|The software company of the Institute of Chartered Secretaries and Administrators|
ICSA Software North America, Inc.
This policy was last updated on 31 January 2013.
ICSA Software North America, Inc. ("ISNA", "we", "our" or "us") values individual privacy and strives to process and protect Personal Data in a manner consistent with the laws of the countries in which we do business, and to industry best-practice.
Due to the international nature of our business and our clients' businesses, from time-to-time we may need to transfer Personal Data from Switzerland and/or the European Economic Area ("EEA") to our offices in the United States ("US"), or to maintain Personal Data at our offices in the US. European Union and Swiss laws requires that the adequate protection criteria governing how Personal Data is processed within the EEA and Switzerland be given to Personal Data transferred outside of the EEA and Switzerland.
The United States Department of Commerce has agreed with the European Commission and separately with the Federal Data Protection and Information Commission of Switzerland on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the adequacy requirement under European Union and Swiss laws.
ISNA's privacy practices, including its practices for Services Data, are self-certified to the Safe Harbor Program agreed to between the US Department of Commerce and the European Commission; and the US Department of Commerce and the Federal Data Protection and Information Commission of Switzerland.
"Agent" shall mean a third party that processes personal data solely on behalf of and under the instructions of ISNA.
"ISNA" shall mean ICSA Software North America, Inc. dba ICSA Software International in the United States. ISNA is a wholly owned subsidiary of ICSA Software International Limited, a company registered in England and Wales.
"Personal Data" shall mean any information or set of information that identifies or can reasonably be used to identify an individual. Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.
"Processing" shall mean obtaining, recording or holding information or data or carrying out any operation, manual or automatic, or set of operations on the information or data.
"Sensitive Personal Data" shall mean Persona Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. Information will be treated as Sensitive Personal Data where it is received from a third party that treats and identifies it as sensitive.
"Services" shall mean support, consulting, hosting or other services provided to our clients.
"Services Data" shall mean the Personal Data we process in order to provide the Services.
Where ISNA collects Personal Data directly from individuals in Switzerland and/or the EU, it will inform them about the type of Personal Data collected, the purposes for which it collects and uses the Personal Data, and the types of non-agent third parties to which ISNA discloses or may disclose that information, and the choices and means, if any, ISNA offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to ISNA, or as soon as practicable thereafter, and in any event before ISNA uses or discloses the information for a purpose other than that for which it was originally collected.
When collecting personal data, ISNA will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive Personal Data, ISNA will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. ISNA will provide individuals with reasonable mechanisms to exercise their choices.
ISNA will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. ISNA will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
ISNA will only transfer personal data to an agent where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where we have knowledge that an agent is using or sharing personal data in a way that is contrary to these principles, ISNA will take reasonable steps to prevent or stop such processing.
Upon request, ISNA will grant individuals reasonable access to Personal Data that it holds about them as Data Controller, and ISNA will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
ISNA takes pride in its technology and security policies. Protecting confidential information is our business; therefore, ISNA takes all appropriate measures to assure the security of Personal Data. As an international business, ISNA and our parent, ICSA Software International Limited, a company registered in England and Wales, have developed global information security practices designed to assure that Personal Data we collect and process, and Services Data that we may process in order to provide Services is appropriately protected.
ISNA has institutionalized industry-standard security practices and is constantly implementing reasonable precautions to protect Personal Data in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
We protect data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of Personal Data. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access, and encryption technology. Personal Data is stored on our computers in a secure, encrypted manner. We limit access to Personal Data to those persons in our organization, or as our agents, that have a specific business purpose for maintaining and processing such Personal Data and data. We inform individuals who have been granted access to Personal Data and data of their responsibilities to protect the security, confidentiality, and integrity of that information, and we provide training and instruction on how to do so.
ISNA has established a Data Protection Program to monitor our adherence to the "Safe Harbor" principles, and to address questions and concerns regarding our adherence. This program includes conducting annual compliance audits of our relevant privacy practices to verify compliance with this policy and the "Safe Harbor" principles. Additionally, we provide a statement, at least once a year, signed by our authorized representative, verifying our adherence to the "Safe Harbor" principles. We encourage interested persons to raise any concerns to us using the contact information below.
We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy. For any dispute that cannot be resolved through our internal processes, ISNA will engage the services of an unaffiliated neutral party to act as the dispute-resolution mediator as permitted by the "Safe Harbor" framework. In the event that we or the dispute-resolution mediator determines that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.
Changes to this policy
We may amend this policy from time-to-time consistent with the requirements of the Safe Harbor Principles. If we do so, we will post an updated version externally on the ISNA website at: www.icsasoftware.com/safeharborprivacy
This policy was last updated on 31 January 2013.
This policy has been authorised by:
Chief Executive Officer
ICSA Software North America, Inc.