|
 |
|
|||||||||||||||||||||
|
|
|
|||||||||||||||||||||
|
|
||||||||||||||||||||||
|
|||||||||||||||||||||||
|
|
|
|
||||||
 San Francisco, CA > January 28, 2008 Daegis Completes Safe Harbor Certification Daegis places the highest value on ensuring the security of all data entrusted to us by our clients. We respect individual privacy rights and have in place internal protocols to assure that our security and privacy practices and procedures comply with both US and international law. This Safe Harbor Privacy Policy sets forth the principles we follow with respect to the transfer of personal data from the European Union ("EU") and the European Economic Area ("EEA") (Iceland, Liechtenstein and Norway) to the United States for processing. Safe Harbor The European Parliament and the Council of the European Union adopted Directive 95/46/EC on Data Protection. to set standards for the security and transfer of personal data. The Data Directive limits the transfer of personal data to third-countries for processing to only those countries that can ensure an adequate level of protection for an individual’s personal data. The United States Department of Commerce and the European Union developed a set of Safe Harbor Principles regarding personal data privacy and security that, when followed, permit an organization to certify that it provides adequate protection for the transfer of EU personal data to the US for processing. Daegis abides by the Safe Harbor Principles with respect to all personal data received from the EU or the EEA. Definitions personal data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity processor - a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller controller - the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law Notice and Choice When acting as a data processor within the meaning of the Data Directive, Daegis reserves the right to process personal information on behalf of and under the direction of our client’s without providing notice to individuals or Data Protection Authorities to the extent permitted by the Safe Harbor Agreement. When collecting data in the EU, Daegis acts on behalf of and under the direction of our client, to collect only data relevant to the matter at hand. Individuals from whom we collect data are provided with information regarding the purpose for which data is being collected, how it will be used and the type of non-agent third parties, if any, to which we disclose personal information. These individuals are also provided with information about the choices and means offered by Daegis for limiting the use or disclosure of their personal data. Disclosure and Transfer Daegis will not disclose an individual’s personal data to a third party without the consent of our client unless one or more of the following are true: Access Daegis provides individual citizens of the EU or EEA with access to their personal data for purposes of correcting, amending or deleting inaccurate information unless the cost or burden of providing the access and changing or deleting the data proves unreasonable in view of the risk to the individual’s privacy. A reasonable fee compensating us for resource use related to accessing, changing or deleting the personal information may be charged. Security Daegis takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our security measures include at a minimum physical, electronic and managerial protocols to safeguard and secure personal data we process. Data Integrity Daegis processes personal information only in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual. Daegis will take reasonable steps to ensure information is relevant to its intended use, accurate, complete and current. Enforcement Pursuant to the Safe Harbor recognized approach of self-assessment, Daegis affords individuals the opportunity to directly submit written complaints regarding our handling of their personal data. We will review all complaints received in writing for purposes of determining whether our handling of the individual’s data has been consistent with our Safe Harbor Privacy Policy. If we determine that actions we took were inconsistent with our Policy, we will take reasonable steps to remedy the inconsistency. If we are unable to resolve the conflict to the satisfaction of the complaining individual, we agree to mediate the issue with the American Arbitration Association. If during a period of self-assessment conducted in response to a written complaint we determine that an internal procedure or process causes us to be in breach of our Policy we will take corrective action to remedy the breach. If we determine that an individual in our employ has failed to abide by the terms of this Policy, disciplinary action will be taken against the employee. |
|
||||||||