- EU-US Privacy Shield/US-Swiss Safe Harbor
- Information ComplySci Collects
- Child Privacy
- How We Use Your Information
- Disclosing Information to Third Parties
- International Site Visitors
- How to Access or Update Your Information
- Our Security Measures
- Links From Our Sites to Other Sites
- Enforcement and Dispute Resolution
- Contacting ComplySci
US-Swiss Safe Harbor
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that uses Personal Information provided by ComplySci to perform tasks on behalf of and under the instructions of Compliance Science, Inc.
“ComplySci” means Compliance Science, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States of America.
“Employer” means the entity employing the individuals whose information is submitted to ComplySci, or the entity employing someone who is required to provide the individual’s information by the terms of their employment. Each Employer has a contractual relationship with ComplySci with regard to the services that ComplySci will perform including services performed through PTCC.
“Personal Information” means any information or set of information that identifies or could be used by or on behalf of ComplySci to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive Personal Information” means Personal Information that reveals race, national origin, political opinions, religion or philosophical beliefs, or trade union membership, or that concerns criminal convictions, health, marital status, or sexual orientation, preference or activities. In addition, ComplySci will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.
In general, you can visit our Public Site without telling us who you are or revealing any information about yourself. We may collect and use certain information from our visitors for our general business use, for example, to help us administer our business, improve our services or adjust our site to meet our users’ needs and expectations. Some of this information is not personally identifiable, such as information collected automatically through cookies, and other information is personally identifiable, such as information provided when an Employer registers for any of our online services or uses our applications.
We may gather site usage information from any visitor to our Public Site. Our servers may track and collect information about your browser, domain name, IP address and the web pages you visit. This information generally does not personally identify you. It is aggregated to measure the number of visits, your use of the site, pages viewed, and so on. We also gather similar usage information through the use of our Products.
This information lets us see how users are finding our Public Site and it tells us which pages are visited the most often so we can make our Products more useful. We may share with third parties this experiential information or other data which does not personally identify visitors to our Sites.
In addition to the information automatically collected by your browser, we may collect information that is provided to us through our Public Site or our Products.
Public Site: There may be areas on our Public Site where you may provide personal information to obtain access to certain online services not available to anonymous visitors.
ComplySci only receives your data under the following circumstances:
1) Your Employer is required to comply with a legal or governance obligation and has sent us your information in connection with that compliance effort. Your consent was likely given as a condition of employment. To verify the consent process please contact your Employer’s HR department. If you believe your consent was not obtained, ComplySci may remove your data upon written notice from you after we consult with your Employer.
2) ComplySci also may have received your data if a member of your household is employed by an Employer that has to comply with a legal or governance obligation and has provided the data to us in connection with that compliance effort. To verify the consent process please contact the HR department of the appropriate Employer. If you believe your consent was not obtained, ComplySci may remove your data upon written notice from you after we consult with the Employer.
Email contact. If your email address is submitted through the Public Site, or if you send us an email or request information, ComplySci will retain your contact information and use it to respond to your inquiry. We may also use your email and contact information for our general business purposes including to notify you about product updates and technical notifications (i.e. firewall or IP Address changes).You may unsubscribe or change your email address for these communications at any time by following the instructions in each such email. If your email address is in our Application, ComplySci may use your email address to respond to your inquiries or communicate with you regarding the Application.
Our Sites use “cookies” and other similar technologies to help personalize your online experience and to remember you when you return to the site. A cookie is a text file that is anonymously placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies or other technologies placed when you visit our site do not personally identify you, but they do allow us to monitor certain statistics which help us improve our services, such as how many site visitors view certain pages on our website. Some cookies are deleted once you leave our Sites (“session cookies”), while other cookies remain after your leave our Sites (“persistent cookies”) so that you are recognized when you return to the Site.
You also have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or have some of our services, such as being automatically recognized as a registered user, function properly.
Because of the nature of our business, our products and services are not designed to appeal to minors, and therefore we do not knowingly attempt to solicit or receive any information from children under 18. If we are aware that information is being provided by a person under the age of 18 we will not collect the information.
We use the information we automatically collect to help us better plan our Sites to meet your needs. We sometimes use aggregated data (independent of any personal identifiers) for research and commercial purposes. This information includes what areas of our Public Site and what services are accessed most often.
We use the information you or an Employer provides to us through our Products only to perform the services for which we are engaged. Each Employer submitting information to us is responsible for ensuring that the information is accurate, complete and current; we will take reasonable steps to ensure that the information we collect and use is relevant to its intended use.
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, ComplySci is potentially liable.
If you are visiting our Public Site from outside the United States, you expressly and affirmatively consent to transferring your Personal Information to ComplySci in the United States, where it will be maintained and processed on our servers. You acknowledge and agree that the level of data protection in the United States may not be equal to the level of protection under the laws of other countries.
When your Employer uses our Products, the Employer is responsible for compliance with all data security laws and regulations applicable to the Employer’s submission of that Personal Information to ComplySci. This includes, without limitation, obtaining any required consent and providing a mechanism for you to access, update, correct or delete that Personal Information as described above.
The Personal Information submitted through the Public Site that is transferred to ComplySci in the United States will be used to respond to your requests for information.
The Personal Information submitted through our Products is transferred to ComplySci in the United States will be used to support the functions necessary to deliver the services to your Employer.
If you do not want ComplySci to use your personal data any longer, please contact your Employer’s Compliance Department. Please note that failure to grant consent or a decision to withdraw consent could impact ComplySci’s ability to provide products or services.
Individuals whose personal data is processed by ComplySci have the right under Privacy Shield to access, correct or delete their personal data. Employers are responsible for providing a mechanism for the individuals whose information they submit to ComplySci to update, correct, delete or make changes their Personal Information. If your information was submitted by an Employer, please contact that Employer’s Compliance Department, who will be responsible for making the change to your information. If you provided contact information through our Public Site you may contact us at firstname.lastname@example.org or 875 Avenue of the Americas, 12th Floor, New York, NY 10001.
ComplySci has administrative, physical and technical security measures in place to protect against the loss, misuse, and alteration of the information under our control. We comply with the Standards for Safeguarding Customer Information and other regulations promulgated under the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.) including Regulation SP. We utilize SSL (Secure Sockets Layer) encryption to protect your Personal Information during the transmission of data between your web browser and our servers. Please be aware that any information you send by email is not encrypted and is susceptible to interception over the internet.
While we take steps to protect your Personal Information, you also play a role in protecting your information. You can help to maintain the security of your online transactions by not sharing your log-on information or password with anyone. If we receive instructions using your log-on information and password we will assume that the instructions have been authorized by you.
ComplySci’s Public Site may contain links to other sites such as those of our affiliates and third parties. When you access these external Web sites, the providers of the sites will have access to certain information about you. ComplySci is not responsible for the privacy practices or the content of any Web sites that we do not directly control, and we encourage you to read the applicable privacy policies and terms and conditions of such parties or web sites.
ComplySci is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
ComplySci has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
ComplySci has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
As of August 12, 2016.