1. Introduction
Belwi is dedicated to protecting your personal information and informing you about how we use your information.
This privacy policy applies to your use of Belwi services, including our website and services (collectively, “Platform”).
This Privacy Policy should be read in conjunction with the Terms of Use and is incorporated into the Terms of Use.
All capitalized proper nouns not defined in this Agreement shall have the same definitions and meanings as defined in the Terms of Use.
Please review this Privacy Policy periodically, as we may revise it from time to time.
If you do not agree or do not accept our Privacy Policy in its entirety, you should not access or use the Platform.
If you use the Platform after a change in the terms of this Privacy Policy, you agree to accept the revised policies.
2. Information gathered
At Belwi, we collect personally identifiable information (“PII”) and non-personally identifiable information (“Non-PII”) from you.
Personally identifiable information is information that can be used to identify you personally.
Non-personally identifiable information is information that must be combined with other information to identify you personally.
Personally identifiable information collected
You will not be asked to provide us with any information when you visit our Platform.
However, to use our Platform in its entirety, we may collect PII, such as your name, email address, phone number, business and website information, and address.
We may also collect your relevant payment or credit card information if you wish to pay for any services offered through the Platform.
Please note that all payment information will be stored and processed by our third party payment processors.
Non-identifying information
Whenever you use our website, we may collect non-personal information from you, such as your IP address, zip code, gender, browsing history, search history and registration history, interactions with the Platform, usage information, location, referring URL, browser, operating system, data usage, transferred data and Internet service provider.
We may also collect information including, but not limited to, postings you make on public areas of our website, messages you send to us, and correspondence we receive from other members or third parties about your activities or postings.
3. Use of your information
Some of your information will be visible to other users of the Platform to facilitate communication between users.
We will never sell your information without your permission; however, you agree that we may use your information in the following ways:
- To provide the services offered and operate the Belwi Platform.
- To improve or enhance our users’ experiences.
- To contact you by e-mail or other electronic communications when you have an inquiry.
- To notify you about updates and additional Belwi services.
- To share with third parties with whom you have requested additional information related to your products and services.
- To process your transactions.
- To share your information with outside partners or third parties engaged by us to perform functions and provide services to us subject to obligations consistent with this Privacy Policy and on the condition that the third parties use your information only on our behalf and in accordance with our instructions.
4. Anonymized data
Please note that we may collect and aggregate personally identifiable information from our Platform and may anonymize that information for our own research or internal purposes.
Once such data has been anonymized, it cannot be traced back to you, the user.
5. Access, edit and delete your information
You will be able to access any information contained in your account through our Platform.
You can edit that information by deleting or changing the information that appears in your account.
If you have any questions or would like to review, delete, change or access the information we collect, please contact us by submitting a ticket.
After you have terminated your account, please note that we may keep inaccessible copies of your PII and non-PII subject to our data retention policies.
6. Requests for permanent removal
If you wish to have any of your PII stored on the Belwi Platform permanently deleted, please follow our instructions as outlined in the policy entitled “Deletion of Information”.
If you have any questions regarding such removal, please contact us by submitting a ticket.
7. Cookies and tracking
We use cookies as indicated in our Cookie Policy. Cookies must be enabled in your browser for our Platform to function properly.
In addition, as we use portions of our Platform, we may track your usage information so that we understand how you interact with our Platform.
If you disable cookies in your web browser, some parts of our Platform may not work.
8. Third party access to your information
While you are entering into an Agreement with Belwi to disclose your information to us, we use third party individuals and organizations to assist us, including contractors, web servers and others to enable you to access the Platform.
In the course of providing our services, we may delegate our authority to collect, access, use and disclose your information.
Therefore, you are required to give any third parties that we may use in the course of our business the same rights that you give us under this Privacy Policy.
For this reason, you agree that for each authorization you grant us in this Privacy Policy, you also grant any third party we may hire, contract or retain services for the purpose of operating, maintaining, repairing, or improving or preserving our website or its underlying files or systems.
