Privacy Policy

BCE Corporation PMC Privacy Policy

1. Introduction

BCE Corporation PMC ("we," "our," or "us") is deeply committed to protecting the privacy and security of all information, especially data entrusted to us under contracts with the United States Department of Defense (DoD) and other federal agencies. This Privacy Policy outlines our comprehensive practices regarding the collection, use, storage, protection, and disclosure of information, ensuring strict adherence to applicable federal laws and regulations, including the Privacy Act of 1974 (5 U.S.C. § 552a), the Federal Acquisition Regulation (FAR), the Defense Federal Acquisition Regulation Supplement (DFARS), and the National Institute of Standards and Technology (NIST) Special Publication 800-171.

As a DoD contractor, BCE Corporation PMC is held to the highest standards of data protection and cybersecurity. We recognize the critical importance of safeguarding Sensitive Unclassified Information, including Controlled Unclassified Information (CUI), and Personally Identifiable Information (PII).

2. Scope of this Policy

This policy applies to all information collected, processed, and stored by BCE Corporation PMC in the course of performing our contractual obligations with the U.S. Government, including but not limited to:

Information collected directly from individuals.

Information provided to us by federal agencies.

Information generated through the use of our systems and services, including our website at https://bcecorporationpmc.us/.

This policy applies to all employees, contractors, and third parties who have access to information handled by BCE Corporation PMC.

3. Compliance with Federal Laws and Regulations

Our privacy practices are governed by and comply with:

Privacy Act of 1974 (5 U.S.C. § 552a): This Act governs the collection, maintenance, use, and dissemination of personally identifiable information by federal agencies and their contractors operating "systems of records" on behalf of the government. We comply with the Privacy Act's requirements, including publishing System of Records Notices (SORNs) in the Federal Register as required by our contracts.

Federal Acquisition Regulation (FAR) (48 CFR Chapter 1): We adhere to FAR clauses related to privacy and information security, including those pertaining to the protection of government information and data. (e.g., FAR Part 24 - Protection of Privacy and Freedom of Information, FAR Part 52.224-1 - Privacy Act Notification, FAR 52.224-2 - Privacy Act)

* Defense Federal Acquisition Regulation Supplement (DFARS) (48 CFR Chapter 2): We strictly comply with DFARS clauses, particularly:

DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting: This clause mandates the implementation of NIST SP 800-171 security controls to protect Covered Defense Information (CDI) and Controlled Unclassified Information (CUI). It also dictates strict cyber incident reporting procedures.

Other DFARS clauses relevant to information security and privacy, as specified in our contracts.

National Institute of Standards and Technology (NIST) Special Publication 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: We implement the security requirements outlined in NIST SP 800-171 to safeguard the confidentiality of CUI that we process, store, or transmit on behalf of the DoD and other federal agencies. This includes controls related to access control, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, personnel security, risk assessment, security assessment, system and communications protection, and system and information integrity.

Controlled Unclassified Information (CUI) Program: We adhere to the policies and procedures established by the National Archives and Records Administration (NARA) for the handling, safeguarding, and dissemination of CUI.

4. Types of Information Collected and Purpose of Collection

We collect and process information strictly as necessary to fulfill our contractual obligations with the U.S. Government. The types of information collected may include, but are not limited to:

Personally Identifiable Information (PII): Data that can be used to identify, contact, or locate an individual, such as names, addresses, phone numbers, email addresses, Social Security Numbers (if authorized and necessary), and other unique identifiers. This is primarily collected for personnel management, security clearances, and program-specific requirements as mandated by our government contracts.

Controlled Unclassified Information (CUI) / Covered Defense Information (CDI): This includes unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulation, or government-wide policy. Examples include, but are not limited to, unclassified controlled technical information, critical infrastructure information, export-controlled information, and certain privacy information.

Technical Data & Usage Information: Information about how our systems and services are accessed and used (e.g., IP addresses, browser types, operating systems, and activity logs on https://bcecorporationpmc.us/). This is used for system security, performance monitoring, and to meet audit and accountability requirements.

Purpose of Collection: All information collected serves a legitimate and authorized government purpose, as defined in our contracts. We do not collect information for marketing, advertising, or any purpose unrelated to our contractual duties.

