DIGITAL ENVOY PRIVACY SHIELD NOTICE
This Privacy Shield was last updated on April 14, 2021
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. On September 8, 2020 the Federal Data Protection and Information Commissioner of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States. As a result of these decisions, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework are no longer valid mechanisms to comply with EU data protection requirements when transferring personal data from the European Union and Switzerland to the United States. Nonetheless, the U.S. Department of Commerce continues to administer the Privacy Shield program. Digital Envoy, Inc. (“Digital Envoy”, “we”, “us”) comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (“EU”), the United Kingdom (“UK”), and Switzerland to the United States. Digital Envoy has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to Personal Data transferred to the U.S. from the EU, the UK, or Switzerland. To learn more about the Privacy Shield program and to view our certification, please visit www.privacyshield.gov.
Digital Envoy’s participation in the Privacy Shield applies to all personal data that is subject to the Privacy Shield Principles and is received from the EU, European Economic Area (“EEA”), UK, and Switzerland. Digital Envoy will comply with the Privacy Shield Principles in respect of such personal data.
For purposes of this Notice, “Personal Data” means information that (i) is transferred from the EEA, the UK, and/or Switzerland to the United States, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable job applicant, customer, supplier or other individual (excluding Digital Envoy employees), and (iv) can be linked to that job applicant, consumer, customer supplier or other individual. This Notice outlines our general policy and practices for implementing the Privacy Shield principles for Personal Data.
Privacy Shield Principles
Digital Envoy’s practices regarding the collection, storage, transfer, use and other processing of Personal Data comply with the Privacy Shield principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.
This Notice provides our job applicants, customers, suppliers and others located in the EEA, the UK, and Switzerland (“you”) with information regarding: (i) the purposes for which we collect and use Personal Data, (ii) the types of third parties to which we disclose such Personal Data, (iii) the choices you have for limiting the use and disclosure of their Personal Data, and (iv) how to contact us about our practices concerning Personal Data.
Purpose of Collection and Use of Personal Data
Digital Envoy collects certain Personal Data such as name, email address, postal address, telephone number and other employment related information. We do not collect any sensitive Personal Data, as defined by the Privacy Shield framework, from or regarding our job applicants, customers or suppliers. Sensitive Personal Data includes information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership.
We use your Personal Data (i) to respond to requests, (ii) to evaluate the quality of our products and services, (iii) to communicate with you about our products, services and related issues, (iv) to notify you of and administer offers and other promotions, (v) for internal administrative and analytics purposes, and (vi) to comply with our legal obligations, policies and procedures. If you apply for a job with Digital Envoy, we use any Personal Data collected during the application process to determine your suitability for employment with us.
Digital Envoy shares Personal Data with its service providers and among Digital Envoy’s parent, subsidiaries and affiliates. We do not use Personal Data for purposes incompatible with the purposes for which the information was originally collected without notifying you of such uses and offering an opportunity to opt-out of such use. Digital Envoy does not share your Personal Data with other third parties.
In addition, we may disclose Personal Data: (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials based on an enforceable government request or as may otherwise be required under applicable law, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Onward Transfer of Personal Data
We may share Personal Data with service providers we have retained to perform services on our behalf. We require service providers to whom we disclose Personal Data and who are not subject to laws based on the EU’s General Data Protection Regulation, the UK’s Data Protection Act 2018, or the Swiss Federal Act on Data Protection, as applicable, to either (i) subscribe to the Privacy Shield Principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield Principles. In the context of an onward transfer, Digital Envoy has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Digital Envoy shall remain liable under the Principles if its agents that it engages to process such Personal Data do so in a manner inconsistent with the Principles, unless Digital Envoy proves that it is not responsible for the event giving rise to the damage.
Access to Personal Data
Digital Envoy provides you with reasonable access to the Personal Data we maintain about you. We also provide you a reasonable opportunity to correct, amend or delete Personal Data. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield Principles. To obtain access to Personal Data, you may contact Digital Envoy as specified in the “Contact Us” section of this Notice.
Digital Envoy maintains reasonable administrative, technical and physical safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Digital Envoy takes reasonable steps to ensure that Personal Data collected by Digital Envoy (i) is relevant for the purposes for which it is to be used, (ii) is reliable for its intended use, and (iii) is accurate, complete and current. We depend on you to update or correct your Personal Data whenever necessary.
Your Rights to Access, to Limit Use, and to Limit Disclosure
EU, UK, and Swiss individuals have the right to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Digital Envoy has committed to respect those rights.
Digital Envoy may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
If you believe Digital Envoy maintains your Personal Data in one of the services within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to firstname.lastname@example.org. Digital Envoy will respond within 45 days. If we fail to respond within that time, or if our response does not address your concern, you may contact https://www.jamsadr.com/eu-us-privacy-shield which provides an independent third-party dispute resolution body based in the United States. The services of JAMS are provided at no cost to you. If neither Digital Envoy nor JAMS resolves your complaint, you may engage in binding arbitration through the Privacy Shield Panel. Digital Envoy’s commitments under the Privacy Shield are also subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
You may address any questions or concerns regarding our Privacy Shield Notice or our practices concerning Personal Data by contacting us at email@example.com .
This Notice may be amended from time to time in compliance with the requirements of the Privacy Shield principles. Appropriate notice will be given concerning such amendments.
This Privacy Shield Notice is effective as of January 22, 2020