Privacy Policy

Compliance Science, Inc. (dba “ComplySci™”) owns and operates a public website (“Public Site”) as well as our hosted Saas products (“Products”), which are restricted to authorized users. We recognize and respect the privacy of users who interact with us. Not only does ComplySci collect, use and disclose personal Information in a manner consistent with the applicable laws and regulations of the United States and other countries in which it does business, but it also has a tradition of upholding high ethical standards in its business practices. This Privacy Policy describes what information we collect when you interact with us, how we use, share and protect that information, and how you can access and update it. It also applies to all personal information received by ComplySci in the United States from the European Economic Area (“EEA”) (which includes the Member States of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) to the United States and from Switzerland to the United States in any format, including electronic, paper or oral. It is effective on the date posted below and applies to our use of your information after that date. This Privacy Policy provides notice to individuals regarding the use, collection and disclosure of their personal information.


 

EU-US Privacy Shield

ComplySci complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. ComplySci adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

US-Swiss Safe Harbor

ComplySci complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  ComplySci has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.  If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor

Definitions

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that uses Personal Information provided by ComplySci to perform tasks on behalf of and under the instructions of Compliance Science, Inc.

“ComplySci” means Compliance Science, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States of America.

“Employer” means the entity employing the individuals whose information is submitted to ComplySci, or the entity employing someone who is required to provide the individual’s information by the terms of their employment. Each Employer has a contractual relationship with ComplySci with regard to the services that ComplySci will perform including services performed through PTCC.

“Personal Information” means any information or set of information that identifies or could be used by or on behalf of ComplySci to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

“Sensitive Personal Information” means Personal Information that reveals race, national origin, political opinions, religion or philosophical beliefs, or trade union membership, or that concerns criminal convictions, health, marital status, or sexual orientation, preference or activities. In addition, ComplySci will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.

Information ComplySci Collects

In general, you can visit our Public Site without telling us who you are or revealing any information about yourself. We may collect and use certain information from our visitors for our general business use, for example, to help us administer our business, improve our services or adjust our site to meet our users’ needs and expectations. Some of this information is not personally identifiable, such as information collected automatically through cookies, and other information is personally identifiable, such as information provided when an Employer registers for any of our online services or uses our applications.

Site Use Information Collected Automatically

We may gather site usage information from any visitor to our Public Site. Our servers may track and collect information about your browser, domain name, IP address and the web pages you visit. This information generally does not personally identify you. It is aggregated to measure the number of visits, your use of the site, pages viewed, and so on. We also gather similar usage information through the use of our Products.

This information lets us see how users are finding our Public Site and it tells us which pages are visited the most often so we can make our Products more useful. We may share with third parties this experiential information or other data which does not personally identify visitors to our Sites.

Information Provided to ComplySci

In addition to the information automatically collected by your browser, we may collect information that is provided to us through our Public Site or our Products.

Public Site: There may be areas on our Public Site where you may provide personal information to obtain access to certain online services not available to anonymous visitors.

Products: Our Products offer services to Employers to assist with their compliance, legal or governance obligations. Access to our Products is restricted to registered Employers with whom we have an ongoing contractual relationship and their designated authorized users. Employers contract with ComplySci to collect data. The Employer determines what data is sent, how it is updated and for how long it is held. Prior to sending us your data, the Employer and ComplySci enter into agreements that govern the use, confidentiality and security of the data. We only use the data to support the business requirements of the Products, and we never share your data with third parties other than as set out in this Privacy Policy. If you or your Employer use our Products you will be required to provide a piece of identifying information (a user name) and to select a password which will be used to access your information. During the registration process we collect information (“Registration Information”) which may include your name, email address, and brokerage account number(s) and associated holdings; this information may be submitted by you, by the Employer, or by brokers. Some of this information may be optional depending on your Employer’s compliance requirements. In order to carry out our services, we may view transactional information in the brokerage accounts you or an Employer designate. ComplySci is not responsible for the accuracy of the information provided to us.

ComplySci only receives your data under the following circumstances:

1) Your Employer is required to comply with a legal or governance obligation and has sent us your information in connection with that compliance effort. Your consent was likely given as a condition of employment. To verify the consent process please contact your Employer’s HR department. If you believe your consent was not obtained, ComplySci may remove your data upon written notice from you after we consult with your Employer.

2) ComplySci also may have received your data if a member of your household is employed by an Employer that has to comply with a legal or governance obligation and has provided the data to us in connection with that compliance effort. To verify the consent process please contact the HR department of the appropriate Employer. If you believe your consent was not obtained, ComplySci may remove your data upon written notice from you after we consult with the Employer.

Email contact. If your email address is submitted through the Public Site, or if you send us an email or request information, ComplySci will retain your contact information and use it to respond to your inquiry. We may also use your email and contact information for our general business purposes including to notify you about product updates and technical notifications (i.e. firewall or IP Address changes).You may unsubscribe or change your email address for these communications at any time by following the instructions in each such email. If your email address is in our Application, ComplySci may use your email address to respond to your inquiries or communicate with you regarding the Application.

By providing Personal Information through our Public Site, you explicitly agree to our collection and use of all such information as described in this Privacy Policy. You agree that we may use the Personal Information you provide to respond to your inquiries, or contact you regarding customer service

Cookies

Our Sites use “cookies” and other similar technologies to help personalize your online experience and to remember you when you return to the site. A cookie is a text file that is anonymously placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies or other technologies placed when you visit our site do not personally identify you, but they do allow us to monitor certain statistics which help us improve our services, such as how many site visitors view certain pages on our website. Some cookies are deleted once you leave our Sites (“session cookies”), while other cookies remain after your leave our Sites (“persistent cookies”) so that you are recognized when you return to the Site.

