At Talk With Lead we recognize that your privacy is important. In order to provide products and services to our customers we collect, use, and may disclose some personal information. Protecting this information is one of our highest priorities.

We will inform our customers, and potential customers of why and how we collect, use and disclose their personal information, obtain consent when required, and only handle their personal information in a matter that a reasonable person would consider appropriate.

This Privacy Policy outlines the principles and practices we follow in protecting personal information.


Information Collected

In order to provide our full range of services, we may collect the following types of information:

  • Information you provide - When you sign up for a Talk With Lead service we request personal information such as your name and email address. We also request payment details such a credit card number or other payment account information which we maintain on secured servers.
  • Cookies When you visit Talk With Lead, we send one or more cookies – a small file containing a string of characters – to your computer or other device that uniquely identifies your browser. We use cookies to improve the quality of our service, store user preferences, and track user trends, such as how people navigate our web site.
  • Information you provide When you access Talk With Lead’s web sites, our servers may record information about your visit. This information may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
  • Information you provide When you send email or other communications to Talk With Lead, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.


How We Use Personal Information

We will only collect personal information that is necessary to fulfill the following purposes:

  • To verify identity.
  • To verify creditworthiness.
  • To identify preferences.
  • To open and manage an account.
  • To deliver requested products and services.
  • To deliver invoices and process payments for our products and services.
  • To provide support for our products and services.
  • To collect past due balances.
  • To contact our customers and potential customers.
  • To meet regulatory and legal requirements.


How We Share Information

Talk With Lead only shares personal information with individuals and companies in the following limited circumstances:

  • When we have your consent. We require opt-in consent for the sharing of any sensitive personal information.
  • When providing such information to other trusted businesses or persons for the purpose of collecting payments on our behalf. For example to process credit cards we must send your credit card information to Visa or MasterCard.
  • Some Talk With Lead products and services may be provided, in full or in part, by trusted third parties. We may provide personal information to such parties in order to provide you with these services.


We may collect, use or disclose personal information without your consent in the
following circumstances:

  • When the collection, use or disclosure of personal information is permitted or required by law.
  • In an emergency that threatens an individual’s life, health, or personal security
  • When we require legal advice from a lawyer.
  • To protect ourselves from fraud.
  • To investigate a breach, suspected breach, or anticipated breach of an agreement or contravention of law.


This Privacy Policy applies to products and services provided by Talk With Lead. We do not exercise control over third party sites that we may link to. Such sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.

If Talk With Lead becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal information is transferred and becomes subject to a different privacy policy.


Consent

We will obtain consent to use or disclose personal information except where, as noted above, we are authorized to do so without consent.

Consent can be provided or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and you voluntarily provide personal information for that purpose.

Consent may also be implied where a customer or potential customer is given notice and a reasonable opportunity to opt-out of this or her personal information being used for mail-outs, announcements, the marketing of new services or products, and you do not opt-out.


Securing Personal Information

We are committed to ensuring the security of personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or similar risks.

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. Examples include restricting employee access to personal information; the use of locked filing cabinets; physically securing offices where personal information is held; the use of encryption; the use of firewalls. We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.

We restrict access to personal information to Talk With Lead employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals and companies may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

We will not sell client, customer, member lists or personal information to other parties.


Accessing to Personal Information

Talk With Lead customers have a right to access their personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We will make the requested information available within 30 business days, or provide a written notice of an extension where additional time is required to fulfill the request. We perform this service free of charge, except if doing so would require an extraordinary effort. If a fee applies we will inform the customer of the cost and request further direction from the customer on whether or not we should proceed with the request. If a request is refused in full or in part, we will notify the customer in writing, providing the reasons for refusal and the recourse available.


Personal data

1. Personal data – as stipulated by Article 4(1) of GDPR means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Rights of Users. Right of access

In accordance with Articles 15 – 22 of GDPR, all users have the following rights:

1. Right of access (Article 15 of GDPR)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. In accordance with Article 15, the Controller shall provide a copy of the personal data undergoing processing to the data subject.

2. Right to rectification (Article 16 of GDPR)

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.

3. Right to erasure (“right to be forgotten”) (Article 17 of GDPR)

The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) the data subject withdraws consent on which the processing is based

c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing

4. Right to restriction of processing (Article 18 of GDPR)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, pending their rectification

b) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

c) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

5. Right to data portability (Article 19 of GDPR)

6. Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

7. To enable correct identification, the request should be sent from the e-mail address used for registration. It is implementation of Article 12(6) of GDPR. The request may be also submitted by mail – the user should send a registered letter with the request to the postal address of the Company managed by the Controller.

8. As stipulated by the law, the Controller shall respond to the requesting user within up to one month, specifying the steps undertaken. If such steps are not undertaken, the Controller shall inform the requesting user accordingly.