You agree not to hold us responsible for the actions of any of these third parties, even if we would normally be vicariously liable for their actions.
9. Law Enforcement
You agree that we may disclose your information to law enforcement if compelled by a court order.
In addition, you agree that we may disclose your information if we reasonably believe that you have violated U.S. law, the terms of our Terms of Use or our Privacy Policy, or if we believe that a third party is at risk of bodily injury or financial harm.
In the event we receive a subpoena that affects your privacy, we may choose to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash the subpoena ourselves, but we are not required to do so.
We may also proactively inform you and disclose your information without receiving any request to third parties when we believe it is appropriate to do so for legal reasons.
Where your actions violate any law of the United States or any other country that has jurisdiction over us, our Platform or our Terms of Use.
You release us from any damages that may arise from or be related to the disclosure of your information at the request of law enforcement agencies or private litigants.
We may disclose your information under the conditions listed in this paragraph, either to individuals or entities and to any state or federal authority, as necessary.
10. Opt out of receiving commercial, non-commercial and do-not-track communications.
If you choose to provide us with your contact information, you agree that we may send you text message and email communications.
However, you may unsubscribe from certain communications by notifying Belwi that you no longer wish to receive these communications, and we will use our best efforts to promptly remove you once we have received such a request.
We currently do not offer the functionality for you to opt-out through “do not track” listings.
If you wish to opt out of receiving certain communications or information collection, please contact us by submitting a ticket.
11. Third parties
Belwi or other users may post links to third party websites on the Platform, which may include information over which we have no control.
By accessing a third party site through our Platform, you acknowledge that you are aware that these third party websites are not screened by us for privacy or security issues, and you release us from any liability for the conduct of these third party websites.
Please note that this Privacy Policy and any other policies in effect, as well as any amendments, do not create rights enforceable by third parties.
Belwi is not responsible for the information collected or used by any advertiser or third party website.
You should review their Terms of Use and Privacy to understand how their information collection practices work.
12. Security measures
We make reasonable efforts to protect your information through the use of physical and electronic security measures.
For this reason, we use SSL certificates to enhance the security of our platform.
However, because this is the Internet, we cannot guarantee the security or privacy of your information.
For this reason, we recommend that you use anti-virus software, routine credit checks, firewalls and other precautions to protect yourself from security and privacy threats.
13. Your California Privacy Rights
Belwi allows residents of the State of California to use its Platform and complies with California Business and Professions Code §§ 22575-22579.
If you are a California resident, you may request certain information about our disclosure of personal information to third parties for their direct marketing purposes.
Various provisions throughout this Privacy Policy address the requirements of California privacy statutes.
Although we do not disclose your information to third parties without permission, you should assume that we collect electronic information from all visitors. You can contact us by submitting a ticket with your question.
14. Age compliance
We intend to comply fully with U.S. and international laws that respect the privacy of children, including COPPA.
Therefore, we do not collect or process any information from persons under the age of 18.
If you are under 18 and use our Platform, please stop immediately and do not send us any information.
In the event that we have inadvertently collected any information from users under the age of 18, please contact us immediately.
15. International transfer
Your information may be transferred to and maintained on computers located outside your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
Your consent to this Privacy Policy followed by your submission of such information represents your acceptance of that transfer.
PII and Non-PII submitted to Belwi will be collected, processed, stored, disclosed and disposed of in accordance with applicable U.S. law and this policy.
If you are a non-U.S. member, you acknowledge and agree that Belwi may collect and use your information and disclose it to other entities outside your jurisdiction of residence.
In addition, such information may be stored on servers located outside your jurisdiction of residence.
16. Merger and Acquisition
In the event Belwi is involved in a bankruptcy, merger, acquisition, reorganization or asset sale, your information may be sold or transferred as part of that transaction.
Please note that once information is transferred, your privacy rights may change.
17. Amendments
Like our Terms of Use, we may modify this Privacy Policy from time to time.
