EduNeering Holdings, Inc. - dba UL Compliance to Performance “UL Compliance to Performance” complies with the U.S.-EU Privacy Shield and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Economic Area and Switzerland. UL Compliance to Performance has certified that it adheres to the Privacy Shield and Swiss Safe Harbor Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
This Privacy Shield Statement (this “Statement”) sets forth the privacy principles UL Compliance to Performance follows with respect to transfers of personal information from the European Economic Area (“EEA”) (which includes the member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) and Switzerland. If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
For further information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
28 September 2016
This Statement applies to all Personal Information received from individuals by UL Compliance to Performance in the U.S. from the EEA or Switzerland (other than UL Compliance to Performance internal HR data), in any format.
“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, UL Compliance to Performance or to which UL Compliance to Performance discloses Personal Information for use on UL Compliance to Performance’s behalf.
“Personal Information” means any information or set of information that identifies or could be used by or on behalf of UL Compliance to Performance to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, UL Compliance to Performance will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.
Privacy Shield Principles
The following privacy principles apply to the transfer, collection, use or disclosure of Personal Information by UL Compliance to Performance.
Notice – When UL Compliance to Performance collects Personal Information directly from individuals in the EEA or Switzerland, it will inform them about (1) the purposes for which their Personal Information is being collected; (2) the types of third parties to which information about them may be disclosed; (3) the choices UL Compliance to Performance offers individuals regarding the uses and disclosure of their Personal Information, if applicable; and (4) how to contact UL Compliance to Performance with any questions or complaints in connection with this Statement. Notice will be provided in clear and conspicuous language when individuals are asked to provide Personal Information to UL Compliance to Performance, or as soon as practicable thereafter, and in any event before UL Compliance to Performance uses or discloses the information for a purpose other than that for which it was originally collected. Note that UL Compliance to Performance may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Where UL Compliance to Performance receives Personal Information from its clients or other entities in the EEA or Switzerland, UL Compliance to Performance will use and disclose such information in a manner consistent with the notices provided by such entities and the choices exercised by the individuals to whom such Personal Information relates.
Choice – UL Compliance to Performance will provide individuals with an opportunity to choose (opt out) whether their Personal Information is to be (1) disclosed to a non-Agent third party; or (2) used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. UL Compliance to Performance will provide individuals with an affirmative or explicit (opt in) prior to disclosure of their Sensitive Personal Information to a non-Agent third party or use of their Personal Information for a purpose other than those for which it was originally collected or subsequently authorized by the individual. Where UL Compliance to Performance receives Personal Information from its clients or other entities in the EEA or Switzerland, UL Compliance to Performance will not knowingly use or share such Personal Information in ways incompatible with the authorizations obtained by such entities with respect to such Personal Information without providing the individual a choice.
Onward Transfer – When disclosing Personal Information from individuals in the EEA or Switzerland to any third-party Agents, UL Compliance to Performance will obtain assurances from its Agents that they will safeguard Personal Information consistent with this Statement. Examples of appropriate assurances that may be provided by agents include: (1) a written agreement requiring the Agent provide at least the same level of privacy protection as is required by the Privacy Shield; or (2) the Agent is subject to EU Directive 95/46/EC and/or another adequacy finding, Privacy Shield certification by the Agent, or is subject to another European Commission adequacy finding (e.g., companies located in Canada). If UL Compliance to Performance has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Statement, UL Compliance to Performance will take reasonable steps to prevent or stop such use or disclosure. UL Compliance to Performance’s accountability for personal information received under the Privacy Shield and subsequently transferred to a third party is described in the Privacy Shield Principles. In particular, UL Compliance to Performance remains responsible and liable under the Privacy Shield Principles if third-party agents engaged to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless UL Compliance to Performance proves that it is not responsible for the event giving rise to the damage (if any).
Security – UL Compliance to Performance takes reasonable precautions to protect EEA or Swiss Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity – UL Compliance to Performance takes reasonable steps to ensure that any Personal Information is accurate, complete, current and otherwise reliable in relation to the purposes for which the information was obtained or authorized by an individual.
Access and Opportunity to Correct – Upon written request to UL Compliance to Performance, UL Compliance to Performance will provide individuals in the EEA or Switzerland with reasonable access to Personal Information that it holds about them. UL Compliance to Performance will also take reasonable steps to allow individuals to review their Personal Information for purposes of correcting their Personal Information that is demonstrated to be inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks of the individual privacy in the case in question or the rights of persons other than the individual would be violated.
Enforcement – UL Compliance to Performance has established internal procedures for verifying its compliance with this Statement and periodically conducts a self-assessment of its practices with respect to EEA and Swiss Personal Information. Individuals should first raise any concerns about our processing of their Personal Information by contacting UL Compliance to Performance at the address below, and UL Compliance to Performance will seek to resolve any concerns. If a complaint or concern cannot be resolved though UL Compliance to Performance’s internal process, such complaints may be submitted for resolution with the Judicial Arbitration and Mediation Services (“JAMS”) at https://jamsadr.com/eu-us-privacy-shield in accordance with the expedited rules of JAMS. If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. UL Compliance to Performance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Changes to this Statement – This Statement may be amended from time to time, consistent with the requirements of the Privacy Shield. The revisions will take effect on the date of publication of the amended Statement.
Contact Information – Please address any questions, comments or complaints about this Statement or any rights set forth in this Statement by contacting UL Compliance to Performance by any of the methods identified below:
EduNeering Holdings, Inc. - dba UL Compliance to Performance
202 Carnegie Center, Suite 301
Princeton, NJ USA 08540