Cybersecurity and Data Protection Policy

The Viviscent Wellness Foundation (“VWF”) is committed to safeguarding the confidentiality, integrity, and availability of all data and digital systems under its control. This Cybersecurity and Data Protection Policy establishes the standards, responsibilities, and procedures required to protect organizational information and ensure secure operations.

1. Purpose

This Policy ensures that VWF:

• Implements strong cybersecurity safeguards
• Protects sensitive and confidential information
• Prevents unauthorized access, disclosure, or misuse of data
• Maintains compliance with legal and regulatory requirements

2. Scope

This Policy applies to all employees, volunteers, contractors, partners, and any individual who accesses VWF systems, networks, or data.

3. Data Classification

VWF classifies data into the following categories:

• Confidential: Donor data, sweepstakes entries, financial information, personnel records
• Internal Use: Operational documents, internal communications
• Public: Website content, published reports, marketing materials

Confidential data requires the highest level of protection.

4. Security Controls

VWF implements administrative, technical, and physical safeguards, including:

• Encryption of sensitive data in transit and at rest
• Multi‑factor authentication for system access
• Role‑based access controls
• Firewalls, antivirus, and intrusion‑prevention systems
• Secure configuration of servers and applications
• Regular software updates and security patching

5. Acceptable Use Requirements

All users must:

• Use VWF systems only for authorized purposes
• Protect login credentials and never share passwords
• Report suspicious activity immediately
• Avoid installing unauthorized software or hardware
• Follow all data handling and storage procedures

6. Data Protection Standards

VWF protects data through:

• Secure storage and controlled access
• Encryption of confidential information
• Regular backups and recovery testing
• Secure disposal of data and media

7. Third‑Party Security

Vendors, contractors, and partners with access to VWF systems or data must adhere to equivalent security standards and may be required to sign confidentiality or data protection agreements.

8. Incident Reporting and Response

All suspected or confirmed security incidents must be reported immediately. VWF will:

• Investigate incidents promptly
• Contain and mitigate risks
• Document findings and corrective actions
• Notify affected parties when required by law

9. Training and Awareness

Personnel will receive periodic training on cybersecurity best practices, data protection responsibilities, and incident reporting procedures.

10. Policy Violations

Violations of this Policy may result in disciplinary action, removal of access, termination of contracts, or legal action where appropriate.

11. Policy Review

This Policy will be reviewed periodically and updated as necessary to reflect evolving cybersecurity threats, regulatory requirements, and organizational needs.

Contact Us

For questions regarding this Cybersecurity and Data Protection Policy, please contact:

Email: compliance@viviscentwellnessfoundation.org
Phone: 205‑460‑5305