Privacy Policy

Cytrine is committed to protecting the privacy of our clients and website visitors. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website at Cytrine.com or interact with us through other means. By using our services, you agree to the terms outlined in this policy.

Reach us via email at info@cytrine.com for any inquiries or support. For more information about our services, please visit our website at Cytrine.com.

Data Collection

Types of Information Collected

We collect the following types of information from our clients and users: name, email address, phone number, and IP address. This information helps us to effectively communicate with our clients and manage our services.

How Information is Collected

We collect information primarily through direct contact via email or phone. When clients reach out to us or engage our services, they provide us with their contact details so we can assist them and fulfill their needs.

Purpose of Data Collection

The information we collect is used for several important purposes:

• To Provide Services: We use contact information to communicate with clients and deliver the services they have requested.
• Process Orders: We require basic contact information to manage and fulfill orders or service requests.
• Improve User Experience: We analyze data such as IP addresses to better understand how users interact with our website, allowing us to enhance their experience.
• Cybersecurity: Collecting IP addresses helps us monitor and protect our systems from unauthorized access and security threats.

Third-Party Data Sharing

In our work, we only share data with third parties when it is necessary to fulfill contract requirements, such as when working with approved subcontractors or specific service providers. Any data sharing is done in strict compliance with government regulations, including ensuring that third parties have appropriate security measures in place to protect sensitive information. We prioritize confidentiality and only share data when it is essential and authorized by the contract.

Data Security

We take the protection of our clients’ data very seriously and implement several robust security measures to ensure its safety:

• Encryption: All sensitive data is encrypted both in transit and at rest, ensuring that it is protected from unauthorized access during transmission and while stored on our servers.
• Secure Servers: We use secure, regularly updated servers with strong firewalls and intrusion detection systems to safeguard data against cyber threats.
• Access Control: Access to sensitive data is restricted to authorized personnel only, with multi-factor authentication and role-based access controls in place to prevent unauthorized access.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address any potential weaknesses in our systems.
• Employee Training: Our staff receives ongoing training in data protection best practices, ensuring they are aware of the latest security threats and how to prevent them.
• Data Backup: We maintain regular backups of critical data to ensure it can be restored in case of any data loss incidents.
• Incident Response Plan: We have a comprehensive incident response plan that allows us to quickly respond to and mitigate any security breaches or threats.

Data Retention

Our data retention practices are guided by the requirements of each government contract and applicable legal regulations. We retain data for the duration specified in the contract, which often includes the entire contract period plus a defined period afterward for auditing or compliance purposes. Additionally, we follow federal guidelines under FAR and DFARS to ensure that we meet all legal obligations for data retention. Once the retention period has passed and the data is no longer needed for operational or security reasons, we securely delete the data to protect against unauthorized access and to comply with data minimization principles.

User Rights

At Cytrine, we manage and protect the data of our clients. Since our clients are typically other companies or government entities, we work closely with them to ensure that their data is handled according to their specific requirements. This might involve following strict guidelines on data storage, access, and sharing, as outlined in our contracts. We prioritize transparency and security, and we are committed to working with each client to ensure that their data is managed in a way that meets their needs and complies with any relevant legal or regulatory requirements.

Policy Updates

When we update our privacy policy, we take steps to ensure that our clients and users are informed promptly and clearly. The updated privacy policy will be posted on our website, and we will also notify users directly of any significant changes. This direct notification may be done via email or through a prominent notice on our website. Our goal is to ensure that all users are aware of how their information is being handled and to provide them with the opportunity to review the updated policy.

Compliance

Legal Compliance

Our business operates in the procurement and IT services sector, specifically focusing on government contracts. To ensure that we meet all legal and regulatory requirements, we comply with several key regulations:

• Federal Acquisition Regulation (FAR): As a government contractor, we adhere to FAR, which governs all aspects of federal procurement. This ensures that our contracts are managed according to the highest standards of integrity, transparency, and efficiency.
• Defense Federal Acquisition Regulation Supplement (DFARS): Since we also provide services to the Department of Defense (DoD) and other defense-related agencies, we comply with DFARS. This includes adhering to strict cybersecurity and information security requirements, which are critical when handling sensitive defense-related data.
• National Institute of Standards and Technology (NIST) Guidelines: To further enhance our cybersecurity practices, we follow NIST standards, such as those outlined in NIST Special Publication 800-171. This helps us protect Controlled Unclassified Information (CUI) and ensures that our IT services meet federal security standards. By adhering to these regulations, we not only fulfill our legal obligations but also ensure that we provide secure, reliable services to our government clients. This commitment to compliance is a core part of how we do business and deliver value in the government contracting space.

International Data Transfers

If we collect data from users outside the USA, we handle cross-border data transfers with the utmost care to ensure compliance with relevant data protection laws and regulations. We implement safeguards such as data encryption and secure transfer protocols to protect the data during transit. Additionally, we ensure that any international data transfers are conducted in accordance with the legal requirements of both the originating and receiving countries, such as GDPR compliance for data from the European Union. Where necessary, we also enter into data transfer agreements with our partners and service providers to ensure that the data remains protected across borders.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. These technologies help us improve user experience, analyze website traffic, and understand how visitors interact with our site. Specifically, we use cookies to:

• Improve Website Functionality Some cookies are essential for our website to function correctly.
• Analytics: We use cookies to collect anonymous data about how visitors use our site. This helps us identify popular content, monitor site performance, and make improvements.
• Security: Certain cookies help us detect and prevent security threats, ensuring that our website remains a safe environment for our users.

We do not use cookies to collect personal information or for targeted advertising. All data collected through cookies is used to enhance our services and ensure a smooth and secure browsing experience for our visitors.

Classified Information Handling

Our business is committed to adhering to the strictest security protocols when handling classified information. If we work with classified information, we ensure that all personnel involved have the appropriate security clearances, and we follow government-mandated procedures for storing, transmitting, and accessing classified data. This includes using secure communication channels, encryption, and restricted access controls to prevent unauthorized disclosure. We also regularly review and update our security practices to stay in compliance with any changes in government regulations regarding classified information.

Incident Response

In the event of a data breach or security incident, our incident response plan is designed to respond swiftly and in full compliance with government regulations. Our plan includes immediate containment and assessment of the incident, notification of affected parties as required, and a thorough investigation to identify the root cause. We also coordinate closely with government agencies to ensure that all reporting requirements are met, and we take corrective actions to prevent future incidents. Our team is trained regularly on incident response protocols to ensure a quick and effective response to any security threat.

Contact

If you wish to contact us regarding this Privacy Policy or any privacy-related matters, please contact us at info@cytrine.com