Effective Date: May 20, 2025

Issued By: Bellevue Corporation

Brand Name: AMS PILOT US

Website: https://amspilot.com

Contact Email: support@amspilot.com

1. Purpose

This policy outlines Bellevue Corporation's approach to protecting the confidentiality, integrity, and availability of information. As the operator of AMS PILOT US, Bellevue Corporation commits to maintaining robust data security controls aligned with industry standards.

2. Scope

This policy applies to all AMS PILOT US services, personnel, systems, and third-party vendors that handle personal or sensitive data on behalf of Bellevue Corporation.

3. Information Governance

Bellevue Corporation ensures all Data Processors are contractually bound to data protection standards and does not share or sell personal data to third parties. Third-party data sharing is limited to anonymized or aggregated formats where possible.

4. Access Control

- Access to systems is restricted by job role and reviewed regularly.

- Multi-factor authentication (MFA) is enabled where possible.

- Immediate revocation of access upon role change or termination.

5. Data Protection and Encryption

- Personal data in transit is encrypted using TLS (SSL).

- At rest, data is encrypted using AES-256 or equivalent.

- Devices hosting data are secured with physical and logical safeguards.

6. Data Retention and Deletion

- Personal data is retained only as long as necessary for legitimate business purposes.

- Data is deleted within 30 days of account termination or upon request, unless required by law to retain longer.

7. Incident Response and Breach Notification

- Bellevue Corporation maintains a response plan for suspected breaches.

- In the event of a confirmed breach, affected parties and authorities will be notified within 72 hours when legally required.

- Breaches are logged and investigated, and corrective actions are implemented promptly.

8. Employee Training

- Staff are trained annually in handling personal and sensitive data.

- Access to personal data is role-based and monitored.

9. Vendor Management

- All vendors are vetted for compliance with privacy and security standards.

- Contracts include obligations for data protection and limited use.

10. Cookies and Analytics

- AMS PILOT US uses cookies to enhance performance, secure sessions, and personalize experiences.

- Analytics data is used in aggregated form to optimize service functionality.

11. International Data Transfers

- Data may be stored and processed in the United States, United Kingdom, Cyprus, and Ukraine in compliance with applicable laws.

- All transfers are protected through standard contractual clauses and secure protocols.

12. User Rights

- Users may access, correct, delete, or object to processing of their personal data.

- Requests can be submitted to: support@amspilot.com

13. Policy Review

This policy is reviewed annually or upon major changes in operations, law, or system architecture.

Legal Notice

AMS PILOT US is a business brand operated by Bellevue Corporation, a legally registered company in the United States. AMS PILOT LTD (UK) and Bellevue Corporation are separate entities operating under the shared brand "AMS PILOT".