EU-US and Swiss-US Privacy Shield Policy – effective November 19, 2018
SCOPE OF THIS POLICY
This Privacy Shield Policy applies only to personal information that is processed, maintained or stored on behalf of Safe Banking Systems’ clients. “Personal Information” for purposes of this policy means information relating to an identified or identifiable natural person (“data subject”). An “Identifiable Person” is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity that are within the scope of the EU Privacy Shield Framework and the Swiss Privacy Shield Framework, recorded in any form and that is received by a participant from the EU or from Switzerland. For the purposes of this policy, Safe Banking Systems receives personal information on customers of our clients that include name, address and date of birth. At the present time personal information governed by this Policy does not include human resources information that belongs to Safe Banking Systems.
Any personal information sent to us by our clients is used exclusively for the purposes and services for which we contracted. We do not share, rent or sell that information to any other parties. We do not collect sensitive information (e.g., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual). Individuals have the right to access their personal data at the institution where their data resides.
Safe Banking Systems offers our client’s the opportunity to choose (opt out) whether their customers’ personal information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the client. This is done through contractual agreements with our clients.
Customer information provided to us by our clients as part of our business service to screen their customers to determine if they match against sanctions, politically exposed persons or adverse media is not disclosed, shared, rented or sold to any third parties other than for national security or law enforcement. In cases of onward transfers of Privacy Shield data to third parties, Safe Banking Systems is liable.
Safe Banking Systems takes steps to protect the information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Safe Banking Systems has implemented appropriate physical, electronic and managerial procedures based on ISO 27002 standards to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction.
We take steps to ensure that the client’s data we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purpose for which we use it.
We maintain personal information solely as a processor on behalf of our clients. In such cases, if clients request access to or correction of information, we will coordinate with the client in accordance with the Privacy Shield Principles and Safe Banking Systems data security procedures.
Safe Banking Systems Software
114 Old Country Road
Mineola, NY 11501-4400
Ph: +1 631-547-5400
Fx: +1 631-547-5415
Safe Banking Systems has further committed to refer unresolved Privacy Shield complaints to Judicial Arbitration and Mediation Services (JAMS), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If claims are not remedied, under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel.