IOOGO Inc. – Commitment to Protecting Customer Data
Published as of January 1, 2020
I. Overview and Purpose:
The purpose of this Security Policy is to have certain policies in place to safeguard taxpayer or client data, and to ultimately protect against tax-related identity theft. In order to stay up to date and to keep this Security Policy responsive to the latest cybersecurity threats, we have designated our Chief Operating Officer to periodically review the standards contained herein. Our Chief Operating Officer will also evaluate the effectiveness of the safeguards in place for controlling risks to taxpayer data, and revise this policy as necessary.
II. Risk Identification and Assessment:
Although we are a small business, our clients entrust us with extremely sensitive information. The main risk to our business as tax preparers is the unintentional misuse of taxpayer data and identity fraud. When evaluating service providers, we ensure that any contract with said service provider will include a covenant requiring the service provider to maintain proper data safeguards and oversee any customer information that such service provider may come into contact with, in compliance with the Safeguards Rule.
III. Commitment to Continuing Compliance:
As mentioned in Section I, we will regularly evaluate and adjust this Security Policy and related safeguards, on a continuous basis and in regular intervals. Certain extraordinary events, such as material changes in our business or our operations, may be a cause of redrafting of the Security Policy to reflect any such change. We view our commitment to security as ongoing, and this Security Policy will be updated as such.
IV. Security and Privacy Standards for e-Filers
In accordance with the security and privacy standards laid out in IRS Publication 1345, IOOGO has in place the following standards and procedures (as of the date of publication of this Security Policy, January 1, 2020):
V. Workplace Safeguards and Standards:
In addition to our commitment to protect taxpayer data on the back end, we also have measures in place to ensure that our employees understanding how to properly handle sensitive client data. Specifically:
(b) Information Systems:
(c) Detecting and Managing System Failures:
VI. General Terms:
(a) Information We Collect:
We collect “Non-Personal Information” and PII. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. We collect information related to your business for the purpose of carrying out the Services.
(b) How We Use and Share Information:
(c) How We Protect Information
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Services, you acknowledge that you understand and agree to assume these risks.
(d) Your Rights Regarding the Use of Your PII
(e) Customer Data
“Customer Data” means all information processed or stored on the Service by you or on your behalf, as well as any information derived from such information. Customer Data includes, without limitation:
(i) information provided on the Service;
(ii) information provided to us by you regarding others or by other third parties; and
(iii) PII from such persons.
Unless we receive your prior written consent, we will not:
(i) access, process, or otherwise use Customer Data other than as necessary to facilitate the Services;
(ii) give any of our employees access to Customer Data except to the extent that such individual needs access to facilitate the Services; and
(iii) give any third party access to Customer Data.
Notwithstanding the foregoing, we may disclose Customer Data as required by applicable law or by proper legal or governmental authority. We will give you prompt notice of any such legal or governmental demand and reasonably cooperate with you in any effort to seek a protective order or otherwise to contest such required disclosure, at your expense.
You possess and retain all right, title, and interest in and to Customer Data, and our use and possession thereof is solely on your behalf.
(f) Links to Other Websites
VII. Additional Information for Users from California:
Since 2005, California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share our customer’s personal information with unaffiliated third parties for their own direct marketing purposes.
Since January 1, 2015, California Business and Professions Code Section 22581 permits you, if you are a California resident under the age of 18, to view, correct, or remove information provided by you or publicly posted by you, by accessing your Downpour account through or another product or service as applicable and editing/removing your personal information. You will need your password to access your personal account. You may also send us an email asking us to remove certain posted content using the address in the Contact Us section below. In the alternative, you may write to us using the address in the Contact Us section below.
We will be happy to review, update or remove information and/or content as appropriate. Residual copies of information and/or content that have been removed from your account and/or the Site may remain in our backup systems for approximately one month. We may still retain your information to resolve disputes, enforce our user agreement, or comply with legal requirements; in this case, your personal information will be blocked from use for any other purpose.
VIII. Additional Information for Users from the European Economic Area
We only process your personal information where we can rely on legal grounds to do so. We process your personal information for the performance of our Services, to provide or support of our products, or for any other feature you request or enable. This includes, for example, using your personal information to administer your account, provide contests or promotions in which you have enrolled; support purchases you make, support game functionality, provide global customer service, or provide a fair gaming experience by using anti-fraud technologies such as bans or blocks of accounts.
We may ask for your consent to collect or use your personal information for specific purposes. This includes, for example, providing newsletters, direct e-mails, and surveys about our Properties and certain other marketing features.
We rely on several legitimate interests in using and sharing your personal information. These interests include: to provide you with requested customer service or technical support, to debug and improve our current and future Services, in order to give you exclusive content, personalize your online experience with us and contact you in accordance with applicable marketing preferences, exploring ways to develop and grow our operations, ensuring the safety and security of our Services, and for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.
We process your personal information for compliance with a legal obligation to which we are subject.
You may object to the processing of your personal information based on a legitimate interest on grounds relating to your particular situation. You may control the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time using the contract information listed above.
In certain circumstances, you can request that we transfer personal information that you have provided to us. You can send your request to us using the contact information listed above.
Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information at any time.
IX. Disclosures to Users Outside the United States and the European Economic Area (EEA)
If you are a visitor to the Site or other online products and services from outside the U.S., the personal information you provide will be collected, processed and stored directly on, or transferred to, servers in the United States or other countries that may not have equivalent data protection laws to the country where you reside.
When we transfer your personal information outside the EEA we rely on appropriate or suitable safeguards recognized under applicable data protection laws. For example, when we transfer personal information collected in the EU to locations outside the EEA, we rely on transfer mechanism adopted by the European Commission to help establish adequate safeguards, like Standard Contractual Clauses or consent of the individual to transfer personal information from the EEA to non-EEA countries. By using our Services, you expressly consent to such collection, transfer, and processing. We may also need to transfer your personal information to provide the Services to you in accordance with our existing agreements to you.
X. EEA-Specific Rights
If you are located in the EU, upon request, we will provide you with information about whether we hold any of your personal information along with any details required to be provided to you under applicable law. In certain cases, you may also have a right to:
To submit a request, please contact us as set forth in the Contact Us section below. We will respond to your request within a reasonable time.
If you have any complaints regarding our privacy practices, we ask that you reach out to [list email], as set forth in the Contact Us section below. You also have the right to submit a complaint with your national data protection authority (i.e., supervisory authority).
XI. Contact Us
Last updated: December 15, 2019