This policy outlines the steps Avantos, Inc. takes to comply with privacy legislation affecting its handling of personal data from employees, customers, website users, subscribers, and other stakeholders. It applies to all Avantos, Inc. systems, processes, and personnel, including third parties with access to its systems.

Applicable Legislation

Mosaic IQ adheres to various national and international privacy laws including GDPR, CCPA, PIPEDA, and others, which govern the collection and use of personal data across different regions.

Key Principles for Data Processing

  • Lawfulness, Fairness, and Transparency: Data is processed lawfully and transparently.

  • Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes.

  • Data Minimization: Only necessary data is collected.

  • Accuracy: Data is kept accurate and up-to-date.

  • Storage Limitation: Data is retained only as long as necessary.

  • Integrity and Confidentiality: Data is processed securely to prevent unauthorized access.

Data Subject Rights

Individuals have rights including access, rectification, erasure, and more, with procedures in place at Avantos, Inc. to support these rights within legally required timelines.

Lawfulness of Processing

Avantos, Inc. establishes a lawful basis for data processing, such as consent, contractual necessity, legal obligation, vital interests, public interest, or legitimate interests.

Privacy by Design

All new or significantly changed systems that handle personal data undergo privacy impact assessments to ensure privacy considerations are integrated.

Data Protection Officer (DPO)

A DPO is appointed if required by law, to oversee data protection strategies and compliance.

Breach Notification

In case of a data breach, affected parties and relevant authorities are notified within the required timelines, in accordance with Avantos, Inc.'s Security Incident Response Policy.

International Data Transfers

Data transfers across borders are conducted within the framework of legal adequacy decisions, or under safeguards like standard contractual clauses if adequacy decisions are unavailable.

Compliance Measures

Avantos, Inc. maintains clear documentation of processing activities, ensures all personnel handling data are trained, and regularly reviews its data protection practices to align with legislative requirements.

Exceptions

Exceptions to this policy are evaluated based on business needs, local circumstances, or legal requirements, with alternative approaches approved by management.

Enforcement and Audits

Violations of this policy may lead to disciplinary action. Avantos, Inc. conducts annual reviews of its privacy practices to ensure compliance and adapt to changes in law or business operations.