DATA SECURITY POLICY
247BIDS, LLC personnel are expected to be competent, thorough, helpful, and courteous stewards of customer information that is stored on 247BIDS, LLC products and in 247BIDS, LLC data centers. 247BIDS, LLC has established a number of measures to ensure that customers and their data are treated properly.
Privacy and Control Mechanisms
247BIDS, LLC complies with any portion of HIPAA or the HITECH Act that are directly applicable to 247BIDS, LLC. In particular, the 247BIDS, LLC Platform safeguards replicated data in such a way as to satisfy HIPAA’s Security Rule. Customers wishing to establish a Business Associate relationship with 247BIDS, LLC per 45 CFR 164.502(e) and 164.504(e) should request a Business Associate Agreement from 247BIDS, LLC. The Business Associate Agreement defines commitments that 247BIDS, LLC will make to maintain HIPAA and HITECH compliance as required.
247BIDS, LLC Employees
All employees are required to accept and acknowledge in writing 247BIDS, LLC’s policies for nondisclosure and protection of 247BIDS, LLC and third-party confidential information, including acceptable use of confidential information. In the course of assisting customers with their technology solutions, 247BIDS, LLC support technicians understand that they may come into contact with customer communications and/or customer data and they must keep this information confidential.
Technicians who support 247BIDS, LLC products are prepared in a variety of ways. New tier 1 technicians receive class time training with tier 2 technicians and the support management team. New support technicians also spend a period of time as an understudy to an established technician for each product in which they intend to become certified. Product knowledge is tested and established through formal online training and all technicians are expected to meet a pre-defined standard before supporting customers directly.
All 247BIDS, LLC support technicians receive ongoing training in product-specific training sessions.
When an employee or contractor leaves 247BIDS, LLC, a formal process is in place to immediately revoke physical and network access to 247BIDS, LLC facilities and resources.
Architecture and Infrastructure Security
Storage Facility Standards
247BIDS, LLC leases space in a number of data centers worldwide. Each 247BIDS, LLC data center is equipped with the following:
- Controlled access systems requiring key-card authentication
- Video-monitored access points
- Intrusion alarms
- Locking cabinets
- Climate control systems
- Waterless fire-suppressant systems
- Redundant power (generator backup, UPS, no single point of failure)
- Redundant Internet connectivity
- ISO and/or SOC II certified
Knowing the geographic location of their data is important for customers operating in regulated industries or in countries with data protection laws. 247BIDS, LLC understands that some customers must maintain their data in a specific geographic location, such as within the European Union or within countries that are members of the Asia-Pacific Economic Cooperation (APEC) forum.
To that end, 247BIDS, LLC maintains a network of Platform-scale data centers by geographic location around the globe, and verifies that each meets defined security requirements. However, not all 247BIDS, LLC products are deployed in all regions. To determine where data for a particular 247BIDS, LLC product is stored, please refer to the product-specific security document.
Data in the 247BIDS, LLC Platform is stored in a proprietary storage system developed and managed by 247BIDS, LLC. This system maintains two copies of customer data to provide redundancy. In the United States, the two copies are stored in separate data center locations. Outside of the United States, the two copies are stored within the same location on separate storage systems.
247BIDS, LLC uses a defense-in-depth strategy and proprietary hardened software and operating systems to protect data and services. 247BIDS, LLC conducts regular inspections to ensure the security of its systems.
247BIDS, LLC Central
247BIDS, LLC Central is the 24/7 security center operated by 247BIDS, LLC Networks to monitor and block the latest Internet threats. Data collected at 247BIDS, LLC Central is analyzed and used to create definitions for automatic Energize Updates that fuel 247BIDS, LLC products.
247BIDS, LLCCentral.org is dedicated to providing technical insight for security professionals. By sharing data, 247BIDS, LLCCentral.org aims to build a strong community to collectively fight the latest Internet threats.
1. Your Data
Data stored in the 247BIDS, LLC Platform is our customers’ data and we protect their right to make decisions about that data and we are transparent about what happens to that data. With the 247BIDS, LLC Platform, you are the owner of your customer data.
