Privacy Policy
Last Updated: 06.01.2025
Andy Systems (“we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and integrity of personal and organizational information processed through our website, consulting services, and the CIMSNEX Management System Operating Infrastructure (“CIMSNEX”).
By accessing our website or subscribing to CIMSNEX, you agree to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Account & Contact Information
We may collect:
- Names
- Email addresses
- Phone numbers
- Organization details
- Role and access permissions
This information is required for account provisioning, communication, and platform administration.
1.2 Platform Operational Data
CIMSNEX processes governance-related data, including but not limited to:
- Risk registers
- Objectives
- Incident logs
- Audit records
- Management review documentation
This data remains under the control and ownership of the subscribing organization.
1.3 Technical & Usage Information
We may collect:
- IP address
- Browser type
- Device information
- Access timestamps
This data supports system security, performance monitoring, and infrastructure stability.
2. Purpose of Processing
Information is processed for:
- Platform access management
- Delivery of subscribed services
- System security monitoring
- Performance improvement
- Client support
We do not sell personal data to third parties.
3. Data Ownership & Control
Clients retain full ownership of governance and operational data entered into CIMSNEX.
Andy Systems acts as a service provider facilitating secure hosting and infrastructure management.
4. Security Measures
CIMSNEX is designed using secure-by-design principles aligned with ISO 27001 information security controls, including:
- Role-based access control
- Encrypted transmission
- Secure hosting environment
- Controlled administrative access
- Activity monitoring
While we implement industry-standard safeguards, no system can guarantee absolute security.
5. Third-Party Service Providers
We may use vetted third-party infrastructure providers for:
- Hosting
- Secure data storage
- Performance analytics
Such providers are contractually bound to confidentiality and security obligations.
6. Data Retention
Data is retained for the duration of the subscription and in accordance with contractual and legal obligations.
Upon termination, data handling procedures are governed by the applicable service agreement.
7. Cookies
Our website may use cookies to improve user experience and performance analysis. Users may adjust browser settings accordingly.
8. Policy Updates
We may update this policy periodically. The latest version will be posted on our website with the updated effective date.
9. Contact
For privacy inquiries:
