Safe Harbor Certification

Safe Harbor

The United States has developed similar, but separate Safe Harbor Frameworks with the European Union (EU) and Switzerland regarding the transfer and handling of personally identifiable information about individuals from the European Economic Area (EEA) and Switzerland to the United States. We have chosen to adhere to the Safe Harbor Privacy Principles with respect to the collection, use, and disclosure of data from the EEA and from Switzerland. From an EU and Switzerland perspective, we operate as a data processor, while you function as data controller. For more information about Safe Harbor Privacy Principles or to access our certification statement, please review the U.S. Department of Commerce's Web site at http://export.gov/safeharbor/. It’s our goal to make your experience visiting our Site and doing business with us as reassuring as possible.

We self-certify compliance with:

safe-harbor.png#asset:527:url

1. Public Disclosure of Our Privacy Practices – the Safe Harbor ‘Notice’ Principle

This Policy fulfills the Safe Harbor Notice Principle. It is generally your role as data controller to notify individuals about the purposes for which you collect and use information about them, how they can contact you with any inquiries or complaints, the types of third parties to which you disclose their information, and the choices and means you offer for limiting your use and disclosure of their information. As your data processor, we make available to you this Policy so that you can better understand our data practices and whether they are consistent with privacy notices you have made available to your data subjects.

In the event that we provide hyperlinks to sites of our business partners or other relevant sites, please be sure to read their privacy policies. This Policy does not apply to those sites and we are not responsible for the content and experience you may encounter on those sites.

2. Limits on Information Collection and Retention – the Safe Harbor ‘Data Integrity’ Principle

We will take reasonable steps to ensure that personal information – including prospective and current customer information, client information, Site visitor information, and applicant information -- is reliable for its intended use, accurate, complete, and current.

Prospective customer information we collect

We may collect personally identifiable information -- such as name, business name, e-mail address, business address, title or job position, and work or mobile phone -- when you register to learn more about our products, request or subscribe to newsletters, white papers, events, seminars, conferences or other services we might provide, or other information that you might provide to us in an online form, or when you contact us by e-mail or telephone.

Customer information we collect

We respect the privacy of all Customer Information and view it as the customer’s property. We only collect the Customer Information that you provide to us or direct us to collect. Customer Information is information that we receive from you, or from a third party at your direction, about your data subjects. We may obtain any type of data about any type of individual that is included in the information you provide to us. In this regard, we do not control what Customer Information we may receive and host, nor what steps you as data controller have taken to ensure that the data is reliable for its intended use, accurate, complete, and current. Once we receive Customer Information, we maintain its integrity through a chain-of-custody process until we return it to you.

With your consent we may post any product or service testimonial you provide along with your name. If you want your testimonial removed please contact us at privacy@casedata.com.

Client information we collect

We also collect Client Information. Client Information is personal information about people in your organization, such as account managers and users, who interact with us. Client Information usually is limited to name, work e-mail address, work phone number, and job title, and we collect it through the e-mail, phone, and written means through which you provide it to us. We use this information to support your account, maintain our business relationship with you, respond to your inquiries, and perform accounting functions.

We may additionally use Client information for the following purposes:

  • To respond to your requests. These requests may include processing orders.
  • To meet legal requirements. We may be required to provide personal data to comply with legally mandated reporting, disclosure, or other legal process requirements.
  • To market our products and services. We may inform you about our products, services or events and otherwise perform marketing activities.

If you provide any personal data about your data subjects to us, you are responsible for providing any necessary notices and obtaining any consents necessary for us to access and use that data.

Site visitor information

We collect two types of information about visitor to this Site:

  • IP addresses and “clickstream” information. We may gather your computer’s IP address and “clickstream” information on the length of your stay, the pages you view, and your movement patterns through the Site otherwise your identity remains anonymous. We collect this information to make the Site better and, in turn, make it a more enjoyable experience for you. We may also share this statistical information with our business partners.
  • Information you provide. There are situations where you may voluntarily provide us your personal information. When you visit certain areas of this Site, we may ask for personal information from you, providing this information is voluntary on your part.

