We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that adheres to the Privacy Shield Principles.
We collect personal information about you
We collect information about you when you provide it to us by using our services, our websites, and when other sources provide your information to us. We do not ask for any information that is not applicable to standard business operations. We do not sell your information.
Types of personal information we collect
Personal information: We collect names, addresses, telephone numbers, dates of birth, email addresses, credit card account information, education history, purchase history, registration history and other demographic information.
Account set-up and profile information: We collect information about you when you register for any account, modify the account, or contact support for assistance in connection to the account.
Payment information: We collect payment transaction and billing information via a third-party secure payment processing service.
Employment information: We obtain and process personal data about our employees when carrying out and supporting human resource functions and activities. Personal information may be collected when you provide us a resume or application for employment. Employee photos are posted on our internal company website.
Website use: We obtain information about how you use our website and where you have accessed it from.
Electronic Communication: We collect and store email communications. Should you correspond with us electronically, any information you provide in that email will be stored.
Security Cameras: We have security cameras throughout our building. The recorded images are used for security purposes only and kept on a temporary basis.
Written and Electronic Consent: We store certain consents which you have granted us in relation to the processing of your personal information.
Information about Children: We do not collect or use personal information about children (under the age of 16). Children are not eligible to use our websites unsupervised, and we ask that children do not submit any personal information to us. Should a child under the age of 16 use our website, they are required to be under direct supervision of a parent or guardian.
How we use your information
We collect and use your information for purposes of business operation, support, and business improvement. Personal information is used by and shared among Company divisions, subsidiaries, affiliates, agents (i.e. Information Technology (IT) and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation or court order. We do not sell your personal data.
We use personal information to exercise our rights and fulfil our contractual and legal obligations.
How your information is shared
Personal information is shared among Company divisions, subsidiaries, affiliates, agents (i.e. IT and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation or court order.
We contract with third-party providers and our websites contain links to other sites where personal information may be collected. Therefore, any information you submit, including personal information, may be placed and stored on a computer maintained by a third party. Although, we cannot be held liable for a third-parties use and protection of your information, these third-party providers have agreed to implement technology, security features and strict policy guidelines to safeguard the privacy of your personal information.
Any personal information transferred between the United States and the European Union are to be done only upon consent, and according to stipulated Data Sharing Agreements between the parties in accordance to General Data Protection Regulation (GDPR).
How we secure your information
We have implemented administrative, physical and technical security measures specifically designed to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Despite our best efforts to protect your personal information, we cannot 100% guarantee the security of your personal information.
Information backup: Backups are kept in a secure location onsite. Tape copies are kept in a secure location offsite.
Electronic communications security: The ability to use SSL-secured communication exists for sharing data within the organization.
Encryption: VPN and file-sharing are done via TLS-secured SSL software. Capability exists to encrypt data as required by the European Union.
Recovery: Backups are completed nightly, with monthly copies sent to a secure location offsite.
Management of data Access credentials: Data is secured via filesystem permissions, with terminated users being immediately disabled.
User profiling: All users are required to have unique credentials tied to their personal profile.
Tracking: All login activities, file access, and database access is audited and tracked.
System logs: All servers retain their logs for a minimum of one year.
Incident management: In the event of a security breach, we will promptly notify you of any unauthorized access to your User Data. We have incident management policies and procedures in place to handle such an event.
Your controls and choices
You can request access to your personal information, subject to the laws of the country in which the request is made. In addition, we will take the necessary steps to permit individuals to access and correct information that is demonstrated to be inaccurate or incomplete. To request access to your personal information, make changes to your personal information, or opt-out personal information sharing methods, please email our Data Protection Officer at firstname.lastname@example.org.
Right to erasure
You can request that we erase the personal information we hold on you by sending an email to email@example.com. Once we receive your request, we will either erase your information or tell you why it cannot be deleted. There may be legal reasons why we need to keep your personal information.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer via email at: firstname.lastname@example.org
We are further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data and non-human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Any questions, concerns or complaints regarding the use or disclosure of personal information should be directed to our Data Protection Officer via email at email@example.com or to the address referenced below.
Priority Solutions Inc.
Attn: Data Protection Officer
110 South Regent Street, Suite 500
Salt Lake City, UT 84111