Summary: WisePlant Group LLC is strongly compromised with its commitment to maintain personal and customer data private and secure. We create policies and procedures for privacy and use the most advanced systems to make sure that there is no unauthorized access or improper use.

We are using google online translation services from English to other languages. The translation to other languages might not be accurate and may have been mistaken. Additionally, some words should not be translated. This is provided only to users who cannot read English.

Summary

This privacy policy establishes the terms in which WisePlant Group LLC uses and protects the information that is provided by our subscribers and customers at any of our websites or tools which are available online either Internet or Intranet. This company is committed to the security of the data of its users. When you request something or complete fields of a form providing us with personal information with which you can be identified, we do this by assuring that it will only be used in accordance with the terms of this document. However, this privacy policy may change over time or could be updated for what we recommend and emphasize you to review frequently this page to make sure you agree with those changes.

Our websites use and capture some information to provide the best possible service, particularly to maintain user records of purchase orders when applicable and improve our deliveries.  We may send emails periodically through our information services with exclusive offers, new products, and other advertising information that we consider relevant to you or that may provide you with any benefits, these emails will be sent to the address you provide and may be cancelled at any time.

Because of our adherences and compliance to industrial cybersecurity standards, laws, and regulations, for the nature of our services and critical category of systems we supply we have requirements to restrict access to information that may be used for social engineering purposes or access confidential documents that are provided through our customer sites, strategic partners, integrators, or suppliers as result of a commercial, contractual, or service activity.

WisePlant Group LLC is strongly compromised with the commitment to maintain the information secure. We use the most advanced systems and update them constantly to make sure that there is no unauthorized access.

You also need to review our Information Security Policy as these two are often found intimately related.

Which are our systems?

Our systems, websites and domains that are reached by our privacy and information security policies are as follows:

A. Public Websites

• https://WisePlant.com (our main website)
• https://WiseCourses.com (our main website for training)
• https://WiseGroup.info (our main website for project management)

B. Discontinued, unsupported or deprecated:

• https://Academy.WiseCourses.com (discontinued and currently into WiseCourses.com)
• https://support.WisePlant.com (Intranet, maintained to be replaced or discontinued soon)
• https://wbs.WisePlant.com (currently being used for testing purposes only)

C. Platforms:

• The RMS/ZCM Cybersecurity Risk Management System
• Microsoft Office365 suite and Microsoft Teams licensed to WisePlant Group LLC

Similarly, we have identified and listed all subsystems, resources, e-mail servers and vendors with whom we exchange information that could involve information from our users, subscribers, customers and/or critical system vendors. We oversee and monitor these processes to ensure that the data is treated in the same way and overall, in accordance with our corporate policies.

Which data is collected?

Personal Data

Our websites can collect personal information, for example: Full name, contact information such as your email address and demographic information. If necessary, more specific personal information may be required for specific purposes such as processing an order, making a delivery, or billing. Your professional activity and history will always be with you, whoever you work for. Professional records, such as certifications, and others might be retained.

Business Data

Our websites can collect information of the company for example: company name, contact information as your address, Zip code, legal address, administrative information, tax ID, bank details, commercial references, technical activities, services, and other commercial documents. If necessary, specific information may be required to process an order, require a payment, or make a delivery or billing. See our Information Security Policy (CIA).

Service Data

All sensitive information that we might have received to perform or execute a specific service or being part of a project will be retained during the execution of the service and after the formal closing of the service, during a brief period, and according to the service retention agreement with the customer, typically 30, 60 or 90 days.

After the retention period is completed all confidential, sensitive information related to customer control systems, facilities, risk assessment, will be completely deleted from our servers and repositories, including website, corporate Microsoft exchange, corporate Microsoft share points, and OneDrive for business.

We encourage all our customers not to send sensitive information through email and only use official approved secure encrypted exchange procedures.

e-Commerce

When you purchase from us, for yourself and/or on behalf of your business activity, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our system
• Comply with any legal obligations we have, such as calculating taxes
• Improve our portfolio offerings
• Send your marketing messages if you choose to receive them

If you create an account, we will store your name, address, email, and phone number, which will be used to populate the checkout for future orders.

