The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, 2016 the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law.
As a condition of use of this website and related Service (as defined below), You (“User(s)”) agree on your own behalf and on behalf of each entity on whose behalf you act, to the terms of this Policy, as amended from time to time, and to the practices for the collection, use, or disclosure of your personal information as described herein.
Collection and Use of Information
Company collects, uses, and retains information, including “Personal Information,” (“Information”), about Users and “User Companies” through our websites, through third party vendors, and through hosted on-demand software as a service software application, to service, identify, and communicate with Users and potential customers (collectively, the “Service”). Company works with third parties consisting of, vendors, suppliers, buyers, users, auditors, subcontractors, and agents such as lawyers and accountants.
Company is aware of the potential liability in cases of onward transfers of Privacy Shield data to third parties, and employ at a minimum, reasonable industry standard precautions to mitigate any potential risks. When transferring personal data to authorized third parties, Company agrees to the following: (i) transfer such data only for its limited and specified purposes (ii) ensure that third parties provide at least the same level of privacy protection as is required by the Principles (iii) take reasonable and appropriate steps to ensure that third parties effectively process the personal information transferred in a manner consistent with Company’s obligations under the Principles (iv) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing and (v) upon request, provide a summary or a representative copy of the relevant privacy provisions of the contract with the third party to the Department.
Public Facing Marketing Websites and Prospective Customers
Company publishes a public website for marketing purposes (www.Perfect.com) which is hosted in the Commonwealth of Virginia, in the United States.
As a general policy, Company does not automatically collect or store Information concerning visitors to our public websites except information generally considered “Website Visitor Analytics Data” such as:
The Internet address of the website from which User linked directly to our site, if any, and if navigating from a search engine site, may collect search information through one or more third party service providers,
The type of web browsing software User uses to view Company’s sites, such as Microsoft Internet Explorer, and
The date and time User accesses our site.
Website Visitor Analytics Data are not matched or cross referenced with other data except in conjunction with evaluating website effectiveness. Visitors to public facing marketing websites for Company may be asked to provide personal contact information with the purpose of soliciting contact by Company. The contact information that these visitors provide is added to a “Marketing List,” which is contained in a third party provided software as a service customer relationship management database hosted by a large U.S. based provider.
For the purpose of identifying potential business customers, Marketing Lists may be supplemented or additional contacts may be added from time to time using third party marketing list providers such as Zoom Information, Inc. or Hoovers. Company currently does not purchase marketing lists for European markets, except as provided in connection with fees for participation in a tradeshow or similar event. Whenever marketing lists are purchased, Company requires providers to make appropriate contractual representations regarding compliance with the privacy laws of the countries where the contacts are located. In addition, Information may be added to Marketing Lists from tradeshows or through personal interactions with employees or agents. Contact information typically included in the Marketing List includes name, title, business name, address, phone number, and e-mail address.
Company, or a contracted third-party marketing firm, will use the Marketing List to communicate on a regular basis with potential customers using email and/or a dynamic e-Newsletter with a Company domain and e-mail as the sender. Click through responses are collected, scored, and stored with the Marketing List. If the score is significant, a phone call will be placed to the target which will ask the target for confirmation that the user is interested. At any time, any person on a Marketing List may request to be removed, may request for access to their personal data, or may request a correction, amendment, or deletion be made to incorrect personal data, and such requests will be reasonably accommodated, except where providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Software as a Service Application
In addition to maintaining useful Marketing Lists, Company may use Information to provide Users with information relating to products and services provided by Company, to respond to specific questions from Users, to comply with certain reporting laws and regulations, to design or improve our products and services, to extend invitations to participate in sourcing events, and to communicate with Users regarding our offerings.
If User becomes a Customer of Company, (“Customer”), User will provide Company with additional information about User in order to facilitate transactions that User or User Companies may initiate through Company’s software as a service application.
If a Customer initiates a transaction through any software as a service application, that Information User provides will be used to facilitate the completion of the transaction.
If User subscribes to the Perfect Open Supplier Network (OSN) as a “Supplier,” Information may be shared with other Customers who use the OSN as “Buyers” as part of the Company trading partner directory, unless User exercises the Opt-out procedures below or otherwise restricts authorization of use as part of a signed contract with Company. Inclusion in the Company trading partner directory means that Information identifying Suppliers will be exposed to all Buyers using the OSN.