9. The Controller’s activity is subject to complaint lodged with a supervisory authority.

Safeguards

The Website is equipped with safety measures in order to protect personal data controlled by the Controller against loss, improper use and modification. The Controller holds relevant documentation and has implemented appropriate procedures related with protection of personal data in the company.

The Controller ensures that all disclosed information are protected in compliance with the applicable law and safety protection standards, in particular:

a) The personal data collected by the Controller may be directly accessed, in compliance with Article 29 of GDPR, only by authorized employees or business partners of the data Controller and authorized individuals managing the Website, holding relevant authorizations.

b) The Controller declares that in compliance with Article 28 of GDPR, where provision of services is to be carried out on behalf of the Controller by other entities, the partners are required by the Controller to ensure appropriately high standards of protection of the personal data to be processed, to enter into relevant processing agreements confirming that the standards are applied by the partners and that the entities’ compliance with such standards is subject to control.

c) In order to ensure due protection for services provided electronically, the Website Controller applies a high level of safeguards, including cryptographic protection of personal data transmission (SSL protocol) in accordance with section C to the Regulation of the Minister of Internal Affairs and Administration on recording of processing of personal data as well as technical and organizational conditions to be met by IT devices and systems used for processing of personal data of 29 April 2004 (Journal of Laws of 2004 No. 100, item 1024).

d) Due to the public nature of the Internet, use of services provided electronically may involve risks, irrespectively of due diligence applied by the data Controller.


TalkWithLead security and data storage

We take the security of your data very seriously at TalkWithLead. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.

Data transmission and storage security is imperative in the modern enterprise. That’s why we have taken all measures to keep all information appropriately protected.

Our data centers are in the cloud and it’s protected inaccordance with all telecommunications standards.

Our staff is granted access only in their respective fields and day to day work. They are also required to maintain confidentiality after departure from the company.

TalkWithLead developers treat stored data of customers with the highest level of security and care. Each piece of customer data is treated as personal and in need of standardized protection. We have employed security policies which ensure safety of the data storage and transmission.

All TalkWithLead connections are encrypted with 256bit SSL protocol. There is no expiration date on the stored data. The data will remain on our servers even if a client does not extend his or her license.


Security of information

TalkWithLead is in the compliance with the following information related security and monitoring procedures:

Documented and defined security standards and procedures

Employee confidentiality agreement

Verification of employees who have access to customer data

Access to information granted only to employees who need to work with customer data

Access to customer data is limited within 24 hours of employee departure or relocation within TalkWithLead

Training on internal security policies and raising of security awareness as a day­to­day process

Physical security of the data center Physical security ensured by data centers provided to and by TalkWithLead meets the following requirements:

Secure rooms with at least two access mechanisms, i.e., key­cards, man traps, security guards, and computer room badge ­in

Authorized employees only are allowed physical access to the servers. 24/7 security at the location

Backups of customer data are stored on­site with limited access and at a securely controlled or commercial off­site location

The site guarantees additional protection such as uninterruptible power and fire suppression

Flawed components in the data center undergo DoD­approved “erase” or “wipe” procedure (if functionally possible) prior to physical destruction.


Technical controls

TalkWithLead supports technical controls to provide protection to its network and systems:

TalkWithLead utilizes professional facilities via a top tier provider that protect customer data from external threats

TalkWithLead maintains individual accountability for employees that can access systems customer data

TalkWithLead has documented user account/password management systems for employees with access to systems that are customer data

TalkWithLead ensures that individual access to customer data is controlled, i.e., a diverse user name and password is required for each individual administrator

Customer data is compartmentalized to prevent unauthorized access and separated from the data of other customers

Access to customer data is protected by hardened passwords rotated on a 90 day basis

Wireless connectivity to network customer data is protected using security mechanisms such as EAP, TTLS, TLS, or PEAP

TalkWithLead data center has formal security policies and procedures in place that deal with viruses, other malware and related threats


Usage

To ensure protection of confidentiality, integrity, and availability of customer data, TalkWithLead meets the following usage criteria:

Each user is assigned a unique ID

User IDs and passwords can be edited at any time

Passwords must be at least 5 characters long

The application and resulting access to data in the database has based ­on permission controls limiting access to only authorized customers

Each change of user login status is logged within each application

All logs are treated as confidential information and access to reports can be restricted using the permission system

Reporting of this information is available within each instance of TalkWithLead

If confidential data, personal data (i.e., names, addresses, phone numbers), or authentication information (i.e., passwords) is transmitted, TalkWithLead ensures security by employing 256bit SSL encryption between each component of the communications path

TalkWithLead security policy assumes customer data retention is permanent and is designed to that standard


Questions and Concerns

Talk With Lead regularly reviews its compliance with this Privacy Policy. Questions and concerns regarding this Privacy Policy may be made by contacting us through our web site or by writing to us. When we receive formal written complaints at this address, it is Talk With Lead’s policy to contact the complaining user regarding his or her concerns.