We store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews if you choose to leave them.

Contractual, legally binding, and electronically signed documents

We use two digital platforms for signing digital legally binding contractual documents. These platforms are:

• SecureCloud within the WisePlant.com website.
• ContractHub from ContractHub.com.

WisePlant.com supports signing digital documents directly on the web from where users can download the signed contract. Signed contracts will be accessible from the user profile. You can access your contracts from the contract menu inside the user profile where you can view all the contracts created, add new contacts and view/print contracts signed. This contract will be kept for a minimum period of 10 years for legal and compliance reasons.

Digitally contracts signed through ContractHub will remain archived within ContractHub servers and WisePlant exchange servers for longer periods of time, typically up to 10 years. (We have plans to discontinue this service by the end of 2022 and signed contracts will be moved to our exchange repository servers).

Your comments on our website

We offer different modules for different purposes. When visitors leave comments on the web, we collect the data displayed in the comment form, as well as the visitor’s IP address and the browser’s user-agent chain, to help detect spam.

Some locations on the Web are required for moderation. After the approval of your comment, the image of your profile might be visible to the other members of the group in the context of your comment.

Multimedia Content

If you upload or share images to the web avoid uploading images with location data (EXIF GPS) included. Web visitors can download and extract any location data from the images on the web. Some of our forms need to attach other documents as blueprints. For example: a form to receive and quote you are required to provide more specific technical information.

Cookies

A cookie refers to a file that is sent to request permission to be stored on your computer, accepting the file is created and the cookie then serves to have information regarding web traffic, and facilitates future visits to our Web in a recurrent manner. Another function that has cookies is to recognize you individually and therefore provide the best personalized service.

Our websites use cookies to be able to identify the pages that are visited and their frequency. This information is used only for statistical analysis and then the information is permanently eliminated. You can delete cookies at any time from your computer. However, cookies help to provide a better service of the websites, you are not giving access to information from your computer or from you, unless you want it and provide it directly, during a visit to one of our pages. You can accept or deny the use of cookies; however, most browsers accept cookies automatically as it serves to have a better web service. You can also change the settings of your computer to decline cookies. If they are declined, you may not be able to use some of our services.

If you leave a comment on our site, you could choose to save your name, email address and web site in cookies. These are for your convenience, so you don’t have to re-enter the data when you post another comment. These cookies will last typically for a period of up to one year.

If you use an account and start session at our websites, we will set up a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close the browser.

When you start a session with your user and password, we will also set up several cookies to save your login information and your on-screen display options. Logon cookies last two days and screen-option cookies last one year. If you select “Remember Me,” Your Logon will be maintained during some weeks. If you close the session, the logon cookies will be deleted.

If you edit or publish an item, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the publication ID of the article that is to be edited and expires after 1 day.

Embedded content from other Websites

The articles in Our websites can include embedded content (e.g., videos, images, articles, etc.). The embedded content of other Web sites behaves in the same way as if the visitor had visited the other website. By corporate policy we do not embed videos from YouTube, Vimeo, or free other free services. All embedded multimedia content is hosted on our own services or on cloud servers, private, exclusive, developed, maintained, and managed by WisePlant Group LLC.

We don’t use any public service such as Google Analytics or similar, since these websites can collect data on you, use cookies, embed a third-party tracking system, and monitor your interaction with that embedded content, including tracing your interaction with embedded content if you have an account and are connected to that Website.

Telephone conversations

For quality control, the telephone communications that are developed through the corporate communications lines can be recorded.

Webinars and Web sessions

Online sessions of the virtual type can also be recorded. In case of being recorded we will notify you as well as you should notify us in advance if you have any mechanism of recording or capturing images or pictures. The recordings might be kept for several years, especially if those are a result of public or private grupal activities.

Webinars are events that are made through WEB services open to the public and in general for a diverse audience under subscription. There are several ways to do the webinars. Usually, our webinars are recorded until the speaker’s session ends. Once the question-and-answer exchange begins, the recording usually stops. Attendees are free to ask live or through chat.

