• Privacy Policy

Updated March 31, 2019

Scope

This document sets forth the Privacy Statement of Foundation Software Group, Inc. (“FSG”) applicable to the provision of its FoundationTM Firm Intelligence Platform and integrated applications as software as a service (the “Foundation Service”) to its customers. For purposes of this document, the term “Services Data” means personally identifiable information about its employees, customers, partners or suppliers (collectively “end users”) that resides on FSG or third-party systems to which FSG is provided access to perform the Foundation Services. FSG treats Services Data according to the terms of this policy and treats Services Data as confidential in adherence with contractual agreements made with its customers.

How FSG Collects and Uses Services Data

Without limiting any provisions regarding access, collection and/or use of Services Data set forth in the SAAS Agreement between FSG and its customers, below are the conditions under which FSG may access, collect and/or use Services Data.

  • To Provide the Foundation Service and to diagnose and resolve issues. Services Data may be accessed and used to perform the Foundation Services under the customer’s SAAS Agreement and to confirm compliance with the terms of the customer’s SAAS Agreement. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues customers have reported to FSG. Any copies of Services Data created for these purposes are only maintained for time periods relevant to those purposes.
  • As a Result of Legal Requirements. FSG may be required to retain or provide access to Services Data to comply with legally mandated reporting, disclosure or other legal process requirements. FSG will not access Services Data for this purpose without first providing notice to the customer of the request for such information to the greatest extent allowed by law, and, to the extent consistent with applicable law.
  • FSG will not transfer and access Services Data globally as required for the purposes specified above to or from jurisdictions outside the U.S. not expressly approved by the customer. If FSG hires subcontractors to assist in providing Foundation Services, their access to Services Data will be consistent with the terms of the customer’s SAAS Agreement for services and this Privacy Statement. FSG is responsible for its subcontractors’ compliance with the terms of this Privacy Statement.
  • FSG does not use Services Data except as stated above or in the SAAS Agreement. FSG may process Services Data only for purposes of the customer’s SAAS Agreement but does not control the customer’s collection or use practices for Services Data. If the customer provides any Services Data to FSG, the customer is responsible for providing any notices and/or obtaining any consents necessary for FSG to access, use, retain and transfer Services Data as specified in this Privacy Statement document and the customer’s SAAS Agreement.

Access Controls

Subject to the terms of the SAAS Agreement, FSG’s access to Services Data is based on job role/responsibility and is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. The customers control access to Services Data by end users; end users should direct any requests related to their personal information to the customer.

Security and Breach Notification

Security and Breach Notification are set forth in your SAAS Agreement or the Security Standards document attached to your SAAS Agreement.

FSG is also committed to reducing risks of human error, theft, fraud, and misuse of FSG facilities. FSG’s efforts include making personnel aware of security policies and training employees to implement security policies. FSG employees are required to maintain the confidentiality of Services Data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.