Privacy Shield Policy

Similar documents
Emsi Privacy Shield Policy

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

Cognizant Careers Portal Privacy Policy ( Policy )

Privacy Policy. Effective as of October 5, 2017

1 Privacy Statement INDEX

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

Motorola Mobility Binding Corporate Rules (BCRs)

PRIVACY COMMITMENT. Information We Collect and How We Use It. Effective Date: July 2, 2018

SAFE-BioPharma RAS Privacy Policy

Privacy Policy Effective May 25 th 2018

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

GUESTBOOK REWARDS, INC. Privacy Policy

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

Jefferies EMEA Privacy Notice

DATA PROTECTION POLICY THE HOLST GROUP

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

TechTarget, Inc. Privacy Policy

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Privacy Policy V2.0.1

OUR PRIVACY POLICY. 1. Our Privacy Principles. 2. Information that We Collect from You. Last Updated: May 25, 2018

Islam21c.com Data Protection and Privacy Policy

Privacy Policy GENERAL

Saba Hosted Customer Privacy Policy

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Ferrous Metal Transfer Privacy Policy

Recruitment Privacy Notice

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Emergency Nurses Association Privacy Policy

PRIVACY POLICY. We encourage you to read the entire Privacy Policy, which consists of the sections listed below:

Subject: Kier Group plc Data Protection Policy

Revision History. Revision # Date Author Sections Altered Rev 1.0 2/15/15 Ben Price New Document

Privacy Policy. Effective date: 21 May 2018

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

UWTSD Group Data Protection Policy

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Policy on Privacy and Management of Personal Information

Beam Technologies Inc. Privacy Policy

HPE DATA PRIVACY AND SECURITY

etouches, Inc. Privacy Policy

FIRESOFT CONSULTING Privacy Policy

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

TREND MICRO PRIVACY POLICY

GLOBAL DATA PROTECTION POLICY

PS Mailing Services Ltd Data Protection Policy May 2018

Government-issued identification numbers (e.g., tax identification numbers)

Privacy Policy. This document describes the privacy policy of United TLD Holdco Ltd (T/A Rightside Registry).

CAREERBUILDER.COM - PRIVACY POLICY

PRIVACY NOTICE ADMISSIONS TO HEALTH-RELATED GRADUATE PROGRAMS

Platform Privacy Policy (Tier 2)

POMONA EUROPE ADVISORS LIMITED

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

This policy also applies to personal information about you that the Federation collects from any other third party.

Privacy Policy. Effective: March 16, 2018.

DATA PROTECTION POLICY

Data Protection Policy

Shaw Privacy Policy. 1- Our commitment to you

Privacy Policy. Optimizely, Inc. 1. Information We Collect

ecare Vault, Inc. Privacy Policy

Last updated 31 March 2016 This document is publically available at

2. What is Personal Information and Non-Personally Identifiable Information?

UWC International Data Protection Policy

Privacy Notice - General Data Protection Regulation ( GDPR )

American Dental Hygienists Association Privacy Policy

Data Protection Policy

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

ETSY.COM - PRIVACY POLICY

PCO Data Protection and Privacy Policy

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

Privacy Policy. Overview:

Legal notice and Privacy policy

Janie Appleseed Network Privacy Policy

Data Processing Agreement DPA

Technical Requirements of the GDPR

GLOBAL DATA PROTECTION POLICY

PPR TOKENS SALE PRIVACY POLICY. Last updated:

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

TREND MICRO PRIVACY POLICY (Updated May 2012)

Thanks for using Dropbox! Here we describe how we collect, use and handle your information when

BIOEVENTS PRIVACY POLICY

GRANDSTREAM PRIVACY STATEMENT

VETS FIRST CHOICE PRIVACY POLICY FOR PARTICIPATING VETERINARY PRACTICES

This Statement does not apply to your use of a third party site linked to on this website

GROUPON.COM - PRIVACY POLICY

DATA PROCESSING AGREEMENT

UNTITLED HIP HOP PROJECT Privacy Policy. 1. Introduction

WEBSITE PRIVACY POLICY

PRIVACY POLICY. Personal Information We Collect

Transcription:

