Skip to Content
Nemu Inc.
Privacy ManagementπŸ“¬ Privacy Inquiries, Complaints, and Regulatory Matters

πŸ“¬ Privacy Inquiries, Complaints, and Regulatory Matters

1. Purpose

This document describes Nemu Inc.’s process for handling privacy-related inquiries, complaints, or disputes from individuals, as well as interactions with regulators.

2. Inquiries and Requests

  • Individuals may contact Nemu Inc. via support channels (e.g., email to support@mynemu.com) with questions or requests regarding their data.
  • Requests may include:
    • Access to personal data.
    • Correction or deletion of data.
    • Questions about data usage or sharing.

3. Handling Process

  1. Receipt and Acknowledgment:
    • The request is acknowledged within a reasonable timeframe.
  2. Verification:
    • Identity is verified as appropriate before sharing or modifying personal data.
  3. Assessment and Response:
    • The request is evaluated against contractual and legal obligations.
    • A response is provided, and actions taken are documented.
  4. Escalation:
    • Complex or sensitive matters may be escalated to leadership and, where applicable, legal counsel.

4. Complaints and Disputes

  • Privacy-related complaints are logged and investigated.
  • Root cause and corrective actions are documented where issues are confirmed.

5. Regulatory Matters

  • Any privacy regulator complaints, findings, or rulings involving Nemu Inc. would be:
    • Logged and documented.
    • Addressed through corrective actions and policy updates as needed.

6. Opt-Out of Sale or Sharing of Personal Information (CPRA/CCPA)

Yes. Nemu Inc. maintains documented procedures to support an individual’s ability to opt out of the sale or sharing of personal information in accordance with applicable state privacy laws such as the CPRA/CCPA.

While Nemu does not sell personal information, we still maintain mechanisms and internal processes to comply with opt-out obligations, including:

  • Clear opt-out instructions provided through our Privacy Policy and user support channels.
  • A defined request workflow for processing opt-out submissions (via support email at support@mynemu.com), including verification, acknowledgment, and fulfillment steps.
  • Internal tracking and logging of opt-out requests to ensure compliance and auditability.
  • Vendor and third-party review to confirm that subprocessors do not sell or use personal information for cross-context behavioral advertising.
  • Policy updates aligned with evolving state-level privacy regulations.

These procedures ensure individuals can exercise their rights and that Nemu remains compliant with CPRA/CCPA opt-out requirements.

7. Legally Binding Disclosure Requests

Nemu Inc. maintains a documented process for handling and notifying clients of any legally binding requests for disclosure of client-scoped data (e.g., subpoenas, court orders, law-enforcement requests, or regulatory inquiries).

  • Logging & Legal Review: All legally binding requests are logged and reviewed by authorized leadership and, when appropriate, legal counsel.

  • Client Notification: Clients are promptly notified of the request unless prohibited by law, including details of the request and any required timelines.

  • Minimum Necessary Disclosure: Only the specific information required by the legally binding order is disclosed, following internal approval.

  • Documentation & Audit Trail: All communications, review steps, and disclosures are documented for compliance and auditability.

  • Restricted Access: Only authorized personnel handle or review such requests to ensure confidentiality and regulatory compliance.

8. Privacy Program Effectiveness & Non-Compliance Management

Nemu Inc. reviews the effectiveness of its privacy program on a regular basis and maintains a documented process for identifying, managing, and reporting instances of non-compliance.

Review Process

  • Periodic Program Review: The privacy program, related policies, and operational practices are reviewed at least annually or upon significant regulatory or business changes.
  • Internal Monitoring: Controls, procedures, and data-handling workflows are periodically assessed to ensure they operate effectively.

Managing Non-Compliance

  • Issue Identification & Logging: Any privacy-related non-compliance events are logged and evaluated to determine impact and root cause.
  • Corrective Actions: Remediation steps are defined, implemented, and tracked until fully resolved.
  • Escalation: Material issues are escalated to leadership or legal counsel where appropriate.

Reporting

  • Management Reporting: Results of reviews, risks, and remediation activities are reported to senior management to ensure visibility, accountability, and decision-making support.

9. Audit Evidence

  • Example records of privacy inquiries or requests (appropriately anonymized).
  • Internal procedures or runbooks for handling data subject requests.
  • Documentation of any regulator interactions if they occur.

10. Compliance Mapping

  • SOC 2: P4.1, P4.2
  • ISO 27001:2013: A.18.1.4

Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.

Last updated on
πŸŽ“ Privacy Awareness Training🌐 Privacy Notice