Privacy Policy

360SafeSolutions EU-US Privacy Shield Policy

Effective as of April 13, 2017

360SafeSolutions recognizes that privacy is very important to our Individual Customers and we pledge to protect the security and privacy of any personal information that Individual Customers provide to us. This includes names, addresses, telephone numbers, email addresses and any information that can be linked to an individual. Not only does 360SafeSolutions strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.

This EU-US Privacy Shield Policy (the “Policy”) sets forth the privacy principles that 360SafeSolutions follows with respect to transfers of personal information from the European Union (EU) to the United States (US).

EU-US PRIVACY SHIELD POLICY

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the EU-US Privacy Shield, hereafter referred to as the “Privacy Shield”). The Privacy Shield principles are a set of guidelines that establishes an adequacy standard which governs transfers of personal information between EU and the US in a manner that has been deemed adequate to protect such personal information under EU law. Consistent with its pledge to protect personal privacy, 360SafeSolutions has self-certified and adheres to the Privacy Shield.

To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

SCOPE

This Policy applies to 360SafeSolutions processing of Individual Customers’ Personal Data in the United States that 360SafeSolutions receives from Individual Customers who reside in the European Union.

This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)

This Policy applies to all personal information transferred to 360SafeSolutions in the US from the EU, in any manner or format including electronic, paper or verbal.

DEFINED TERMS

"Individual Customer" means an individual customer or client of 360SafeSolutions from the EU. The term also shall include any individual agent or representative of an individual customer of 360SafeSolutions and all employees of a customer of 360SafeSolutions where 360SafeSolutions has obtained his or her Personal Data from such individual customer as part of its business relationship with 360SafeSolutions.

"Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.

"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of 360SafeSolutions or any of its affiliates or subsidiaries, who is also a resident of a country within Europe.

"Europe" or "European" refers to a country in the European Union (“EU”).

"Personal Data" as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual's name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available.

"Sensitive Data" means Personal Data that discloses a Data Subject's medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.

"Third Party" means any individual or entity that is neither 360SafeSolutions nor a 360SafeSolutions employee, agent, contractor, or representative.

PRIVACY PRINCIPLES

The privacy principles in this Policy are based on the principles set forth in the Privacy Shield.

360SafeSolutions has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that 360SafeSolutions obtains from Individual Customers located in the European Union.

360SafeSolutions complies with the EU-US Privacy Shield Framework Principles as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal information it obtains from Individual Customers in the European Union member countries.

360SafeSolutions has certified to the Department of Commerce that it adheres to the EU-US Privacy Shield Framework Principles. If there is any conflict between the provisions of this Policy and the EU-US Privacy Shield Framework Principles, then Privacy Shield Framework Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

All 360SafeSolutions employees who handle Personal Data from Europe are required to comply with this Policy and the Privacy Shield Framework Principles.

RESPONSIBILITIES AND MANAGEMENT

360SafeSolutions has designated its Legal Department to oversee this Policy, including its compliance with the EU-US Privacy Shield program. 360SafeSolutions’s Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacy@360safesolutions.com

360SafeSolutions will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. 360SafeSolutions personnel will receive training, as applicable, to effectively implement this Policy. Please refer to COLLECTION AND USE OF PERSONAL DATA for a discussion of the steps that 360SafeSolutions has undertaken to protect Personal Data.

RENEWAL / VERIFICATION

360SafeSolutions will renew its EU-US Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.

Prior to the re-certification, 360SafeSolutions will conduct an in-house verification to ensure that its verifications and assertions with regard to its treatment of Individual Customers’ Personal Data are accurate and that 360SafeSolutions has appropriately implemented these practices. Specifically, as part of the verification process, 360SafeSolutions will undertake the following:

  • Review this Policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
  • Ensure that the publicly posted privacy policy informs Individual Customers of 360SafeSolutions's participation in the EU-US Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Policy)
  • Ensure that this Policy continues to comply with the EU-US Privacy Shield Framework Principles
  • Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (360SafeSolutions may do so through its publicly posted website, Individual Customer contracts, or both)
  • Review its processes and procedures for training Employees about 360SafeSolutions's participation in the Privacy Shield program and the appropriate handling of Individual Customers’ Personal Data

360SafeSolutions will prepare an internal verification statement on an annual basis.

COLLECTION AND USE OF PERSONAL DATA

360SafeSolutions’s service is a passive conduit for Individual Customers’ data, and as such, we rely on our customers to pass data to us, or provide a mechanism for the customer’s employees to pass data to us, that has been collected in compliance with all applicable privacy and other laws, and the terms of conditions of any applicable privacy policy. Our customers are also the party in charge of composing and sending messages within their 360SafeSolutions account. 360SafeSolutions stores all Personal Data at rest, including passwords and backups, in encrypted form, using native Microsoft SQL Server Transparent Data Encryption (TDE). Data is never stored on offline media (CD, DVD, similar physical media, or on paper). All traffic to and from the 360SafeSolutions website is secured using 128-bit TLS encryption. 360SafeSolutions has an industry standard privacy policy in place, which it reviews at least annually to ensure 360SafeSolutions is in compliance with all applicable laws and current industry practices. The account containing Individual Customers’ Personal Data can only be accessed by authorized personnel using their assigned unique username/password combination. This protects Individuals’ data from being accessed from the outside or by any other 360SafeSolutions customer.

DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA

As a part of its normal business operations, 360SafeSolutions may transfer an Individual Customers’ Personal Data to an agent or third party acting on behalf of 360SafeSolutions. 360SafeSolutions agrees to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy. If 360SafeSolutions becomes aware that the agent or third party is using or sharing Personal Information in a way that is contrary to the Principles, 360SafeSolutions will take reasonable steps to prevent or stop such processing.

SENSITIVE DATA

360SafeSolutions does not seek to collect Sensitive Data from Individual Customers.

DATA INTEGRITY AND SECURITY

360SafeSolutions collects, retains and uses Personal Data in accordance with the EU-US Privacy Shield Principles. As part of providing its notification services, 360SafeSolutions retains Personal Data about the individuals who are to be contacted in the case of an emergency or other event (“360Contact Lists”). The 360Contact Lists are created, populated and transferred to 360SafeSolutions by its customers. 360SafeSolutions acts as an intermediate data processor for these customers.

It is the sole responsibility of 360SafeSolutions’s customers to obtain permission from their individual employees and other third parties prior to including Personal Data about such individuals in the 360Contact Lists. 360SafeSolutions may collect Personal Data about its employees and utilize that Personal Data for standard business purposes.

360SafeSolutions may also collect Personal Data on its websites, in connection with marketing, sales and similar activities, or in order for individuals to access and interact with certain 360SafeSolutions services. 360SafeSolutions may use this Personal Data to operate and improve its websites and services, to perform research and analysis and to communicate with an individual.

NOTIFICATION

360SafeSolutions notifies Individual Customers about its adherence to the EU-US Privacy Shield Framework Principles through its publicly posted website privacy policy, available at:

www.360safesolutions.com/privacy-shield/

Individual Customers are deemed to have read and accepted this Policy when they provide Personal Data to 360SafeSolutions.

ACCESSING PERSONAL DATA

360SafeSolutions personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.

RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA

Individual Customers have the right to know what Personal Data about them is included in 360SafeSolutions’s databases and to ensure that such Personal Data is accurate and relevant for the purposes for which 360SafeSolutions collected it. If you are accessing 360SafeSolutions Services as an employee, resident or other designee of one of our customers, then you will need to make any changes to your contact information through that customer, which, where applicable, may be your employer. 360SafeSolutions has no direct relationship with the individuals whose personal data it processes on behalf of its customers. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to the customer (the data controller) that provided the data to 360SafeSolutions. If the customer requests 360SafeSolutions to remove the data, then we will respond to their request within a reasonable period of time.

CHANGES TO THIS POLICY

This Policy may be amended from time to time, consistent with the EU-US Privacy Shield Framework Principles and applicable data protection and privacy laws and principles. We will make employees aware of changes to this policy either by posting to our intranet, through email, or other means. We will notify customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether Personal Data provided by them may be used in any materially different manner.

QUESTIONS OR COMPLAINTS

Individual Customers may contact 360SafeSolutions with questions or complaints concerning this Policy at the following address: privacy@360safesolutions.com

RECOURSE, ENFORCEMENT AND DISPUTE RESOLUTION

360SafeSolutions conducts regular compliance audits of its relevant privacy and data security practices to verify adherence to this Policy. Any employee that 360SafeSolutions determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

In compliance with the Privacy Shield Principles, 360SafeSolutions commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) may submit queries related to the processing of personal information under the Privacy Shield framework by contacting us directly at privacy@360safesolutions.com or write us at: Attn: General Counsel at 360SafeSolutions, Inc., 2877 Valley Road, Cuyahoga Falls, OH 44223.

360SafeSolutions has further committed to refer unresolved privacy complaints under the Privacy Shield by engaging JAMS, an alternative dispute resolution provider located in the US with offices in Massachusetts (One Beacon Street, Suite 2210, Boston, MA 02108) to assist with the complaint resolution process. JAMS is 360SafeSolutions exclusive means of resolving Individual Customers complaints regarding the Company’s participation in the Privacy Shield; all complaints submitted to JAMS shall be resolved via arbitration at no cost to the Individual Customer. If an Individual Customer has not received timely acknowledgment of his/her complaint from 360SafeSolutions or if a 360SafeSolutions representative has not addressed an Individual Customer’s complaint to his/her satisfaction, the Individual Customer should submit the complaint to JAMS by submitting the form found here. Judgment on the award rendered in any such arbitration may be entered in any court having jurisdiction.

Under certain conditions, more fully described on the privacy shield website, an individual customer may invoke binding arbitration when other dispute resolution procedures have been exhausted.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

360SafeSolutions commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

COMPELLED DISCLOSURE

360SafeSolutions may be required to disclose Personal Information in response to lawful requests to comply with national security or law enforcement requirements.