EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework

Servicengine designs, develops, and licenses employee relocation Software to its Clients, including those who have offices located in the European Economic Area (EEA) and/or Switzerland. Personal Information may be collected by Servicengine and/or Clients in support of their relocation policy and/or business operations. Our Software supports our Clients in managing the Personal Information of their employees, clients, and service providers. While Servicengine does not have control over the internal business practices of our Clients as relates to this personal data, we do provide the Software tools to maintain and help protect this data.

Servicengine respects individual privacy and values the confidence of our Clients, their employees, customers, and business partners. We strive to maintain the integrity of our Software with the highest levels of data protection and application security standards. We uphold the highest ethical standards in our business practices. Servicengine adheres to the Top Ten rules of OWASP (Open Web Application Security Project).

The following Policy sets forth the framework, practices, and procedures of Servicengine Corporation in its compliance with EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that encounters, collects, or uses Personal Information under the instructions of, and for Servicengine.

“Client” means any customer of Servicengine, located in the EEA, for whom we license our Software and includes the clients of our Clients.

“Employee” means any individual employed by or under contract to Servicengine.

“Servicengine” means Servicengine Corporation, its predecessors, successors, subsidiaries, divisions and groups in the United States.

“Software” means the Servicengine Software, including all extended modules and encompassing the code and related materials and documentation.

“Personal Information” means any information or set of information that identifies or could be used by or on behalf of Servicengine to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

EU-US AND SWISS-US PRIVACY SHEILD PRIVACY POLICY

Servicengine maintains compliance with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries and Switzerland, respectively. Servicengine has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov

Servicengine is subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC).

SCOPE

The EU-US Privacy Shield and Swiss-US Shield Privacy Policies (the “Policy”) apply to all Personal Information received by Servicengine from the EEA or Switzerland, in any format, including electronic, paper or verbal.

Please note that Servicengine does not have control over the business policies and practices of our Clients or the use they may make of Personal Information.

In-connection with its Software, Servicengine provides product development services, hosting services, solution engineering services, professional technical services, data migration services, and product technical support services (collectively “Services”) to its hosted and non-hosted Clients in the EEA and Switzerland through Employees who may be in the U.S. These U.S.-based employees may encounter, access or review Personal Data to provide Services to our Clients located in the EEA or Switzerland.  Examples of personal data include Name, Address, Bank Information, Employee ID, Salary, Phone Numbers and SSN. Servicengine uses appropriate methods to secure all personnel and sensitive information, including: restricting access to such information only to those who have a specific need to know to perform a job function, securing access methods to where the information is managed, and the use of technical or physical controls to secure the information.

PRIVACY PRINCIPLES

GENERAL:

Servicengine does not itself collect Personal Information directly from individuals in the EEA or Switzerland. To the extent the Software receives, stores, or processes Personal Information from our Clients in the EEA or Switzerland, we use and disclose such information in accordance with the notices provided by our Clients, only if consistent with the EU-US and Swiss-US Privacy Shield Principles.

ACCOUNTABILITY FOR THIRD PARTY AGENTS:

Servicengine does not transfer Personal Information to third parties outside of its Agents such as development contractors, application content providers or hosting services providers. If this practice should change in the future we will update this privacy policy and allow individuals with opt-in or opt-out choice. To the extent that Agents encounter or use Personal Information, Servicengine obtains assurance from the Agents that they will safeguard Personal Information consistently with this Policy. Examples of appropriate assurances include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant EU-US and Swiss-US Privacy Shield Principles. Where Servicengine receives knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy, Servicengine will take reasonable steps to prevent or stop the use or disclosure. Pursuant to the Privacy Shield Frameworks, Servicengine may be liable for the appropriate onward transfer of EU and Swiss individual’s personal data to third parties.

Servicengine may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

SECURITY:

Servicengine takes reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Servicengine adheres to its own internal Information Security Management System Secure Media Management Policy for handling and processing of Client data.

DATA INTEGRITY AND PURPOSE LIMITATION:

Servicengine does not use Personal Information provided to our Clients. When directed by our Clients to process such information, Servicengine uses Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Servicengine takes reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

RIGHT TO ACCESS:

Servicengine acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Privacy Shield and will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Servicengine will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at contact@servicengine.com.

ENFORCEMENT AND LIABILITY:

Servicengine conducts compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Servicengine determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

DISPUTE RESOLUTION:

Any individuals with questions or concerns regarding the use or disclosure of Personal Information should be directed to our Client, who is the data controller. If the question or concern is from our Client, then contact Servicengine at the address given below. Servicengine will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For complaints that cannot be resolved between Servicengine and the complainant, Servicengine has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Principles:

Servicengine has committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus www.bbb.org/EU-privacy-shield/for-eu-consumers.

Servicengine also commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Finally, as a last resort and in limited situations, EU or Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

LIMITATION ON APPLICATION OF PRINCIPLES:

Adherence by Servicengine to these EU-US and Swiss-US Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; (c) to the extent expressly permitted by an applicable law, rule or regulation; and (d) to the extent that Servicengine has limited or no control over the actions of its Clients regarding use of Personal Information that they have collected.

CONTACT INFORMATION

Questions or comments regarding this Policy should be submitted to the Servicengine by mail to:

Servicengine Corporation Inc., 100 Reserve Road, Suite D310, Danbury, CT 06810

Or by e-mail to contact@servicengine.com

CHANGES TO THIS PRIVACY SHIELD PRIVACY POLICY

This Policy may be amended from time to time, consistent with the requirements of the EU-US and Swiss-US Privacy Shield Principles. A notice will be posted on the Servicengine web site http://www.servicengine.com/ for 60 days whenever this EU-US and Swiss-US Privacy Shield Privacy Policy is changed in a material way.