Privacy Shield Frameworks
Scope and Responsibility.
This Privacy Shield Policy applies to Personal Data transferred from European Union member countries to Strategic’s operations in the U.S.
All employees of Strategic that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy.
Privacy Shield Principles
Strategic notifies EU individuals covered by this Privacy Shield Policy about its data practices regarding Personal Data received by Strategic in the U.S. from European Union member countries in reliance on the Privacy Shield, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of EU individuals to access their Personal Data, the choices and means that Strategic offers for limiting its use and disclosure of such Personal Data, how Strategic’s obligations under the Privacy Shield are enforced and how EU individuals can contact Strategic with any inquiries or complaints. Notice is provided in clear and conspicuous language, including through this Privacy Shield Policy, when EU individuals are first asked to provide Personal Data covered by this Privacy Shield Policy to Strategic or as soon thereafter as is practicable, but in any event before Strategic uses such Personal Data for a purpose other than that for which it was originally collected or processed by the transferring organization located in the European Union or discloses it for the first time to a third party.
The Personal Data covered by this Privacy Shield Policy includes: resume and job application information, information specific to services provided to you, demographic information, information on usage of our services, including log files, cookies and other tracking technologies, event registrations, preferences and financial and billing information.
Strategic collects and uses such Personal Data for the following purposes: providing information about job opportunities, products, services, registration for events, delivering content and improving our services.
Strategic will provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
Requests to opt out or opt-in of such uses or disclosures of Personal Data should be sent to: firstname.lastname@example.org.
3. Accountability for Onward Transfer
In the event we transfer Personal Data covered by this Privacy Shield Policy to a third party acting as a controller, we will do so consistent with any notice provided to EU individuals and any consent they have given and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the EU individuals, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Strategic has knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Strategic will take reasonable steps to prevent or stop such processing.
Strategic may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the Privacy Shield, Strategic is potentially liable.
Strategic takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
5. Data Integrity and Purpose Limitation
Strategic limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. Strategic does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the EU individuals.
Strategic takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete and current. Strategic takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only while it serves a purpose of processing, which includes Strategic’s obligations to comply with professional standards, Strategic’s business purposes and unless a longer retention period is permitted by law and it adheres to the Privacy Shield Principles while it retains such Personal Data.
Strategic acknowledges that EU individuals have the right to access the personal information/data that we maintain about them. An EU individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
7. Recourse, Enforcement and Liability
In compliance with the Privacy Shield Principles, Strategic commits to resolve complaints about your privacy and our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding this Privacy Shield Policy should first contact Strategic at: firstname.lastname@example.org.
Strategic has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the U.S. and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Strategic agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.
For more information on how to contact your EU jurisdiction’s DPA visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Should your complaint remain fully or partially unresolved after a review by Strategic, BBB EU Privacy Shield and the relevant DPA, you may be able to, under certain conditions, seek arbitration before the Privacy Shield Panel. For more information, please visit: www.privacyshield.gov
Strategic agrees to periodically review and verify its compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles.
Strategic acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
Strategic is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.