Privacy Shield Policy - Extensis.com

Updated as of: March 30, 2018.

EU-U.S. AND SWISS-U.S. PRIVACY SHIELDS

This Privacy Shield Policy (this “Policy”) applies to personal information transferred to Celartem, Inc. (Celartem) in the United States from organizations subject to data protection law in the European Economic Area (EEA) (which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and from Switzerland. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information. Please see our Privacy Policy for an explanation of how we collect, use, store, and disclose information about visitors to and subscribers of our websites.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Celartem or to which Celartem discloses personal information for use on Celartem's behalf.

“Celartem Inc.” or “Celartem” means Celartem, Inc. doing business as Extensis, and doing business as LizardTech, and any of its subsidiaries, predecessors and successors in the United States.

“Personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information does not include information that is anonymized or aggregated.

“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.

EU-U.S. AND SWISS-U.S. PRIVACY SHIELD PRINCIPLES

Celartem participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from organizations subject to data protection law in the EEA and Switzerland to the United States, respectively. Celartem has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Celartem’s certification, visit https://www.privacyshield.gov/.

Notice

Celartem receives information about employees of Celartem who are located in the EEA, and which is transferred in the context of the employment relationship. Celartem uses this information for internal employment and human resources purposes. Celartem may receive information from third parties about users of websites and applications in connection with advertising in the EEA and Switzerland. To provide certain product features and customer support, Celartem may receive or have access to data from customers that includes personal information about individuals in the EEA and Switzerland, which may include basic contact information like name and email address, sales lead information, and information related to content creation and use. Celartem uses this information for the provision of the services to its customers, and customer support for such services.

Celartem will subject all personal information received via the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Celartem is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC). Celartem may be required to disclose personal information in response to lawful requests by public authorities. Celartem has potential liability for onward transfers to third parties. Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.

Choice

If you are not a resident of the EEA or Switzerland or we have received your information from you through our websites, applications and services, please see our Privacy Policy for information about your choices.

Celartem will offer EEA and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below.

Celartem will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Celartem has received the individual’s affirmative and explicit consent (opt-in).

Data Integrity and Purpose Limitation

Celartem will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Celartem will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.

Transfers to Agents

Celartem may disclose personal information to Agents, including but not limited to, providers of analytical, hosting, payment processing and other support services. Agents may have access to personal information if needed to perform their functions for Celartem. Celartem does not transfer personal information to non-Agent third parties.

Celartem will require its Agents to safeguard personal information consistent with this Policy by contract obligating the agent to provide at least the same level of protection as is required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Under certain circumstances, Celartem may bear liability for onward transfers of personal information from the EEA where its Agent processes personal information inconsistent with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, unless Celartem proves that it is not responsible for the event giving rise to the damages.

Access and Correction

Celartem will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Celartem will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at the address given below.

Security

Celartem will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Enforcement

Celartem will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Celartem determines is in violation of this policy will be subject to disciplinary action.

Dispute Resolution – Privacy Shield

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Celartem commits to resolve complaints about your privacy and our collection or use of your personal information. EEA or Swiss individuals with inquiries or complaints regarding this Policy should first contact Celartem at the address given below. Celartem will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.

Celartem has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Under certain limited conditions, an individual may be able to invoke binding arbitration as provided under the Privacy Shield to address an otherwise unresolved complaint.

Where applicable to the employment relationship, Celartem agrees to cooperate and comply with the EEA and Swiss data protection authorities (DPAs) regarding the unresolved complaints of employee of European-affiliated companies who are located in the EEA and Switzerland. Such employees may direct complaints about their personal information to their respective DPA. For the contact information for your country’s DPA, please contact us at the address given below.

CONTACT INFORMATION

Questions regarding this Policy should be submitted to Celartem:

privacy@celartem.com

ATTN: Privacy
Celartem, Inc. dba Extensis and LizardTech
1800 SW First Avenue, Suite 500
Portland, Oregon 97201

LIMITATIONS & CHANGES

Adherence by Celartem to the EU-U.S. and Swiss-U.S. Privacy Shield Principles may be limited (a) by the exception for personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material as well as information found in previously published material disseminated from media archives; (b) to the extent required to respond to a legal obligation; (c) to the extent necessary to respond to requests by authorities; and (d) to the extent expressly permitted by an applicable law, rule or regulation.

This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Principles. The amended Policy will be made publicly available via Celartem’s website.