When we change this Privacy Policy, we will change the date listed in this Agreement or we may contact you.
You must accept the amendments as a condition of your continued use of our Platform.
18. Privacy notice for European citizens
We respect the rights of individuals living within the European Economic Community (EEC) and the rights afforded to them under the General Data Protection Regulation (GDPR), Sections 18-23 are known as our Privacy Notice and address the additional privileges that EEC users may have under our Privacy Policy. This Privacy Notice explains how we will assist our users living within the EEC.
| Legal rights | Your rights under the GDPR | |
| The right to be informed | Belwi wants to keep you informed about what we do with your personal information. We strive to be transparent about how we use your data. | |
| The right of access | You have the right to access your information at any time. Please contact us by submitting a ticket if you wish to access the personal information Belwi holds about you. | |
| The right of rectification | If the information Belwi holds about you is inaccurate or incomplete, you have the right to ask us to rectify it. If that data has been passed on to a third party with your consent or for legal reasons, we must also ask them to rectify the data. Please contact us by submitting a ticket for more information. | |
| The right to delete | Sometimes called “the right to be forgotten”. You have the right to request that Belwi delete all your personal data, if you wish, please our team by submitting a ticket. | |
| The right to restrict prosecution | You have the right to ask Belwi to restrict the way we process your data. This means that we are allowed to store the data but not process it further. We will only retain enough data to ensure that we can fulfill any additional requests. Please contact our team by submitting a ticket. | |
| The right to data portability | Belwi must allow you to transfer and reuse your personal data for your own purposes on different platforms. Please contact our team by submitting a ticket if you would like to receive additional information on how to transfer your data elsewhere. This right only applies to personal data that you have provided to us as a data controller. | |
| The right to object | You have the right to object to Belwi processing your data even if our processing is for legitimate purposes as described in our Privacy Notice; if you object, please contact our team by submitting a ticket. | |
| The right to withdraw consent | If you have given us your consent to process your data, but then change your mind, you have the right to withdraw your consent at any time and Belwi must stop processing your data. If you wish to withdraw your consent, please contact our team by submitting a ticket. |
19. Legitimate Purposes for Collecting Your PII
The following are the specific legitimate purposes for which we may use your PII:
- Contract Administration: We may use your PII to (1) negotiate, execute, renew and/or manage a contract with you; (2) process billing information and payments related thereto; and/or (3) communicate with you regarding the foregoing (including sending (legal) notices).
- Access and communications to our Platform: we may use your PII to (1) set up and manage your Belwi account ; (2) interact with you through our Platform (e.g., Platform updates or announcements, etc.): and/or (3) manage and respond to your questions or comments (e.g., technical, business or administrative) or maintenance and support requests.
- Use of the Platform: We may use your PII to (1) enable you to enjoy using and easily navigate the Platform; and/or (2) better understand your needs and interests.
- Sharing with third parties: We may use your PII to share with our partner companies with whom we share data.
- Allow you to access or download content: We may use your PII to allow you to download data or content from the Platform.
- Training and Improvements: We may use your PII to (1) train our employees or contractors to enable a better experience on the Platform; and/or (2) improve the Platform.
- Direct Marketing: We may use your PII to contact you for additional products and services that may be of interest to you.
Please note that all legitimate purposes will be taken with minimal amounts of additional processing.
Other than for the purposes listed above, we may share your information when there has been an investigation or legal dispute in accordance with our Privacy Policy.
20. Retention of IIP
Belwi will only retain your PII for as long as necessary. We will retain your PII:
- For any legally required duration.
- Until we no longer have a valid reason to keep or use your PII.
- When you request to remove, delete or modify any of your PII stored with us.
When you have requested amendment or deletion of your PII, we may retain only enough of your PII to ensure that we comply with your requests, do not use your PII, or comply with your right of deletion.
If you need additional details about your PII withholding, please contact us.
21. Transfer of IIP out of the EEC
When your PII is transferred outside of the EEC, Belwi will ensure that your PII has an adequate level of protection and that your information is accessible as outlined in the Privacy Notice.
