US-EU Safe Harbor Privacy Statement
It is the policy of Seapine Software, Inc. and its global subsidiaries and affiliates (the “Company”) to respect Personal Data, including Sensitive Personal Data that is collected or maintained by or on behalf of the Company. In furtherance of this commitment, the Company has certified to the US-EU Safe Harbor Agreement regarding Personal Data collected in the European Economic Area (EEA) and transferred to the United States. The Company adheres to the Safe Harbor privacy principles as agreed to by the U.S. Department of Commerce and the European Commission and as outlined in this US-EU Safe Harbor Privacy Statement (the “Safe Harbor Statement”).
To learn more about the Safe Harbor program, and to view Seapine Software's certification, please visit http://www.export.gov/safeharbor/
This Safe Harbor Statement sets forth the principles under which the Company manages the processing of Personal Data collected in the EU and subsequently transferred to the United States.
“Personal Data” means any information that identifies or describes an identified or identifiable living natural person. “Personal Data” may include, for example, name, signature, employee identification number, social security number, telephone number, insurance policy number, job title, financial information, account numbers, or any other information that is capable of being associated with a particular identifiable individual. Personal Data does not include aggregate data that have been divorced from individually identifiable characteristics.
“Sensitive Personal Data” is a subset of Personal Data, and includes information pertaining to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information related to an individual’s health or sex life, as well as biometric identifiers, such as finger and voiceprints, and information as to commission or alleged commission of a criminal offense or any related proceedings.
Safe Harbor Principles
Notice: The Company notifies data subjects (such as employees, customers, insurance and financial professionals) about the identity of the data controller or its representative, the purpose(s) for which it collects, processes and maintains the data, and any further information as may be required by the circumstances under which the data are collected including the types of Personal Data the Company collects about data subjects, the recipients or categories of recipients of the data, the proposed transfer of such data to third countries, the types of third parties to which it discloses such data and the right of access to the data. Notice is provided in clear and conspicuous language at the time of collection, or as soon as practicable thereafter, and before the Company uses or discloses the information for a purpose other than that for which it was originally collected.
Choice: In the event Personal Data are to be used for a new purpose incompatible with the purposes for which the data were originally collected or subsequently authorized or transferred to the control of a third party that is not acting as an agent of the Company, data subjects are given notice of such use and, where feasible and appropriate, an opportunity to decline to have their data so used or transferred. In the event that Sensitive Personal Data are to be used for a new purpose or transferred to the control of a third party not acting as an agent of the Company, the data subject’s explicit consent will be obtained prior to the new use or transfer of the data, unless such new use or transfer is (1) in the vital interests of the data subject or another person; (2) necessary for the establishment of the Company’s legal claims or defenses; (3) required to provide medical care or diagnosis; (4) necessary to carry out the Company’s obligations in the field of employment law; or (5) related to data that are manifestly made public by the data subject.
Onward Transfers: The Company only transfers Personal Data to a service provider, vendor, or other third party acting as a processor of Personal Data for the Company (an “agent”) where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where the Company has knowledge that one of its agents is using or sharing Personal Data in a way that is contrary to these principles, the Company will take reasonable and appropriate steps to prevent or stop such processing. The Company will only transfer Personal Data to a non-agent third party where such transfer is consistent with applicable laws and with the notice provided to the data subjects at the time the Personal Data were collected.
Security: The Company takes reasonable and appropriate precautions to protect Personal Data in its possession and control from loss, misuse, alteration, destruction, or unauthorized access or disclosure.
Access: Data subjects have reasonable access to their Personal Data, and may request corrections, deletions, or additions, as appropriate, except where the burden or expense of providing such access would be disproportionate to the risks to the individual data subject’s privacy or where the disclosure of such information would jeopardize the integrity of the Company’s research effort.
Data Integrity: The Company limits the collection, usage, and retention of Personal Data to that which is germane to the relevant purposes and takes steps to ensure that any Personal Data are accurate, complete, current, and reliable for the intended use.
Enforcement: The Company has put in place mechanisms to verify its ongoing compliance to these privacy principles. Any Company employee found to have violated the privacy principles in this Safe Harbor Statement will be subject to appropriate corrective actions.
Dispute Resolution: The Company is committed to resolving any disputes that may arise by internal investigation and resolution of the issue. Should the Company’s efforts to resolve an issue be unsuccessful, the Company will facilitate the resolution of such disputes including through the submission of disputes to an independent party. The Company agrees to cooperate with EU Data Protection Authorities regarding any dispute concerning human resources data.
Limitation on Scope of Principles
Adherence by the Company to these privacy principles may be limited to the extent necessary to meet the Company’s regulatory, legal, governmental, or national security obligations.
How to Contact Us
Please contact us with any questions concerning this Safe Harbor Statement or any of the Company’s privacy practices at:
Seapine Software, Inc.
6960 Cintas Boulevard
Mason, OH 45040
Changes to this Privacy Statement
This privacy statement may be amended consistent with the requirements of Safe Harbor. When we do update the privacy statement, we will also revise the “Last Updated” date at the bottom of this document. Any material changes to this privacy statement will also be posted on the Company’s website: http://www.seapine.com
Last Updated: 4/22/2013