We use the following official web meeting services:

• Microsoft Teams
• WisePlant.com self-hosted web meeting

LMS – Learning Management System

We collect information about you during the course as well as information relating to your course progression and quiz performance, certificate. Since we provide certificate auditable activities, we must keep evidence of learning activities and history of these activities, if these certificates are valid.

Statistics and Analytics

We use our private while label analytics technology for statistical purposes in addition to our own tools every time you log on to one of our WEB systems, complete an action or send us a form. We don’t use Google Analytics on any of our systems and modules, or any other popular systems. Your individual activity is only used by our team members and not shared with anyone else outside WisePlant Group LLC security and administrator members.

Links to Third Parties

The websites of WisePlant Group LLC could contain links to other sites that might be of interest to you. Once you click on these links and leave our page, we no longer have control over the site to which it is redirected and therefore we are not responsible for the terms or privacy or the protection of its data on those other third sites. These sites are subject to their own privacy policies, so it is recommended that you consult them to confirm that you agree with these.

We review links to third-party sites to make sure we refer to secure sites with encrypted links and security keys. (SSL certificates, HTTPS, …)

Social Networks

Our content does not come from social networks or host linked or embedded content obtained from social networks (Facebook, Twitter, Instagram, LinkedIn, …). In general, the contents of our Web sites can and are usually published or referred to in social networks, but not the other way around.

Mail logging

When you use this site several actions (e.g. commenting) trigger the dispatch of emails. They contain information about you associated with your email address. Which data are part of these emails depends on the action performed? These emails are stored and accessible to the site management as logs.

Mail Servers

All our mail messages are managed by Microsoft Exchange and Microsoft 365 email servers under @wiseplant.com, @mirellina.com, @wisegroup.info, @wisecourses.com domains. We don’t use any other domain and we don’t use any other free services such as Gmail, Hotmail, or anything similar.

With whom do we share data?

Your data is not published, disseminated, marketed, or ceded to any organization except as required by some of the companies that are part of WiseGroup companies. We don’t share our list of customers, don’t post on the web, and dot provide any information about our existing customers when presenting quotations to new potential customers.

How long do we keep your data?

If you leave a comment, the commentary and its metadata are retained indefinitely. This is so that we can recognize and approve any tracking comment automatically instead of keeping them in a moderation queue.

For users who register on our website (if applicable), we also store the personal information they provide in their user profile. All users can view, edit, or delete their personal information at any time (except that they cannot change their username). Web site administrators can also view and edit that information.

What is your right over your data?

If you have an account on any of our websites or left comments, you can request a file exported with the personal data that we have, including the data you have provided us. You can also request that we delete any personal data that we have. This does not include data that we are obliged to maintain for administrative, legal or security purposes.

Where do we send your data?

Visitors’ comments can be verified through an automatic spam-detection service. The data that are captured for commercial, contractual, or transactional purposes are used by our administrative, logistical, and operative departments to execute, develop, or perform the service subject to the relationship. Your data is not sent to third parties except our suppliers. Example: Issuance of a software license acquired in your name, transfer of guarantee to your name by an acquired products or service, escalation of technical support cases, or others and any subject of the binding relationship.

Government organizations such as customs, tax collection agencies, if the laws of each country require so. Service providers necessary for the performance of their functions, such as accounting auditors, or other necessary organizations resulting from the best practices.

Your contact information

We only collect contact or personal information for purposes of trade, service, customer relationship supplier for marketing purposes of our products or services. The only websites where you can log in with your personal account is on our news and Blog site and at WiseCourses Academy where we accept access from public, social or personal accounts.

Additional Information

All information that is exchanged with a customer or supplier because of the execution or completion of a service or contract will be treated in accordance with our information security policy for which the customer shall give consent of all the specific processes that will be used. WisePlant Group LLC commits to faith fully in our obligations as a provider and in compliance with the law, legislation, standards, regulations, and global best practices.

How do we protect your data?

We use various tools for the protection of our systems in conjunction with clearly identified and defined procedures for the processing of information. We have created and maintained a policy for information security.

Our website uses specialist security software – WiseSecurity Shield. This helps to ensure data breaches do not occur and our website and data are protected against hacking attempts and intrusion.