22. Exchange of data with third parties
Other than the uses listed in this Privacy Notice, Belwi does not share your PII with any third parties, other than the third parties we hire to help us process your data (Data Processors).
All data processors have entered into binding agreements with us to ensure that your rights to your PII are respected.
23. Contact information
If you have any questions or need additional information regarding our information collection practices, please contact us.
II. DELETE YOUR INFORMATION
At Belwi we value your privacy and your right to access and control your personal information.
We have implemented this policy so that you may request the permanent deletion of any personal information stored within the Belwi Platform.
If you wish to have any of your personal information stored on the Belwi Platform deleted, please contact us and follow the instructions outlined in this policy.
With each deletion request, you must list the information you wish to delete exactly as indicated.
Please note that deletion requests are not processed instantaneously. There may be a reasonable delay in processing and deleting any requested information.
Although we will attempt to delete all of your personal information upon receipt of your deletion request, please note that Belwi may have several areas where your personal data is stored and a single deletion request may not delete all of your personal information stored on our Platform.
Therefore, you may need to submit multiple requests. If your information reappears repeatedly, please contact us.
You can make a deletion request by submitting a ticket, label the first line of the ticket with the following: “Deletion request: your full name and account name”.
ADDITIONAL RIGHTS FOR EEC USERS
If you reside in the European Economic Community (EEC) or if you are a citizen of the EEC, you are granted additional rights to your information.
| Legal rights | Your rights under the GDPR | |
| The right to be informed | Belwi wants to keep you informed about what we do with your personal information. We strive to be transparent about how we use your data. | |
| The right of access | You have the right to access your information at any time. | |
| The right of rectification | If the information Belwi holds about you is inaccurate or incomplete, you have the right to ask us to rectify it. If that data has been passed on to a third party with your consent or for legal reasons, we must also ask them to rectify the data. | |
| The right to delete | Sometimes called “the right to be forgotten”. You have the right to request that Belwi delete all of your personal data. | |
| The right to restrict prosecution | You have the right to ask Belwi to restrict the way we process your data. This means that we are allowed to store the data but not process it further. We will only retain sufficient data to ensure that we can fulfill any additional requests. | |
| The right to data portability | Belwi must allow you to transfer and reuse your personal data for your own purposes on different platforms. This right only applies to personal data that you have provided to us as a data controller. | |
| The right to object | You have the right to object to Belwi processing your data even if our processing is for legitimate purposes, as described in our Privacy Policy. | |
| The right to withdraw consent | If you have given us your consent to process your data, but later change your mind, you have the right to withdraw your consent at any time and Belwi must stop processing your data. |
If you wish to exercise any of these additional rights with respect to your PII, we will be happy to assist you.
Please contact us by sending a ticket, mark the first line of the message with the following: “Request – Your full name and email”.
III. Belwi COOKIES POLICY
Last update: June 24, 2024
Information about Belwi’s Cookies (“Platform”) is collected here.
Belwi is committed to protecting your personal information and ensuring that your experience with us is as safe and enjoyable as possible.
In this section, you will find information about how and why we use cookies to improve our service and your web experience.
You will also find out how to manage the information that is collected.
What are cookies?
Most websites use cookies to enhance your browsing experience.
Cookies are small amounts of information in the form of text files that websites send to your computer, cell phone or other device when you visit our website.
They enable companies to do a number of things, including tailoring the content you see and ensuring the security of your online experience.
Cookies cannot be used to run programs or deliver viruses to your computer.
Types of cookies and their uses
Belwi uses cookies to save your preferences.
This allows us to help you remember what types of preferences and settings you have created within the Belwi Platform and the last time you visited our Platform.
These cookies also allow us to understand how you use our Platform, we use these cookies in an attempt to optimize your user experience.
In addition to helping us identify you and remember your preferences, we may use cookies to help us process transactions.
Cookies allow us to remember your orders and help us ensure that transactions are processed correctly.