5. How We Protect Information

We implement a comprehensive suite of technical, administrative, and physical safeguards to protect all information from unauthorized access, use, disclosure, alteration, or destruction, in accordance with NIST SP 800-171 and other applicable federal requirements. Our security measures include:

Access Controls: Strict "need-to-know" and "least privilege" access principles are enforced for all information. Access is granted only to authorized personnel who require it to perform their official duties.

Encryption: Data is encrypted at rest and in transit using FIPS 140-2 validated cryptographic modules where required.

Security Architecture: Our systems, including https://bcecorporationpmc.us/, are designed with security embedded at every layer, including robust firewalls, intrusion detection/prevention systems, and secure network segmentation.

Regular Audits and Monitoring: We continuously monitor our systems for potential vulnerabilities and unauthorized activity. Security logs are regularly reviewed and analyzed.

Awareness and Training: All personnel receive mandatory and recurring security awareness and privacy training, emphasizing their responsibilities in handling sensitive information.

Incident Response Plan: We maintain a robust Cyber Incident Response Plan to effectively detect, respond to, and mitigate security incidents, in compliance with DFARS 252.204-7012.

Physical Security: Our facilities and systems are protected by physical security measures to prevent unauthorized access.

Data Minimization: We collect and retain only the minimum information necessary to fulfill our contractual obligations.

6. Disclosure of Information

We will not disclose any information to third parties except as authorized by our government contracts, as required by law, or with the express written consent of the relevant federal agency. Permitted disclosures may include:

To authorized government personnel: For official government purposes related to our contracts.

To authorized subcontractors: Who are under contractual obligation to meet the same or equivalent privacy and security requirements as BCE Corporation PMC.

As required by law: In response to a valid court order, subpoena, or other legal process, after consultation with the relevant government agency.

For cyber incident reporting: In accordance with DFARS 252.204-7012, we will report cyber incidents involving Covered Defense Information to the DoD Cyber Crime Center (DC3) and other designated entities.

We will not sell, rent, or lease any information to any third party for commercial purposes.

7. Data Retention

We retain information only for as long as necessary to fulfill our contractual obligations, meet legal and regulatory requirements, and as directed by the federal agency. Once the information is no longer needed, it will be securely disposed of in accordance with government regulations and industry best practices.

8. Individual Rights (as applicable under the Privacy Act)

Where we operate a "system of records" subject to the Privacy Act of 1974, individuals may have the following rights:

Right of Access: To request access to their own records maintained within our systems.

Right to Amendment: To request amendment of inaccurate, irrelevant, untimely, or incomplete records.

Right to Accounting of Disclosures: To request an accounting of disclosures of their records.

All such requests must be made in writing and will be processed in accordance with the Privacy Act and the specific procedures outlined in the relevant System of Records Notice (SORN) and our contractual agreements with the federal agency.

9. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as necessary to reflect changes in our practices, legal requirements, or government directives. Any changes will be posted on this page (https://bcecorporationpmc.us/privacy-policy) with an updated effective date. We encourage you to review this policy periodically.

10. Contact Information

If you have any questions or concerns regarding this Privacy Policy or our privacy practices, please contact us at:

BCE Corporation PMC

Jonathon@bcecorporationpmc.us

For formal inquiries regarding Privacy Act systems of records or data breaches involving government information, please direct your inquiry through the Contracting Officer's Representative (COR) for the relevant contract or as otherwise specified in your contractual agreements with the federal agency.

Bottom of Website Notice for https://bcecorporationpmc.us/:

FOR GOVERNMENT USE ONLY

This system is subject to stringent Department of Defense (DoD) contractor rules and regulations, including the Privacy Act of 1974 (5 U.S.C. § 552a), the Federal Acquisition Regulation (FAR) (e.g., FAR Part 24, 52.224-1, 52.224-2), and the Defense Federal Acquisition Regulation Supplement (DFARS) (e.g., DFARS 252.204-7012). Our data protection practices align with NIST SP 800-171 requirements for safeguarding Controlled Unclassified Information (CUI).

For detailed information on our compliance and related federal guidelines, please refer to our full Privacy Policy at https://bcecorporationpmc.us/privacy-policy.

Any unauthorized access, use, or criminal activities on this system are strictly prohibited and will be subject to severe punishment under applicable federal laws, including but not limited to 18 U.S.C. § 1030 (Computer Fraud and Abuse Act), 18 U.S.C. § 641 (Public Money, Property or Records), and other relevant statutes.