Privacy Shield Policy Catalyst Repository Systems, Inc. (Catalyst) has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Catalyst obtains from Employees and Clients located in the European Union and Switzerland. Catalyst commits to comply with the US-EU Privacy Shield Framework and Swiss- U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom and/or Switzerland. Catalyst certifies to the U.S. Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/list. The Federal Trade Commission has jurisdiction over Catalyst s compliance with the Privacy Shield. All Catalyst employees who handle Personal Data from the EU, the United Kingdom and/or Switzerland are required to comply with the Principles stated in this Policy. 1. BUSINESS Catalyst provides a secure, hosted e-discovery platform for document review, collaboration and work flow. Our Clients use our systems for litigation support, case and claims management, for investigations and for other purposes. This Policy applies to the processing of Personal Data that Catalyst receives in the United States concerning Employees and Clients who reside in the EU, the United Kingdom and/or Switzerland. 2. RESPONSIBILITIES AND MANAGEMENT Catalyst has designated a Compliance Officer to oversee its information security program, including its compliance with the Privacy Shield program. The Compliance Officer shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to info@catalystsecure.com. Catalyst will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. Catalyst personnel will receive training, as applicable, to effectively implement this Policy. Page 1 of 8

3. RENEWAL/VERIFICATION Catalyst will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the re-certification, Catalyst will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Client Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, Catalyst will undertake the following: Review this Privacy Shield policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Personal Data Ensure that the publicly posted privacy policy informs Employees and Clients of Catalyst's participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Policy) Ensure that this Policy continues to comply with the Privacy Shield principles Confirm that Clients are made aware of the process for addressing complaints and any independent dispute resolution process (Catalyst may do so through its publicly posted website, Client contract, or both) Review its processes and procedures for training Employees about Catalyst's participation in the Privacy Shield program and the appropriate handling of Client Personal Data Catalyst will prepare an internal verification statement on an annual basis. 4. COLLECTION AND USE OF PERSONAL DATA Catalyst provides secure document repositories on behalf of Clients and their law firms or other representatives. Information (data or documents) we receive is generally not available to the general public. It belongs to the respective Client who engaged us to provide the site in accordance with our agreement with that Client. Catalyst never uses or forwards Client data except at the Client s direction. As such, Catalyst is a technology service provider to its Clients. Data we receive from our Clients is used at our Client s direction for searching, sharing, updating, etc. in accordance with the terms of our agreement with each Client. Decisions regarding what information gets hosted and who is allowed to access it are made by the Client and implemented by Catalyst. Page 2 of 8

In our capacity as a service provider, we will receive, store, and/or process Personal Data owned and/or controlled by our Clients, including information about their employees, agents, or other individuals. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of each particular Client. The information that we collect from our Clients in this capacity is used for managing transactions, reporting, invoicing, renewals, other operations related to providing services to the Client, and as otherwise requested by the Client. We contract with third-party data centers to physically store the computer equipment on which Client data is stored. This equipment is owned, managed and accessible only by Catalyst employees except in cases of emergency. 5. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA Catalyst provides document repository services for and at the direction of our Clients. As such, the Client determines what data to store in the repository, who can access that data for search, analysis and review, and the ultimate disposition of that data, whether through production to one or more third parties, archiving for return to the client or its deletion. Catalyst s responsibility is to maintain the data securely for the life of the hosting agreement, while following client directions as to its use. Catalyst discloses Personal Data only at the direction of its Client. Catalyst may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Catalyst and they must either: (1) comply with the Privacy Shield principles or another mechanism permitted by the applicable European or Swiss data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy. Catalyst may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If such a case, Catalyst will notify its Client as soon as reasonably possible. Catalyst acknowledges its potential liability in cases of its onward transfer of Personal Data to third parties that do not meet the criteria set forth above in the proceeding two paragraphs. Catalyst also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure and our Client has so directed. You have the right to opt-out of any Onward Transfer of your personal data to a third party or if your Personal Data is to be used for a purpose different from the purpose Page 3 of 8

for which it was originally collected. You have the right to opt-in to allow collection of sensitive Personal Data (e.g., data relating to your racial or ethnic origin, political opinions, religious beliefs, health, sexual preference, criminal convictions, etc.). 6. DATA INTEGRITY AND SECURITY Catalyst employs what it believes are reasonable efforts to maintain the accuracy and integrity of Personal Data received from our Clients or its agents and, at the Client s direction will endeavor to update it as appropriate. Catalyst has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to Catalyst's electronic information systems requires user authentication via password or similar means. Catalyst also employs access restrictions, limiting the scope of employees who have access to Client Personal Data. Despite these precautions, no data security safeguards can guarantee 100% security all of the time. 7. DATA COLLECTION FOR SITE REGISTRATION. Catalyst collects Personal Data from Clients and users when they register with our website, log-in to their database, complete surveys, request information from us, or otherwise communicate with us. For example, Catalyst Clients may choose to seek live support or post to a message board. The Personal Data that we collect may vary based on the Clients or user's interaction with our website and request for our services. As a general matter, Catalyst collects the following types of Personal Data from its Clients: contact information, including, a contact person's name, work email address, work mailing address, work telephone number, title, and company name. Clients have the option to log into their accounts online and to request services online, including through a live support option; we will collect information that they choose to provide to us through these portals. When Clients use our services online, we may collect their IP address and browser type. We may associate IP address and browser type with a specific Client. We also may collect Personal Data from persons who contact us through our website to request additional information; in such a situation, we would collect contact information (as discussed above) and any other information that the person chooses to submit through our website. Catalyst uses Personal Data that it collects directly from its Clients and users in its role as a service provider for the following business purposes,: (1) maintaining and supporting its products, delivering and providing the requested products/services, Page 4 of 8