Third party cookies
You may have seen references on other websites to “first-party cookies” and “third-party cookies”.
Determining whether or not a cookie is a first-party or third-party cookie depends on which website sets the cookie on your device.
First-party cookies are set by, or on behalf of, the company whose website you are visiting.
Cookies set by any other company are third-party cookies.
For example, advertising companies may use third-party cookies to serve ads when you visit their website.
Belwi currently uses first-party cookies as identified above.
Please note that third party cookies may be used on the Platform for advertising purposes.
What if I don’t want to accept cookies?
You may choose to restrict or block access to cookies set by Belwi or any other company.
You can set your browser to notify you when a web server attempts to write or load a cookie on your computer.
This gives you the opportunity to accept or reject the cookie.
Please note that refusing cookies may make some parts of the Platform inaccessible or cause parts of the Platform to malfunction.
Web browser cookies
If you do not wish to receive cookies, you can modify your browser to notify you when cookies are placed on your computer.
In addition, you can refuse all cookies or you can delete cookies that have already been set.
If you wish to restrict or block web browser cookies, you can do so through your browser settings.
The Help function within your browser should be able to assist you in this matter.
Alternatively, you can visit www.aboutcookies.org which contains complete information about managing cookies in your browser.
Aboutcookies.org contains general information and specific information about cookies and their use.
IV. Privacy Shield Framework
Last update: June 24, 2024
Belwi complies with the EU-US Privacy Shield Framework.
As established by the U.S. Department of Commerce.
With respect to the collection, use and retention of personal information transferred from the European Union to the United States. Belwi has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall prevail.
For more information about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/.
1. LIABILITY FOR ADDITIONAL TRANSFER
- To transfer personal information to a third party acting as a controller, organizations must comply with the Notice and Choice Principles.
Organizations must also enter into a contract with the external controller that states that such data may only be processed for limited and specified purposes in accordance with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it determines that it can no longer meet this obligation.
The contract shall stipulate that when such a determination is made, the external controller shall cease processing or take other reasonable and appropriate steps to remedy it.
- To transfer personal data to a third party acting as an agent, organizations should: (i) transfer such data only for limited and specified purposes; (ii) ensure that the agent is obligated to provide at least the same level of privacy protection as required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the transferred personal information in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it determines that it can no longer meet its obligation to provide the same level of protection as required by the Principles; (v) upon receipt of notification, including in (iv), take reasonable and appropriate steps to stop and remedy the unauthorized processing;
2. GENERAL DESCRIPTION
While the United States and the European Union share the goal of improving privacy protection, the United States takes a different approach to privacy than the European Union. The United States uses a sectoral approach that relies on a combination of legislation, regulation and self-regulation.
Given these differences and to provide organizations in the United States with a reliable mechanism for transfers of personal data to the United States from the European Union, while ensuring that EU data subjects continue to benefit from the effective safeguards and protection required by European law with respect to the processing of their personal data when it has been transferred to non-EU countries, the Department of Commerce is issuing these Privacy Shield Principles, including the Supplementary Principles (collectively “the Principles”) under its statutory authority to encourage, promote and develop international trade (15 USC § 1512), the Department of Commerce issues these Privacy Shield Principles, including the Supplementary Principles (collectively “the Principles”) under its statutory authority to encourage, promote and develop international trade (15 USC § 1512). The Principles were developed in consultation with the European Commission and with industry and other interested parties to facilitate trade and commerce between the United States and the European Union. They are intended for use only by organizations in the United States that receive personal data from the European Union in order to qualify for the Privacy Shield and, therefore, benefit from the European Commission’s adequacy decision.1 The Principles do not affect the application of national provisions implementing Directive 95/46/EC (“the Directive”) that apply to the processing of personal data in the Member States.
