Datavail Privacy Shield Policy
This privacy statement is effective as of December 12, 2019. Please note that this privacy statement may be updated to reflect changes in law, or changes in the way we handle your personal data.
Datavail complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the European Union, the United Kingdom, and Switzerland to the United States, respectively, as further described in the Scope section below. This Privacy Shield Policy outlines our commitment to the Privacy Shield Principles (the “Principles”) and our practices for implementing the Principles. Datavail is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s dedicated Privacy Shield website, located here.
Datavail complies with the Principles with respect to the Personal Data the company receives from its Customers or their Users in the European Union, the United Kingdom and Switzerland in connection with the use of (i) Datavail’s hosted software applications (the “Subscription Service”) and related support services (“Support Services”), or our technical services, including systems management services and professional services (the “Technical Services”) that we provide to Customers. In this Privacy Shield Policy, the Subscription Service, Support Services and the Technical Services are collectively referred to as the “Service.”
In addition, certain Personal Data covered by Datavail’s Privacy Shield policy may be subject to more specific privacy policies or agreements of Datavail, which are also consistent with the requirements of the Principles, and in the case of any conflict between these policies and the Principles, the Principles will control. This includes personal information obtained from or relating to clients or former clients that is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client, and applicable laws and professional standards that may apply.
For the purposes of this Services Statement:
- “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- “Customer” means the entity that purchases our Service.
- “Customer Data” means electronic data provided by or for a Customer or its Users.
- “Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Datavail in the U.S. from the European Union, the United Kingdom or Switzerland in connection with the Service.
- “Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
- “Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
- “User” means an individual authorized by the Customer to access and use the Service.
Types of Personal Information We Collect
Datavail hosts and processes Customer Data, including any Personal Data contained therein, at the direction of and pursuant to the instructions of Datavail’s Customers. Datavail also collects several types of information from our Customers, including:
- Information and correspondence our Customers and Users submit to us in connection with Technical Services or other requests related to our Service.
- Personal information regarding current, former and prospective applicants and employees for the purposes of operating and managing Datavail, performing human resource administration and maintaining contact with individuals.
- Personal information regarding current, former and prospective clients and their personnel or others for the purposes of delivering Datavail services, maintaining ongoing relationships and performing business development activities.
- Personal information regarding third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering Datavail’s business relationships with such third parties.
- Additionally, Datavail may, from time to time, collect personal information from the general public in order to answer inquiries or provide information requested.
How We Use Information
Datavail uses information collected to provide the Service including providing service management and administration, customer reporting and alerting services, and our Support and Technical Services. We may also use information we collect for billing and contract management. We will not use, disclose, review, share, distribute, transfer, or reference Customer Data except as permitted in the Customer Agreement or as required by law.
How We Share Information
Datavail will rarely share Customer Data or Personal Information of any type as a course of business. However, for specific purpose, we may disclose information that Customers or Users provide to us as follows:
- To our subsidiaries (including those located outside of the US, or of the European Economic Area and Switzerland) as needed to support the Services as agreed to in the Master Services Agreement.
- To service providers we use to support our service
- To a potential buyer (and their agents or assignees) to support any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets.
- To competent law enforcement organization, regulatory, government agency, court or other third party to: (i) comply with any court order, a request from any competent law enforcement agency, or any other legal obligation; (ii) enforce or apply the terms of the Customer Agreement; and (iii) protect the rights, property, or safety of Datavail, our Customers, Users, or others.
- As directed by Customer.
Retention of Data
Datavail will retain Customer Data as per the agreements defined in the Master Services Agreement. We will retain general information where we have an ongoing legitimate business need to do so (such as to comply with regulatory or tax accounting purposes.)
International Transfer of Data
Datavail stores data almost exclusively in the United States and, when specified, Canada.
For Customer Data transferred to us in the United States of America, Datavail complies with the EU?U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom, and Switzerland to the United States, respectively. You can view a description of how we comply with the Privacy Shield Principles in our Privacy Shield Policy. To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s website, located here.
For other international transfers of personal information from the EEA, we implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred Customer Data, as agreed with our Customers.
Security of Data
Datavail maintains organizational, physical and technical security safeguards for all customer data we hold. We maintain protocols, controls and relevant policies, procedures and standards in order to manage the risk to Customer Data.
In order to effect these protections, Datavail undertakes industry standard measures to protect your data including:
- Maintaining an ISO27001 certification, which demonstrates that we adhere to the highest information security standards. The ISO standard is a security standard awarded by the British Standards Institution (“BSI”) that serves as international accreditation that Datavail adheres to the highest defined standards. This certification is the only auditable international standard that defines the requirements for an Information Security Management System (“ISMS”), and such a certification confirms that Datavail’s processes and security controls provide an effective framework for protecting our clients’ and our own information.
- We have a global Privacy Protection program in place which advises and manages our data protection standards of your data.
- We have regular third party audits and testing that continue to validate our security posture and help us protect customer data.
- Datavail has a dedicated team responsible for monitoring and responding to security incidents.
Your Privacy Rights
If you are a resident of the European Economic Area (EEA), Canada, or California, you have certain data protection rights under law. Datavail aims to take reasonable steps to allow you choices regarding the information you provide to us and how to limit the use of your Personal Data. Specifically:
- If you wish to access, correct, update, or request deletion of your personal information, you can send us an e-mail at firstname.lastname@example.org. You may also contact your Service Delivery Manager or, where possible, use our Datavail Service Portal to carry out these requests.
- Certain jurisdictions, for example the European Economic Area, provide their residents specific privacy rights under applicable law. We will process your requests to exercise such rights, including if you object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, in accordance with applicable data protection laws. You may send us an e-mail at email@example.com or use the contact details below.
We will respond to each request in accordance with appropriate data protection laws. Please note that we may ask you to verify your identity before responding to such requests. Datavail will not discriminate against any individual on the basis of executing these rights.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Changes to This Services Privacy Statement
If you have any questions about this Privacy Notice, please contact us:
- By email: firstname.lastname@example.org
- By telephone at +1.206.686.5196 or 1.833.742.0951
- By writing to us at:
11800 Ridge Parkway
Broomfield, CO 80021