EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
Servicengine designs, develops, and licenses employee relocation Software to its Clients, including those who have offices located in the European Economic Area (EEA) and/or Switzerland. Personal Information may be collected by Servicengine and/or Clients in support of their relocation policy and/or business operations. Our Software supports our Clients in managing the Personal Information of their employees, clients, and service providers. While Servicengine does not have control over the internal business practices of our Clients as relates to this personal data, we do provide the Software tools to maintain and help protect this data.
Servicengine respects individual privacy and values the confidence of our Clients, their employees, customers, and business partners. We strive to maintain the integrity of our Software with the highest levels of data protection and application security standards. We uphold the highest ethical standards in our business practices. Servicengine adheres to the Top Ten rules of OWASP (Open Web Application Security Project).
The following Policy sets forth the framework, practices, and procedures of Servicengine Corporation in its compliance with EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that encounters, collects, or uses Personal Information under the instructions of, and for Servicengine.
“Client” means any customer of Servicengine, located in the EEA, for whom we license our Software and includes the clients of our Clients.
“Employee” means any individual employed by or under contract to Servicengine.
“Servicengine” means Servicengine Corporation, its predecessors, successors, subsidiaries, divisions and groups in the United States.
“Software” means the Servicengine Software, including all extended modules and encompassing the code and related materials and documentation.
“Personal Information” means any information or set of information that identifies or could be used by or on behalf of Servicengine to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.
Servicengine is subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC).
The EU-US Privacy Shield and Swiss-US Shield Privacy Policies (the “Policy”) apply to all Personal Information received by Servicengine from the EEA or Switzerland, in any format, including electronic, paper or verbal.
Please note that Servicengine does not have control over the business policies and practices of our Clients or the use they may make of Personal Information.
In-connection with its Software, Servicengine provides product development services, hosting services, solution engineering services, professional technical services, data migration services, and product technical support services (collectively “Services”) to its hosted and non-hosted Clients in the EEA and Switzerland through Employees who may be in the U.S. These U.S.-based employees may encounter, access or review Personal Data to provide Services to our Clients located in the EEA or Switzerland. Examples of personal data include Name, Address, Bank Information, Employee ID, Salary, Phone Numbers and SSN. Servicengine uses appropriate methods to secure all personnel and sensitive information, including: restricting access to such information only to those who have a specific need to know to perform a job function, securing access methods to where the information is managed, and the use of technical or physical controls to secure the information.
Servicengine does not itself collect Personal Information directly from individuals in the EEA or Switzerland. To the extent the Software receives, stores, or processes Personal Information from our Clients in the EEA or Switzerland, we use and disclose such information in accordance with the notices provided by our Clients, only if consistent with the EU-US and Swiss-US Privacy Shield Principles.
ACCOUNTABILITY FOR THIRD PARTY AGENTS:
Servicengine may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Servicengine takes reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Servicengine adheres to its own internal Information Security Management System Secure Media Management Policy for handling and processing of Client data.
DATA INTEGRITY AND PURPOSE LIMITATION:
Servicengine does not use Personal Information provided to our Clients. When directed by our Clients to process such information, Servicengine uses Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Servicengine takes reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.
RIGHT TO ACCESS:
Servicengine acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Privacy Shield and will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Servicengine will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at firstname.lastname@example.org.
ENFORCEMENT AND LIABILITY:
Servicengine conducts compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Servicengine determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
Any individuals with questions or concerns regarding the use or disclosure of Personal Information should be directed to our Client, who is the data controller. If the question or concern is from our Client, then contact Servicengine at the address given below. Servicengine will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For complaints that cannot be resolved between Servicengine and the complainant, Servicengine has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Principles:
Servicengine has committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus www.bbb.org/EU-privacy-shield/for-eu-consumers.
Servicengine also commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Finally, as a last resort and in limited situations, EU or Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
LIMITATION ON APPLICATION OF PRINCIPLES:
Adherence by Servicengine to these EU-US and Swiss-US Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; (c) to the extent expressly permitted by an applicable law, rule or regulation; and (d) to the extent that Servicengine has limited or no control over the actions of its Clients regarding use of Personal Information that they have collected.
Questions or comments regarding this Policy should be submitted to the Servicengine by mail to:
Servicengine Corporation Inc., 39 Old Ridgebury Road, Suite 17, Danbury, CT 06810
Or by e-mail to email@example.com