- In order to rely on the Privacy Shield to effect transfers of personal data from the EU, an organization must self-certify its adherence to the Principles to the Department of Commerce (or its designee) (“the Department”). While decisions by organizations to join the Privacy Shield are entirely voluntary, actual compliance is mandatory: organizations that self-certify with the Department and publicly declare their commitment to adhere to the Principles must fully comply with the Principles. To join the Privacy Shield, an organization must (a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”), the Department of Transportation or other statutory body that effectively ensures compliance with the Principles (other U.S. statutory bodies recognized by the EU may be included as an annex in the future); (b) publicly declare its commitment to comply with the Principles; (c) publicly disclose its privacy policies in accordance with these Principles; and (d) fully implement them. An organization’s failure to comply is enforceable under Section 5 of the Federal Trade Commission Act prohibiting unfair and deceptive acts in or affecting commerce (15 USC § 45 (a)) or other laws or regulations prohibiting such acts.
- The Department of Commerce will maintain and make publicly available an authoritative list of U.S. organizations that have self-certified with the Department and have declared their commitment to adhere to the Principles (“the Privacy Shield List”). Privacy Shield benefits are guaranteed from the date the Department places the organization on the Privacy Shield List. The Department will remove an organization from the Privacy Shield List if it voluntarily withdraws from the Privacy Shield or if it fails to complete its annual recertification with the Department. Removal of an organization from the Privacy Shield List means that it can no longer benefit from the European Commission’s decision on its suitability to receive personal information from the EU. The organization must continue to apply the Principles to personal information it received while participating in the Privacy Shield and affirm to the Department annually its commitment to do so for as long as it retains such information; otherwise, the organization must return or delete the information or provide “adequate” protection for the information by another authorized means. The Department will also remove from the Privacy Shield List those organizations that have persistently failed to comply with the Principles; these organizations do not qualify for Privacy Shield benefits and must return or delete the personal information they received under the Privacy Shield. the organization must return or delete the information or provide “adequate” protection for the information by another authorized means. The Department will also remove from the Privacy Shield List those organizations that have persistently failed to comply with the Principles; these organizations do not qualify for Privacy Shield benefits and must return or delete the personal information they received under the Privacy Shield. the organization must return or delete the information or provide “adequate” protection for the information by another authorized means. The Department will also remove from the Privacy Shield List those organizations that have persistently failed to comply with the Principles; these organizations do not qualify for Privacy Shield benefits and must return or delete the personal information they received under the Privacy Shield.
- The Department shall also maintain and make publicly available an authoritative registry of U.S. organizations that had previously self-certified to the Department, but have been removed from the Privacy Shield List. The Department will provide a clear warning that these organizations do not participate in the Privacy Shield; that removal from the Privacy Shield List means that such organizations cannot claim to be Privacy Shield compliant and should avoid any misleading statements or practices implying that they participate in the Privacy Shield; and that such organizations are no longer eligible to benefit from the European Commission’s adequacy decision that would allow such organizations to receive personal information from the EU.
- Adherence to these Principles may be limited: (a) to the extent necessary to meet national security, public interest or law enforcement requirements; (b) by law, government regulation or case law creating conflicting obligations or explicit authorizations, provided that, in exercising such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests promoted by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided that such exceptions or derogations apply in comparable contexts. Consistent with the objective of enhancing privacy protection, organizations should strive to implement these Principles in a comprehensive and transparent manner. including indicating in their privacy policies where exceptions to the Principles permitted by (b) above will apply on a regular basis. For the same reason, where choice is permitted under the Principles and/or U.S. law, organizations are expected to opt for higher protection whenever possible.
- Organizations are required to apply the Principles to all personal data transferred under the Privacy Shield after joining the Privacy Shield. An organization that chooses to extend the benefits of the Privacy Shield to human resources personal information transferred from the EU for use in the context of an employment relationship must so indicate when it self-certifies to the Department and complies with the requirements set out in the Supplementary Principle on Self-Certification.
- U.S. law will apply to questions of interpretation and enforcement of the Principles and relevant privacy policies by Privacy Shield organizations, except where such organizations have undertaken to cooperate with European data protection authorities (“DPAs”). Unless otherwise stated, all provisions of the Principles apply where relevant.