Customers of the Services will be using the Site to host data and information (“Data”). In the collection and use of this Data, Company generally functions as a Data Processor, as defined by various laws and as established in customer contracts.
Company will not review, share, distribute, print, or reference any such Data except as provided herein, in the contract agreement with Customer, or as may be required by law. Individual Data records may at times be viewed or accessed for the purpose of resolving a problem, support issue, suspected violation of the contract agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration login id and password.
Unless prohibited by law or by contract, Company aggregates Data containing personal information about Customers and the electronic commerce conducted through the OSN in order to, among other things, compile and distribute aggregated or sanitized statistics and general OSN information about Customers. Company does this in a manner that would not reveal individual personal information except to a Customer and only then would do so for its own Users.
Company requires Customers who register to use the services offered on our websites or software as a service application to provide information which may include: contact name, company name, address, phone number, e-mail address, and financial qualification and billing information such as, billing name and address, credit card number for billing purposes, and the number of Users within the organization that will be using the Service. When a Customer expresses interest in obtaining additional information, or when a Customer registers for the Service, we may also ask for additional personal information, such as title, department name, fax number, or additional company information, such as annual revenues, number of employees, or industry. Company cautions Customers against sending credit card information in email, however, Company uses encryption technology in its email systems to mitigate some risk.
Customers can opt out by not providing Information when asked or by making a request in accordance with the Opt-out procedures below. Customers with log-in information may also update or remove their personal information at any time by logging into the applications they use and editing their Personal Information within Setup. If this functionality is unavailable with User’s specific software as a service application, or if functionality is otherwise not available, then Information collected may be retrieved and modified upon the reasonable request of the User to firstname.lastname@example.org. Upon receiving such request, Company may demand that User reasonably demonstrate the validity of his or her identity. Company will not require that any Personal Information be transmitted via unsecured email.
Generally, Company does not collect Sensitive Information from Users as defined by various laws, except to the extent that a person’s name, title, employer, telephone number, email address, tax identification number, and business address may be considered Sensitive Information in a particular jurisdiction. The one exception to this is, in the U.S., we do allow our customers to collect business registration information for minority business programs designed to promote minority owned businesses. To that end, by using our website and services, applicable Users consent to potentially having some sensitive information collected, for the aforementioned limited purpose(s). Tax identification information may be collected in general business documents such as IRS Form I-9. Company complies with all laws where it does business regarding this tax identification information. Sensitive Information of Company’s employees may be collected and/or used only as required by law.
International Transmission of Information (including Employee Information)
From time to time, personal information may be shared by Proactis Holdings and its non-U.S. subsidiaries with Company, however, personal information is not shared directly within Proactis Holdings except between subsidiaries within the European Union. Personal information may be shared by Company with Proactis Holdings and its non-U.S. subsidiaries, unless expressly prohibited by law.
Generally, for Marketing Lists, vendor information, and human resources information, Company has instituted specific procedures to protect the privacy of the employees of customers and of Company’s employees. Company provides Customers the option of setting up a semi-anonymous account for the transfer of their employees’ account information. Employees of Company are provided the option to “opt-in” to Company’s transfer of their personal data, however, if preferred, alternative arrangements can be made. Contact Company at email@example.com if arrangements in accordance with this section are necessary or desired.
Employee Access to Confidential Information
Right to Access, Correct or Delete Personal Data
Individual Users have the right to know what Personal Data about them is included in Company’s databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Company collected it. Individual Users may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Company’s policies. Upon reasonable request and as required by the Privacy Shield principles, Company allows Individual Users access to their own Personal Data, in order to correct or amend such data where inaccurate.
Individuals may edit their Personal Data by logging into their account profile or by contacting Company at firstname.lastname@example.org. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Individual Customers should submit a written request to Company at email@example.com.
Company will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.
Protection of Information via Established Security Procedures
Company maintains security standards and procedures to help prevent unauthorized access to confidential information about you that is under our control. We update and test our technology to improve the protection of our information about you and to help assure the integrity of our information.
