EU-US AND SWISS-US PRIVACY SHIELD POLICY AND INFORMATION
*This Policy was updated on July 11, 2017 to reference the newly adopted Swiss-EU Privacy Shield Framework but retains its effective date of September 15, 2016
For purposes of this policy:
“Consumer” means any natural person located in the EEA or Switzerland who is a prospective or actual user of NetBrain’s Website, Products or Services or whose Personal Data is submitted to or may be stored by NetBrain.
“Personal Data” means any information, including Sensitive Data, that (i) is transferred to NetBrain in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer, and (iv) can be linked to that individual.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings; for individuals in Switzerland, Sensitive Data also includes ideological or trade union-related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
How NetBrain Obtains Personal Data
NetBrain may collect Personal Data in one or more of the following ways:
- in connection with the registration or purchase of NetBrain’s Products and Services;
- when a Consumer visits NetBrain’s website (the “Website”) and provides Personal Data to NetBrain on or through the Website;
- in connection with maintaining its customer relationships and providing products and services to NetBrain customers;
- in connection with conducting market research and product research and development, only with prior affirmative and explicit consent from individuals whose Personal Data may be used in such activities;
- from its own employees in the normal course of business.
As set forth below, NetBrain’s practices regarding the collection, storage, use, transfer and other processing of Personal Data comply with the Privacy Shield Principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.
NetBrain offers Consumers the opportunity to choose or opt out of disclosure of their Personal Data to certain third parties or use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact NetBrain as indicated below regarding the company’s use or disclosure of their Personal Data.
- to its subsidiary companies as necessary to perform services on its behalf
- to service providers, affiliates, agents and/or business partners NetBrain has retained to perform services on its behalf;
- if it is required to do so by law or legal process, including disclosure to law enforcement or other government authorities if required by lawful order;
- when NetBrain believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity; or
- in the event it sells or transfers all or a portion of its business or assets (including in the event of a divestiture, merger, consolidation, liquidation or bankruptcy). Should such a sale or transfer occur, NetBrain will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with this Privacy Shield Policy.
NetBrain’s privacy policies
To the extent required by law, NetBrain obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes, and (ii) Sensitive Data, to the extent that NetBrain collects any Sensitive Data.
Accountability for Onward Transfer of Personal Data
NetBrain may be liable in cases of onward transfer to third parties of relevant Consumer Personal Data in a manner inconsistent with the Privacy Shield Principles.
NetBrain utilizes reasonable technological and physical safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation
NetBrain takes reasonable steps to ensure that the Personal Data that it processes is: (i) relevant for the purposes for which it is to be used, (ii) reliable for its intended use, and (iii) accurate, complete and current.
Where appropriate, NetBrain provides Consumers with reasonable access to the Personal Data NetBrain maintains about them. NetBrain also provides a reasonable opportunity for Consumers to correct, amend, limit disclosure, or delete that information where it is inaccurate, as appropriate.
NetBrain may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting NetBrain as indicated below. We will respond to all access requests as soon as possible and in accordance with applicable law.
In this regard, NetBrain depends on its Consumers to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers may contact NetBrain as indicated below to request that NetBrain update or correct relevant Personal Data.
Recourse, Enforcement and Liability
NetBrain has established procedures for periodically verifying implementation of and compliance with the Privacy Shield Principles. Specifically, NetBrain conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the company’s privacy practices have been implemented as represented.
Consumers may submit a complaint concerning NetBrain’s processing of their Personal Data or Personal Data practices to NetBrain at the contact information provided below.
If the issue cannot be resolved by NetBrain, NetBrain has committed to refer unresolved privacy complaints to the International Centre for Dispute Resolution-American Arbitration Association (“ICDR-AAA”) under the ICDR-AAA EU-US and Swiss-US Privacy Shield. For more information and/or to file a complaint, please visit: http://go.adr.org/privacyshieldfiling.html.
NetBrain is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US and Swiss-US Privacy Shield principles outlined in this policy.
If a Consumer complaint from an EU individual is not resolved through these channels, EU individuals may be entitled to a binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
With respect to human resources data transferred from the EU in the context of an employment relationship with NetBrain, NetBrain commits to cooperate with and comply with the advice of EU data protection authorities (“DPAs”) established pursuant to the Privacy Shield to address relevant employee complaints. With respect to human resources data transferred from Switzerland in the context of an employment relationship with NetBrain, NetBrain commits to cooperate with and comply with the advice of the Swiss Federal Data Protection and Information Commissioner (“Commissioner”) established pursuant to the Privacy Shield to address relevant employee complaints.
How to Contact NetBrain
Effective as of: September 15, 2016; Last modified: 2/6/2018