Privacy Notice

Introduction

MANUS 360 is a professional services company (Company) which provides a range of services to include audit and assessment; consulting; training and professional development; compliance management; or other services. In the course of doing business, the Company may need to collect privacy information to support and enable business transactions with individuals and other companies. 

Generally, you as the individual or company initiates such requests. In any case, the privacy policies, practices, standards, procedures, and other processes conveyed in this Privacy Notice apply. The Company's internal Privacy Policy is aligned with the intent of this Privacy Notice, documenting specific requirements and processes to protect you, our customers. 

The Company does not have a reason to, or intend to do business with children, and does not attempt or solicit business from minors, of any age, and therefore the Company does not implement practices to protect the special rights of children defined in various laws.

The company understands that you are aware of and care about your own personal privacy interests, and we take your interests seriously. This Privacy Notice describes the Company’s policies and practices regarding the collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice, at any time that the Company believes necessary, as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

The Company is headquartered in Tampa, Florida, which is located in the United States. The Company has appointed an internal, highly qualified  data protection officer (DPO) for you to contact if you have any questions or concerns about the Company’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to the Company’s DPO. The Company’s DPO’s name and contact information are as follows:

MANUS 360 

Attn: Dallas N. Bishoff

141 E Palace Avenue

Garden Suite A

Santa Fe, New Mexico, USA 87501

EMAIL: dallas@manus360.com  or  PHONE: 1-505-357-3750

Collection, Use (Processing) of Personal Information

The Company may collect personal information, as provided by our clients and customers. Generally, the information collected is the same kind of information that can be found on a business card so that we may understand the various ways that we can communicate with each other. We use this information to provide our clients and customers with goods and services, which are part of the professional services defined in the Introduction section of this Privacy Notice.

We do not sell personal information to anyone and only share information with a third-party as necessary to ensure the delivery of goods and services. All such third-party entities are subject to a non-disclosure (NDA) clause in our contractual agreement. This includes our role as a data controller, and our relationship(s) with data processors.

Examples which illustrate the need and intent of processing your personal information includes our legitimate interest in processing data to better understand the needs, concerns, and interests of our clients and customers so that we can validate and enhance our goods and services, and for reasons that may be related to fraud prevention. 

In certain cases, our ability to provide you with goods and services you have requested may require the use of a payment card. The Company uses one or more third-party entity, certified as a PCI-DSS compliant payment processing service, but the Company does not have access to

or retain your credit card data. In limited scenarios, the Company, at the request of the client or customer, may be required to manually enter your credit card information to complete a transaction. In such cases, the Company does not retain your credit card data beyond the point where the transaction is successfully completed. Any payment card information is entered as instructed and then deleted or destroyed.

In the process of conducting ongoing business with our clients and customers the Company must retain personal data to ensure the ability to maintain our mutual relationship, because of a permissible legitimate interest, or as required by law or a law enforcement purpose. Therefore, until either the Company or a client and customer determine otherwise, we do maintain records of transactions and communications. The Company does have practices to ensure data minimization, to include the ability to process a data subject request (DSR) that may stipulate a change in consent, either partial or may convey a request for complete erasure. The company will provide a written notice of disposition, and when necessary, identify a legitimate reason why the Company cannot honor the request, in part or completely.

In summary, the Company relies on your consent, and we attempt to maintain accurate records, which allows us to honor your choices, process your requests, and manage our relationship. 

Use of the MANUS360.COM Website

As is the case with most websites, the MANUS 360 website, along with internet practices outside of the control of the Company, collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of the MANUS 360 website, including a history

of the pages you view. We use this information to help us understand how to improve site usage to better service you, our clients and customers. This includes any troubleshooting or ability to respond to your service request. Examples of data that may be captured include analysis trends, tracking of visitor usage and movement within the website, and to gather broad demographic information.

Currently, the Company does not attempt to collect information related to cookies and web beacons. If, and when necessary, the Company will provide a separate Cookie Notice, which shall be published on the MANUS 360 website.

Restrictions on Sharing Information

Information about our clients and customers, is only shared with other parties when it is necessary to honor and deliver the goods and services that you have agreed to. In such cases, the Company invokes a non-disclosure clause in our agreements with any such third-party.

