Who we are:
This is the Privacy Statement of Electrified Mind. Electrified Mind is located in Nashville, TN (USA).
In this statement we explain what our general policy is in relation to the processing of personal data. We describe what personal data we process from you, how we guarantee your privacy and what rights you have.
This statement relates to data we process from customers, visitors to our website, supplier applicants and all other relations of Electrified Mind
We are Electrified Mind. Our website address is: https://electrifiedinterviews.com.
What personal data we collect and why we collect it
We may collect personal data such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies. We collect information about you during the checkout process on our store.
Information from your web browser or mobile device. You may generally visit most of our Site without telling us who you are or providing personal information. We may collect information that is sent to us automatically by your web browser or mobile device when you visit our Site. For example, we may collect your IP address, the name and type of your browser, and the date and time you visit our Site, depending on your browser or device settings which you may be able to change. While this information is not, on its own, personally identifiable, we may combine it with other information that does identify you.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Our contact form is located here: https://electrifiedinterviews.com/contact/
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Analytics will only be accessed and reviewed by Electrified Mind
Who we share your data with
Electrified Mind operates internationally.
We may share your data with third parties enabled by us, such as printers, e-mail and mail processors.
When we share your information with third parties, we impose the obligation on those third parties to protect your personal data properly.
Electrified Mind does not sell your personal data to third parties. In addition, Electrified Mind will only share your data if required to do so by law.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
You may contact us at: firstname.lastname@example.org
How we protect your data
We maintain reasonable administrative, physical and technical measures to protect the confidentiality and security of your personal information. Unfortunately, no website is completely secure. Therefore, we cannot guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others and we expressly disclaim all liability arising therefrom.
What data breach procedures we have in place
This document sets out the processes to be followed by Electrified Mind staff in the event that Electrified Mind experiences a data breach or suspects that a data breach has occurred. A data breach involves the loss of, unauthorised access to, or unauthorised disclosure of, personal information.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Act) established a Notifiable Data Breaches (NDB) scheme requiring organisations covered by the Act to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.
Accordingly, Electrified Mind needs to be prepared to act quickly in the event of a data breach (or suspected breach), and determine whether it is likely to result in serious harm and whether it constitutes an NDB.
Adherence to this Procedure and Response Plan will ensure that Electrified Mind can contain, assess and respond to data breaches expeditiously and mitigate potential harm to the person(s) affected.
3. Process where a breach occurs or is suspected
Where a privacy data breach is known to have occurred (or is suspected) any member of Electrified Mind staff who becomes aware of this must, within 24 hours, alert a Member of the Executive in the first instance.
The Information that should be provided (if known) at this point includes:
When the breach occurred (time and date)
Description of the breach (type of personal information involved)
Cause of the breach (if known) otherwise how it was discovered
Which system(s) if any are affected?
Which directorate/faculty/institute is involved?
Whether corrective action has occurred to remedy or ameliorate the breach (or suspected breach)
3.2 Assess and determine the potential impact
Once notified of the information above, the Member of the Executive must consider whether a privacy data breach has (or is likely to have) occurred and make a preliminary judgement as to its severity. The Privacy Coordinator should be contacted for advice.
3.2.1 Criteria for determining whether a privacy data breach has occurred
Is personal information involved?
Is the personal information of a sensitive nature?
Has there been unauthorised access to personal information, or unauthorised disclosure of personal information, or loss of personal information in circumstances where access to the information is likely to occur?
3.2.2 Criteria for determining severity
The type and extent of personal information involved
Whether multiple individuals have been affected
Whether the information is protected by any security measures (password protection or encryption)
The person or kinds of people who now have access
Whether there is (or could there be) a real risk of serious harm to the affected individuals
Whether there could be media or stakeholder attention as a result of the breach or suspect breach
Having considered the matters in 3.2.1 and 3.2.2, the Member of the Executive must notify the Privacy Officer within 24 hours of being alerted under 3.1.
3.3 Privacy Officer to issue pre-emptive instructions
On receipt of the communication by the relevant member of the Executive under 3.2, the Privacy Officer will take a preliminary view as to whether the breach (or suspected breach) may constitute an NDB. Accordingly, the Privacy Officer will issue pre-emptive instructions as to whether the data breach should be managed at the local level or escalated to the Data Breach Response Team (Response Team). This will depend on the nature and severity of the breach.
3.3.1 Data breach managed at the Directorate/Faculty/Institute level
Where the Privacy Officer instructs that the data breach is to be managed at the local level, the relevant Member of the Executive must:
ensure that immediate corrective action is taken, if this has not already occurred (corrective action may include: retrieval or recovery of the personal information, ceasing unauthorised access, shutting down or isolating the affected system); and
submit a report via the Privacy Coordinator within 48 hours of receiving instructions under 3.3. The report must contain the following:
Description of breach or suspected breach
Outcome of action
Processes that have been implemented to prevent a repeat of the situation.
Recommendation that no further action is necessary
The Privacy Officer will be provided with a copy of the report and will sign-off that no further action is required.
3.4 Primary role of the Response Team
There is no single method of responding to a data breach and each incident must be dealt with on a case by case basis by assessing the circumstances and associated risks to inform the appropriate course of action.
The following steps may be undertaken by the Response Team (as appropriate):
Immediately contain the breach (if this has not already occurred). Corrective action may include: retrieval or recovery of the personal information, ceasing unauthorised access, shutting down or isolating the affected system.
evaluate the risks associated with the breach, including collecting and documenting all available evidence of the breach having regard for the information outlined in sections 3.2.1 and 3.2.2 above.
Call upon the expertise of, or consult with, relevant staff in the particular circumstances.
Engage an independent cyber security or forensic expert as appropriate.
Assess whether serious harm is likely (with reference to section 3.2.2 above and section 26WG of the NDBAct).
Make a recommendation to the Privacy Officer whether this breach constitutes an NDB for the purpose of mandatory reporting to the OAIC and the practicality of notifying affected individuals.
Consider developing a communication or media strategy including the timing, content and method of any announcements to students, staff or the media.
The Response Team must undertake its assessment within 48 hours of being convened.
The Privacy Officer will provide periodic updates to the Vice-Chancellor as deemed appropriate.
Having regard to the Response team’s recommendation in 3.4 above, the Privacy Officer will determine whether there are reasonable grounds to suspect that an NDB has occurred.
If there are reasonable grounds, the Privacy Officer must prepare a prescribed statement and provide a copy to the OAIC as soon as practicable (and no later than 30 days after becoming aware of the breach or suspected breach).
If practicable, Electrified Mind must also notify each individual to whom the relevant personal information relates. Where impracticable, ACU must take reasonable steps to publicise the statement (including publishing on the website).
3.6 Secondary Role of the Response Team
Once the matters referred to in 3.4 and 3.5 have been dealt with, the Response team should turn attention to the following:
Identify lessons learnt and remedial action that can be taken to reduce the likelihood of recurrence – this may involve a review of policies, processes, refresher training.
Prepare a report for submission to Senate.
Consider the option of an audit to ensure necessary outcomes are effected and effective.
4. Updates to this Procedure
This procedure is scheduled for review every five years or more frequently if appropriate
What third parties we receive data from
We receive data from PayPal.