SC2 Privacy Policy

How SC2 handles your data

SC2 published on
3 min, 498 words

SC2, formally Star City Security Consulting, LLC, is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. As part of this commitment, we align our privacy practices with the ISO 27701 standard for privacy information management.

Information We Collect

  • We collect information that you provide to us directly or information that is publicly available.
  • We process information provided by our clients based on their instructions and objectives to fulfill our service commitments.

Use of Information

  • The information collected is utilized solely for the purpose of providing the services agreed upon. SC2 will not sell, share, or use any client-provided information for monetary or personal gain without explicit written permission from the client.
  • Information related to client account maintenance (contact phone, email, invoices, contracts, etc.) is considered proprietary to SC2.
  • Anonymized case studies and aggregate data analysis are performed within SC2’s scope of providing security, privacy, and business operation guidance. This is aimed at benefiting a general business audience without compromising individual client confidentiality.

Client Rights

  • Clients have the right to request deletion of any documentation provided to SC2 upon conclusion of the related task or service. However, it should be noted that all derived documentation (notes, research, etc.) remains the property of SC2 and will not be subject to deletion.
  • The relationship between clients and SC2 is built on confidentiality unless stated otherwise in writing.

Termination of Relationship

SC2 reserves the right to terminate our relationship under circumstances including, but not limited to:

  • Reasonable suspicion of engagement in unlawful conduct by the client or their associates will result in immediate termination without refund.
  • Belief that continuing our relationship compromises your best security interests.

Subprocessors

In order to provide efficient services, we utilize certain subprocessors that may handle client confidential information:

(click any processor to view their security information)

  • Microsoft Office: Utilized for storing client documents securely.
  • Microsoft Azure: Provides Identity and Access Management (IAM) services for securing access to documents and managing client credentials when necessary.
  • Perplexity.ai: Engaged for conducting research and analysis pertinent to our service offerings.

Data Protection & Compliance

SC2 has implemented appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk concerning your personal data. In alignment with ISO 27701 standards, we continually assess risks associated with personal data processing activities and apply mitigating controls accordingly.

In compliance with ISO 27701 requirements:

  1. We maintain records of processing activities under our responsibility.
  2. Ensure that individuals whose data we process are informed about how their data is handled.
  3. Regularly review compliance with applicable laws and regulations as well as internal policies.

Your trust in us is paramount. Therefore, we encourage you to contact us at [email protected] if you have any questions about how your personal information is handled within our organization.