Effective Date: October 2th , 2025

Revision 4.0

At AMG Quality Services, we value and respect your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use any of our services, including the “OEMS© – Designed to Amaze” system. Please take a moment to carefully read through this policy.

1. Information We Collect

We may collect the following types of information when you interact with our website or services:

  • Personal Information: This includes data that can be used to identify or contact you, such as your name, email address, telephone number, job title, company name, and other similar details.
  • Technical Information: Information about your interaction with our website and services, including your IP address, browser type, operating system, referring website addresses, and other usage details, which may be collected via cookies or other tracking technologies.
  • OEM-Specific Data: When using the OEMs – Designed to Amaze system, we may collect additional information related to your organization’s quality and Health, Safety, and Environment (HSE) compliance, operational performance, and other relevant metrics.

2. How We Use Your Information

We may use the information we collect for the following purposes:

  • To Provide and Improve Our Services: To deliver, manage, and improve our quality assurance and HSE services, including those provided through the OEMS ©– Designed to Amaze system.
  • To Communicate with You: To respond to your inquiries, provide updates, and inform you about changes to our services.
  • To Ensure Security: To protect our systems and services from unauthorized access, attacks, or malicious activity.
  • To Comply with Legal Obligations: We may be required to collect or retain information for regulatory compliance, auditing, and legal purposes.
  • For Analytics: To analyze trends, usage, and other website or system performance metrics for internal business purposes.

3. Data Sharing and Disclosure

We do not sell or rent your information to third parties. However, we may share your data under the following circumstances:

  • Service Providers: We may share your information with trusted third-party service providers who assist us in operating our website and systems or provide ancillary services (e.g., hosting services, IT support, etc.).
  • Legal Requirements: We may disclose your information if required to do so by law or in response to a valid request by public authorities (e.g., a court or government agency).
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the business transaction, subject to standard confidentiality protections.

4. OEMS–Designed to Amaze System

AMG Quality Services takes special care to ensure the confidentiality and protection of data shared within the OEMS©–Designed to Amaze system. The system is designed to meet the highest quality and HSE standards. Any data you provide will be securely processed and protected in accordance with this Privacy Policy and any applicable regulations.

Data shared within the OEMS© system may include quality metrics, compliance data, and other proprietary information related to your organization. We implement robust technical and organizational safeguards to ensure this data remains secure and confidential.

5. Data Security

We take the security of your data seriously and implement a variety of security measures to safeguard it, including encryption, secure data storage, and regular security assessments. However, no method of transmission over the internet or electronic storage is entirely secure, so we cannot guarantee absolute security. We encourage you to protect your own sensitive information as well.

6. Your Data Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

  • Access: The right to request access to the personal data we hold about you.
  • Correction: The right to correct any inaccurate or incomplete information.
  • Deletion: The right to request the deletion of your personal data, subject to certain exceptions.
  • Restriction: The right to request a limitation on how your data is processed.
  • Objection: The right to object to the processing of your personal data for certain purposes.
  • Data Portability: The right to request that your personal data be provided in a structured, commonly used format.

If you wish to exercise any of these rights, please contact us using the contact information below.

7. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to collect information about your interaction with our website and services. Cookies are small data files stored on your browser or device that help us provide a better user experience.

You may choose to disable cookies through your browser settings, though this may affect your ability to use certain features of our website.

8. Third-Party Websites and Services

Our website and services may utilize third-party platforms, such as Knack, Amazon Web Services (AWS), and backup applications, to enhance the functionality, security, and reliability of our offerings. These third-party services may collect, process, or store information on our behalf in accordance with their respective privacy policies. While we carefully select these providers to ensure the safety and privacy of your data, we encourage you to review their privacy policies to understand how they manage your information:

  • Knack: Provides database management solutions. Their privacy policy can be reviewed at [Knack Privacy Policy Link].
  • Amazon Web Services (AWS): We use AWS for cloud hosting and data storage. Their privacy policy can be reviewed at [AWS Privacy Policy Link].
  • Backup Applications: To ensure data safety and business continuity, we use trusted backup solutions. Depending on the specific provider, their respective privacy policies will apply.

We are not responsible for the privacy practices or the content of these third-party platforms. Please refer to their privacy policies for details on how they handle your personal data.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Effective Date.” We encourage you to periodically review this policy to stay informed about how we are protecting your information.

10. Data Backup

At AMG Quality Services, we prioritize the integrity and availability of your data. To ensure continuity and protection, we implement daily data backups for all critical systems, including those associated with the OEMS© – Designed to Amaze system. Our data backup procedures are designed to:

  • Maintain Data Integrity: We use encrypted and secure backup systems to prevent unauthorized access or data corruption during backup processes.
  • Ensure Business Continuity: In the event of a system failure, data loss, or any other disruptive incidents, our backup procedures allow us to restore data quickly and efficiently to minimize downtime.
  • Cloud and External Parties Backups: We utilize both cloud-based solutions (such as Amazon Web Services (AWS)) and Other Back up providers backups to provide redundancy, ensuring that data is stored securely and is always recoverable.
  • Backup Frequency: We perform regular backups at predetermined intervals, and data retention policies ensure that backed-up data is stored for a duration that complies with both legal and business requirements.

