Rego’s Privacy Policy

1- Policy Statement and Scope

Rego Consulting is committed to ensuring the protection and privacy of personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy applies to all Rego employees, contractors, and third-party vendors who process data on behalf of Rego Consulting.

2- Data Collection and Processing
2.1 How We Use Your Data

We use your personal information for the following purposes:

• To provide and maintain our services;
• To communicate with you, including service updates and marketing;
• Improve your user experience on this site;
• Provide and deliver the products and services you request, process transactions, and send you related information, including confirmations and invoices;
• Send you technical notices, updates, security alerts and support, and administrative messages;
• Respond to your comments, questions and requests, and provide customer service;
• Communicate with you about products, services, offers, promotions, rewards, and events offered by Rego Consulting and others, and provide news and information we think will be of interest to you;
• Monitor and analyze trends, usage and activities in connection with our Services;
• Personalize and improve the Services and provide content or features that match user profiles or interests;

2.2 Types of Data Collected

We collect information when you create an account, participate in any interactive features of the Services, fill out a form, register for an event, make a purchase, apply for a job, request for customer support, or otherwise communicate with us. The types of information we may collect include your name, email address, phone number, payment information, information about your company and current position, employment history, and any other information you choose to provide. Our registration forms for webinars, events, and information on Rego Consulting sites require a few mandatory details: full name, a valid business e-mail address, company, and in some cases work title and/or your preferred enterprise tool.

You are not required to provide any other information if you do not want to do so. Please be aware that the user name you choose, the e-mail address you provide, and any other information you enter may render you personally identifiable, and may possibly be displayed on this website intentionally (depending on choices you make during the registration process, or depending on the way in which the site is configured) or unintentionally (subsequent to a successful act of intrusion by a third party). As on many websites, the site administrator may also automatically receive general information that is contained in server log files, such as your IP address, and cookie information.

2.3 Data Minimization

Personal data will only be collected for specified, explicit, and legitimate purposes. Any additional processing outside the defined purposes will require further consent.

Rego Consulting will collect only the data necessary for the intended purpose, and individuals will be informed of the specific data collected.

3 – Data Subject Rights

Individuals have the following rights under GDPR:

3.1 Right to Access

Data subjects have the right to request access to their personal data and information about how it is processed.

3.2 Right to Rectification

Data subjects can request the correction of inaccurate personal data.

3.3 Right to Erasure (Right to be Forgotten)

Data subjects have the right to request the deletion of their personal data under certain circumstances.

3.4 Right to Restriction of Processing

Data subjects can request the restriction of processing of their personal data under certain conditions.

3.5 Right to Data Portability

Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.

3.6 Right to Object

Data subjects can object to the processing of their personal data in certain situations.

3.7 Automated Decision Making and Profiling

We do not engage in automated decision-making processes, including profiling, that produce legal effects or similarly significantly affect data subjects.

3.8 Right to Withdraw Consent

Data subjects can request to withdraw consent at any time to processing of your data.

To exercise these rights, please contact us at privacy@regoconsulting.com.

4 – Data Security and Confidentiality

4.1 Data Security Measures

Rego Consulting implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

4.2 Confidentiality

Access to personal data is restricted to employees and third parties who need to know the information for the purposes of providing services or conducting business operations. All individuals with access to personal data are subject to confidentiality obligations.

5 – Data Breach Response

In the event of a data breach, Rego Consulting will promptly assess and mitigate the impact of the breach. If required by law, affected data subjects and relevant authorities will be notified and, where required, notify the relevant supervisory authority, and affected individuals within the specified timeframes outlined in GDPR.

6 – Third-Party Vendor Compliance

6.1 Vendor Selection

Prior to engaging third-party vendors, Rego Consulting will assess their GDPR compliance, including their data protection policies, security measures, and adherence to data minimization principles.

6.2 Data Processing Agreements

Rego Consulting will establish written agreements with third-party vendors to ensure they process personal data in compliance with GDPR. These agreements will clearly outline the scope of processing, security measures, and obligations to report data breaches.

6.3 Security Measures

Third-party vendors will implement appropriate technical and organizational measures to safeguard personal data. Regular audits and assessments will be conducted to ensure ongoing compliance.