WiseSecurity Shield protects site visitors and works to block potential hacks while monitoring web traffic and filesystem changes.

The learn more about WiseSecurity Shield, please follow this link.

Security Cookies

The WiseSecurity Shield never stores any sensitive, personally identifiable information in any cookie at any time. In the case that the WiseSecurity Shield needs to redirect a visitor or any request, it may use a cookie to prevent repeated/infinite redirect loops. For registered/logged-in users, the WiseSecurity Shield uses a cookie to track user sessions and control display of certain admin notices. The WiseSecurity Shield does not normally use Cookies for unregistered site visitors. It may however use a cookie to register the closure of the WiseSecurity Shield security badge to prevent repeated display.

Data Storage: User Sessions

For logged-in users, the WiseSecurity Shield stores information on the username, the IP address and the time of last login and last activity. This information is purged upon logout or data cleanup.

Data Storage: Audit Trail

The WiseSecurity Shield has an Audit Trail feature that will log the following information:

1. Audit Trail message that may include email addresses
2. Logged-in username (where applicable)
3. Originating IP address of the request

For logged-in users this represents information that may be used to locate (by IP address) and identify individuals and their activity on the site. This information is stored for security purposes by the site administrator.

This data will be retained and then automatically purged from the database after a fixed time period, as determined by the site administrator. (Currently this is set to 7 days.)

Multifactor Authentication

We provide optional 2FA/MFA to certain users. If you would like to voluntarily activate your 2FA/MFA, please complete the following form to subscribe to this additional security countermeasure. We recommend activating. Some user profiles must configure 2FA/MFA to be able to grant access to certain information and modules.

From whom do we receive data?

Due to the nature of official representations of some manufacturers and/or non-profit organizations, for the quality of our representing official and/or exclusive distributor relationships with these companies, they usually send us contact information to process specific or request, or to follow up to a lead, order, business opportunity, price order, technical support, or similar order.

We never receive or buy data that could be supplied by third parties or those who claim to have exclusive contact databases. Non-commercialized personal data and company data by third parties except for the cases mentioned here.

Document Classification

All documents that are processed by WisePlant group LLC and its associated companies as results of the operations resulting from the business activities of WisePlant, WiseSecurity, or WiseCourses are subject to classification procedures, as described in our information security policy.

Many times, the documents are made by our professionals based on the information provided by customers, whether through our websites, emails and/or meetings in person. These resulting documents also belong partial or totally to our clients and will be treated securely, privately, and confidentially in accordance with the nature of their content and definitions assumed at the beginning of the project.

For the purposes of the classification, we have adopted the following criterion according to the following degrees of sensitivity of the information: (See our Information Security Policy).

• C4 – Critical (Top Secret or Ultra Secret): It is the highest level of classified information. Such material would cause “Extreme damage” to National security if it is made available to the public.
• C3 – Strictly confidential (secret): Material that would cause “serious harm” to national security or Private holder if publicly available.
• C2 – Confidential (confidential): Material that may cause “damage or harm” to safety and/or security.
• C1 – Private (Restricted, broadcast Imitated or only for official use): Material that would cause “undesirable effects” in case of disclosure.
• C0 – Public (of free access): Although technically it is not a classification level, it is a common feature in the classification schemes, for documents that do not deserve a classification or that have been declassified.

Each time you wish to access, consult, or download a document from some of our websites or receive a document you will surely observe its classification, or it shall be informed by one of our officials. Each time you send us a document this will be classified for proper processing and treatment.

If you consider that the information you are required to provide us with is confidential, strictly confidential, or critical, notify us before providing such information. We have mechanisms with the necessary level of security to protect this type of information.

Intellectual Property

All the foregoing does not alter or modify the rights that exist on intellectual property, trademarks, copyrights, designs, source code and patents belonging to its original authors or proprietors.

Document Control

Date	Reviewer	Observations
Feb 2016	Monica Lopez	Initial publication and release of the new policy
Feb 2021	Monica Lopez	Minor changes and updates
Oct 2023	Maximillian Kon	Minor changes and updates on the list of systems and websites.