date.
Risk Management Strategies
Our risk management strategies include the following:
- Implementing industry-standard security measures to protect subscriber information, such as encryption and firewalls
- Regularly monitoring our payment processing system for suspicious activity
- Conducting background checks on employees who have access to subscriber information
- Providing regular training to our staff on data security best practices