Personal Data Transfer to the U.S.

The Company conducts business with our clients and customers globally, to include potential transactions with entities that exist within the European Economic Area (EAA), or otherwise protected by the European Union’s General Data Protection Regulation, known as GDPR. 

Regardless of the geolocation of our clients and customers, personal data is collected and maintained in the United States. The Company attempts to maintain awareness and comply with

appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA.

The provisions of this section may be applicable to other geographic regulatory domains, and their evolving requirements. The Company attempts to maintain ongoing awareness and adapts Company policies, procedures, and practices as many be necessary from time to time.

Data Subject Rights

Various regulatory regions and domains establish and assert the rights of data subjects, to include GDPR. A good example is available on the website of the United Kingdom’s Information Commissioner’s Office. However, the exact data subject rights can and do vary across the regulatory regions and domains.

This Privacy Notice is intended to provide you with the information about what personal data the Company collects about you and how it is used. If you have further questions, please contact the Company Data Protection Officer at dallas@manus360.com with relevant details of your request.

This may include questions about how your data is processed, or who may have access to your personal data. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside of the Company might have received or have access to your data; what the source of the information was in those cases where data is collected from other sources; and how long it will be stored. You have a right to correct (rectify)

the record of your personal data if the information is incorrect. You may request the Company to erase that data or cease processing it, subject to certain restrictions. You may also request the Company to cease using the data for direct marketing purposes. In many countries you have the right to lodge a complaint with the appropriate data protection authority if you have concerns about how the Company processes your personal data.

When technically feasible, at your request, the Company will provide your personal data to you or transmit it directly to another data controller and will honor other data subject requests (DSRs). The Company reserves the right to charge a reasonable handling request for such a request, when not otherwise prohibited by law. When the Company is in receipt of a DSR that cannot be acted on promptly the Company will notify you as such and provide relevant details. In

the rare case where the Company cannot honor a DSR you will be provided with a written explanation.

Security of your information

In the context of this Privacy Notice, the Company acts as a data controller, as defined by law, and is responsible for the oversight and compliance of any third-party entity acting as a data processor at the direction and under contract to the Company. The company maintains highly qualified information security and privacy professionals who oversee the administrative, physical, and technical safeguards and countermeasures that protect your personal data at rest, in transit, and in use within various technical, virtual, and physical environments. We update and

test our security technology on an ongoing basis. We also ensure and provide ongoing oversight of our associated business partners that support our relationship with you, and the protection of the personal data of our clients and customers.

We restrict access to your personal data to those employees who need to know such information to provide benefits and services to you, our clients and customers. In addition, we provide regular training to our employees about the importance of confidentiality and maintaining the privacy and security of your information. As part of our culture, as well as external mandates, we commit to take appropriate disciplinary measures to enforce our employee’s privacy responsibilities, which is periodically re-enforced through our information

security and privacy education, training, and awareness program.

Data Storage and Retention

All personal data is stored on computing devices with encryption enabled to address confidentiality requirements and to protect against unauthorized access and disclosure of sensitive data. This includes the servers of the cloud-based storage, data management, and customer relationship management services that the Company has engaged as part of the goods and services strategy designed to meet your needs.

All of the cloud service providers (CSPs) contracted by the Company maintain a range of different privacy and security certification standards, but are at least ISO 27001 Information Security Management System (ISMS) certified, and are regularly audited. 

Our relationship with Microsoft ensures that our primary computing environment is also addressed by ISO 20000 Service Management and ISO 27701 Privacy Information Management System (PIMS) certifications. This includes our use of Microsoft 365 Office suite solutions that include video conferencing and messaging, as well as our implementation of Dynamics 365 solutions for customer relationship management (CRM) and Dynamics 365 Business Central, our enterprise resource planning (ERP) solution. All of these products are AI-enabled through Microsoft Copilot. 

The Company maintains ongoing awareness of, and a copy of the certification and audit records so that we have a continuous understanding of how such service providers enable the Company to meet our privacy and security commitments to our clients and customers.