Safe Harbor Privacy Policy for Consumer Data

Safe Harbor Privacy Policy for Consumer Data

Dovetail Business Solutions, Inc. (“Dovetail”) is committed to upholding the highest ethical standards in its business practices and strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business. This Safe Harbor Privacy Policy sets forth the privacy principles that Dovetail follows with respect to personal consumer information transferred from the European Economic Area (EEA) (which includes the twenty-eight member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and from Switzerland to the United States.

Dovetail complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Dovetail has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Dovetail’s certification, please visit http://www.export.gov/safeharbor/.

Safe Harbor

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “U.S.-EU Safe Harbor Principles”) and frequently asked questions (collectively the “U.S.-EU Safe Harbor Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection. The United States Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland have agreed on a similar set of data protection principles (the “U.S.-Swiss Safe Harbor Principles”) and frequently asked questions (collectively the “U.S.-Swiss Safe Harbor Framework) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. Consistent with its commitment to protect personal privacy, Dovetail adheres to the U.S.-EU and U.S.-Swiss Safe Harbor Principles (hereinafter “Safe Harbor Principles”).

Scope

This Safe Harbor Privacy Policy (the “Policy”) applies to all personal information received by Dovetail from applicable Dovetail clients in the United States from the European Economic Area and from Switzerland.

Dovetail receives marketing data from each Dovetail client and manages this data in a marketing database system that is used only by that specific Dovetail client. The data that Dovetail receives is from each Dovetail client, not the end-consumer. The end-consumer provides their data to each respective Dovetail client. End-consumers do not provide information directly to Dovetail. Each Dovetail client uses their respective marketing database, which Dovetail hosts and maintains for the Dovetail client, for the Dovetail client’s marketing purposes to the Dovetail client’s end-consumers.

Definitions

For purposes of this Policy, the following definitions shall apply:

“Dovetail client” means the business entity for which Dovetail is managing the marketing database. Dovetail receives marketing data from each Dovetail client and manages this data in a marketing database system that is used only by that specific Dovetail client. The data that Dovetail receives is from each Dovetail client, not the end-consumer. The end-consumer provides their data to each respective Dovetail client. End-consumers do not provide information directly to Dovetail. Each Dovetail client uses their respective marketing database, which Dovetail hosts and maintains for the Dovetail client, for the Dovetail client’s marketing purposes to the Dovetail client’s end-consumers.

“End-consumer” means the customer of a Dovetail client.

“Personal information” means any information or set of information that is received by Dovetail from a Dovetail client that identifies an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Dovetail client or to which Dovetail client discloses personal information for use on Dovetail client’s behalf.

Privacy Principles

The privacy principles in this Policy are based on the Safe Harbor Principles.

NOTICE: Where Dovetail receives personal information from a Dovetail client regarding an individual in the EEA, the Dovetail client informs the individual about the purposes for which it collects and uses personal information about them and the choices and means, if any, the Dovetail client offers individuals for limiting the use and disclosure of their personal information. Dovetail will manage the data from the Dovetail client per the Dovetail client requirements.

CHOICE: For personal information, Dovetail’s client will offer individuals the opportunity to choose (opt-in) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. (Opt-in provided by end-consumer to Dovetail client)

Dovetail’s client will provide individuals with reasonable mechanisms to exercise their choices and Dovetail will manage these choices on behalf of the Dovetail client per Dovetail client requirements.

DATA INTEGRITY: Dovetail will use personal information only in ways that are compatible with Dovetail client purposes for which it was collected or subsequently authorized by the individual to the Dovetail client. Dovetail, per Dovetail client requirements, will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. Dovetail will only store personal information that is relevant to fulfill the purpose of the request and will retain such information no longer than appropriate to fulfill the purpose of the request, per Dovetail client requirements.

TRANSFERS TO AGENTS: As applicable, Dovetail will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the agent, or being subject to another European Commission adequacy finding (e.g., companies located in Canada). Where Dovetail has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Dovetail will take reasonable steps to prevent or stop the use or disclosure.

ACCESS AND CORRECTION: Upon request, Dovetail client will grant individuals reasonable access to personal information that it holds about them. In addition, Dovetail client will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. These requests can be made directly to the applicable Dovetail client. Dovetail will update the Dovetail client marketing database with correct data Dovetail receives from the Dovetail client per Dovetail client requirements.

SECURITY: Dovetail will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

ENFORCEMENT: Dovetail client will conduct compliance audits of its relevant privacy policy practices to verify adherence to the Dovetail client policy. Dovetail will conduct reviews of its relevant privacy practices to verify adherence to this Policy. Any employee that is determined to intentionally violate this policy will be subject to disciplinary action up to and including termination of employment.

DISPUTE RESOLUTION: Any questions or concerns regarding the use or disclosure of personal information should be directed to the applicable Dovetail client. Dovetail client will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy, and Dovetail will support Dovetail client as directed by Dovetail client. For complaints that cannot be resolved between Dovetail client and the complainant, the Dovetail client dispute resolution procedures should be followed. Additionally, Dovetail is a participant in the dispute resolution procedures of the Direct Marketing Association pursuant to the Safe Harbor Principles.

Limitations on Application of Principles

Adherence by Dovetail to these Safe Harbor Principles may be limited (a) by Dovetail’s dependency on the Dovetail client, (b) to the extent required or permitted by law or legal process, such as to respond to or investigate a legal or ethical obligation or request or pursuant to court orders, subpoenas, interrogatories or similar directive carrying the force of law; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

CONTACT INFORMATION
For inquiries regarding this Safe Harbor Policy, please contact:

Jeff Barela, COO
1221 West Mineral Ave., Suite 102
Littleton, CO 80120
jeff@dovetaildatabase.com
720.633.8101

DMA Safe Harbor Program
1615 L St, NW Suite 1100
Washington, DC 20036
safeharbor@the-dma.org
http://thedma.org/consumer-guide/