|
This Safe Harbor Privacy Policy (this
“Policy”) sets forth the privacy principles
Real Soft, Inc. (“RSI”) follows with respect
to all Personal Information (defined below) received
by RSI from the European Economic Area (“EEA”)
(which includes the twenty-seven member states of the
European Union (“EU”) plus Iceland, Liechtenstein
and Norway) and from Switzerland.
Safe Harbor
The United States Department of Commerce
and the European Commission have agreed on a set of
data protection principles and frequently asked questions
to enable United States companies to satisfy the requirement
under European Union law that adequate protection be
given to Personal Information transferred from the EEA
to the United States (the “U.S.-EU Safe Harbor”).
The EEA also has recognized the U.S.-EU Safe Harbor
as providing “adequate” data protection.
The United States Department of Commerce and the Federal
Data Protection and Information Commissioner of Switzerland
(“Swiss FDPIC”) have agreed on a similar
set of principles and frequently asked questions to
enable U.S. companies to satisfy the requirement under
Swiss law that adequate protection be given to Personal
Information transferred from Switzerland to the United
States (the “U.S.-Swiss Safe Harbor”). RSI
complies with the principles set forth in the U.S.-EU
Safe Harbor and the U.S.-Swiss Safe Harbor. To learn
more about the Safe Harbor program, and to view RSI’s
certification, please visit http://www.export.gov/safeharbor/.
SCOPE
This Policy applies to all Personal Information
received by RSI in the United States from the EEA and
from Switzerland, in any format, including electronic,
paper or verbal.
DEFINITIONS
For purposes of this Policy, the following
definitions shall apply:
“Agent” means any third party
that collects or uses Personal Information under the
instructions of, and solely for, RSI or to which RSI
discloses Personal Information for use on RSI’s
behalf.
“Personal Information” or
“Information” means information that (1)
is transferred from the EEA or Switzerland to the United
States; (2) is recorded in any form; (3) is about, or
pertains to a specific individual; and (4) can be linked
to that individual. Personal information does not include
information that is encoded or anonymized, or publicly
available information that has not been combined with
non-public Personal Information.
“Sensitive Personal Information”
means Personal Information that reveals race, ethnic
origin, sexual orientation, political opinions, religious
or philosophical beliefs, trade union membership or
that concerns an individual’s health.
DATA PROCESSOR
RSI acts in the capacity of a “data
processor” on behalf of its “data controller”
clients with respect to Personal Information. RSI acts
only on the instructions of its data controller clients
and does not control or share such data without direction
from the client. For such processing, RSI enters into
appropriate agreements with its clients providing that
the client is the data controller for the purpose of
the EU Data Directive and is in compliance with the
applicable data protection laws. RSI does NOT act in
the capacity of a “data controller” in its
engagements.
PRIVACY PRINCIPLES
Notice
As an agent processing Personal Information
under the direction of its “data controller”
clients, RSI has no direct relationship with the individuals
whose Personal Information it processes. Prior to the
transfer of any Personal Information from the EEA or
Switzerland to the United States, RSI requires its clients
to certify that the Personal Information has been collected
in accordance with applicable data protection laws,
including that the client has provided appropriate notice
to individuals, including information concerning (1)
the purposes for which Personal Information is collected
and used; (2) a contact person to whom enquiries or
complaints may be directed; (3) the types of third parties
to whom Personal Information is disclosed; and (4) the
choices and means that individuals are offered for limiting
use and disclosure of Personal Information.
Choice
As an agent processing Personal Information
under the direction of its “data controller”
clients, RSI has no direct relationship with the individuals
whose Personal Information it processes. Prior to the
transfer of any Personal Information from the EEA or
Switzerland to the United States, RSI requires its clients
to certify the Personal Information has been provided
to RSI in accordance with the applicable data protection
laws to ensure the individuals have been provided with
appropriate choice regarding how their Information may
be used, including the opportunity (1) to choose (opt-out)
whether their Personal Information is disclosed to a
third party or used for a purpose incompatible with
the purpose for which it was originally collected or
subsequently authorized by the individual, and with
respect to Sensitive Personal Information, (2) to affirmatively
consent (opt-in) to the disclosure of their Sensitive
Personal Information to a third party or used for a
purpose other than its original purpose or the purpose
authorized subsequently by the individual. RSI only
processes Personal Information for purposes that are
compatible with those for which it was originally collected
or subsequently authorized by the individual. RSI only
discloses Personal Information to third parties at the
direction of its client as data controller or when required
by law.
