Data Visualization Intelligence (“DVI”) respects individual privacy and values the confidence of its customers, employees, business partners and others. Not only does DVI strive to collect, use and disclose Personal Information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This EU-U.S. Privacy Shield Policy (this “Policy”) sets forth the privacy principles DVI follows with respect to transfers of Personal Information from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) to the United States.
EU-U.S. PRIVACY SHIELD PRINCIPLES
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to Personal Information transferred from the EEA to the United States (the “EU-U.S. Privacy Shield”). The EEA also has recognized the EU-U.S. Privacy Shield as providing adequate data protection (Decision C (2016) 4176 final, 12.7.2016, Article 1 (1)). Consistent with its commitment to protect personal privacy, DVI complies with the principles set forth in the EU-U.S. Privacy Shield (the “Privacy Shield Principles”) and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms contained this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. Privacy Shield, and to view our certification, please visit https://www.privacyshield.gov.
This Policy applies to all Personal Information, including the employee information described below, received by DVI in the United States from the EEA, in any format, including electronic, paper or verbal.
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, DVI or to which DVI discloses Personal Information for use on DVI’s behalf.
“Personal Information” and “Personal Data” means data about an identified or identifiable individual that are within the scope of the EU-U.S. Privacy Shield, received by an organization in the United States from the EU, and recorded in any form.
“Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
DVI means Data Visualization Intelligence, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States.
DVI collects Personal Information from and about contingent workers, employees, former employees and prospective employees. Such Personal Information can include a person’s name, contact information, social security or government-issued identification number, financial information, education and employment history, information about one’s family (spouse and dependents, for example), and job performance and development. The primary purpose for collecting such Personal Information is to carry out the employment relationship, including, without limitation, payment, compensation planning and related transactions, providing and managing benefits, performance management, career development, training, staffing, considering candidates for open positions, personnel security issues, and statistical analysis.
The privacy principles in this Policy have been developed based on the Privacy Shield Principles.
NOTICE: Where DVI collects Personal Information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses Personal Information about them, the types of third parties to which DVI discloses that information, the choices and means, if any, DVI offers individuals for limiting the use and disclosure of Personal Information about them, and how to contact DVI. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to DVI, or as soon as practicable thereafter, and in any event before DVI uses or discloses the information for a purpose other than that for which it was originally collected.
Where DVI receives Personal Information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Information relates.
ACCOUNTABILITY FOR ONWARD TRANSFER: DVI uses a limited number of third-party service providers or Agents to assist us in providing our services to customers and/or DVI employees. DVI will obtain assurances from said entities that they will safeguard Personal Information consistently with this Policy. Examples of appropriate assurances that may be provided by said entities include: a contract obligating the entity to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), EU-U.S. Privacy Shield certification by the entity, or being subject to another European Commission adequacy finding (e.g., companies located in Canada). Where DVI has knowledge that an entity is using or disclosing Personal Information in a manner contrary to this Policy, DVI will take reasonable steps to prevent or stop the use or disclosure. DVI acknowledges its potential liability in cases of its onward transfer of Personal Information to third parties that do not meet the standards set forth in this paragraph.
SECURITY: DVI will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY AND PURPOSE LIMITATION: DVI will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. DVI will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current. DVI will only collect and store Personal Information that is relevant to fulfill the purpose of the request and will retain such information no longer than appropriate to fulfill the purpose of the request.
ACCESS: Upon request, DVI will grant individuals reasonable access to Personal Information that it holds about them and to request limitations on how DVI uses or discloses Personal Information about you. In addition, DVI will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
RECOURSE, ENFORCEMENT AND LIABILITY: DVI will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that DVI determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
DISPUTE RESOLUTION: In compliance with the Privacy Shield Principles, DVI commits to resolve complaints about our collection or use of your Personal Information. Individuals in the European Union with inquiries or complaints that do not involve employee Personal Information should first contact DVI’s General Counsel at the address given below. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
If you have a complaint involving employee Personal Information as described above, you may contact the EU data protection authority (DPA) in your country. The list of EU DPAs can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
DVI agrees to cooperate with the EU DPAs and comply with the advice of such authorities with regard to employee Personal Information transferred from the EU in the context of the employment relationship.
As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel as described in the Privacy Shield Agreement, Annex I, to be created jointly by the U.S. Department of Commerce and the European Commission.
U.S. FEDERAL TRADE COMMISSION ENFORCEMENT: DVI’s commitments under the EU-U.S. Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
LIMITATION ON APPLICATION OF PRINCIPLES
Adherence by DVI to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding this Policy should be submitted to DVI’s General Counsel by mail to:
Data Visualization Intelligence, Inc.
2697 International Parkway
Parkway Two, Suite 204
Virginia Beach, VA 23452
Or by e-mail to the DVIPrivacyOffice@dvibigdata.com
CHANGES TO THIS EU-U.S. PRIVACY SHIELD POLICY
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on the DVI web page (www.DVIbigdata.com) for 60 days whenever this Privacy Shield Policy is changed in a material way.
EFFECTIVE DATE: May 25, 2019