UPDATED January 2020
We comply with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to such personal data.
The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
To learn more about the Privacy Shield Program, and to view our certification, please visit: https://www.privacyshield.gov/.
What types of personal data do we handle, and why?
In the course of its business activities, we may have access to certain categories of personal data related to individuals within the European Union:
- Contact points for potential and current customers. We may access the following personal data on persons of interest or points of contact with potential or current customers, which may also be established in Europe:
- Job title;
- Professional contact details;
We access this personal data, concerning current customers, when strictly necessary to manage and perform agreements in place between us and those customers (for example, when we need to contact a customer for invoicing purposes, we may use the professional contact details of a point of contact within that customer). Account managers at Safeguard Global US may need to contact certain customers for these purposes, including customers located within the European Union.
As for potential customers, we may access these personal data when they are shared with us by individuals (for example, when an individual reaches out to us on behalf of a potential customer at an event, or by sending us an inquiry) or by third parties (for example, through third-party data brokers with which we have appropriately regulated our data processing relationship, through written agreements). We may use these personal data to reach out to potential customers, in order to send marketing communications or engage with those customers to attempt to establish a business relationship – this may include potential customers within the European Union, given that the Safeguard Global Group Marketing and Sales teams are based at Safeguard Global US.
It is important to note that none of our customers are consumers, as our business is strictly B2B. Therefore, while we do reach out to individuals within potential customers for these purposes, the organisations to which those individuals belong are the target of our communications, and not the individuals themselves (as consumers).
Do we transfer any personal data onwards, to other entities?
As a rule, we do not sell data related to Safeguard Global Group customers or prospective customers to any third parties, or otherwise share data with third parties.
However, we may disclose personal data to third parties acting as agents / processors on our behalf:
- Service providers which provide SaaS (software as a service) customer relationship management platforms and tools used by Safeguard Global US, and which may have access to personal data stored by Safeguard Global US on their platforms and tools, used to ensure an efficient management of Safeguard Global Group customers;
- Service providers which provide SaaS marketing automation platforms and tools used by Safeguard Global US, and which may have access to personal data stored by Safeguard Global US on their platforms and tools, used to allow Safeguard Global US to effectively carry out its marketing activities; and
- Service providers which otherwise participate in the provision of services to customers, assisting Safeguard Global US in this regard (including other Safeguard Global Group affiliates), and which may have access to customer data when strictly necessary to allow their assistance in the provision of these services.
This may include personal data related to individuals within the European Union and the United Kingdom, in which case the EU-U.S. Privacy Shield Principles apply in full. Under these Principles, Safeguard Global US will remain liable for damages caused by a failure of any of its agents / processors handles personal data in a manner inconsistent with the Principles, save for where Safeguard Global US is not responsible for the event giving rise to those damages.
Other than in the above cases, it is also important to understand that we may be required to disclose personal data in response to lawful requests by competent U.S. public authorities, including to meet national security or law enforcement requirements.
How can you reach out to us?
To get in touch with the Data Protection Officer for the SafeGuard Global Group, please contact: firstname.lastname@example.org.
What are your rights as a Data Subject? How can you react if you believe that we are mishandling your personal data?
Under the Privacy Shield Principles, you are entitled to:
- Access the personal data we hold about you;
- Request the correction, amendment or deletion of personal data we hold about you, where it is inaccurate or has been processed in violation of the Principles.
The above rights can be restricted where the burden or expense for SG US in allowing them to be exercised would be disproportionate to the risks to your privacy, in your specific case. Restriction may also happen if allowing your rights to be exercised would violate the rights of other persons. However, we will always endeavor to allow the exercise of your rights to the fullest extent feasible.
You can exercise these rights by contacting us, at: email@example.com.
Given that SG US only transfers your personal data onward to its agents / processors (as noted above), and not to any third-party controllers, your right to opt-out of these transfers does not apply, under Section 2(b) of the Principles. In any case, SG US has entered into data processing agreements with these agents and processors to ensure the following, in accordance with Section 3(b) of the Principles:
- The transfer of personal data to agents / processors is only performed for limited and specified purposes (noted above);
- The agents / processors are required to provide at least the same level of privacy protection as is required by the Principles;
- The agents / processors are required to effectively process personal data they receive from us in a manner consistent with our obligations under the Principles; and
- The agents / processors must notify us if they determine that they can no longer provide the same level of privacy protection as is required by the Principles, in which case they must also take reasonable and appropriate steps to stop and remediate unauthorized processing of those personal data.
We will also provide a summary or representative copy of the relevant privacy provisions contained within our agreements with agents / processors to competent authorities, upon a valid request.
In any case, you retain the right to opt-out from any further processing activities which we might wish to carry out using your personal data, for purposes which are different to or incompatible with the purposes laid out in this Policy. We will notify you of any such further processing if and when it takes place, so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.
While we do not process any sensitive data under the scope of this Policy, you also have the right to opt-in (rather than merely opt-out) to any onward transfer of those data or further processing of those data, for purposes which are different to or incompatible with the purposes laid out in this Policy. If and when this becomes applicable, we will notify you so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.
In compliance with the Privacy Shield Principles, we commit to resolving complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: firstname.lastname@example.org.
Should you consider that we have not been able to fully resolve your complaint, you remain entitled to submit your complaint to a data protection authority within the European Union, so that the panel established by the European Union data protection authorities (DPAs) can engage us to fully resolve the issue. We may also proactively refer your complaint to this panel.
We commit to cooperating with this panel and complying with the advice given by this panel with regard to personal data transferred from the European Union.
- In particular, this means that we will cooperate with the DPAs in the investigation and resolution of any complaints brought against us under the Privacy Shield. It also means that we will comply with any advice given by the DPAs in these cases, including where the DPAs consider that we need to take specific action to comply with the Privacy Shield Principles (such as by offering remedies or compensation to you or other affected individuals), and that we will provide written confirmation to the DPAs that such action has been taken.
Under certain conditions, it may be possible for you to invoke binding arbitration against us for complaints regarding Privacy Shield compliance which have not been resolved through the above mechanisms. Please refer to Annex I of the Privacy Shield Framework for more information.
 Personal data means any information relating to an identified or identifiable natural person or individual.
 Available at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612621 (p. 9).
 HR data meaning any personal data concerning an employee in the context of an employer-employee relationship, which is accessed by SG US from a company based in the European Union (regardless of whether the employee is a part of the Safeguard Group).