eTrigue Corp. respects individual privacy and values the confidence of its customers, employees, consumers, business partners and others. Not only does eTrigue strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, it also has a tradition of upholding the highest ethical standards in its business practices. This EU-U.S. Privacy Shield Policy and the Swiss-U.S. Privacy Shield Policy (the “Policy”) sets forth the privacy principles that eTrigue Corp. follows with respect to transfers of personal information from the EU (EU) and Switzerland to the United States.
Compliance with EU-U.S. and Swiss-U.S. Privacy Shield Principles
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the “EU-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States.
The United States Department of Commerce and the Swiss Federal Data Protection and Information Commissioner have agreed on a set of data protection principles and frequently asked questions (the “Swiss-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States.
eTrigue Corp. (“eTrigue” or “we”) recognizes that the European Community and Switzerland have established a data protection regime which applies to the European Economic Area (“EEA”) and to Switzerland and restricts companies in the EEA and Switzerland in transferring personal data about individuals in the EEA and Switzerland to the United States, unless there is “adequate protection” for such personal data when it is received in the United States. To create such “adequate protection,” eTrigue Corp adheres to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework published by US Department of Commerce (“EU-U.S. Privacy Shield Principles” “Swiss-U.S. Privacy Shield Framework”) with respect to personal data about individuals in the EEA and Switzerland that we receive from our customers and other business partners. eTrigue’s EU-U.S. Privacy Shield Certification and Swiss-U.S. Privacy Shield Certification also extends to data that we receive directly through eTrigue’s publicly accessible websites via secure form submission (any of our websites such as www.eTrigue.com). More information on EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework and eTrigue’s scope of participation in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework is available at www.privacyshield.gov/welcome.
Adherence to Seven Privacy Shield Principles
Client Personal Data processed or stored by eTrigue Corp. may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Policy. At a minimum, however, eTrigue Corp. handles Client Personal Data in accordance with our EU-U.S. Privacy Shield Policy and Swiss-U.S. Privacy Shield Policy, which is based upon the seven principles identified in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Policy Framework.
This Notice addresses data subjects residing in the EU (“EU Persons”) or in Switzerland whose data we may receive from one of our customers, suppliers or other business partners in the EU and in Switzerland, e.g., referral partners, integration partners, etc. When eTrigue Corp. receives Client Personal Data for processing pursuant to instructions of clients or their partners, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU law.
Business Purposes for the Collection and Use of Personal Data
eTrigue Corp. sells and maintains integrated web-based business application software largely to small, midsize and enterprise businesses. We receive mostly business-related information from the EU, and Switzerland including contact information of individual representatives of the businesses with whom we or our customers are dealing, including, without limitation, names, addresses, work phone numbers, work email addresses, etc. of EU Persons (“EU Data”) and Swiss persons. In connection with some services, e.g., eTrigue’s Lead Management services, our customers use our hosted technology platform to store and process EU and Swiss Data at their own discretion. As EU and Swiss Data covered by this Notice is by definition sent to us by another company in the EU or Switzerland (e.g., a customer of eTrigue), the categories of data sent and the purposes of processing often depend on such other company, with whom the EU or Swiss Person typically has a closer employment or business relationship (and which, therefore, can provide additional information on categories of data shared with us). eTrigue Corp. will not use Client Personal Data for any other purposes than for the purposes that eTrigue Corp. clients provide such information.
eTrigue Corp. collects and uses EU and Swiss Data for purposes of providing products and services to our customers, communicating with corporate business partners about business matters, processing EU Data on behalf of corporate customers, providing information on our/their services, and conducting related tasks for legitimate business purposes.
Accountability of Onward Transfer
eTrigue Corp. recognizes potential liability in cases of onward transfer to third parties. eTrigue Corp. will not transfer any personal information to a third-party without first ensuring that the third-party adheres to the Privacy Shield principles. eTrigue Corp. does not transfer Client Personal Data to unrelated third parties, unless lawfully directed by a client, or in certain limited or exceptional circumstances in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. For example, such circumstances would include disclosures of Client Personal Data required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety.
In the event that eTrigue Corp. is requested to transfer Client Personal Data to an unrelated third party, eTrigue Corp. will ensure that such party is either subject to the EU-U.S. Privacy Shield Agreement, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the EU-U.S. and Swiss-U.S. Privacy Shield Framework and eTrigue Corp.’s EU-U.S. and Swiss-U.S. Privacy Shield Policy. Should eTrigue Corp. learn that an unrelated third party to which Personal Data has been transferred by eTrigue Corp. is using or disclosing Personal Data in a manner contrary to this Policy, eTrigue Corp. will take reasonable steps to prevent or stop the use or disclosure.
Contact information and Client Personal Data is accessible only by those eTrigue Corp. employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Client Personal Data.
eTrigue Corp. assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Policy by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of eTrigue Corp.’s relevant privacy practices are being followed in conformance with the EU-U.S. Privacy Shield Policy and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Any employee that eTrigue Corp. determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
eTrigue Corp. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
For complaints that cannot be resolved by eTrigue Corp. and the complainant, eTrigue Corp. agrees to cooperate with JAMS – an independent dispute resolution mechanism, pursuant to the EU-U.S. and Swiss-U.S Privacy Shield Framework.
With respect to emails, EU Persons and Swiss Persons may opt-out of receiving further email communications from eTrigue or eTrigue clients by following opt-out instructions that are contained in the bottom of the email communication you received.
EU-U.S. and Swiss-U.S. Privacy Shield Policy Updates
This EU-U.S. and/or Swiss-U.S. Privacy Shield Policies may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page. This page may be bookmarked to facilitate periodic review of EU-U.S. and Swiss-U.S. Privacy Shield Policy and to note recent updates. Neither the EU-U.S. Privacy Shield Policy or Swiss-U.S. Privacy Shield Policy nor updates to it will affect or modify any contracts we have with our clients.
Access, Review & Update
If you are an EU or Swiss Person about whom we hold EEA or Swiss Data on a clients behalf, you may request access to, and the opportunity to update, correct or delete, such EEA or Swiss Data. To submit such requests or raise any other questions, please contact the business that provided your EEA or Swiss Data. You can also contact our EU-U.S. or Swiss-U.S. Privacy Shield Contact. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
EU-U.S. and Swiss-U.S. Privacy Shield Contact
If you have questions, please contact eTrigue’s Security Officer, e-mail: email@example.com. Or you may call us at: +1 408.490.2900. We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.
If you are not satisfied with our response, or if contacting us does not resolve your complaint, you can contact JAMS: https://www.jamsadr.com/eu-us-privacy-shield – an independent dispute resolution mechanism, pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
EU Persons (EU Data Subjects) and Swiss Persons may complain to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.
EU-U.S. Privacy Shield Policy Effective Date: 8/1/2016 (Supersedes: Safe Harbor Statement Effective Date: 12/30/2009)
Swiss-U.S. Privacy Shield Policy Effective Date: 04/12/2017 (Supersedes; Safe Harbor Statement Effective Date: 12/30/2009)