8. Definitions:
- “Personal data” and “personal information” means data about an identified or identifiable individual that is within the scope of the Directive, received by an organization in the United States of the European Union and recorded in any form.
- “Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure. or dissemination and erasure or destruction.
- “Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of the processing of personal data.
- The effective date of the Principles is the date of final approval of the European Commission’s adequacy determination.
- Provided that the Commission Decision on the adequacy of protection provided by the EU-US Privacy Shield applies to Iceland, Liechtenstein and Norway, the Privacy Shield Package will cover both the European Union and these three countries. Provided that the Commission Decision on the adequacy of protection provided by the EU-US Privacy Shield applies to Iceland, Liechtenstein and Norway, the Privacy Shield Package will cover both the European Union and these three countries. Accordingly, references to the EU and its member states shall be construed to include Iceland, Liechtenstein and Norway.
3. RECOURSE, COMPLIANCE AND LIABILITY
- Effective privacy protection should include robust mechanisms to ensure compliance with the Principles, remedies for individuals who are affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed.At a minimum, such mechanisms should include:
i. readily available independent recourse mechanisms whereby each individual’s complaints and disputes are promptly investigated and resolved at no cost to the individual and with reference to the Principles, and damages are awarded where applicable law or private sector initiatives so provide;
ii.Follow-up procedures to verify that certifications and assertions made by organizations about their privacy practices are true and that privacy practices have been implemented as presented and, in particular, with respect to instances of non-compliance; and
iii. Obligations to remedy problems arising from non-compliance with the Principles by organizations that advertise their adherence to the Principles and the consequences for such organizations. Sanctions should be sufficiently stringent to ensure compliance by organizations.
yes. Organizations and their selected independent recourse mechanisms shall respond promptly to inquiries and requests from the Department for information related to the Privacy Shield. All organizations should respond promptly to complaints about compliance with the Principles referred by EU Member State authorities through the Department. Organizations that have chosen to cooperate with the DPAs, including organizations that process human resources data, should respond directly to those authorities with respect to the investigation and resolution of complaints.
- Organizations are required to arbitrate claims and follow the terms set forth in Annex I, provided that a person has invoked binding arbitration by notifying the organization concerned and following the procedures and subject to the conditions set forth in Annex I.
- In the context of a onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers it to a third party acting as an agent on its behalf. The Privacy Shield organization will remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization demonstrates that it is not responsible for the event giving rise to the harm.
- When an organization becomes subject to an FTC or court order based on noncompliance, the organization must make public any Privacy Shield-related section of any compliance report or assessment submitted to the FTC, to the extent consistent with confidentiality requirements. The Department has established a dedicated point of contact for DPAs for any compliance issues by Privacy Shield organizations. The FTC will give priority consideration to referrals for non-compliance with the Department’s Principles and DPAs, and will exchange information about referrals with referring state authorities in a timely manner, subject to existing confidentiality restrictions.
In accordance with the Privacy Shield Principles, Belwi is committed to resolving complaints about our collection or use of your personal information. Individuals in the European Union who have inquiries or complaints regarding our Privacy Shield policy should first contact Belwi.
TO USE TO INFORM INDIVIDUALS THAT YOUR ORGANIZATION HAS SELECTED A PRIVATE SECTOR DISPUTE RESOLUTION PROVIDER.
Belwi is also committed to referring unresolved Privacy Shield complaints to our platform. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact us for more information or to file a complaint. This service is provided at no cost to you.
FOR YOUR USE INFORM INDIVIDUALS THAT YOUR ORGANIZATION WILL COOPERATE WITH THE EU DPAS AND/OR THE FEDERAL DATA PROTECTION AND INFORMATION COMMISSIONER OF THE EU AND THE US.
Belwi undertakes to cooperate with the panel established by the EU data protection authorities (DPA) and to comply with the advice given by the panel with respect to [human resources] data transferred from the EU [in the context of the employment relationship].