SELLIGENT MARKETING CLOUD PRIVACY SHIELD STATEMENT
Selligent Marketing Cloud recognizes that the EU has established strict protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of the EU. To provide adequate protection for certain EU Personal Data relating to website visitors, customers, prospective customers, partners, vendors, third party suppliers and contractors that Selligent Marketing Cloud receives in the U.S., Selligent Marketing Cloud has elected to self-certify to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce (collectively, “Privacy Shield Frameworks”).
For purposes of enforcing compliance with the Privacy Shield Frameworks, Selligent Marketing Cloud is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov.
Types of EU Personal Data Collected
Selligent Marketing Cloud collects, receives and uses EU Personal Data for purposes of providing products and services to our customers, communicating with corporate business partners about business matters, processing EU Personal Data on behalf of corporate customers, providing information on our/their services, and conducting related tasks for legitimate business purposes and hiring and managing our employees.
Selligent Marketing Cloud collects EU Personal Data (i) from individuals who visit our website and voluntarily provide their information, and (ii) on behalf of our customers and (iii) from employees, vendors, contractors and agents, including the following specific types of information:
- contact information of individual representatives of the businesses with whom we or our customers are dealing, including, without limitation, names, addresses, work phone numbers, work email addresses, etc. of EU Persons;
- information from visitors to our websites;
- In connection with some of our services, our customers use our hosted technology platform to provide EU Personal Data to us for processing on their behalf or to request that we collect EU Personal Data of their customers and clients to process on our Customer’s behalf;
- Support services we provide to our customers, both from the United States and European customer service centers; and
- Employee compliance programs provided through online learning management systems,
Use of EU Personal Data
EU Personal Data may be collected by us or provided to us for the following purposes:
- Providing information about our products, services and events;
- Providing products, services and support to our customers;
- Communicating with business partners, vendors, agents and contractors about business matters;
- Analysis of information in order to improve business practices, products and services;
- Hiring, managing and termination of employees;
- Conducting related tasks for legitimate business purposes;
- Other purposes disclosed at the time of collection; and
- National security or law enforcement requirements, or when we have determined that we need to do so in order to comply with applicable law.
We may transfer EU Personal Data to our third-party agents, subprocessors or service providers which perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those third-party agents, subprocessors and service providers requiring them to provide the same level of protection that the Privacy Shield, applicable law and we require and limiting their use of the EU Personal Data to the specified services they are providing to us. We take reasonable and appropriate steps (i) to ensure that third party agents, subprocessors and service providers process EU Personal Data in accordance with the Privacy Shield, applicable law and our obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents, subprocessors or service providers that perform services on our behalf for their handling of EU Personal Data that we provide to them for processing.
Before we use EU Personal Data collected by our customers and provided to us for processing for a purpose that is materially different than the purpose stated in our agreement with a customer, we will ensure that our customer authorizes us to do so. Before we use EU Personal Data collected by us for a purpose that is materially different than the purpose for which it was collected by us or later authorized, we will ensure that we have a lawful basis to do so. Selligent Marketing Cloud maintains reasonable procedures to help ensure that EU Personal Data is processed in accordance with the purpose and any lawful basis.
We may collect, or our customers may provide to us when using Selligent Marketing Cloud services, certain EU Personal Data that is regarded as “sensitive,” including data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life. When we directly collect sensitive EU Personal Data, we will obtain opt-in consent where the Privacy Shield requires, including if we disclose sensitive EU Personal Data to third parties, or before we use sensitive EU Personal Data for a different purpose than we or our customers collected it for or than the data subject later authorized.
Adherence to Seven Privacy Shield Principles
As part of its certification to the Privacy Shield, Selligent Marketing Cloud adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Personal Data processed or stored by Selligent Marketing Cloud may be subject to contractual agreements with our customers that require more stringent privacy and security safeguards than the requirements in the Privacy Shield. At a minimum, however, Selligent Marketing Cloud handles EU Personal Data in accordance with this Privacy Shield Policy, which is based upon these seven principles identified in the Privacy Shield.
