DataMentors US-EU SAFE HARBOR POLICY
DataMentors has certified that it adheres to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (“EU”) to the United States (“U.S.”). As such, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data.
To learn more about the Safe Harbor program please visit www.export.gov/safeharbor, and to access the US Department of Commerce Safe Harbor List please visit: https://safeharbor.export.gov/list.aspx
Personal information that is transferred to DataMentors in the United States from the European Union (EU) falls under the following:
Processor on Behalf of Clients
DataMentors provides customized computer services designed to help companies manage their customer information more effectively, increase profitability of their marketing and reduce the operational costs of processing customer information. In this capacity, DataMentors does not own or control any of the information it processes on behalf of DataMentors’ clients. All such information is owned and controlled by DataMentors’ clients. In this capacity DataMentors receives information transferred from the EU to the United States merely as a processor on behalf of our clients.
When DataMentors acts as a processor on behalf of its clients, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU to the United States.
Before starting any processing on behalf of DataMentors’ clients, DataMentors will enter into a processing contract with the EU data controller responsible for the personal information pursuant to the applicable EU Member State Data Protection law. The processing contract ensures that the EU data controller will be in compliance with the Member State Data Protection law.
Any data processed by DataMentors will not be further disclosed to third parties except where permitted or required by the processing contract, EU Safe Harbor or the applicable Member State Data Protection law.
Any information DataMentors’ client (acting as the EU controller) identifies as sensitive will be treated accordingly.
The processing contract will also specify that the processing will be carried out with appropriate data security measures. DataMentors has in place measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Prior to the transfer of any non-public personal information from the EU to the United States, DataMentors requires contractual confirmation from the EU controller from whom DataMentors acquired the information that the personal data has been provided to DataMentors in accordance with the applicable EU Member State Data Protection law, thereby ensuring the data subjects have been provided with proper notice regarding how their personal data will be used. In addition, when personal data is collected directly from data subjects, DataMentors provides the data subject with notice regarding the manner and circumstances in which the personal data will be used and transferred to third parties.
Prior to the transfer of any non-public personal information from the EU to the United States, DataMentors requires contractual confirmation from the EU controller from whom DataMentors acquired the information that the personal data has been collected in accordance with applicable EU member State Data Protection law, thereby ensuring the data subjects have been provided with the proper choice regarding how their personal data may be used.
DataMentors takes reasonable steps to ensure the information transferred from the EU to the United States is reliable, accurate, complete and current. The steps DataMentors takes to assure data integrity are based on the purposes for which the personal information is used.
DataMentors complies with the notice and choice principles as described above for all data disclosed or transferred to a third party. However, when DataMentors uses data processors to perform processing tasks on behalf and under the instruction of DataMentors, DataMentors requires that its data processors:
- Enter into a written agreement with DataMentors requiring them to provide the same level of protection as DataMentors provides.
DataMentors has in place an information security policy to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. DataMentors’ security officer is responsible for conducting investigations into any alleged computer or network breaches, incidents or problems and ensuring the proper disciplinary action is taken against those who violate DataMentors’ information security policy.
Any security compromises or potential security compromises and any inquiries concerning security should be reported to the DataMentors consumer advocate. Contact information is provided below.
An individual may request access to the information DataMentors maintains in its information products. The individual has the right to learn whether or not data about him or her is found in DataMentors’ information products and to correct, amend or delete that information when it is inaccurate. This right applies only to personal information about the individual making the request and is subject to other limitations as defined by law.
Individuals can request access by emailing or writing:
Office of Consumer Advocacy
One East Oak Hill Dr. Suite 301
Westmont, IL 60559
DataMentors’ consumer advocate will explain the process for making an access request. In order to confirm the identity of the individual and have the necessary information to retrieve the individual’s information, DataMentors provides a request form which the individual fills out, signs and postal mails to DataMentors. DataMentors agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of an unwarranted or fraudulent request.
Individuals who wish to file a complaint or who take issue with DataMentors’ EU Safe Harbor policies should contact DataMentors’ consumer advocate. DataMentors’ consumer advocate will explain the process to be followed when filing a complaint. Filing a complaint in English will speed-up the request process.
DataMentors has registered under the Direct Marketing Association’s safe harbor complaint resolution process. If consumers can’t resolve a complaint after contacting DataMentors’ consumer advocate, they may file a written complaint with the Direct Marketing Association:
The Direct Marketing Association
Attn: Safe Harbor Program
1615 L St. NW, Suite 1100
Washington, DC 20036
DataMentors is also subject to the jurisdiction of the U.S. Federal Trade Commission. Consumers unable to resolve a complaint through The Direct Marketing Association’s Safe Harbor Complaint process may contact the Federal Trade Commission:
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
See more at: http://www.relevateauto.com/privacy/