Onward Transfer
In the event RSI were to utilize Agents
to perform tasks on behalf of RSI, RSI would require
its Agents to enter into a written agreement with RSI
to safeguard the Personal Information consistent with
this Policy, the U.S.-EU Safe Harbor and the U.S.-Swiss
Safe Harbor Principles. Where RSI has knowledge that
an Agent is using or disclosing Personal Information
in a manner contrary to this Policy, the U.S.-EU Safe
Harbor, or the U.S.-Swiss Safe Harbor Principles, RSI
will take reasonable steps to prevent or stop the use
or disclosure.
Security
RSI takes reasonable steps to protect
the Personal Information from loss, misuse and unauthorized
access, disclosure, alteration and destruction. RSI
has put in place appropriate physical, electronic and
managerial procedures to safeguard and secure the Information
from loss, misuse, unauthorized access or disclosure,
alteration or destruction.
Data Integrity
RSI will use Personal Information only
in ways that are compatible with the purposes for which
it was collected or subsequently authorized by the individual.
RSI will take reasonable steps to ensure that Personal
Information is relevant to its intended use, accurate,
complete, and current.
Access
As a data processor, RSI has no direct
relationship with the individuals whose Personal Information
it processes. An individual who seeks access, or who
seeks to correct, amend, or delete inaccurate data should
direct their query to the data controller client of
RSI which has transferred such data to RSI for processing.
RSI requires its data controller clients to agree to
provide individuals reasonable access to their Personal
Information and to correct, amend or delete Personal
Information that is demonstrated to be incomplete or
inaccurate, in accordance with applicable data protection
laws.
Enforcement
RSI uses a self-assessment approach to
assure compliance with this Policy and periodically
verifies that this Policy is accurate, comprehensive
for the information intended to be covered, prominently
displayed, completely implemented and accessible and
in conformity with the U.S.-EU Safe Harbor and U.S.-Swiss
Safe Harbor Principles. Any employee that RSI determines
is in violation of this Policy will be subject to disciplinary
action up to and including termination of employment.
We encourage interested persons to raise any concerns
using the contact information provided below and we
will investigate and attempt to resolve any complaints
and disputes regarding use and disclosure of Personal
Information in accordance with the U.S.-EU Safe Harbor
and/or U.S.-Swiss Safe Harbor Principles. If a complaint
or dispute cannot be resolved through our internal process,
we have agreed to cooperate and to participate in the
dispute resolution procedures with the data protection
authorities located in the EU or their authorized representative
(for Personal Information received from the EEA) or
with the Swiss FDPIC (for Personal Information received
from Switzerland).
LIMITATION ON APPLICATION OF PRIVACY
PRINCIPLES
Adherence by RSI to these privacy principles
may be limited to the extent necessary to respond to
a legal or ethical obligation or to meet national security,
public interest or law enforcement obligations.
CONTACT INFORMATION
Questions or comments regarding this Policy
should be submitted to RSI as follows:
Real Soft, Inc.
Attn: EU Safe Harbor Compliance
2540 Route 130 North, Suite 118
Cranbury, NJ 08512
Email – ashish@realsoftinc.com
CHANGES TO THIS POLICY
RSI may update or amend this Policy
from time to time, consistent with the requirements
of the U.S.-EU Safe Harbor and U.S.-Swiss Safe Harbor
Principles. A notice will be posted on the RSI’s
web site (www. realsoftinc.com) for 30 days whenever
this Policy is updated or amended. Policy updates shall
be effective the date the change is first posted on
the web site.
|