DataVinci provides analytics services to its clients. For the provision of analytics services, we need access to the relevant tools owned or subscribed by the clients. DataVinci does not own or subscribe the tools on behalf of the clients.
DataVinci can recommend the data points that a client should and can collected for the optimization of their digital assets. We at DataVinci strive to ensure that any of our recommendations do not result in activities that can be considered illegal. But, we need active involvement from the stakeholders at the client side to review our recommendations and present their input if they feel that collection of certain data points can fall outside of legal boundaries. DataVinci can not and will not provide a sign off on the data points that a client decides to collect from their digital assets. The stakeholders at the client’s side will be the final authority for approving or rejecting the collection of all data points.
DataVinci works with the tools owned/subscribed by the clients. It is the responsibility of the stakeholders and relevant teams at the client side to validate the usage policies of their tools before on-boarding them on their stack.
In general, DataVinci advices against collecting any PII information until and unless the users have provided their consent. The nature of this consent needs to be decided by the clients. If the data points are made available to DataVinci, we will assume that the clients have accessed these data points only post acquiring all the relevant consents from their site users.
It is also advisable that for working with tools like tag managers, the publishing rights are reserved by the internal teams at the client side who can validate the work done by DataVinci and enable the respective tracking on the digital assets only after ensuring that it does not conflict with the privacy policies of the client organization.
Employees at DataVinci are legally restricted from sharing any data point of any nature collected from the systems provisioned by clients with any party that the clients have not formally approved as acceptable. The team works with individual accounts allocated to them provisioned with security mechanisms like 2-factor authentications. DataVinci conducts background check of its employees and maintain records of their government Ids and education certificates. DataVinci also uses Bit Warden password sharing software
If it is critical to eliminate any scope of data leakage, following arrangements can be made :
- Employees dedicated for specific projects can be provisioned with project specific laptops restricting them from signing into any account other than the client accounts. The laptops can further be locked to ensure no external memory drives can be attached to them. The employees will not be provisioned with any administrative accesses to modify the configurations and other settings of their laptop
- The clients can provision a VPN environment and install software on the machines of the dedicated staff to ensure that the machines are complying with the security policies at the client side
- The clients can provision a machine which the employees can utilize. In such a case, the client would be required to take care of the postal charges and custom duties. The laptops will be returned once the engagement between DataVinci and the clients is concluded.
Please note : while we are ensuring that we follow standard practices to ensure the data security of our clients is not compromised, we cannot factor in incidents like hacking or unusual malware or viruses.