Privacy Shield Policies. Framework IT (FWC) participates in and has certified its compliance with the EU-U.S. Privacy Shield Frameworks and Principles (the “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU). FWC is committed to subjecting all personal data received from European Union (EU) member countries in reliance on the EU-US Privacy Shield Frameworks, to the Frameworks’ applicable Principles. FWC is committed to covering both human resources data and non-human resources data under its Privacy Shield. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about these Privacy Shield Frameworks, visit the U.S. Department of Commerce's Privacy Shield site.
FWC is responsible for the processing of personal data it receives, under these Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. FWC complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. In certain situations, FWC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. With respect to personal data received or transferred pursuant to these Privacy Shield Frameworks, FWC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission, the Department of Transportation, and all any other authorized U.S. Statutory Body.
Pursuant to the Privacy Shield, FWC shall limit personal information to the information relevant for the purposes of processing and will comply with any new data retention principles issued by the US Department of Commerce. FWC will comply with the Notice and Choice Principles of the Privacy Shield. FWC will, in the event it enters into a contract with a third-party controller (the “Third Party Contract”), provide that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and commits that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The Third Party Contract shall provide that when such a determination is made the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate. Individuals have the right to access their personal data.
In the event FWC transfers personal data to a third party acting as an agent, FWC shall: transfer such data only for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
FWC may make public any relevant Privacy Shield related sections of any compliance or assessment report submitted to the FTC if the organization becomes subject to an FTC or court order based on non-compliance. If FWC leaves the Privacy Shield Framework and FWC it must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework or provide “adequate” protection for the information by another authorized means.
Privacy Shield Dispute Resolution. If an individual brings a complaint to FWC pursuant to the Privacy Shield, FWC shall respond to that individual within 45 days. FWC shall provide, at no cost to the individual an independent recourse mechanism by which the individual’s complaints and disputes can be investigated and expeditiously resolved. FWC will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
If you have an unresolved privacy concern related to personal data processed or transferred by FWC pursuant to the Privacy Shield that FWC has not addressed satisfactorily, please contact FWC by emailing Adam Barney at email@example.com and Joe Kreeger at firstname.lastname@example.org. In the event that your issue is not resolved, please contact your country’s individual Data Protection Authority (“DPA”), and FWC will work with such DPA, as we are committed to follow the advice of the European Union DPA (“EUDPA”). If the issue remains unresolved, In certain circumstances, a binding arbitration option through the Privacy Shield panel is available. FWC has further committed to cooperate with the panel established by the EUDPA with regard to unresolved Privacy Shield complaints concerning all data, both human resources data and non-human resources data, transferred from the EU in the context of the employment relationship. In compliance with the Privacy Shield Principles, FWC commits to resolve complaints about our collection or use of your personal information.