Competency Management - Data Protection - Safe Harbor Policy
The purpose of this document is to define IHRDC’s policies for the safe and confidential management of client data. It is designed to (1) provide a high level of data privacy and (2) ensure that we consistently demonstrate to our clients the level of commitment we give this responsibility.
1.1 Safe Harbor
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to Personal Information transferred from the EEA to the United States (the "U.S.-EU Safe Harbor"). The EEA also has recognized the U.S.-EU Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47).
In accordance with our commitment to protect personal privacy, IHRDC adheres to the principles of the Safe Harbor Framework as developed by the U.S. Department of Commerce in consultation with the European Commission. The seven principles and fifteen Frequently Asked Questions (FAQs) referred to in this policy constitute Safe Harbor privacy framework (the “Safe Harbor Principles”). These principles and FAQs may be found at: http://www.export.gov/safeharbor
This Policy applies to all Personal Information received by IHRDC in the United States or Malaysia from the EEA, via CMS Online. When we use the term “Personal Information” in the Policy, we are referring to any information that (i) is recorded in any form; (ii) is about or is related to a specific individual; (iii) can be linked to that individual; and (iv) is transferred from the EEA and Switzerland to the U.S. or Malaysia. IHRDC will never knowingly collect Personal Information from individuals under the age of 13 nor will it collect any financial information. Personal Information is maintained within CMS Online for the duration of the license agreement between IHRDC and your company.
CMS Online collects cookies to enable more efficient and faster website usage. Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
1.4 Contact Information
For any questions or comments on this policy, please contact IHRDC at the following address.
International Human Resources Development Corporation
535 Boylston Street
Boston, Massachusetts 02116
2. MEETING SAFE HARBOR PRINCIPLES
Where IHRDC has access to Personal Information provided by individuals in the EEA, it will inform them about the purposes for which it has access to Personal Information about them, how that information will be used, the choices and means, if any, IHRDC offers individuals for limiting the use of Personal Information about them, and how to contact IHRDC. Subject to Section 3, Limitation on Application of Safe Harbor Principles, IHRDC will not provide any Personal Information held in our systems to any individuals or entities not formally contracted with IHRDC. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to IHRDC, or as soon as practicable thereafter, and in any event before IHRDC uses or discloses the information for a purpose other than that for which it was originally collected. In order to opt out of providing Personal Information to IHRDC, please contact your company’s CMS Online administrator to be removed from the system. For any queries, please contact your company CMS Online administrator or IHRDC at firstname.lastname@example.org
2.3 Onward Transfer
Client employees may access and edit their Personal Information held within CMS Online at any time. Certain information may have restricted editing capabilities based on how the system is configured. For questions about this policy, please email email@example.com.
IHRDC will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. CMS Online provides industry standard security features, including user accounts with password access and user roles controlling access to functionality and data. System servers and software are kept up to date for security patches. CMS Online servers are held in colocation facilities managed by industry-leading companies.
2.6 Data Integrity
IHRDC will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that IHRDC determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
2.8 Dispute Resolution
Any questions or concerns regarding the use or disclosure of Personal Information should be directed to firstname.lastname@example.org. IHRDC will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For complaints that cannot be resolved between IHRDC and the complainant, IHRDC has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Safe Harbor Principles:
- For disputes involving employment-related Personal Information received by IHRDC from the EEA, IHRDC has agreed to cooperate with the data protection authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European data protection authorities;
- For disputes involving all other Personal Information received by IHRDC from the EEA, IHRDC has agreed to Privacy Trust dispute resolution. Individuals who submit a question or concern to IHRDC and who do not receive acknowledgment from IHRDC of the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the Privacy Trust Safe Harbor Dispute Resolution Program on the Internet or by mail. Inquiries by mail should identify IHRDC as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether Privacy Trust may share the details of the inquiry with IHRDC. Privacy Trust will act as a liaison to IHRDC to resolve these disputes.
- Online: http://www.etrust.org/
- Mail: Privacy Trust, 616 Corporate Way, Suite 2 #4000, Valley Cottage, NY 10989
For information about Privacy Trust or the operation of Privacy Trust's dispute resolution process, visit Privacy Trust on the Internet or request this information from Privacy Trust by mail using the contact information listed above. The Privacy Trust dispute resolution process shall be conducted in English.
3. LIMITATION ON APPLICATION OF SAFE HARBOR PRINCIPLES
Adherence by IHRDC to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.