Privacy Shield Policy
Planet Data Privacy Shield Policy
Planet Data Solutions, Inc. (the “Company”) complies with the Privacy Shield Framework as set forth by the International Trade Administration (ITA), U.S. Department of Commerce. The E-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. The Company has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view the Company’s certification, please visit the Privacy Shield Framework site or the Privacy Shield List.
The Company recognizes the importance of privacy to our clients and we strive to safeguard the personal information we collect and use. Privacy Shield Policy (“Policy”) sets out the privacy principles that Planet Data follows in relation to any personal information transferred from the European Union (“EU”) to the United States (“US”).
U.S. - Swiss Safe Harbor Framework
The Company also complies with the U.S.–Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Information from Switzerland. The Company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, please visit http://www.export.gov/safeharbor.
This Policy applies to all personal information received by Planet Data from the EU in electronic format or in structured manual filing systems. In most cases, the data we receive will relate to our clients and their business activities and may include personal information about our clients’ employees, business contacts, customers and any other individuals with whom our clients have dealings. When we collect and process personal information provided to us by our clients we do so as a “data processor” acting on the instructions of our clients. Planet Data does not actively collect personal information from individuals in the EU. Planet Data’s possession and use of personal information is largely incidental to our primary task of providing electronic discovery services to our clients.
Certain words and phrases are defined within this Policy. In addition, the words set out below have the following meaning:
- “EEA” means the 25 European member states, plus Norway, Iceland and Liechtenstein;
- “EU Directive” means the EU directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- “Personal information” means any information or set of information that identifies an individual, or could be used by or on behalf of Planet Data to identify an individual. Personal information does not include data that is encoded or is anonymous.
- “Sensitive personal information” means information about an individual’s medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sex life. In addition, Planet Data will also treat as sensitive any personal information received from a third party where the third party treats and identifies it as sensitive and has notified us of this fact.
Privacy Shield Principles
The privacy principles in this Policy are based on the Privacy Shield Principles which were agreed between the United States Department of Commerce and the European Commission. Adherence by Planet Data to these Privacy Shield Principles will provide the necessary level of protection required by the EU Directive in respect of transfers of personal information to countries outside the EEA.
Planet Data’s adherence to these principles may be limited in certain circumstances, in particular:
- where there is a conflicting or overriding legal obligation;
- to the extent expressly permitted by any applicable law, rule or regulation; or
- where Planet Data receives personal information as a “data processor” acting on the instructions of a client. As Planet Data will be receiving personal information from the EU merely for processing, it will not be required to apply the Notice, Choice, Data Integrity and Access principles to that information. The client will remain responsible for the personal information and its processing in accordance with EU law.
Privacy Shield Principles
Where Planet Data obtains personal information from individuals in the EU, it will inform them of:
- the purposes for which it collects and uses their personal information
- the types of third parties (if any) to which Planet Data discloses that information, and
- the choices and means, if any, that Planet Data offers individuals for limiting the use and disclosure of their personal information.
Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Planet Data, or as soon as practicable thereafter, and in any event before Planet Data uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization, or discloses it for the first time to a third party.
If Planet Data receives personal information from its subsidiaries, affiliates, clients or other entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the consents or choices made by the individuals to whom such personal information relates.
Planet Data will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party (unless that disclosure is allowed or required by contract), or (b) to be used for a purpose that is incompatible with the purpose for which that information was originally collected or subsequently authorized by the individual.
For sensitive personal information, Planet Data will give individuals the opportunity to give explicit consent (opt-in) to the disclosure of the information to a third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Planet Data will provide individuals with clear and conspicuous, readily available and affordable mechanisms to exercise their choices.
Accountability for Onward Transfers
Planet Data will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. An “agent” is any third party that collects or uses personal information in order to perform tasks on behalf of Planet Data. Examples of appropriate assurances that may be provided by agents include:
- contractual assurances to provide the same level of protection as required by the Privacy Shield Principles
- being subject to the EU Directive
- certifying with the Privacy Shield or
- being located in a country that has been deemed to provide an adequate level of protection by the European Commission (e.g. Canada or Switzerland).
Where Planet Data has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Planet Data will take reasonable steps to prevent or stop the use or disclosure.
Planet Data will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
Planet Data will use personal information only in ways that are relevant and compatible with the purposes for which that information was collected or subsequently authorized by the individual. Planet Data will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.
Upon request, Planet Data will grant individuals reasonable access to personal information that it holds about them. In addition, Planet Data will take reasonable steps to permit individuals to correct, amend, or delete information that is shown to be inaccurate or incomplete.
Recourse, Enforcement and Liability
Planet Data will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Planet Data determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
The US Department of Commerce has jurisdiction to hear any claims of unfair or deceptive practices or violations of laws or regulations governing privacy.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Planet Data Privacy Office at the address given below. Planet Data will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
For complaints that cannot be resolved between Planet Data and the complainant, Planet Data agrees to cooperate with data protection authorities located in the EU (or their authorized representatives) and participate in any dispute resolution procedures established by such authorities pursuant to the Privacy Shield Principles.
For all disputes involving PII under this Privacy Shield, Planet Data has committed to refer unresolved complaints to our independent dispute resolution provider at no cost to the complainant. Planet Data has chosen JAMS. Please contact JAMS at 800-352-5267 or file a claim here.
Planet Data supports industry self-regulation as a flexible means for keeping pace with emerging privacy issues.
Please refer all questions or comments regarding this Policy to:
Att: Howard Reissner
555 Taxter Road, Suite 150
Elmsford, NY 10523
Changes to This Privacy Shield Policy
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on the Planet Data web page at Planet Data Site whenever this Privacy Shield Policy is changed in any material way.Original Certification Date: 11/16/2016
Next Certification Due Date: 11/16/2017
Original Effective date: 09/25/09