Privacy Shield Policy
This website collects various types of information, such as:
- “Client” means the engaging party for a covered transaction under this Policy and may also refer to Counsel working on behalf of Client for Client’s benefit.
- “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
- “Counsel” means Client’s retained Counsel for a covered transaction under this Policy and may also refer to an engaging party.
- “Data Subject” means an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, by reference to Personal Data.
- “Department” or “DOC” means the U.S. Department of Commerce and, where applicable and necessary, may also mean the International Trade Administration (“ITA”).
- “Personal Data” means information and data about an identified or identifiable individual that are within the scope of the Program, received by ResEcon FTS in the United States from the European Union or Switzerland, and recorded in any form. Personal Data may include but is not limited to names, mailing addresses, e-mail addresses, identification numbers, IP addresses and other Sensitive Data.
- “Policy” means the ResEcon FTS Privacy Shield commitment(s) as set forth in this document.
- “Principles” means the foundational commitments that a participant in the Program must adhere to in order to be compliant, see Principles section below.
- “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
- “Program” means both the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks as designed by the DOC, the European Commission and Swiss Administration, and as administered by the ITA.
- “ResEcon FTS” specifically refers to the Forensic Technology Services practice of Resolution Economics, LLC.
- “Sensitive Data” means data that contains any of the following: racial or ethnic origin; political affiliation; religious or philosophical beliefs; trade union membership; data concerning health or sex life and sexual orientation; genetic data; and biometric data where processed to uniquely identify a person.
ResEcon FTS provides services at the direction of Client and/or Counsel for the purpose of supporting a potential or continuing legal defense, claim or obligation. From time to time, ResEcon FTS may collect, process and/or maintain Personal Data during the course of an engagement. We do not sell any collected, processed and/or maintained Personal Data during the ordinary course of business.
ResEcon FTS complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, respectively, to ensure adequate protections for Personal Data transferred from European Union (“EU”) member countries, and Switzerland, and received in the United States (“U.S.”) by ResEcon FTS in reliance on this Policy and the Program. All ResEcon FTS employees and agents that have access to Personal Data contemplated by this Policy are responsible for conducting themselves in accordance with this Policy and the Program’s Principles. If any conflicts should arise between this Policy and the Program’s Principles, the Program’s Principles shall govern. Program information and ResEcon’s participation listing are available via: https://www.privacyshield.gov/
ResEcon FTS is an active participant in the Privacy Shield framework and, as such, may collect, process and/or maintain Personal Data during the course of providing professional services to our Clients and may do so without the direct knowledge of certain Data Subjects.
1.1 All ResEcon FTS services contemplated by this Policy are executed at the direction of our Clients, often at the direction of Counsel within attorney work product and/or attorney-client privilege, and we inform our Clients of the purposes for which services are provided.
1.2 Our Clients therefore bear the responsibility and shall inform Data Subjects of the individual’s rights under this Policy and the Principles.
In the event Personal Data is to be disclosed to a non-agent third party or where Personal Data is to be utilized for a purpose that is materially different from that for which it was initially collected or subsequently authorized, ResEcon, through our Client, shall provide Data Subjects with the opportunity to limit the use or disclosure, if a limited option is available, or opt out of such use or disclosure altogether.
2.1 In the event that Sensitive Data is contemplated within the meaning of this clause, ResEcon, through our Client, shall require explicit Data Subject consent before proceeding.
3. Onward Transfer
In the event that ResEcon FTS transfers Personal Data to a third party Controller, ResEcon FTS shall contractually require that the third party Controller a) only Process such data for the limited and specified purposes; b) provide at least the same level of privacy protection as required by the Program; c) notify ResEcon FTS if and when the Controller can no longer meet its obligation; and d) cease Processing and remediate any unauthorized Processing as necessary if unable to satisfy its obligations under the Program.
3.1 ResEcon FTS shall take reasonable and appropriate steps to ensure that the Controller effectively processes the transferred Personal Data in a manner consistent with the Program, and shall provide the Department of Commerce with relevant privacy provisions of its contract with the Controller as requested.
3.2 ResEcon FTS is liable within the parameters of the Program where an agent processes Personal Data in a manner inconsistent with the Principles, except where ResEcon FTS is not responsible for the event giving rise to the damage.
3.3 ResEcon FTS may be required to disclose Personal Data in response to lawful requests by public authorities to the extent required to meet legal, regulatory, governmental, national security or law enforcement requirements.
ResEcon FTS shall take reasonable and appropriate measures to protect Personal Data covered by this Policy and the Program from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
5. Data Integrity & Purpose Limitation
Limitation. ResEcon FTS limits the Processing of Personal Data to information that is relevant for the intended and specific purpose, and ResEcon FTS only maintains Personal Data for so long as required to satisfy and support the originally intended purpose.
5.1 We protect Personal Data in all of the following manners: a) all data, including Personal Data, is transferred via encrypted methods; b) Personal Data is never utilized to key files in databases; c) access to physical media and servers is restricted to necessary personnel; and d) deletion is executed with a defensible and irretrievable process.
5.2 At the direction of the Client, we may use objective Processing functionality to execute many of the following culling techniques to further protect Personal Data: a) removing files containing extracted Personal Data; b) excluding files containing extracted Personal Data from use; and c) proactively redacting Personal Data from reviewable files as necessary.
5.3 In limited cases and only in accordance with the Program, ResEcon FTS may Process Personal Data for longer periods than originally intended or necessary for the time and to the extent such Processing reasonably services the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.
ResEcon FTS respects and supports your right to know what Personal Data has been Processed by our firm at the direction of our Client and we appreciate that you may require access for purposes such as but not limited to the need to ensure Personal Data’s accuracy and relevance for the purpose for which it was Processed. Accordingly:
6.1 Data Subjects contemplated by the Program and this Policy may request to review their own Personal Data as Processed by ResEcon.
6.2 Requests may be excepted in situations, but not limited to, where the burden or expense of providing access would be disproportionate to the risks to the Data Subject’s privacy in the case in question, or where the rights of other Data Subjects would be violated.
6.3 Approved Data Subjects may review their own Personal Data in accordance with applicable contractual requirements, this Policy and the Program.
6.4 In the event you are allowed and required by the Program to correct, amend or delete certain Personal Data that is inaccurate or has been processed in violation of the Principles, you may do so only with truthful, complete and accurate information.
7. Recourse, Enforcement & Liability
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield framework, ResEcon FTS is committed to amicably resolving privacy complaints made directly to ResEcon FTS and we shall respond to inquiries filed directly with ResEcon FTS within 45 days from receipt. Please address direct inquiries to the following: email@example.com
7.1 In the event that we are unable to resolve a complaint from an EU or Swiss citizen, we shall, at no cost to you, refer the unresolved matter to the International Centre for Dispute Resolution (“ICDR”) of the American Arbitration Association (“AAA”). EU or Swiss individuals may also file a complaint directly with the ICDR/AAA via: http://go.adr.org/privacyshield.html
7.2 For those matters that remain unresolved, the Program allows Data Subjects contemplated by this Policy and the Program to pursue prompt, independent and fair resolution through binding arbitration with the Privacy Shield Panel.
The Federal Trade Commission (“FTC”) has committed to enforcement of the Program as it relates to ResEcon’s participation, and will work together with EU privacy authorities to protect Personal Data. ResEcon FTS may, from time to time, change or update this Policy to ensure continuing compliance with the Program, its enforcement and other applicable laws. This Policy was last updated on 9 October 2018.