and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to a Client); (2) satisfying governmental reporting, tax, and other requirements (e.g., import/export); (3) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (4) verifying identity (e.g., for online access to accounts); (5) as requested by the Client; (6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law. In no circumstances will Catalyst rent, distribute or sell any information it collects to others except as stated above. If you have questions about information contained on the site or the uses to which it may be put, please contact the Client who engaged us to provide that site or its site administrator. 8. NOTIFICATION Catalyst notifies Clients about its adherence to the Privacy Shield principles through its publicly posted website privacy policy, available at http://www.catalystsecure.com/pdfs/catalyst_privacy_shield_policy.pdf 9. ACCESSING PERSONAL DATA Catalyst personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized. 10. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA In appropriate circumstances, Data Subjects have the right to know what Personal Data about them is included in a Catalyst Repository to which they have submitted their Personal Data through a Catalyst Client and to ensure that such Personal Data is accurate and relevant for the purposes for which the Personal Data was collected. Requests for Access to Personal Data. Persons who have submitted their Personal Data to a Client should contact the Client in the first instance to for access to that Personal Data. We will take directions from our Client with regard to making Personal Data accessible to a Data Subject. In the alternate, requests for access to Personal Data may be made to Catalyst by telephone (303-824-0900 or email at support@catalystsecure.com. Please identify the Client to whom Personal Data was submitted and, if possible, the repository which holds that Personal Data. Page 5 of 8

If Catalyst receives a request from a Data Subject for access to his/her Personal Data, then, unless otherwise required under law or contract, Catalyst will forward the request to the Client for instructions. Catalyst is required to act at the direction of the Client in this regard but will endeavor to fulfill our responsibilities under the Privacy Shield. Catalyst will use best efforts to respond in a timely manner to all reasonable requests to view, modify, or inactivate Personal Data. Review of Personal Data. In accordance with the Privacy Shield principles, and consistent with our Client s instructions, Data Subjects may review their own Personal Data stored in a Catalyst repository and correct, edit, amend, block or erase any data that is inaccurate, as permitted by applicable law. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. Disputes. Should there be a dispute between the Client and the Data Subject over the right to correct, edit, amend, block, erase or otherwise change their Personal Data, Catalyst will seek guidance from its client or other appropriate authority before taking any action. 11. CHANGES TO THIS POLICY This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. We will notify Clients if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner. 12. QUESTIONS OR COMPLAINTS Clients may contact Catalyst with questions or complaints concerning this Policy at the following address: support@catalystsecure.com 13. ENFORCEMENT AND DISPUTE RESOLUTION In compliance with the Privacy Shield Principles, Catalyst commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Catalyst at: Page 6 of 8

Ari Roberts Catalyst Repository Systems, Inc. 1860 Blake Street, Suite 700 Denver CO 80202 Phone: 303-824-09000 Email: aroberts@catalystsecure.com Catalyst has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit for more information or to file a complaint. The services of JAMS are provided at no cost to you. Information about how to file a complaint with the JAMS Privacy Shield program can be found at: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harborclaim. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission or a similar organization created jointly by the US Department of Commerce and Switzerland. An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the organization and afford the organization an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties. In addition, this option may not be invoked if an EU or Swiss Data Protection Authority (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA s authority to resolve the same claim against an EU or Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA authority. Page 7 of 8

14. DEFINITIONS Capitalized terms in this Privacy Policy have the following meanings: "Client" means a prospective, current, or former partner (distributor or reseller), vendor, supplier, Client, or Client of Catalyst. The term also shall include any individual agent, employee, representative, Client, or Client of a Catalyst Client where Catalyst has obtained his or her Personal Data from such Client as part of its business relationship with the Client. "Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For Clients residing in Switzerland, a Data Subject also may include a legal entity. "Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Catalyst or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area. "Europe" or "European" refers to a country in the European Economic Area. "Personal Data" as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual's name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term "person" includes both a natural person and a legal entity, regardless of the form of the legal entity. "Sensitive Data" means Personal Data that discloses a Data Subject's medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. "Third Party" means any individual or entity that is neither Catalyst nor a Catalyst employee, agent, contractor, or representative. Updated and effective April 2, 2019 Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback