IHRDC - International Human Resources Development Corporation

A Worldwide Leader in Oil and Gas Training - Since 1969

Competency Management

Competency Management - Data Protection - Safe Harbor Policy


1. INTRODUCTION

IHRDC respects individual privacy and values the confidence of its clients, employees, business partners and others. Not only does IHRDC strive to collect, use and disclose Personal Information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This Safe Harbor Privacy Policy Statement (the “Policy”) sets forth the privacy principles IHRDC follows with respect to transfers of Personal Information to our support staff in the United States and Malaysia from the European Economic Area (EEA) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and Switzerland.

The purpose of this document is to define IHRDC’s policies for the safe and confidential management of client data. It is designed to (1) provide a high level of data privacy and (2) ensure that we consistently demonstrate to our clients the level of commitment we give this responsibility.

1.1 Safe Harbor

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to Personal Information transferred from the EEA to the United States (the "U.S.-EU Safe Harbor"). The EEA also has recognized the U.S.-EU Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47).

In accordance with our commitment to protect personal privacy, IHRDC adheres to the principles of the Safe Harbor Framework as developed by the U.S. Department of Commerce in consultation with the European Commission. The seven principles and fifteen Frequently Asked Questions (FAQs) referred to in this policy constitute Safe Harbor privacy framework (the “Safe Harbor Principles”). These principles and FAQs may be found at: http://www.export.gov/safeharbor

1.2 Scope

This Policy applies to all Personal Information received by IHRDC in the United States or Malaysia from the EEA, via CMS Online. When we use the term “Personal Information” in the Policy, we are referring to any information that (i) is recorded in any form; (ii) is about or is related to a specific individual; (iii) can be linked to that individual; and (iv) is transferred from the EEA and Switzerland to the U.S. or Malaysia. IHRDC will never knowingly collect Personal Information from individuals under the age of 13 nor will it collect any financial information. Personal Information is maintained within CMS Online for the duration of the license agreement between IHRDC and your company.

1.3 Cookies

CMS Online collects cookies to enable more efficient and faster website usage. Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.

1.4 Contact Information

For any questions or comments on this policy, please contact IHRDC at the following address.
International Human Resources Development Corporation
535 Boylston Street
12th Floor
Boston, Massachusetts 02116
USA
Email: dataprivacy@ihrdc.com

2. MEETING SAFE HARBOR PRINCIPLES

2.1 Notice

Where IHRDC has access to Personal Information provided by individuals in the EEA, it will inform them about the purposes for which it has access to Personal Information about them, how that information will be used, the choices and means, if any, IHRDC offers individuals for limiting the use of Personal Information about them, and how to contact IHRDC. Subject to Section 3, Limitation on Application of Safe Harbor Principles, IHRDC will not provide any Personal Information held in our systems to any individuals or entities not formally contracted with IHRDC. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to IHRDC, or as soon as practicable thereafter, and in any event before IHRDC uses or discloses the information for a purpose other than that for which it was originally collected. In order to opt out of providing Personal Information to IHRDC, please contact your company’s CMS Online administrator to be removed from the system. For any queries, please contact your company CMS Online administrator or IHRDC at dataprivacy@ihrdc.com

2.2 Choice

IHRDC will not share any individual’s Personal Information with any third party, except in the event of a merger or bankruptcy. In the event of a merger or bankruptcy, IHRDC will notify each client of any third parties who have access to Personal Information. For questions about your employer’s privacy policy relative to your Personal Information, please contact your company’s CMS Online administrator. For questions about this policy, email dataprivacy@ihrdc.com.

2.3 Onward Transfer

IHRDC will not share any individual’s Personal Information with any third party, except in the event of a merger or bankruptcy. In the event of a merger or bankruptcy, IHRDC will notify each client of any third parties who have access to Personal Information. For questions about your employer’s privacy policy relative to your Personal Information, please contact your company’s CMS Online administrator. For questions about this policy, email dataprivacy@ihrdc.com.

2.4 Access

Client employees may access and edit their Personal Information held within CMS Online at any time. Certain information may have restricted editing capabilities based on how the system is configured. For questions about this policy, please email dataprivacy@ihrdc.com.

2.5 Security

IHRDC will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. CMS Online provides industry standard security features, including user accounts with password access and user roles controlling access to functionality and data. System servers and software are kept up to date for security patches. CMS Online servers are held in colocation facilities managed by industry-leading companies.

2.6 Data Integrity

IHRDC will access Personal Information only when and if necessary to perform maintenance on CMS Online. Types of Personal Information collected is controlled and managed by the client company. For questions about your employer’s privacy policy relative to your Personal Information, please contact your company’s CMS Online administrator.

2.7 Enforcement

IHRDC will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that IHRDC determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

2.8 Dispute Resolution

Any questions or concerns regarding the use or disclosure of Personal Information should be directed to dataprivacy@ihrdc.com. IHRDC will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For complaints that cannot be resolved between IHRDC and the complainant, IHRDC has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Safe Harbor Principles:

  1. For disputes involving employment-related Personal Information received by IHRDC from the EEA, IHRDC has agreed to cooperate with the data protection authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European data protection authorities;
  2. For disputes involving all other Personal Information received by IHRDC from the EEA, IHRDC has agreed to Privacy Trust dispute resolution. Individuals who submit a question or concern to IHRDC and who do not receive acknowledgment from IHRDC of the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the Privacy Trust Safe Harbor Dispute Resolution Program on the Internet or by mail. Inquiries by mail should identify IHRDC as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether Privacy Trust may share the details of the inquiry with IHRDC. Privacy Trust will act as a liaison to IHRDC to resolve these disputes.
    1. Online: http://www.etrust.org/
    2. Mail: Privacy Trust, 616 Corporate Way, Suite 2 #4000, Valley Cottage, NY 10989

For information about Privacy Trust or the operation of Privacy Trust's dispute resolution process, visit Privacy Trust on the Internet or request this information from Privacy Trust by mail using the contact information listed above. The Privacy Trust dispute resolution process shall be conducted in English.

3. LIMITATION ON APPLICATION OF SAFE HARBOR PRINCIPLES

Adherence by IHRDC to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

4. CHANGES TO THIS SAFE HARBOR PRIVACY POLICY

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be posted on the CMS Online web page for 60 days whenever this Safe Harbor Privacy Policy is changed in a material way.


Copyright ©2017 International Human Resources Development Corporation. All rights reserved.