PaperFree

Safe Harbor Privacy Policy


Last Revised: September 13, 2015
Paperfree L.P. and its affiliates (“Paperfree”) is committed to compliance with its privacy obligations in the United States and throughout the world. This Safe Harbor Privacy Policy (“Policy”) sets forth the privacy principles PapeFree follows with respect to the covered personal information noted below (hereinafter “Personal Information”) that is transferred from its offices within the European Union (“EU”), European Economic Area (“EEA”), and Switzerland (collectively, “Europe”) to the United States (“U.S.”):
(i) Personal Information of European-based current and former PapeFree employees and prospective employees, maintained by PapeFree in its Human Resources and other databases and files;
(ii) Personal Information of visitors to PapeFree’s European offices, maintained by PapeFree in its Visitor Badge Database;
(iii) Personal Information of users of PapeFree’s services in Europe, maintained in the User Authentication System and Portable User Authentication System; and
(iv) Personal Information of PapeFree’s customers’ European-based employees, customers, or other parties that have communicated such Personal Information to the customers, contained in electronic records maintained and processed by PapeFree on behalf of its customers.

Safe Harbor Privacy Principles
The U.S. Department of Commerce and the European Commission have agreed on a set of data protection principles (“Safe Harbor Privacy Principles”) and frequently asked questions (collectively “U.S.-EU Safe Harbor Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal data of data subjects transferred from Europe to the United States. The U.S. Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland have agreed on a similar set of data protection principles and frequently asked questions (collectively “U.S.-Swiss Safe Harbor Framework”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal data of data subjects transferred from Switzerland to the United States. As explained below, PapeFree complies with these Safe Harbor Privacy Principles with respect to Personal Information to the extent it is the “controller” of such Personal Information under the EU Data Protection Directive:
• Notice. PapeFree will notify the data subjects about the purposes for which it collects and uses their Personal Information. Individuals may contact PapeFree’s privacy director using the contact information provided below with any inquiries or complaints or to request information about the types of third parties (other than third-party processors) to which it discloses the Personal Information and the choices and means it offers for limiting use and disclosure of Personal Information.
• Choice. PapeFree will give data subjects the opportunity to choose whether their Personal Information may be disclosed to a third party (other than third-party processors) or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual.
• Transfers to Third-Party Processors. When PapeFree transfers Personal Information to a third-party processor, it will ensure that the third party (1) subscribes to the Safe Harbor Privacy Principles, (2) is subject to the EU Data Protection Directive or another EU finding that its privacy practices are adequate, or (3) enters into a written agreement with PapeFree requiring that the third party provide at least the same level of privacy protection as is required by the Safe Harbor Privacy Principles.
• Access. Data subjects are given access to their Personal Information held by PapeFree and are able to correct, amend, or delete that information where it is inaccurate, except (1) where the burden or expenses of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, (2) where the rights of persons other than the individual would be violated, or (3) as otherwise permitted by the Safe Harbor Privacy Principles, precedent or FAQs of the U.S. Federal Trade Commission or U.S. Department of commerce, or any other applicable law, rule, or regulation. Individuals seeking to access their Personal Information held by PapeFree should contact PapeFree’s privacy director using the contact information provided below.
• Security. PapeFree takes reasonable precautions to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
• Data integrity. The Personal Information PapeFree collects is relevant for the purposes for which it is to be used. PapeFree takes reasonable steps to ensure that such Personal Information is reliable for its intended use, accurate, complete, and current.
• Enforcement. PapeFree conducts compliance audits of its relevant privacy practices to ensure adherence to this Policy. Any questions or concerns regarding the use or disclosure of Personal Information should be directed to PapeFree’s privacy director using the contact information provided below. PapeFree will investigate and attempt to resolve complaints and disputes regarding processing and disclosure of Personal Information in accordance with the principles contained in this Policy. For complaints resolved internally, PapeFree’s remedy or, if necessary, sanctions will be reasonable and sufficient corrective action to resolve the complaint, including correcting any Personal Information, using Personal Information consistent with the Safe Harbor Privacy Principles, reversing or correcting the effects of noncompliance, and assuring that future processing of Personal Information will be in conformity with the Policy, including the Safe Harbor Privacy Principles. Complaints related to Human Resources data that cannot be resolved between PapeFree and a European-based employee or prospective employee regarding his or her Personal Information will be handled by the relevant EU Data Protection Authority or a panel established by the European Data Protection Authorities, as appropriate consistent with the Safe Harbor Privacy Principles. All other complaints that cannot be resolved between PapeFree and the relevant customer or other data subject will be handled by an independent dispute resolution provider, the BBB EU Safe Harbor program (please visit the BBB EU SAFE HARBOR website at www.bbb.org/us/safe-harbor-complaints for more information) or the relevant EU Data Protection Authority.
Any employee that PapeFree determines to be in violation of this Policy is subject to disciplinary action, up to and including termination of employment.

Data Processor and Other Limitations
In some cases, PapeFree may process Personal Information on behalf of its customers and in accordance with their instructions, such as when PapeFree is providing its electronic record management services to archive and maintain customers’ email and other electronic information. In such cases, the customer, not PapeFree, is acting as the data controller and is therefore the entity that is subject to compliance with
European data protection requirements with respect to such Personal Information; PapeFree’s obligation to adhere to the Safe Harbor Privacy Principles in such instances would be correspondingly limited. For details concerning PapeFree’s customers’ policies regarding this Personal Information and details of how to access the information, please refer to the privacy policy of the PapeFree customer on whose behalf the data is being processed by PapeFree.
PapeFree may disclose such Personal Information (1) to a customer on whose behalf the Personal Information is processed; (2) to the customer’s authorized affiliates; (3) to third parties designated by the customer or by an authorized affiliate; (4) as otherwise authorized by the customer; (5) in compliance with any applicable law, rule, regulation, or government or court order; or (6) if PapeFree determines in its good faith judgment that such disclosure is necessary to provide its services to a customer or to an authorized affiliate of a customer.
PapeFree’s adherence to the Safe Harbor Privacy Principles may be further limited to the extent required to respond to a legal or ethical obligation and to the extent permitted by any applicable law, rule, or regulation.

Contact Information
Questions or comments regarding this Policy should be submitted to PapeFree’s privacy director at the following address:
Yury Pronin
CEO & Compliance Officer
14 ridge street
Greenwich, CT 06830
United States

Changes to the Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Privacy Principles. Changes to this Policy will be effective upon posting to this website.





    PaperFree.com is the most flexible business management system, set of software: Customer Relationship Management, Enterprise Content Management System.


    Sponsored from PaperFree Magazine:
    paperfree
    Enterprise Architecture by Jeanne Ross of MIT CISR

     

    Copyright © 2018 PaperFree.com Inc. All rights reserved and data products are owned and distributed by PaperFree.com Inc. and its subsidiaries. | About | Feedback | All Contacts  |  ID: 979-446-8934 S/N 78675-0 | SID 487999-3 | Version 5.2  Powered by PaperFree.com | Legal