This EU-US and Swiss-US Privacy Shield Policy (“Policy”) sets forth the privacy principles Prominic.NET, Inc. (“Prominic”) follows with respect to transfers of personal information from European Union countries and Switzerland to the United States. This policy covers both non-HR and HR data.
Definitions
“Personal data” and “personal information” are data about an identified or identifiable individual, received by Prominic from the European Union, and recorded in any form. “Sensitive personal data” and “Sensitive personal information” means personal information that reveals medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.
Scope
This Policy applies to all personal information received by Prominic in the United States from the EU and Switzerland, in any format including electronic, paper or verbal.
Privacy Principles
The privacy principles (“Principles”) in this Policy are based on the EU-US and Swiss-US Privacy Shield Directive on Data Protection (“Directive”).
NOTICE: Prominic will notify EU and Swiss individuals about the purposes for which it collects and uses information about them, the types of third parties to which it discloses the information, and the choices and means Prominic offers individuals for limiting its use and disclosure.
Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Prominic or as soon thereafter as is practicable, but in any event before Prominic uses such information for a purpose other than that for which it was originally collected or processed by Prominic or discloses it for the first time to a third party. Prominic does not disclose personal information to third parties for commercial purposes. Prominic only discloses personal information to law enforcement or other authorities when required to do so by law.
CHOICE: Prominic offers EU and Swiss individuals the opportunity to choose (opt out) whether their personal information is:
(a) to be disclosed to a third party or
(b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Individuals will be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice.
For sensitive information, Prominic will offer individuals an explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. Prominic will treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.
ONWARD TRANSFER: To disclose information to a third party, Prominic will apply the Notice and Choice Principles above.
Prominic will only transfer information to a third party that is acting as an agent if it first either ascertains that the third party subscribes to this Policy. If Prominic has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Prominic will take reasonable steps to prevent or stop the use or disclosure. Prominic is liable in cases of onward transfers to third parties.
SECURITY: Prominic will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY: Consistent with the Principles, personal information must be relevant for the purposes for which it is to be used. Prominic will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Prominic will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
ACCESS: Prominic will ensure that individuals have access to personal information about them that Prominic holds and are able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
ENFORCEMENT: Prominic will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Prominic determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
In compliance with the Privacy Shield Principles, Prominic.NET commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact Prominic.NET at:
Prominic.NET, Inc.
P.O. Box 7301
Champaign, IL 61826-7301 US
Email: support@prominic.net
Prominic.NET has further committed to cooperate with EU and Swiss data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU or Swiss DPAs for more information or to file a complaint. The services of EU and Swiss DPAs are provided at no cost to you.
Individuals may under certain conditions invoke binding arbitration.available to an individual to determine, for residual claims, whether Prominic has violated its This arbitration option is obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes.
Prominic.NET is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Prominic.NET is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Changes to this Policy
Prominic.NET may occasionally change this Policy in accordance with the requirements of the Privacy Shield Principles. Prominic will provide appropriate public notice about any such changes. Effective Date: 3/19/2019
Prominic.NET complies with the EU-US and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.
Prominic.NET has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield the principles shall govern.
To learn more about the EU-US and Swiss-US Privacy Shield program, and to view Prominic.NET’s certification, please visit https://www.privacyshield.gov