SAFE HARBOR POLICY
This safe harbor policy (“Safe Harbor Policy”) describes the privacy principles that Credigy follows with respect to Personal Data (as defined below) transferred from the European Union (“EU”) to the United States that is received by Credigy. This Safe Harbor Policy outlines Credigy’s general practices and procedures for implementing the Safe Harbor Principles
SAFE HARBOR STATEMENT
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States (the “U.S. – EU Safe Harbor”). The principles set forth in the U.S. – EU Safe Harbor (the “Safe Harbor Principles”) enable U.S. companies to satisfy the requirement set out in the EU Data Protection Directive that personal data transferred from the EU to the United States be adequately protected. Credigy has certified its adherence to the Safe Harbor Principles and complies with the U.S.-EU Safe Harbor. Credigy’s certification and additional information about the U.S. – EU Safe Harbor program and the Safe Harbor Principles can be found at http://www.export.gov/safeharbor.
For purposes of this Safe Harbor Policy, the following definitions shall apply:
“Credigy” means Credigy Solutions Inc. and its United States affiliates that are wholly-owned by Credigy Ltd.
“Data Protection Directive” means the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
“Agent” means any third-party data processor that processes personal data provided by Credigy on its behalf and under its instructions.
“Personal Data” means any information or set of information, in any form, that identifies or could be used to identify (together with other information) a living individual. Personal data does not include information that is anonymized or aggregated.
“Sensitive Personal Data” means any Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.
SAFE HARBOR PRINCIPLES:
If Credigy collects Personal Data directly from individuals in the EU, Credigy will inform them about the purposes for which Credigy intends to process that Personal Data, the types of non-agent third parties, if any, to which Credigy will disclose that Personal Data, and the choices and means, if any, that Credigy offers individuals for limiting the use and disclosure of their Personal Data. Credigy will provide relevant notice when individuals are first asked to provide Personal Data to Credigy, or as soon as practicable thereafter and, in any event, Credigy will provide notice before Credigy uses the Personal Data for a purpose other than that for which it was originally collected.
Credigy will provide individuals with the opportunity to opt out of any disclosure of their Personal Data to any non-agent third party or the use of that data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In certain circumstances, Credigy does not receive Personal Data from individuals directly or have a direct relationship with them. In such circumstances, Credigy will process information based on the instructions of and for the purposes determined by the transferring entity. Credigy will provide individuals with reasonable methods to exercise their choices.
Credigy does not intentionally collect or use Sensitive Personal Data.
Onward Transfer of Personal Data
Credigy will obtain reasonable assurances from Credigy’s Agents that they will safeguard Personal Data consistently with this Safe Harbor Policy. Such assurances include (a) a contract between Credigy and the Agent that requires the Agent to provide at least the same level of protection as is required by the Safe Harbor Principles; (b) the Agent being subject to the Data Protection Directive; (c) the Agent being established in a country that is subject to a finding of adequacy by the European Commission under Article 25(6) of the Data Protection Directive; or (d) Safe Harbor certification of the Agent.
Credigy will take reasonable precautions to protect Personal Data that Credigy collects, maintains, uses or disseminates from loss, misuse, unauthorized access, disclosure, alteration and destruction. However, Credigy cannot guarantee the security of Personal Data.
Credigy will use Personal Data only for the purpose for which it was first collected or subsequently authorized by the individual. Where Credigy collects Personal Data directly from individuals in the EU, it will take reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete and current.
Upon an individual’s request, Credigy will offer individuals a reasonable opportunity to access their Personal Data and will afford individuals a reasonable opportunity to correct, amend or delete Personal Data related to them that is inaccurate or incomplete.
Credigy may limit or deny access to Personal Data where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Safe Harbor Principles.
Credigy uses a self-assessment approach to assure compliance with this Safe Harbor Policy. Credigy will periodically conduct compliance audits of its relevant privacy practices to verify its compliance.
Credigy will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personal Data in accordance with the provisions of this Safe Harbor Policy.
For complaints that cannot be resolved between Credigy and the complainant after the complainant has contacted Credigy, Credigy has agreed to participate in JAMS Safe Harbor Program, which is described JAMS website at http://www.jamsadr.com/safeharbor/ to resolve disputes in accordance with the Safe Harbor Principles.
Any questions or concerns regarding Credigy’s use or disclosure of Personal Data should be addressed to Credigy’s Legal Department at the address given below:
Credigy Solutions Inc.
3715 Davinci Court, Suite 200 Norcross, GA 30092
LIMITATION ON APPLICATION OF THE PRINCIPLES
Adherence by Credigy to the Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligations; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation. Please note that the Notice, Choice, Access, and Data Integrity principles will not apply to the extent Credigy uses or processes Personal Data in connection with a possible acquisition or disposition of Credigy’s companies and/or assets given that there is a need for confidentiality and, in the case of acquisitions, it does not, at that time, own such Personal Data.
Questions or comments regarding this Safe Harbor Policy should be submitted to Credigy’s Legal Department by mail or e-mail as follows:
Credigy Solutions Inc.
3715 Davinci Court, Suite 200 Norcross, GA 30092
Credigy maintains a distinct Internet Privacy Statement governing the privacy of information collected by Credigy online through its United States site. This Safe Harbor Policy does not supplant the Internet Privacy Statement. This Safe Harbor Privacy Statement applies only to personal information that is received by Credigy in the United States from the European Union and, in that regard only, the Internet Privacy Statement is subordinate to this Safe Harbor Privacy Statement to the extent of any conflict between that Internet Privacy Statement and this Safe Harbor Policy.
CHANGES TO CREDIGY’S SAFE HARBOR POLICY
This Safe Harbor Policy may be amended from time to time and any amendments will be posted on this website.
This Safe Harbor Policy is effective as of July 7, 2015.