You also have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or have some of our services, such as being automatically recognized as a registered user, function properly.

Child Privacy

Because of the nature of our business, our products and services are not designed to appeal to minors, and therefore we do not knowingly attempt to solicit or receive any information from children under 18. If we are aware that information is being provided by a person under the age of 18 we will not collect the information.

How We Use Your Information

The use of your information is subject to the Privacy Policy in effect at the time of use. The provisions of this Privacy Policy supersede all previous notices or statements regarding our privacy practices with respect to this Site.

We use the information we automatically collect to help us better plan our Sites to meet your needs. We sometimes use aggregated data (independent of any personal identifiers) for research and commercial purposes. This information includes what areas of our Public Site and what services are accessed most often.

We use the information you or an Employer provides to us through our Products only to perform the services for which we are engaged. Each Employer submitting information to us is responsible for ensuring that the information is accurate, complete and current; we will take reasonable steps to ensure that the information we collect and use is relevant to its intended use.

Disclosing Information to Third Parties

ComplySci does not disclose or share any Personal Information with third parties, except Employers who use our Products, or brokers as set forth in this paragraph. The information that you provide to us or that is provided to us by an Employer is used only to identify you as part of the services we provide to an Employer. It is possible that we may be asked by an Employer to provide, or an Employer may provide, certain brokers a list of accounts as part of the services we provide. The only circumstance under which your personal information may be disclosed is (1) if you request or authorize it, (2) if the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of others, (3) if the disclosure is done as part of a purchase, transfer or sale of services or assets, (4) if the information is provided to a broker as provided in the preceding sentence, (5) if the information is provided to an Employer, or (6) as otherwise described in this privacy policy. CSI may be liable in cases of onward transfers of Privacy Shield data to third parties.

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, ComplySci is potentially liable.

International Site Visitors

If you are visiting our Public Site from outside the United States, you expressly and affirmatively consent to transferring your Personal Information to ComplySci in the United States, where it will be maintained and processed on our servers. You acknowledge and agree that the level of data protection in the United States may not be equal to the level of protection under the laws of other countries.

When your Employer uses our Products, the Employer is responsible for compliance with all data security laws and regulations applicable to the Employer’s submission of that Personal Information to ComplySci. This includes, without limitation, obtaining any required consent and providing a mechanism for you to access, update, correct or delete that Personal Information as described above.

The Personal Information submitted through the Public Site that is transferred to ComplySci in the United States will be used to respond to your requests for information.

The Personal Information submitted through our Products is transferred to ComplySci in the United States will be used to support the functions necessary to deliver the services to your Employer.

If you do not want ComplySci to use your personal data any longer, please contact your Employer’s Compliance Department. Please note that failure to grant consent or a decision to withdraw consent could impact ComplySci’s ability to provide products or services.

How To Access or Update Your Information

Individuals whose personal data is processed by ComplySci have the right under Privacy Shield to access, correct or delete their personal data. Employers are responsible for providing a mechanism for the individuals whose information they submit to ComplySci to update, correct, delete or make changes their Personal Information. If your information was submitted by an Employer, please contact that Employer’s Compliance Department, who will be responsible for making the change to your information. If you provided contact information through our Public Site you may contact us at privacy@complysci.com or 875 Avenue of the Americas, 12th Floor, New York, NY 10001.

Our Security Measures

ComplySci has administrative, physical and technical security measures in place to protect against the loss, misuse, and alteration of the information under our control. We comply with the Standards for Safeguarding Customer Information and other regulations promulgated under the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.) including Regulation SP. We utilize SSL (Secure Sockets Layer) encryption to protect your Personal Information during the transmission of data between your web browser and our servers. Please be aware that any information you send by email is not encrypted and is susceptible to interception over the internet.

While we take steps to protect your Personal Information, you also play a role in protecting your information. You can help to maintain the security of your online transactions by not sharing your log-on information or password with anyone. If we receive instructions using your log-on information and password we will assume that the instructions have been authorized by you.

Links From Our Site To Other Sites

ComplySci’s Public Site may contain links to other sites such as those of our affiliates and third parties. When you access these external Web sites, the providers of the sites will have access to certain information about you. ComplySci is not responsible for the privacy practices or the content of any Web sites that we do not directly control, and we encourage you to read the applicable privacy policies and terms and conditions of such parties or web sites.

Enforcement and Dispute Resolution

ComplySci is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

In compliance with the EU-US Privacy Shield Principles, ComplySci commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact ComplySci at: privacy@complysci.com

ComplySci has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

In compliance with the US-Swiss Safe Harbor Principles, ComplySci commits to resolve complaints about your privacy and our collection or use of your personal information.  Swiss citizens with inquiries or complaints regarding this privacy policy should first contact ComplySci at: privacy@complysci.com

ComplySci has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Changes to this Privacy Policy

We will occasionally amend this Privacy Policy to reflect company and customer feedback and we reserve the right to make changes to this Privacy Policy at any time. The use of your information is subject to the Privacy Policy and Terms of Use in effect at the time of use. The provisions contained in this Privacy Policy supersede all previous notices or policies regarding our privacy practices with respect to this site.

Contacting COMPLYSCI

If you have any questions, comments, access requests or any other issues arising under the Privacy Shield or regarding our Privacy Policy or our website, you can contact our Compliance Department at privacy@ComplySci.com. This email address is being protected from spambots. You need JavaScript enabled to view it.

As of August 12, 2016.