(415) 374-8000 contact@andiamo-group.com

Privacy Policy

Last Updated: 09/30/2024

Andiamo! Group shall hold in trust for Company and shall not disclose to any non-party to the Agreement or make any use of any confidential information.

The parties acknowledge that in the course of Andiamo! Group performing the Services for Customer hereunder, the parties may become privy to information of a confidential or proprietary nature which discloser shall deem or consider a trade secret and/or confidential information (collectively, “Confidential Information”). The term “Confidential Information” does not include any Excluded Information, which shall mean information that was:

(a) already in the possession of the recipient without an obligation of confidentiality;
(b) developed independently by the recipient, as demonstrated by the recipient, without use of, or reference to, the discloser’s Confidential Information;
(c) lawfully obtained from a source other than the discloser without an obligation of confidentiality;
(d) publicly available when received, or thereafter becomes publicly available (other than through any unauthorized disclosure by the recipient); or
(e) approved in writing to be disclosed by the discloser (collectively, “Excluded Information”).

A recipient shall maintain all Confidential Information in trust and confidence and shall not publish, disseminate or otherwise disclose any Confidential Information to any third party without the written consent of the discloser or as may be permitted under this Agreement. The recipient may only disclose Confidential Information to the recipient’s employees, agents, or persons within its control (“Permitted Transferees”), provided, at all times, that any such disclosure is limited to a need-to-know basis and only after the Permitted Transferees have been advised of the confidential nature of such Confidential Information and provided that they are bound by confidentiality obligations substantially similar to the obligations imposed on the recipient herein.

Notwithstanding anything to the contrary, the recipient shall be liable and responsible towards the discloser for any disclosure made by any of the Permitted Transferees. Disclosure of Confidential Information shall not be prohibited if such disclosure is:

(i) in response to a valid order of a court ordering such disclosure; provided, however, that the recipient shall first have given at least fifteen (15) days’ advance written notice to the discloser; or
(ii) otherwise required by law.

The recipient shall promptly advise the discloser of any discovered breach by the recipient or its representatives and shall reasonably cooperate, at the recipient’s expense, in retrieving the disclosed Confidential Information and restricting any continuing breach.

Andiamo! Group will comply with all applicable privacy and data protection laws and self-regulatory principles governing the collection, use, and disclosure of Personal Information collected or processed, including, but not limited to, as applicable from time to time, the General Data Protection Regulation (“GDPR”) or the California Consumer Privacy Act (“CCPA”). Personal Information shall mean information that either:

(i) directly identifies an individual or household;
(ii) can be used to identify an individual or household; or
(iii) is considered Personally Identifiable Information by applicable laws, rules, or regulations, including industry self-regulation, and by way of example, the GDPR, CCPA, CPRA.

Andiamo! Group shall implement and maintain appropriate technical and organizational measures to protect any Personal Information in their possession or control from:
(i) accidental or unlawful destruction, loss, alteration, or unauthorized disclosure; and
(ii) unauthorized or unlawful access, loss, or processing; and shall ensure that these measures provide a level of security appropriate to the risk represented by any processing and the nature of the data to be protected, generally accepted best practices, and legal or regulatory requirements.

At a minimum, Andiamo! Group shall ensure that any Personal Information it processes is encrypted at all times, in transit and at rest. Andiamo! Group further represents and warrants that for the duration of the relationship between the parties, it shall, on an annual basis, engage a regionally recognized third-party independent auditor to complete a SOC 2 Type II, ISO 27001:2013, or similar certification covering all the areas involved in the provision of the Services, and make such reports or certifications available to Customer upon request.

Andiamo! Group will protect Personal Information processed in order to provide the Services against a Security Incident and will promptly notify the other party of any Security Incident impacting Personal Information without undue delay (and in any event within 24 hours of becoming aware) and provide reasonable information upon request regarding the nature of the incident and the efforts undertaken to remediate the issue. Andiamo! Group will take such measures as the Customer may reasonably deem necessary to mitigate or remedy the effects of the Security Incident. In this context, “Security Incident” means any confirmed or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information collected to provide the Service.