Public-Facing Data Handling & Protection Policy
Last Updated: 2025.01.18
1. Introduction
At Experience Innovation Consulting Inc., we are committed to safeguarding the information our clients, prospects, and partners entrusted to us. This Data Handling and protection Policy explains the high-level principles and practices we follow to collect, store, and protect data while adhering to relevant data protection laws, such as the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act).
Our internal Data Handling & Protection Policy (v1.0) contains additional procedural details and security measures. Below is an overview of our external commitments and how you can exercise your rights.
2. Data Types & Purposes
-
Client Data
-
Information you provide us when engaging our services (e.g., project details, contact information).
-
Use: Deliver and support consulting services, fulfill contractual obligations, and improve service quality.
-
-
B2B Prospect Data
-
Contact or professional information collected for outreach or lead generation.
-
Use: Share relevant insights and offerings; respect requests to opt out of further communication.
-
-
Internal Proprietary Data
-
Intellectual property and trade secrets owned by Experience Innovation Consulting Inc.
-
Use: Internal research, development, and innovation; not publicly disclosed unless approved by leadership.
-
-
Public Data
-
Information available in the public domain (e.g., publicly accessible websites).
-
Use: We adhere to intellectual property and fair-use guidelines for general research or aggregated analytics.
-
-
Personally Identifiable Information (PII)
-
Any data identifying an individual (e.g., name, email address).
-
Use: Provide requested services, enable account-related functions, or comply with legal obligations.
-
3. Collection & Usage
-
Consent & Transparency: We collect personal data either directly from you or through reputable third-party lead-generation tools. We always strive to notify you of how and why the data is needed.
-
Data Classification: We classify data (Client, B2B Prospect, Internal Proprietary, PII) to apply the appropriate level of protection.
-
Responsible AI Usage: Where applicable, data may be processed with approved AI tools, but we do not feed sensitive client data into public AI models without consent or anonymization.
4. Storage & Retention
-
Approved Platforms: We use secure and recognized platforms (e.g., Google Drive, Microsoft Suite, HubSpot) with multi-factor authentication and encryption.
-
Retention: We keep data as long as needed to fulfill the purpose for which it was collected or as legally required. For instance:
-
B2B Prospect Data: Up to 2 years unless you request Deletion sooner.
-
Client Project Data: Typically retained throughout the engagement and for a period afterwards to comply with legal, tax, or contractual requirements.
-
-
Annual Review: We periodically review our data sets to delete or anonymize no longer required information.
5. Security Measures
-
Encryption: We use encryption in transit (TLS/SSL) and at rest (where supported by our cloud providers) to protect data.
-
Access Control: Role-based permissions ensure that only authorized personnel can access confidential or personal data.
-
Organizational Safeguards: Our team undergoes routine training on data protection, secure handling, and breach reporting.
6. Your Rights
Depending on your jurisdiction (GDPR in the EU/EEA, CCPA in California, PIPEDA in Canada), you may have the right to:
-
Access your personal data and know how it’s processed.
-
Request Correction if data is inaccurate.
-
Request Deletion or object to processing, subject to legal or contractual limitations.
-
Opt-Out of certain processing activities, such as marketing or AI-based analytics.
To exercise these rights, please get in touch with us at:
Email: privacy@experienceinnovation.consulting
7. Updates & Contact Information
We may update this Data Handling & Protection Policy to reflect changes in our practices or legal requirements. The “Last Updated” date above indicates the most recent revision. If you have any questions or concerns, please get in touch with us at the email above or visit our Privacy Center / Contact Page.
8. Further Details
If you would like more detailed information on our internal security and data handling procedures (including data classification, usage logs, or AI usage restrictions), you can contact our Data Protection Officer at privacy@experienceinnovation.consulting.
Disclaimer: This summary is for informational purposes and does not create any contractual obligation. For further details, please see our main Privacy Policy and Responsible AI Usage Policy.
Public-Facing Data Breach Response Policy
Last Updated: 2025.01.18
1. Purpose
Experience Innovation Consulting Inc. maintains a robust Data Breach Response Policy to identify, contain, and address potential data breaches quickly. This external summary outlines how we protect client information and communicate in the event of a breach. Our internal policy includes more specific procedures, roles, and detailed timelines.
2. Scope
This policy covers breaches involving any data we handle, such as Client Data, B2B Prospect Data, Internal Proprietary Data, and Personal Data subject to laws like GDPR (EU/EEA) and CCPA (California). We also consider AI-related data misuse within the scope if it involves unauthorized inputs or outputs from our approved AI tools.
3. Breach Detection & Notification
-
Monitoring: We use advanced tools (firewalls, intrusion detection, endpoint security) to spot suspicious activity.
-
Incident Reporting: If we suspect unauthorized access, we promptly investigate and, if confirmed, assemble a response team.
-
Notifications: Should your personal data be affected by a breach, we will notify you under applicable regulations (e.g., GDPR’s 72-hour rule). We also notify relevant authorities when legally required.
4. Containment & Investigation
-
Immediate Response: We isolate compromised systems or revoke access to minimize further risk.
-
Forensic Analysis: Our technical team (and possibly external security experts) examines logs, investigates root causes, and documents findings.
-
AI-Specific Measures: If the breach involves data passing through AI models, we review logs or tokens to determine if any sensitive or personal data was exposed.
5. Remediation & Recovery
-
System Restoration: Once the breach is contained, we repair, patch, or reconfigure systems to eliminate vulnerabilities.
-
Post-Incident Audit: We perform a security audit to confirm that there are no remaining threats and update our practices if necessary.
-
Communication: We provide impacted clients or users with steps to protect themselves (e.g., resetting passwords, identity monitoring), depending on the nature of the breach.
6. Ongoing Improvement
-
Post-Breach Review: Our breach response team compiles a final incident report, highlighting lessons learned and policy recommendations.
-
Policy & Training Updates: Based on the findings, we refine employee and subcontractor training sessions, AI usage guidelines, or any other relevant procedure.
7. External Inquiries & Contacts
Should you have questions about our breach response approach or suspect any data misuse, please contact us:
We aim to respond promptly to any data-related queries or concerns. While we strive to prevent breaches through robust preventative measures, we are equally prepared to handle incidents responsibly and transparently if they occur.
8. Policy Review & Updates
We periodically review and update this Data Breach Response Policy. The “Last Updated” date indicates the most recent revision. If we make substantial changes, we will post a prominent notice or communicate those updates.
Disclaimer: This public summary does not outline every internal procedure or legal obligation but offers an overview of our commitment to responsible breach management. For more detailed information, you may request additional documentation or review the relevant sections in our internal policy.
​