7 – Data Subject Rights

7.1 Access and Rectification

Individuals have the right to access and rectify their personal data. Rego Consulting will provide mechanisms for individuals to exercise these rights promptly.

7.2 Data Portability

Where applicable, individuals have the right to receive personal data concerning them in a structured, commonly used, and machine-readable format.

8 – Training and Awareness

All employees and relevant third-party vendors will receive training on GDPR compliance and their responsibilities regarding data protection.

9 – Review and Update

This policy will be reviewed at least on an annual basis and updated as necessary to ensure ongoing compliance with GDPR and other applicable data protection laws.

10 – Data Protection Officer (DPO)

Rego Consulting has appointed a Data Protection Officer who is responsible for overseeing data protection activities and ensuring compliance with GDPR.

11 -1 Contact Information

For any questions or concerns regarding data protection practices at Rego Consulting, please contact: privacy@regoconsulting.com

Purpose

The purpose of this policy is to establish guidelines for the ethical, secure, and effective use of Artificial Intelligence (AI) technologies within Rego Consulting. This includes, but is not limited to, AI services provided by OpenAI, Microsoft, and Claude via Amazon Bedrock. This policy applies to all employees, contractors, and consultants of Rego Consulting hereafter referred to as “users”.

Scope

This policy covers all AI technologies used for internal productivity improvements, software development, and consulting services provided to our clients. It applies to all AI usage within company-operated facilities, remotely, and in client engagements globally.

Transparency:

• AI Use Disclosure: Clearly disclose when AI is being used and for what purposes, ensuring that clients and stakeholders are informed about the AI technologies that impact them.
• Explainability: Strive for transparency and understandability in AI decisions, making it possible to explain in human terms how AI models arrive at their conclusions.

Ethical Use:

• AI in Decision-Making: Ensure AI tools do not replace human decision-making in critical areas. Use AI to augment and enhance human capabilities.
• Bias and Fairness: Actively work to identify and mitigate biases in AI systems. Ensure AI solutions are fair and do not discriminate against any individual or group.
• Transparency and Explainability: Maintain transparency in AI operations. Ensure the rationale behind AI-driven decisions or recommendations is explainable to stakeholders.
• Disclosure: Disclose where AI generated content or data capture is being generated.

Security and Data Privacy:

• Data Minimization: Collect only the data necessary for the specific AI task, respecting the privacy of individuals.
• Data Protection: Implement robust data protection measures. Use encryption, access controls, and secure data storage and transfer mechanisms.
• Compliance: Adhere to all relevant laws and regulations regarding data privacy and AI usage, including the AI Act, GDPR, CCPA, and any sector-specific regulations.

• Client Data: Ensure client data used in AI applications is handled in accordance with contractual agreements and privacy laws.
• The usage of PII data (employee or client) is strictly prohibited.

AI Act:

• The AI Act categorizes AI into 4 risks categories. Unacceptable Risk, High Risk, Limited Risk (with transparency) and Minimal Risk.
• Unacceptable Risk and High Risk AI are not allowed.
• Usage of conversational and generative chat bots like ChatGPT and Co-Pilot are considered Limited Risk if you are transparent that they were used as an assistant in your content creation.

Intellectual Property:

• Respect IP Rights: Ensure AI technologies do not infringe on the intellectual property rights of others. This includes training datasets and generated content.
• Ownership of AI-Generated Work: Clearly define the ownership of IP rights in AI-generated work, considering both internal and client projects.

Usage Guidelines:

• Training and Resources: Provide necessary training and resources to users for ethical and effective use of AI technologies.
• Monitoring: Regularly monitor AI applications for compliance with this policy, ethical guidelines, and performance expectations.
• Reporting and Accountability: Establish a reporting mechanism for any issues or ethical concerns related to AI usage. Ensure accountability and take corrective action as necessary.

Implementation

Responsibility:

• The SVP of Compliance and CTO are responsible for the overall enforcement of this policy with the right to audit each user on a case-by-case basis.
• Department heads are responsible for ensuring compliance within their teams.

Review and Update:

• This policy will be reviewed annually or more frequently as needed.
• Updates will be made to reflect changes in technology, legislation, and company objectives.

Compliance:

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract, as well as legal consequences.