Customer data is defined as all data, including text, sound, video, or image files and software, that you provide to 247BIDS, LLC, or is provided on your behalf.
247BIDS, LLC will use your customer data only to provide the services we have agreed upon, and for purposes that are compatible with providing those services.
You can access your customer data at any time and for any reason without assistance from 247BIDS, LLC. We restrict access to it to 247BIDS, LLC personnel and subcontractors. We provide simple, transparent data-use policies.
We do not use customer data for advertising
Except as set forth below, 247BIDS, LLC does not share customer data with our advertiser-supported services, nor do we mine it for marketing or advertising.
In addition to providing the service and day-to-day operations, 247BIDS, LLC may use your data for the following:
- Troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of services
- Ongoing improvement of features, such as those that improve the reliability of our services, or involve the detection of, and protection against, threats to the services or customer data (such as malware or spam)
- Providing personalized customer experiences
- Contacting you about new products and services
- Advertizing the following information on any and all social media platforms including 247Bids.com:
1. Your username,
2. Your photo or avatar,
3. Item won
4. Total clicks
5. Normal, bonus or free bids used to win, buy or participate in an auction,
6. Total paid or cost of normal bids,
7. Winning bid amount,
8. Winning price,
9. Combined total,
10. Auction was worth price,
11. Total savings,
12. Savings percentage
Furthermore, the 247BIDS, LLC Platform uses systems that are kept logically separate from internal systems run by 247BIDS, LLC.
We use logical isolation to segregate each customer’s data from that of others
247BIDS, LLC Platform services are multi-tenant services, meaning that your data, deployments, and virtual machines may be stored on the same physical hardware as that of other customers. When data from many customers is stored at a shared physical location, 247BIDS, LLC logically segregates storage and processing for different customers through specialized technology engineered specifically for that purpose.
247BIDS, LLC takes strong measures to protect customer data from inappropriate use or loss and to prevent customers from gaining access to one another’s data.
We provide simple, transparent data-use policies and get independent audits
Our subcontractors are contractually obligated to meet our privacy requirements
247BIDS, LLC may hire other companies to provide limited services, such as data colocation services. We provide customer data as required to deliver the services we have retained them to provide. Subcontractors are prohibited from using customer data for any other purpose, and they are required to maintain the confidentiality of our customers’ information.
- Subcontractors who handle customer data in 247BIDS, LLC Platform services must enter into additional agreements with 247BIDS, LLC that subject them to data protection terms.
- Subcontractors who handle 247BIDS, LLC Platform customer data in their own facilities are required to set up and follow privacy standards equivalent to our own.
Control of your Data
You control access to your customer data
Access by 247BIDS, LLC personnel.
247BIDS, LLC personnel are granted access only when necessary under management oversight. 247BIDS, LLC personnel will use customer data only for purposes compatible with providing you the services, which can include customer support and troubleshooting services.
Access by subcontractors.
247BIDS, LLC may hire other companies to provide limited services. Subcontractors can access customer data only to deliver the services we have hired them to provide. Subcontractors are prohibited from using customer data for any other purpose, and are required to maintain the confidentiality of our customers’ information.
Limits to access.
The operational processes and controls that govern access to and use of customer data in the 247BIDS, LLC Platform are regularly verified. 247BIDS, LLC regularly performs sample audits to attest that access is only for legitimate business purposes. Strong controls and authentication help limit access to customer data to authorized personnel only. When access is granted, whether to 247BIDS, LLC personnel or our subcontractors, it is carefully controlled and logged, and revoked as soon as it is no longer needed.
Government and law enforcement requests.
247BIDS, LLC imposes carefully defined requirements around government and law enforcement requests for customer data. We will not disclose data hosted in the 247BIDS, LLC Platform to a government agency except as you direct or where required by law. When we receive a government or law enforcement request for customer data, we attempt to redirect the third-party to obtain the requested data from our customer.
You control your customer data if you leave the service
247BIDS, LLC follows strict standards and specific processes for removing customer data from all systems under our control.
