Data Handling Policy

This document defines the Data Handling Policy for the storage, protection and usage of Customer Transactional Data at PredictHQ, as required during the use of Beam.

Definitions

For the purpose of this policy, the following definitions apply:

Customer Transactional Data: The data that defines the customers business transactions, which are required for correlating demand when using Beam.

Customer names, contact information, PII or payment information is NOT covered by this policy.

Principles

Purpose Limitation and Relevance

Any Customer Transactional Data that is provided to PredictHQ, as a requirement of using Beam, will be used solely for the purpose of correlating demand for that customer, and the creation of non-identifiable derivatives. The data will not be used for any purpose outside of this scope without prior agreement.

Beam Data Storage and Security

Customer Transactional Data will be stored in a specific database, separated from PredictHQ’s own event data. The access to and administration of this database is restricted to PredictHQ employees that have a specific business requirement to do so and is strictly audited. The Customer Transactional Database will utilise encryption at rest.

Access Control and Auditing

Access to the Customer Transactional Data is restricted to a subset of PredictHQ users by the use of appropriate security group and role based controls (eg: an Administrator). Any transmission of Customer Transactional Data (eg: when uploading to Beam, when processing the data, or when viewing results) is encrypted. All interactions with Customer Transactional Data is recorded and tracked via a detailed audit log.

Integrity and Deletion

The customer has complete control over their Transactional Data and may delete their data at any stage via the Beam UI in Control Center. A notification isdisplayed to users when they are uploading their data to advise them of the usage of the data, and how they can easily view and delete any data they have uploaded.