EU-US & Swiss-US Privacy Shield
Privacy Shield Policy
- EU-U.S. and Swiss-US Privacy Shield Policy
PRMconnect respects the privacy of its customers, employees, business partners, individuals whose personal information with which we are entrusted, and others. PRMconnect collects and uses any collected personal information in accordance with the laws and regulations of the countries in which the information is collected, and in which it does business.
In the course of our business, it is necessary for us to access, collect, process, use, transmit, disclose, store and otherwise handle personal data (defined below) about individuals. This Policy provides the basis for protecting such data while ensuring compliance with legal requirements. The United States Department of Commerce, and the European Commission, have agreed on a set of data protection principles and frequently asked questions (the “EU-U.S. Privacy Shield”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU and from the United Kingdom to the United States. The EEA also has recognized the EU-U.S. Privacy Shield as providing adequate data protection.
This Policy applies to all personal data accessed, collected, processed, used, transmitted, disclosed, or stored (hereinafter collectively referred to as “processed”) in any format including electronic, paper or verbal by PRMconnect. All employees, whether permanent, temporary or on contract or third parties working on behalf of us shall adhere to this Policy.
We are committed to using reasonable commercial measures to ensure the safeguarding of personal data of individuals and that such data is used only as intended and that precautions preventing misuse are both effective and appropriate. Personal data must therefore be:
- (a) Accessed, used and disclosed fairly and lawfully;
- (b) Obtained for specified business and/or legal purposes and not used or disclosed in a way which is incompatible with the purpose(s) for which it was collected;
- (c) Adequate, relevant and not excessive for the purpose(s) for which it is collected or maintained;
- (d) Accurate and, where necessary, kept up to date;
- (e) Not kept for longer than is necessary to fulfill the purpose(s) it is used for, subject to the Company’s document retention policy;
- (f) Used and disclosed in accordance with relevant legal requirements;
- (g) Appropriately protected against unauthorized, inadvertent or illegal access, use and/or disclosure through administrative, technical and physical safeguards; and
- (h) Restricted to designated countries unless the rights and freedom of individuals are protected therein.
- WHAT PERSONAL DATA MAY BE COLLECTED?
We may collect the following examples of personal data: full name, business address, business telephone or mobile number, business contact details including e-mail addresses and telephone numbers, business information, and demographic information.
- HOW WE COLLECT PERSONAL DATA AND HOW IT IS USED
- DISCLOSURE OF PERSONAL DATA
Personal data may be made available for the purposes mentioned above to responsible management, human resources, accounting, audit, compliance, legal, information technology and other corporate staff who need to know these details for their functions within the Company, including maintenance and improvement of Company offerings, some of which may not be based in the US. The identity of personnel within the Company having access to personal data shall be controlled on the basis of business and security requirements, shall be consistent with the job requirements of such person having access, and shall be modified to the extent their job requirements change. Employees with access to personal data shall be made aware of their responsibilities for maintaining the privacy of that information, particularly regarding the protection of both hard-copy, soft-copy and electronic information.
We will not sell any personal data to any third party other than as part of any restructuring of the Company or sale of a relevant Company business. If we do provide any data to a third party, we will enter into a written agreement with the third party that requires the third party provide at least the same level of privacy and security protections as is implemented by Company.
PRMconnect does not use any 3rd party contractors or services to process personal data or to perform data processing functions. All data capture, storage & processing is performed by PRMconnect employees.
PRMconnect may be forced to disclose an individual’s personal information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements. PRMconnect is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”) and or the Food and Drug Administration (“FDA”).
PRMconnect accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, PRMconnect remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless PRMconnect proves that it is not responsible for the event giving rise to the damage.
- PROTECTION OF PERSONAL DATA
We are committed to ensuring that personal data is secure. In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure, we have put in place and will maintain suitable physical, administrative and technical safeguards to secure the data we process. Where appropriate and consistent with the risk, personal data shall be kept securely. Access to information systems containing personal data shall be controlled, at a minimum, by an individual user identification and password with appropriate requirements for re-logging after passage of an inactive time and/or use of password-protected screensavers. Firewall protection and operating system patches shall be installed on all computers containing personal data. Up-to-date versions of security agency software, including malware, patches and antivirus and pest patrol shall be installed on all computers containing personal data. All items of equipment containing storage media shall be checked to ensure that any personal data has been removed or securely overwritten prior to disposal. Personal data that is transmitted across public networks or wirelessly or stored on portable devices shall be encrypted.
Appropriate contractual arrangements shall be implemented for the responsibility and physical protection of personal data when such information is made available to third parties. Personal data, other than that normally required by mobile users, shall only be taken off site as necessary. Any member of staff using personal data when working from home or during off-site meetings should take necessary precautions to ensure its security, including not leaving such information unattended.
Individuals whose personal information has been collected by PRMconnect shall have the right to access that data for review, modification or deletion. Access to review, modify and or delete personal information or otherwise manage the use and disclosure of your personal data may be initiated by contacting PRMconnect:
- Attn: Dean Hills - Partner
- 3840 W. Ann Rd – Ste 101B
- North Las Vegas, Nevada, 89031
- +1 702-818-2525
PRMconnect will follow their corporate approved policies and procedures when handling any personal data requests.
- ACCESS TO PERSONAL DATA
Pursuant to the Privacy Shield Frameworks, EU, United Kingdom, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
Individuals may opt out of providing personal data, upon request. To the extent that personal data has been collected, individuals have the right to review personal data held about them and have certain inaccurate information corrected, unless the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If you wish to do so, or to notify us of a change in your details, please contact the Privacy Officer.
A formal request from an individual for information that we hold about them must be made in writing. Any member of staff who receives a written request should forward it to the Privacy Officer immediately.
- CHANGES TO THIS EU-U.S. and Swiss-US PRIVACY SHIELD POLICY
This policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. A notice will be posted on the PRMconnect web page (https://leadature.com/data-privacy-policy/) for 60 days whenever this policy is changed in a material way.
- EFFECTIVE DATE
This policy became effective on 01 January 2019 and was last updated on 11 November 2010.
- INDEPENDENT RECOURSE FOR PRIVACY COMPLAINTS
In compliance with the Privacy Shield Principles, PRMconnect commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact PRMconnect by email at email@example.com or via post at:
- Attn: Dean Hills - Partner
- 3840 W. Ann Rd – Ste 101B
- North Las Vegas, Nevada, 89031
- +1 702-818-2525
PRMconnect has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Please note the name of the website or other online resource to which you provided the information, as well as the nature of the information that you provided. PRMconnect will use reasonable efforts to respond promptly to requests, questions or concerns you may have regarding our use of personal information about you. Except where required by law, the Company cannot ensure a response to questions or comments regarding topics unrelated to this Policy or our privacy practices.