You can retrieve a copy of your customer data at any time and for any reason without any assistance or notification required from 247BIDS, LLC.
- If you, the customer, terminate your subscription or it expires (except for free trials), 247BIDS, LLC will store your customer data in a limited-function account for 30 days (the retention period) to give you time to export the data or renew your subscription. During this period, 247BIDS, LLC provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
- After this 30-day retention period, 247BIDS, LLC will disable the account and may delete all customer data at its discretion, including any cached or backup copies.
In the multitenant environments of 247BIDS, LLC Platform services, we take careful measures to logically separate customer data to help prevent one customer’s data from leaking into the data of another customer, as well as to help block any customer from accessing another customer’s deleted data.
Data deletion on physical storage devices
- When a disk drive used for storage in the 247BIDS, LLC Platform suffers a hardware failure, it is securely erased or destroyed before 247BIDS, LLC returns it to the manufacturer for replacement or repair. All of the data on the drive is completely overwritten to ensure that the data cannot be recovered by any means.
You have options to control the security of your customer data
The 247BIDS, LLC Platform uses encryption to safeguard your data and help you maintain control over it.
When customer data moves over a network, the 247BIDS, LLC Platform uses industry- standard secure transport protocols between user devices and 247BIDS, LLC data centers, as well as within the data centers themselves.
The 247BIDS, LLC Platform uses industry-standard encryption for data at rest in transit.
How we respond to government requests
When governments or law enforcement make a lawful request for customer data from 247BIDS, LLC, we are committed to transparency and limit what we disclose. Because 247BIDS, LLC believes that customers should control their own data, we will not disclose data hosted in the 247BIDS, LLC Platform to a government or law enforcement agency except as you direct or where required by law.
We do not offer direct access to customer data.
We believe that you should control your own data. 247BIDS, LLC does not give any third-party (including law enforcement, other government entity, or civil litigant) direct or unfettered access to customer data except as you direct, or as required by law.
We redirect law enforcement and other third-party requests to the customer.
When we receive a government or law enforcement request for customer data, we always attempt to redirect the third third-party to obtain the requested data from our customer.
For valid requests that we are not able to redirect to the customer, we disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order.
In either case, requests may require the release of the customer’s basic contact information.
We do not give access to platform encryption keys.
We do not provide any government with our encryption keys or the ability to break our encryption.
Acceptable Use and Conduct
All users must be registered to access the 247BIDS, LLC Platform. Individual users must register using their name, and entity users must register under the legal name of their entity. You will be solely responsible and liable for any activity that occurs under your account.
You are solely responsible for the legality and appropriateness of your customer data uploaded or otherwise placed into the 247BIDS, LLC Platform.
247BIDS, LLC may immediately and without prior notice to You, remove any content or data, or suspend or cancel accounts if it becomes aware of any misuse or illegal actions associated with an account or user.
When using the 247BIDS, LLC Platform, you must not use the services to do any of the following things:
- Copy or upload files or information unless you have a legal right to the files or information;
- Probe, scan, or test the vulnerability of any system, or attempt to circumvent any security or authentication measures;
- Access, tamper with, or use non-public areas of the 247BIDS, LLC Platform. or attempt to access or search the 247BIDS, LLC Platform through non-public interfaces;
- Attempt to disrupt any user or network by sending a virus, malware, overloading, flooding, spamming, or mail-bombing, or otherwise interfere with the use of other users;
- Send unsolicited communications, promotions, advertisements, or spam;
- Attempt to access another user’s account;
- Send altered, deceptive, or false source-identifying information, including “spoofing” or “phishing”;
- Publish anything that is fraudulent, misleading, or infringes on another’s rights;
- Misrepresent yourself or affiliation with an entity; or
- Publish or share materials that are offensive, defamatory, or unlawful.
The 247BIDS, LLC Platform services may be controlled for export purposes. You must comply with all United States export laws and regulations. You assume sole responsibility for any required export approval and/or licenses and all related costs and for the violation of any United States export law or regulation. If you are located in a country subject to embargo by the United States government, you are not entitled to use the 247BIDS, LLC Platform services.
Updated: March, 2019