When our software as a service application is accessed using web browsers, Secure Socket Layer (SSL) technology is used to protect information using both server authentication and data encryption that help ensure that Data is safe, secure, and available only to the User. Company also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Site in a secure server environment that uses firewall and other technology to prevent interference or access from outside intruders. Finally, Company provides unique user names and passwords that must be entered each time that a Customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.
Cache Storage of Information
Internet browser software typically stores/caches information from the website being visited on the hard drive of the User. This means that information viewed or inputted during a visit to a website can usually be viewed again by merely hitting the “BACK” button in your browser. Some websites issue a “no-cache” command to browsers to prevent this temporary storage. To provide better service to Users, we do not send this command to the browser. To better protect your personal information, Users should clear their cache of information from their computers periodically. Instructions for clearing this cache are usually included in the User’s browser.
To provide better service, Company, its agents, or both, may use “cookies.” A cookie is a small bit of information sent to your browser application that is written into storage, so that it can be retrieved later. A cookie is a way for a web site to recognize whether or not you have visited the site before. Your web browser can be set to inform you when cookies are set or to prevent them from being set.
Company uses two types of cookies: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include information such as a unique identifier for your browser. Company uses session cookies containing encrypted information to allow the system to uniquely identify Users while logged in. Session cookies are required in order to use Company’s software as a service application. Company also uses persistent cookies, that are useful for Company to identify the fact that you are a Customer or a prior web site visitor. Company is very careful about the security and confidentiality of the information stored in persistent cookies. For example, Company does not store account numbers or passwords in persistent cookies.
Website Links and Third-Party Content
This policy covers only information that is collected by Company’s websites or software as a service application. It does not cover information collected on sites that are not operated by Company, or by a Customer’s vendor on its own behalf, or sites that appear as links on a Customer’s portion of the software as a service application.
At any time, individuals can opt out of being contacted or receiving information from us, simply by sending an email to firstname.lastname@example.org, or by sending regular mail to the address listed below. We will reasonably accommodate all requests. In addition, Company does not intend to collect information of legal minors (for example, persons under the age of 18 in the United States.) If you have reason to believe that Company has personal information of minors, please inform Company immediately.
Investigatory and Enforcement Powers
Company acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).,
Company may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including, to meet national security or law enforcement requirements.
Enforcement of Policy
Attn: Legal Department
PO Box 12079
Newport News, VA 23612
Company will respond to your concerns within 45 days. If you do not receive a response within 45 days, you may seek enforcement of this Policy by initiating a complaint. Company has committed to refer unresolved privacy complaints under the US-EU Privacy and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers
for more information and to file a complaint. Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. This arbitration option is available to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles, and whether any such violation remains fully or partially unremedied. For more information on the Privacy Shield Panel visit https://www.commerce.gov/sites/commerce.gov/files/media/files/2016/eu_us_privacy_shield_full_text.pdf.pdf
To better serve you, if you use email, Company will generally preserve the content of your email, including, your email address, and our response. Depending on the content of your email, we may be required by existing laws and regulations to keep this information.
If you send email to us, please remember that email is not secure against interception. If your email contains information that is very sensitive or includes personal information such as account numbers, charge card or credit card numbers, or social security number, please send this information via postal mail or contact us to establish or verify a secure electronic transmission process.
Contact Information and Internal Procedures
If you have any questions, please contact us at email@example.com or call our Headquarters and ask to speak with someone from the Legal Department. A team of legal and information technology experts will review the Policy annually and will report internally on compliance to the certifying officer for this program prior to recertification to the US Department of Commerce.
Swiss-US Privacy Shield Framework
Attn: Legal Department
PO Box 12079
Newport News, VA 23612
Company has further committed to refer unresolved privacy complaints under the Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers
for more information and to file a complaint.
HR Data From the European Union
Company agrees to cooperate with local DPAs for HR Data. Users with an HR Data complaint should first contact us at the address above. If your HR Data complaint has not been resolved in a timely manner, users may also file a complaint with their local Data Protection Authority (“DPA”). For information on how to contact your EU jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
Original Certification date:
June 16 2017
Next Certification date:
29 January 2020