Datacert, Inc. and TyMetrix, Inc., now known as ELM Solutions (collectively, “The Company”), respects your concerns about privacy. The Company has certified that it abides by the Safe Harbor privacy principles as set forth by the US Department of Commerce regarding the collection, storage, use, transfer and other processing of Personal Information (as defined below) transferred from the European Economic Area (“EEA”) or Switzerland to the United States.
For purposes of this Policy:
- “Personal Information” means any information that (i) is transferred from the EEA to The Company in the United States; (ii) is about an identified or identifiable individual; and (iii) is recorded in any form.
- “Data Controller” means an entity that alone or jointly with others determines the purposes and the means of the processing of Personal Information.
- “Data Processor” means an entity that processes Personal Information on behalf of a Data Controller in accordance with the Data Controller’s instructions.
Processing of Personal Information by The Company
The Company processes Personal Information both as a Data Controller and a Data Processor. Below is a description of how The Company implements the Safe Harbor privacy principles in its capacity as both a Data Controller and a Data Processor.
Data Controller: The Company acts as a Data Controller with respect to Personal Information provided to The Company by The Company’s customers in connection with payment for The Company’s products and services.
Data Processor: The Company is a Data Processor with respect to The Company’s processing of Personal Information that may be contained in invoicing data transmitted by or on behalf of The Company’s customers through The Company’s e-billing service. In these circumstances, The Company’s customers are the Data Controllers. The Company’s customers are solely responsible for the contents of the invoicing data, and any Personal Information is included in the invoicing data at the discretion of The Company’s customers. The Company does not receive Personal Information from and does not have a direct relationship with individuals in connection with the processing of invoicing data. The Company processes the invoicing data (and any Personal Information such data may contain) based on the instructions of and for the purposes determined by The Company’s customers.
The Company requires its customers by contract to comply with applicable data protection laws. The Company has informed its customers about the need to take certain actions to comply with applicable data protection laws, including ensuring that individuals are properly informed of the processing of their Personal Information and, if necessary, have provided appropriate consent, in accordance with applicable data protection law.
Safe Harbor Privacy Principles
The Company’s practices regarding the collection, storage, transfer, use and other processing of Personal Information comply with the Safe Harbor principles of notice, choice, onward transfer, access, security, data integrity and enforcement.
In its capacity as a Data Processor, The Company does not have a direct relationship with individuals whose Personal Information The Company processes in the US. In these circumstances, The Company’s customers are responsible, pursuant to their contractual agreements with The Company, for providing the required notice to individuals. The form of such notice is determined by the data protection law applicable to the relevant customer. The Company has informed its customers that the notice should address, at a minimum: (i) the purposes for which Personal Information is collected and used; (ii) the types of third parties to whom Personal Information is disclosed; and (iii) the choices and means that individuals are offered for limiting the use and disclosure by their Personal Information.
In its capacity as a Data Controller, The Company offers individuals the opportunity to choose whether The Company may (i) disclose their Personal Information to third parties (other than to The Company’s service providers or as specified in the Onward Transfer section below) or (ii) use their Personal Information for a purpose that is incompatible with the purpose(s) for which the information was originally collected or subsequently authorized by the individual.
Where The Company acts as a Data Processor, The Company’s customers are responsible, pursuant to their contractual agreements with The Company, for providing choice to individuals as to whether their Personal Information may be disclosed to third parties by The Company or used for a purpose that is incompatible with the purpose(s) for which the information was originally collected or subsequently authorized by the individual. The Company has informed its customers about the need to (i) provide notice to individuals about The Company’s privacy practices, (ii) obtain consent from individuals with respect to such practices, where required by applicable law, and (iii) inform individuals about the possibility that The Company may disclose their Personal Information to various categories of third parties, as specified in the Onward Transfer section of this Policy.
The Company does not process Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation, except where required by law.
Onward Transfer of Personal Information
The Company may share Personal Information with:
The Company’s affiliates; service providers The Company has retained to perform services on The Company’s behalf. We require service providers to whom we disclose Personal Information and who are not subject to laws based on the European Union Data Protection Directive to either (i) subscribe to the Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Information as is required by the relevant Safe Harbor principles.
Access to Personal Information
In its capacity as a Data Controller, The Company provides individuals with reasonable access to the Personal Information that The Company maintains about them. The Company also provides a reasonable opportunity for individuals to correct, amend or delete that information where it is inaccurate. The Company may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles.
Where The Company acts as a Data Processor, The Company’s customers are responsible, pursuant to their contractual agreements with The Company, for providing individuals with access to their Personal Information and allowing individuals to correct, amend and delete their information, as required by applicable law. The Company requires its customers to maintain appropriate procedures for handling individuals’ requests to access, correct or delete their Personal Information, in accordance with applicable law. To exercise these rights, individual should contact the appropriate customer that transferred their Personal Information to The Company. The Company will cooperate fully with its customers in responding to any such request. In the event a request is made directly to The Company, customers are required to cooperate with The Company in promptly addressing such requests.
The Company maintains reasonable administrative, technical and physical safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alternation and destruction.
In its capacity as a Data Controller, The Company takes reasonable steps to ensure that the Personal Information The Company collects is relevant for the purposes for which the information is to be used and that the information is reliable for its intended use and is accurate, complete and current. The Company depends on its customers to update and correct relevant Personal Information whenever necessary.
Where The Company acts as a Data Processor, The Company’s customers are responsible, pursuant to their contractual relationships with The Company, for taking reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete and current.
The Company reviews its compliance with this Policy to verify that the assertions made in it are true and that the practices the Policy contains are implemented correctly. The Company will investigate any breach of this Policy that has been reported to The Company.
In circumstances where The Company acts as a Data Controller, individuals may submit complaints concerning the processing of their Personal Information by The Company with The Company’s Compliance Office. If the complaint cannot be resolved through The Company’s internal process, The Company will cooperate with JAMS under the JAMS International Mediation Rules.
In circumstances where The Company acts as a Data Processor, individuals should submit complaints concerning the processing of their Personal Information to The Company’s customer that originally collected their information in accordance with the customer’s relevant dispute resolution mechanism (if available). The Company will participate in the customer’s dispute resolution process at the request of the individual. If the issue cannot be resolved through the customer’s internal dispute resolution mechanism, the individual may submit the complaint to JAMS for mediation under the JAMS International Mediation Rules.
JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules, which are accessible on the JAMS website. Mediation will be conducted by telephone, email or other electronic means of communication. The Company will take steps to remedy any problem arising out of a failure to comply with the Safe Harbor principles. The Company may not be required, however, to take any action contrary to applicable law.
The mediator or the individual also may refer the matter to the US Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over The Company.
How to Contact Us
Please address any questions or concerns regarding this Policy or The Company’s practices concerning Personal Information by:
Contacting The Company’s Chief Privacy Officer by telephone at (832) 369-6019
Contacting us through our website: www.wkelmsolutions.com
ELM Solutions, a Wolters Kluwer Company
Attention: Chief Privacy Officer
3009 Post Oak Blvd.
Houston, Texas 77056
This Safe Harbor Policy was last revised January 28, 2015.