Articles: Hagen, Streiff, Newton & Oshiro Accountants, PC
Effective Date: January 1, 2012
This Policy applies to all personal information received by HSNO from the EU in electronic format or in structured manual filing systems. In most cases, the data we receive will relate to our clients and their business activities and may include personal information about our clients’ employees, business contacts, customers and any other individuals with whom our clients have dealings. When we collect and process personal information provided to us by our clients we do so as a “data processor” acting on the instructions of our clients. HSNO does not actively collect personal information from individuals in the EU. HSNO’s possession and use of personal information is largely incidental to our primary task of providing electronic discovery services to our clients.
Certain words and phrases are defined within this Policy. In addition, the words set out below have the following meaning:
- “data processor” means a person who processes personal data on behalf of someone else;
- “EEA” means the 27 European member states, plus Norway, Iceland and Liechtenstein;
- “EU Directive” means the EU directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- “Personal information” means any information or set of information that identifies an individual, or could be used by or on behalf of HSNO to identify an individual. Personal information does not include data that is encoded or is anonymous.
- “Sensitive personal information” means information about an individual’s medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sex life. In addition, HSNO will also treat as sensitive any personal information received from a third party where the third party treats and identifies it as sensitive and has notified us of this fact. SAFE HARBOR
The privacy principles in this Policy are based on the Safe Harbor Principles, wh ich were agreed between the United States Department of Commerce and the European Commission. Adherence by HSNO to these Safe Harbor Principles will provide the necessary level of protection required by the EU Directive in respect of transfers of personal information to countries outside the EEA.
HSNO adherence to these principles may be limited in certain circumstances, in particular:
- (a) where there is a conflicting or overriding legal obligation;
- (b) to the extent expressly permitted by any applicable law, rule or regulation; or
- (c) where HSNO receives personal information as a “data processor” acting on the instructions of a client. As HSNO will be receiving personal information from the EU merely for processing, it will not be required to apply the Notice, Choice, Data Integrity and Access principles to that information. The client will remain responsible for the personal information and its processing in accordance with EU law.
SAFE HARBOR PRINCIPLES
Notice: Where HSNO obtains personal information from individuals in the EU, it will inform them of: – the purposes for which it collects and uses their personal information -the types of third parties (if any) to which HSNO discloses that information, and -the choices and means, if any, that HSNO offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to HSNO, or as soon as practicable thereafter, and in any event before HSNO uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization, or discloses it for the first time to a third party. If HSNO receives personal information from its subsidiaries, affiliates, clients or other entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the consents or choices made by the individuals to whom such personal information relates.
Choice: HSNO will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party (unless that disclosure is allowed or required by contract), or (b) to be used for a purpose that is incompatible with the purpose for which that information was originally collected or subsequently authorized by the individual. For sensitive personal information, HSNO will give individuals the opportunity to give explicit consent (opt-in) to the disclosure of the information to a third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. HSNO will provide individuals with clear and conspicuous, readily available and affordable mechanisms to exercise their choices.
Onward Transfers: HSNO will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. An “agent” is any third party that collects or uses personal information in order to perform tasks on behalf of HSNO. Examples of appropriate assurances that may be provided by agents include: -contractual assurances to provide the same level of protection as required by the Safe Harbor Principles -being subject to the EU Directive – certifying with the Safe Harbor or -being located in a country that has been deemed to provide an adequate level of protection by the European Commission (eg Canada or Switzerland). Where HSNO has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, HSNO will take reasonable steps to prevent or stop the use or disclosure.
Security: HSNO will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data Integrity: HSNO will use personal information only in ways that are relevant and compatible with the purposes for which that information was collected or subsequently authorized by the individual. HSNO will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.
Access upon request, HSNO will grant individuals reasonable access to personal information that it holds about them. In addition, HSNO will take reasonable steps to permit individuals to correct, amend, or delete information that is shown to be inaccurate or incomplete.
Enforcement: HSNO will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that HSNO determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. The Federal Trade Commission has jurisdiction to hear any claims of unfair or deceptive practices or violations of laws or regulations governing privacy.
Dispute: Any questions or concerns regarding the use or disclosure of personal
Resolution: information should be directed to the HSNO Privacy Office at the address given below. HSNO will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between HSNO and the complainant, HSNO agrees to cooperate with data protection authorities located in the EU (or their authorized representatives) and participate in any dispute resolution procedures established by such authorities pursuant to the Safe Harbor Principles. HSNO supports industry self-regulation as a flexible means for keeping pace with emerging privacy issues.
Please refer all questions or comments regarding this Policy to the HSNO Privacy Office as follows: Matthew Blake, Chief Compliance Officer, Hagen, Streiff, Newton & Oshiro Accountants, PC (“HSNO”), 2415 Campus Drive, Suite 225, Irvine, CA 92612, USA , Phone: 949-251-1133, Fax: 949-251- 1565
This Safe Harbor Policy is available from: www.hsno.com
CHANGES TO THIS SAFE HARBOR POLICY