Privacy policy
Vurtuo Consulting (“we,” “us,” or “our”) respects the privacy of all individuals and organizations we engage with. As a consulting firm, we primarily access, analyze, and process data provided by our clients to deliver tailored consulting services. This Privacy Policy explains how we handle, protect, and safeguard data accessed during the course of our engagements.
1. Scope
This Privacy Policy applies to all data accessed by Vurtuo Consulting in the course of providing consulting services, including but not limited to personally identifiable information (PII), confidential business information, and any other client-provided data.
2. Types of Data We Access
We may access the following types of data as part of our services:
a. Client-Provided Data
- Employee records (e.g., names, roles, contact details, salary details).
- Human resources data, including payroll, performance, or benefits-related information.
- Customer data or transactional records stored in client systems.
b. Business Data
- Financial reports, operational data, and strategic plans.
- System configurations and software settings.
c. System and Technical Data
- Logs, system activity reports, and configuration data related to integrated platforms (e.g., Dayforce or other HR/ERP systems).
- Data required to troubleshoot system errors or performance issues.
Important: All data we access is provided, controlled, and owned by our clients. We do not independently collect data outside the scope of services explicitly requested.
3. Purpose of Access
We access client-provided data for the following purposes:
- Delivering consulting services, such as system integrations, reporting automation, and process optimization.
- Analyzing data to identify trends, errors, or inefficiencies within the client’s systems.
- Designing, implementing, and testing configurations or workflows as directed by the client.
- Providing support or troubleshooting for existing client systems or custom-built solutions.
4. Data Ownership
All data accessed by Vurtuo Consulting remains the property of the client. We act as a data processor and handle information only as instructed by the client.
5. Data Security
We prioritize the security of the data we access and implement robust measures to safeguard it. These measures include:
- Access Controls: Strict controls to ensure only authorized team members access client systems and data.
- Encryption: Secure channels (e.g., VPNs, encryption protocols) for data transfer between systems.
- Secure Storage: Data accessed for temporary use is stored securely and deleted once the purpose is fulfilled.
- Regular Audits: Periodic reviews of access logs, system security, and compliance measures.
6. Confidentiality
All client data accessed by Vurtuo Consulting is treated as strictly confidential. We require all employees and contractors to sign non-disclosure agreements (NDAs) and adhere to strict confidentiality protocols.
7. Third-Party Services
We may work with trusted third-party service providers to assist with delivering certain services. These providers are subject to confidentiality and data protection agreements to ensure client data is handled securely.
8. Data Retention
We do not retain client data beyond the scope of the consulting engagement. Any temporary copies of data, such as reports or extracted datasets, are securely deleted or returned to the client upon project completion.
9. Rights of Clients
As the data owner, clients retain the following rights:
- Access Control: Restrict or revoke Vurtuo Consulting’s access to systems at any time.
- Data Deletion: Request deletion of any client data stored temporarily by Vurtuo Consulting.
- Transparency: Receive a full accounting of how data was accessed or used during the engagement.
10. Incident Response
In the unlikely event of a data breach or unauthorized access, Vurtuo Consulting will:
- Notify the client immediately upon discovery of the incident.
- Investigate the breach and provide a detailed report, including affected data and mitigation measures.
- Cooperate fully with the client to address the issue and prevent future occurrences.
11. Updates to This Policy
This Privacy Policy may be updated periodically to reflect changes in our practices or legal obligations. Clients will be notified of any significant updates.