When Selligent Marketing Cloud receives EU Personal Data from its customers for processing pursuant to their instructions or their partners’ instructions, we are acting as an agent for our customer and do not provide notice to individuals regarding the collection, use or processing of their personal data. Our customers remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU law.
With respect to emails sent by our customers or by us on behalf of our customers, EU Persons may opt-out of receiving further email communications from Selligent Marketing Cloud or Selligent Marketing Cloud customers by following opt-out instructions that are contained in the bottom of the email communication you received.
Selligent Marketing Cloud maintains reasonable and appropriate technical and organizational security measures to protect EU Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
Accountability of Onward Transfer
Selligent Marketing Cloud recognizes potential liability in cases of onward transfer to third parties. Selligent Marketing Cloud will not transfer any EU Personal Data to a third-party without first ensuring that the third-party adheres to the Privacy Shield principles. Selligent Marketing Cloud does not transfer EU Personal Data to unrelated third parties, unless lawfully directed by a customer who provided such data, or in certain limited or exceptional circumstances in accordance with the Privacy Shield Frameworks. For example, such circumstances would include disclosures of EU Personal Data required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety.
In the event that Selligent Marketing Cloud is requested to transfer EU Personal Data to an unrelated third party, Selligent Marketing Cloud will ensure that such party is either certified under the Privacy Shield, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the Privacy Shield Frameworks and Selligent Marketing Cloud’s Privacy Shield Statement. Should Selligent Marketing Cloud learn that an unrelated third party to which EU Personal Data has been transferred by Selligent Marketing Cloud is using or disclosing EU Personal Data in a manner contrary to this Policy, Selligent Marketing Cloud will take reasonable steps to prevent or stop the use or disclosure.
Contact information and EU Personal Data is accessible only by those Selligent Marketing Cloud employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of EU Personal Data.
Selligent Marketing Cloud assures compliance with this Privacy Shield Statement by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Selligent Marketing Cloud’s relevant privacy practices are being followed in conformance with the Privacy Shield Statement and the Privacy Shield Frameworks. Any employee that Selligent Marketing Cloud determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
Privacy Shield Statement Updates
This Statement may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page. This page may be bookmarked to facilitate periodic review of Privacy Shield Statement and to note recent updates. Neither the Privacy Shield Statement nor updates to it will affect or modify any contracts we have with our customers.
Access, Review & Update
If you are an EU Person about whom we hold EU Personal Data either directly or on a customer’s behalf, you may request access to, and the opportunity to update, correct or delete, such EU Personal Data, provided that if we are holding EU Personal Data on a customer’s behalf, submit first such requests or raise any other questions directly to the business that provided your EU Personal Data to us. You can also contact our Privacy Shield Contact. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the Privacy Shield Frameworks.
Privacy Shield Inquiries and Contact
In compliance with the Privacy Shield Principles, Selligent Marketing Cloud commits to resolve complaints about our collection or use of your personal information.
EU individuals with inquiries or complaints regarding our Privacy Shield Statement should first contact Selligent Marketing Cloud at:
Selligent Marketing Cloud
1300 Island Drive, Suite 200
Redwood City, CA 94065
Or by email at privacy[at]SelligentMarketingCloud.com.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU Personal Data within 45 days of receiving your inquiry or complaint.
Selligent Marketing Cloud has further committed to refer unresolved Privacy Shield complaints to JAMS Mediation and Arbitrators (“JAMS”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Selligent Marketing Cloud commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. If you have a comment or concern about human resources data transferred from the EU in the context of the employment relationship that cannot be resolved with us directly, you may contact http://www.uscib.org/privacy-shield/ for more information or to file a complaint.
Selligent Marketing Cloud has further committed to cooperate with the arbitration panel (https://www.privacyshield.gov/article?id=G-Arbitration-Procedures) established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) if the resolution between us and you, as well as JAMs and you, fail.
Privacy Shield Statement Effective Date: 11/12/2018