We collect this information in the following ways:

  • Web-server logs. In the process of administering this site, we maintain and track usage through web-server logs. These logs provide information such as what types of browsers are accessing our sites, what pages receive high traffic, and the times of day our servers experience significant load. We use this information to improve the content and navigation features of our Site. Anonymized or aggregated forms of this data may be used to identify future features and functions to develop for the site and to provide better customer service.
  • Cookies. We use cookies to improve the quality of your visit. Cookies are small bits of information stored on your browser. They do not give us personal information about you. Basically, they serve as reminders for our Site as to areas that you have already visited so you don't have to fill out unnecessary extra forms to access information. You can always set your browser to disable the cookies, but it may detract from the quality of your user experience.
  • Session cookies. A “session cookie” is a temporary cookie that expires when you close your browser. A session cookie assigns a randomly-generated, unique identification number to your computer when you access our Site. Assigning your computer a number facilitates the proper functioning of the features of our Site, by permitting us to maintain a persistent “state” for your session. We also use session cookies to collect information about the ways visitors use this Site – which pages they visit, which links they use, and how long they stay on each page. Sessions cookies do not contain any personal information.
  • Persistent cookies. When you visit this Site, we may place one or more “persistent cookies” on your computer. Unlike a “session cookie”, a persistent cookie does not expire when you close your browser. It stays on your computer until it expires -- for example, at the end of the calendar year -- or until you delete it. Some persistent cookies simply “tag” your computer so that the next time you visit -- or someone using your computer visits -- our server will recognize you. It recognizes you, not by name, but by the “tag” on your computer. This will enable us to provide you with a personalized experience even if we do not know who you are. It will also allow us to collect more accurate information about the ways people use this Site -- for example, how people use this Site on their first visit and how often they return.

If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You may also delete our cookies as soon as you leave our Site. Although you are not required to accept our cookies, if you set your browser to reject cookies, you will not be able to use all of the features and functionality of this Web site.

  • Web beacons. Web beacons -- also referred to as “tracking pixels” or “action tags” -- are graphic images that may be placed at various locations on our Site. Web beacons help us recognize the cookies on your browser. Like cookies, Web beacons help us collect information about the ways visitors use our Site. They also help us identify browser types, IP addresses, search terms that bring visitors to our Sites, and the domain names of the websites that refer traffic to us. The information collected by web beacons does not identify you personally. We may utilize web beacons to provide us with more information on any e-mails we send out. In particular, the web beacons will send us information to let us know that you have received and opened any e-mail you have chosen to receive from us.

Applicant information we collect

We may also collect Applicant Information -- personally identifiable information such as your name, home address, personal telephone number, resume and other information that you voluntarily provide when you submit a job application. This information may be shared with our recruiting advisors as well as other third parties such as background-screening organizations involved in the assessment of your job application.

3. Individual Consent for Marketing and Data Sharing – the Safe Harbor ‘Choice’ Principle

As your data processor, we will not share, sell, rent, or trade with third parties for their marketing purposes any Customer Information collected by us, unless you direct us to do so and have the appropriate authorization to do so.

When we operate as a data controller with regard to our Client Information, we implement the Choice Principle in the following manner. If you have previously signed up to receive e-mailed information about our products, services, and special offers, and no longer wish to receive these communications you may opt out by clicking the ‘unsubscribe’ link, replying with ‘unsubscribe’ in the subject line in the e-mail, or e-mailing us at privacy@casedata.com.

We will respect your preferences and choices for how we contact you regarding marketing and promotional communications in the event we provide you, for example, with opportunities to subscribe to e-mail lists, or any other opportunity to receive marketing or promotional communications from us.

