This policy applies to all personal information received by CATS from the EU and Switzerland in electronic format. In most cases, the data we receive will relate to our clients and their business activities and may include personal information about our clients’ employees, business contacts, customers and any other individuals with whom our clients have dealings. When we collect and process personal information provided to us by our clients we do so as a data processor, acting on the instructions of our clients. CATS does not actively collect personal information from individuals in the EU or Switzerland. Possession and use of personal information by CATS is largely incidental to our primary task of providing electronic services to our clients.
Certain words and phrases are defined within this policy. In addition, the words set out below have the following meaning:
Data processor: a person or service who processes personal data on behalf of someone else.
EEA (European Economic Area): all European member states, plus Norway, Iceland and Liechtenstein.
DEU Directive: the EU directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Personal information: any information or set of information that identifies an individual, or could be used by our clients or on behalf of CATS to identify an individual. Personal information does not include data that is encoded or is anonymous.
Sensitive personal information: information about an individual’s medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sex life. In addition, CATS will also treat as sensitive any personal information received from a third party where the third party treats and identifies it as sensitive and has notified us of this fact.
The privacy principles in this policy are based on the Safe Harbor Privacy Principles, which were agreed between the United States Department of Commerce and the European Commission. Adherence by CATS to these Safe Harbor Principles will provide the necessary level of protection required by the EU Directive in respect of transfers of personal information to countries outside the EEA. CATS complies with the U.S.-EU Safe Harbor Framework, as well as the U.S.-Swiss Safe Harbor Framework. To learn more about the safe harbor program, and to view our certification, please visit www.export.gov/safeharbor/.
CATS adherence to these principles may be limited in certain circumstances, in particular:
Notice: Where CATS obtains personal information from individuals in the EU, it will inform them of: – the purposes for which it collects and uses their personal information -the types of third parties (if any) to which CATS discloses that information, and -the choices and means, if any, that CATS offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to CATS, or as soon as practicable thereafter, and in any event before CATS uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization, or discloses it for the first time to a third party. If CATS receives personal information from its subsidiaries, affiliates, clients or other entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the consents or choices made by the individuals to whom such personal information relates.
Choice: CATS will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party (unless that disclosure is allowed or required by contract), or (b) to be used for a purpose that is incompatible with the purpose for which that information was originally collected or subsequently authorized by the individual. For sensitive personal information, CATS will give individuals the opportunity to give explicit consent (opt-in) to the disclosure of the information to a third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. CATS will provide individuals with clear and conspicuous, readily available and affordable mechanisms to exercise their choices.
Onward Transfers: CATS will obtain assurances from its agents that they will safeguard personal information consistently with this policy. An “agent” is any third party that collects or uses personal information in order to perform tasks on behalf of CATS. Examples of appropriate assurances that may be provided by agents include: -contractual assurances to provide the same level of protection as required by the Safe Harbor Principles -being subject to the EU Directive – certifying with the Safe Harbor or -being located in a country that has been deemed to provide an adequate level of protection by the European Commission (eg Canada or Switzerland). Where CATS has knowledge that an agent is using or disclosing personal information in a manner contrary to this policy, CATS will take reasonable steps to prevent or stop the use or disclosure.
Security: CATS will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data Integrity: CATS will use personal information only in ways that are relevant and compatible with the purposes for which that information was collected or subsequently authorized by the individual. CATS will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.
Access: Upon request, CATS will grant individuals reasonable access to personal information that it holds about them through our clients. In addition, CATS will take reasonable steps to permit individuals to correct, amend, or delete information that is shown to be inaccurate or incomplete.
Enforcement: CATS will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. Any employee that CATS determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. The Federal Trade Commission has jurisdiction to hear any claims of unfair or deceptive practices or violations of laws or regulations governing privacy.
Dispute Resolution: Any questions or concerns regarding the use or disclosure of personal: information should be directed to the CATS Office at the address given below. CATS will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.
All disputes that cannot be resolved between CATS Software, Inc. and the complainant shall be resolved using the American Arbitration Association (AAA).
Please refer all questions or comments regarding this policy to the CATS Office as follows:
Tony Sternberg, CATS Software, Inc., 706 2nd Ave S, Suite 950, Minneapolis, MN 55402, USA. Tel: +1 952-373-4010, Fax: +1 952-516-5120, Email: firstname.lastname@example.org