Our backup processes are regularly reviewed and tested to ensure compliance with industry standards and best practices, ensuring that your data always remains secure and recoverable.

11. System Governance and Ownership

The OEMS© – Designed to Amaze System (“the System”) is the proprietary platform of AMG Quality Services LLC (“AMGQS”). All intellectual property, data structures, code, documentation, and system configurations remain the exclusive property of AMGQS.

No third party or user may modify, replicate, or redistribute any component of the system without prior written authorization from AMGQS Management. Unauthorized modification or distribution constitutes a violation of U.S. intellectual property law under 17 U.S.C. § 501 and related federal statutes.

12. Access Control and User Authorization

12.1 Role-Based Access Management

  • Access privileges are managed and monitored exclusively by AMGQS administrators.
  • All AMGQS employees are granted full access to all pages and modules within the OEMS© platform.
  • Access for non-AMGQS users (e.g., contractors, clients, or auditors) is restricted based on the principle of least privilege as defined in NIST SP 800-53 Rev. 5 (AC-6).

12.2 Justification for Full Access by AMGQS Employees

Full system access for AMGQS personnel is required for the following operational and regulatory purposes:

  • Quality Management Integration: The OEMS© system is part of AMGQS’s quality management infrastructure, directly supporting ISO 9001:2015 Clause 7.1.3 (Infrastructure) and Clause 9.1 (Performance Evaluation).
  • Compliance Oversight: Full visibility is necessary to ensure compliance with U.S. cybersecurity and process safety management requirements (e.g., OSHA 29 CFR 1910.119, CISA Cybersecurity Performance Goals 2023).
  • Rapid Incident Response: System-wide access enables immediate containment and corrective action during security or operational incidents, consistent with NIST Incident Response Framework (SP 800-61 Rev. 2).

This access level is restricted to AMGQS-employed personnel, who are bound by confidentiality and ethical conduct agreements.

13. Data Privacy and Confidentiality

  • All data processed through OEMS© shall be handled in compliance with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and, where applicable, HIPAA (45 CFR Parts 160 and 164).
  • AMGQS employees must maintain strict confidentiality of all data accessed through the system, including proprietary, client, and operational information.
  • Data sharing with external entities is prohibited without prior written approval from AMGQS’s authorized management representative.

14. Liability Disclaimer

14.1 Limitation of Liability

AMG Quality Services LLC assumes no liability for:

  • Losses or damages resulting from user negligence, unauthorized access, or third-party actions beyond AMGQS’s reasonable control.
  • Data corruption, downtime, or service interruption arising from external system dependencies, including hosting providers, internet service disruptions, or cyberattacks.

AMGQS provides the OEMS© system “as is” and “as available,” without warranties, express or implied, including but not limited to merchantability or fitness for a specific purpose, to the extent permitted by U.S. federal and state law.

14.2 User Responsibility

Each user is responsible for actions conducted under their credentials. Failure to adhere to this policy may result in disciplinary measures, termination of access, and potential civil or criminal prosecution under 18 U.S.C. § 1030 (Computer Fraud and Abuse Act).

15. Audit, Monitoring, and Compliance

  • AMGQS reserves the right to monitor and audit all user activity within the OEMS© system.
  • All access logs and change records will be retained per NIST SP 800-92 and ISO/IEC 27001:2022 Annex A.12.4 (Logging and Monitoring).
  • Regular internal audits will confirm compliance with ISO 27001, NIST Cybersecurity Framework (CSF), and SOC 2 Type II assurance criteria.

Failure to comply with these standards may result in immediate suspension of access and escalation to management for corrective action.

16. Regulatory Alignment

This policy aligns with key U.S. and international regulatory frameworks, including:

  • NIST SP 800-171 – Protection of Controlled Unclassified Information.
  • CISA Cybersecurity Performance Goals (2023).
  • ISO 9001:2015 and ISO/IEC 27001:2022 standards.
  • U.S. Department of Labor OSHA 29 CFR 1910 (as applicable to operational data systems).
  • Federal Information Security Modernization Act (FISMA, 44 U.S.C. § 3551).

17. Enforcement and Disciplinary Action

All enforcement actions shall be documented.

18. Policy Review and Revision

This policy shall be reviewed annually or as required by:

  • Changes in applicable laws or regulations.
  • Modifications to the OEMS© system architecture.
  • Internal or external audit findings.

Revisions must be approved by AMGQS senior management and documented with version control.

19. Acceptance and Acknowledgment

This policy is published on the AMG Quality Services LLC website and is accessible to all users through the software interfaces. Users are required to review and acknowledge this policy electronically before accessing the OEMS© system. Continued use of the system signifies acceptance of all terms and conditions outlined herein. If a user does not agree with this policy, they must immediately discontinue use of the system.

20. Contact Information

AMG Quality Services LLC – Information Security & Compliance Office
Email: sales@amgqs.com

Phone: +1 (979) 922 0072

For incident reporting, data breach notifications, or compliance inquiries, contact the AMGQS Information Security Office directly.

11. Contact Us

If you have any questions or concerns regarding this Privacy Policy or wish to exercise your data rights, please contact us at:

AMG Quality Services

Sales@amgqs.com

www.amgqs.com

By using our website or services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this policy, please refrain from using our website and services.