4. Secure External Data Transfer – the Safe Harbor ‘Onward Transfer’ Principle

We may disclose personal data in the following circumstances:

  • To business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need;
  • To business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need;
  • To service providers who host or facilitate the delivery of online training, seminars and webinars; email-delivery services and other technology providers; and third parties that may assist in the delivery of marketing materials, technical support services, or other products, services or other information;
  • Job-applicant information may be shared with our recruiting advisors as well as other third parties involved in the assessment of your job application, such as background screening organizations;
  • As necessary in connection with the sale or transfer of all or part of our business;
  • As required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a judicial proceeding, court order, law-enforcement or government request, or other legal process; and
  • To any other third party with your affirmative consent.

In these situations, we will take reasonable steps to require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbor or otherwise take steps to ensure that the personal data is appropriately protected. We authorize our service providers to use your personal information only to perform services on our behalf. We may change service providers from time to time with or without notice to you, but will require the new suppliers to protect your personal information in strict accord with the standards we have described in this Policy.

You should know that different countries have different data-protection laws, some of which provide more protection than others. When you submit personal information to us you understand and agree that such information will be transmitted across national boundaries and stored in our facilities in the United States, or the Philippines. In all such cases, we take appropriate measures to protect your personal information. No matter where we transfer your personal information, it will remain subject to the terms of this Policy and your privacy preferences.

5. Information Access and Accuracy – the Safe Harbor ‘Access’ Principle

We provide individuals reasonable access to information about them that we hold and enable them to correct, amend, or delete that information where it is inaccurate. We operate under the assumption that it is generally your obligation as data controller to provide your data subjects a means of accessing their data. If you receive a data-access request from a data subject about whom we host data and you would like our assistance in responding to that request, please contact privacy@casedata.com. We will respond to requests within 30 days of receipt.

When we operate as a data controller with regard to our Client Information, we implement the Access Principle in the following manner. If your personally identifiable information -- such as your zip code -- changes, or if you no longer desire our service, contact us at:

Canon Business Services

Attn: Privacy Officer

576 West 900 South, Suite 200

Bountiful, UT 84010

privacy@casedata.com

If you write to us, please provide your name, mailing address, and a clear description of the information you wish to review or correct. We will respond promptly within the time limits established by applicable law, but at least within 30 days of your request. For your protection, we may ask you for additional information to verify your identity. In most cases, we will provide the access you request and correct or delete any inaccurate information you discover. In some cases, however, we may limit or deny your request if the law permits or requires us to do so. We encourage you to promptly update your personal information you hold with us if it changes.

6. Information Security – the Safe Harbor ‘Security’ Principle

We want you to have continuing trust in Océ Business Services and in our products and services. To that end, we’ve put in place reasonable physical, technical, and organizational procedures to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Some of our security measures include:

  • Security policies. We design and support our products and services according to documented security policies. Each year, we assess our policy compliance and make necessary improvements to our policies and practices.
  • Employee training and responsibilities. We take certain steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require our employees to sign confidentiality agreements. We also have assigned to an individual the responsibility to manage our information security program.
  • Data encryption. All electronic transfers of Customer Information between you and us are done through encrypted connections.

Unfortunately, no security measures can be guaranteed to be 100% secure. It is important that you understand that no website or database is completely secure or “hacker proof”. It is also important for you to guard against unauthorized access to your passwords and the unauthorized use of your computer.

7. Policy Compliance and Accountability – the Safe Harbor ‘Enforcement’ Principle

To satisfy the Safe Harbor Enforcement Principle, we maintain procedures for verifying that the commitments we make in this Policy to adhere to the Safe Harbor principles have been implemented. To do this, we complete an annual privacy compliance assessment and make improvements based on the results.

We have agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities to resolve disputes pursuant to the Safe Harbor Privacy Principles, as well as to cooperate and comply with the Federal Data Protection and Information Commissioner of Switzerland.

If you have any concerns about the privacy or security of your personal information, please contact us at privacy@casedata.com. We will attempt to resolve your inquiry in a timely manner.

Ready to Advance Your Business?

CONTACT US