EU Safe Harbor

 

Home

Safe Harbor

 

The Data Center pledges to conduct its business according to the EU Safe Harbor Principles and the Frequently Asked Questions (FAQ's) issued by the US Department of Commerce on July 21, 2000.

 

Processor on Behalf - The Data Center provides customized computer services designed to help companies manage their customer information more effectively, increase profitability of their marketing and reduce the operational costs of processing customer transactions. In this capacity, The Data Center does not own or control any of the information it processes on behalf of The Data Center's customer.

 

All such information is owned and controlled by The Data Center's customer. In this capacity The Data Center receives information transferred from the EU to the US merely as a processor on behalf.

In this capacity, The Data Center does not own or control any of the information it processes on behalf of The Data Center's customer. All such information is owned and controlled by The Data Center's customer. In this capacity The Data Center receives information transferred from the EU to the US merely as a processor on behalf.

 

Data Controller -

The Data Center also provides business and consumer information products designed to help companies market more successfully, integrate and improve the accuracy of their customer information and reduce the operational costs of processing customer data. In this function, The Data Center acts as a data controller of the personal information contained in these information products.

The Data Center has appointed a Compliance Officer who is responsible for the internal supervision of  The Data Center's privacy policies and data security. The Data Center is committed to educating its customers and associates (employees) in the US and in the EU about the issues, guidelines and laws surrounding compliance with EU Safe Harbor.

The Compliance Officer and The Data Center's internal legal team is available to any associate (employee) who may have questions concerning The Data Center's EU Safe Harbor privacy policies or data security practices.

Since the requirements for compliance with EU Safe Harbor vary depending on whether The Data Center is acting as a processor on behalf of The Data Center's customer or a data controller, The Data Center's policies and manner of compliance are described separately below.

(1) The Data Center as a Processor on Behalf

When The Data Center acts as a processor on behalf of its customer, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU to the US.

Processing Contracts:

Before starting any processing on behalf of The Data Center's customer, The Data Center will enter into a processing contract with the EU data controller responsible for the personal information pursuant to the applicable EU Member State Data Protection law.

The processing contract ensures that the EU data controller will be in compliance with the Member State Data Protection law. Any data processed by The Data Center will not be further disclosed to third parties except where permitted or required by the processing contract, EU Safe Harbor or the applicable Member State Data Protection law. Any information which The Data Center's customer (acting as the EU controller) identifies as sensitive will be treated accordingly.

The processing contract will also specify that the processing will be carried out with appropriate data security measures. The Data Center has in place measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

As a processor on behalf of The Data Center's customer (who is the EU controller), The Data Center is not required to apply other EU Safe Harbor Principles to the personal information received for processing from a customer.

(2) The Data Center as a Data Controller

Should The Data Center acts as a data controller of personal information, the policies outlined below apply to all personal information that has been transferred from the EU to the US.

The Data Center may develop and maintain databases containing personal information on European households and businesses from a number of EU Member States. The Data Center does not collect any of this information directly from individuals in the EU. Instead, these databases are developed from public records and from information acquired through information providers.

None of these databases contain any information defined as sensitive by any national law of an EU Member State.

The Data Center's databases contain information which is provided to qualified businesses for marketing and customer data integration purposes. The information contained in these databases may also be used to enhance the understanding a company has about its customers, aid in accurate integration of a company's customer information, and be used as lists for direct marketing purposes.

As a data controller, The Data Center is required to comply with all principles of the EU Safe Harbor.

Notice

Prior to the transfer of any non-public personal information from the EU to the US, The Data Center requires contractual confirmation from the EU controller from whom The Data Center acquired the information that the data subjects from whom the information was derived have been provided with proper Notice pursuant to the applicable EU Member State Data Protection law.

Choice

Prior to the transfer of any non-public personal information from the EU to the US, The Data Center requires contractual confirmation from the EU controller from whom The Data Center acquired the information that the data subjects from whom the information was derived have been provided with the Choice to determine how their information may be used pursuant to the applicable EU member State Data Protection law.

http://www.export.gov/safeharbor

In addition to choice regarding the use of information, The Data Center will remove an individual's name and related information from its direct marketing information products.

In order to have sufficient information to confirm the identity of an individual and have the necessary information to complete the opt-out request, The Data Center provides a form which the consumer fills out, signs and mails to The Data Center. Consumers may request an Opt-Out Form by either writing to The Data Center at the address provided below, leaving a message on our Consumer Advocate Hotline at 800-428-8281 or sending an e-mail to us at

jimb@thedatacenter.com

Written communication should be addresses as follows:

 

Consumer Advocate

EU Safe Harbor Opt-Out 

The Data Center, Inc.,Suite100,11200 Waples-Mill Rd., Fairfax, VA,22030

 

Data Integrity

The Data Center takes reasonable steps to assure the information which is transferred from the EU to the US is reliable, accurate and complete. The steps The Data Center takes to assure data integrity are made in light of the purposes for which the personal information is used.

Onward Transfer

The Data Center complies with the notice and choice principles as described above for all data which is disclosed or transferred to a third party.

The Data Center occasionally uses agents to perform processing tasks on behalf and under the instruction of The Data Center. The Data Center requires that its agents either:

Subscribe to the EU Safe Harbor Principles, the EU Data Protection Directive or another adequacy finding; or

Enter into a written agreement with The Data Center requiring them to provide the same level of protection as The Data Center.

Security

The Data Center has in place an Information Security Policy to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. The Data Center's Security Officer is responsible for conducting investigations into any alleged computer or network compromises, incidents or problems and ensuring the proper disciplinary action is taken against those who violate The Data Center's Information Security Policy.

Any security compromises or potential security compromises and any inquiries concerning security should be reported to the The Data Center Consumer Advocate. Contact information is provided below.

Access

An individual may make a request to The Data Center for access to the information The Data Center maintains in its information products. The individual has the right to receive confirmation from The Data Center as to whether or not data relating to him/her is found in The Data Center's information products and to correct, amend, or delete that information when it is inaccurate. This right only applies to personal information relating to the individual making the request and is subject to other limitations as defined by law.

Individuals who wish to make an access request should direct such a request to The Data Center's Consumer Advocate in The Data Center's Consumer Affairs Department. This individual can be contacted by telephone or mail at:

 

Consumer Advocate

Data Center, Inc.

Suite 100

11200 Waples-Mill Rd.

Fairfax, VA 22030

jimb@thedatacenter.com

The Data Center's Consumer Advocate will explain the process to be followed by any individual making an access request. In order to confirm the identity of the individual and have the necessary information to retrieve the individual's information, The Data Center provides a form which the individual fills out, signs and mails to The Data Center. The form must be accompanied by a personal check in the amount of U.S. $10.00. Filing a request in English will expedite the process.

The Data Center agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual's privacy or in the case of a vexatious or fraudulent request.

Enforcement

Individuals who wish to file a complaint or who take issue with The Data Center's EU Safe Harbor policies should direct such communication to The Data Center's Consumer Advocate at the address described above. The Data Center's Consumer Advocate will explain the process to be followed when filing a complaint. Filing a complaint in English will expedite the process.

The Data Center is also subject to the jurisdiction of the US Federal Trade Commission. Should an individual be unable to resolve a complaint through The Direct Marketing Association's Safe Harbor Complaint process, they may contact the Federal Trade Commission at the following address:

Federal Trade Commission

Attn: Consumer Response Center 600 Pennsylvania Avenue NW

Washington, DC 20580

consumerline@ftc.gov

www.ftc.gov