Privacy Policy

TERIS respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners, and others who may use its services. Not only does TERIS strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This Privacy Policy sets forth the privacy principles under the EU-US and Swiss-US Privacy Shield Frameworks that TERIS follows with respect to the protection and transfers of personal information from the European Union (EU). The EU-US Privacy Shield Framework includes the Member States of the EU, plus Iceland, Liechtenstein, and Norway1 . Additionally, this Privacy Policy adheres to the principles set forth in the Swiss-US Privacy Shield Framework with respect to the protection and transfers of personal information from Switzerland to the United States.

EU-US and Swiss-US PRIVACY SHIELD FRAMEWORKS

The United States Department of Commerce (DOC) and the European Commission (EC) have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Union to the United States (the “EU-US Privacy Shield”). The EC has recognized the EU-US Privacy Shield as providing adequate data protection (MEMO/16/2462). The DOC and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of principles that enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States (the “Swiss-US Privacy Shield”). Consistent with its commitment to protect personal privacy, TERIS adheres to the principles set forth in the EU-US and Swiss-US Privacy Shield Frameworks.

SCOPE

This Privacy Policy applies to all personal information received by TERIS in the United States from the EU and from Switzerland, in any format, including electronic, paper, or verbal. TERIS, through its corporate headquarters in Phoenix, AZ (TERIS – Phoenix, LLC) or its Austin, TX (Digital Discovery Solutions, LLP dba TERIS - AUSTIN) or New York locations (TERIS – NYC, LLC) is an electronic discovery service provider. Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. This policy applies to all personal information TERIS handles (except as noted below), including on-line, off-line, and manually processed data. The types of personal data TERIS collects, acting as an Agent-Processor includes name, mail, email addresses, biometric and any other data it is directed to collect.

DEFINITIONS

For purposes of this Privacy Policy, the following definitions shall apply:

“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Agent-Processor” means any third party processor, non-Controller, which collects or uses personal information under the instructions of, and solely for, Controller.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"TERIS" means TERIS, its predecessors, successors, subsidiaries, divisions, and groups in the United States.

Personal information" or “Personal Identifiable Information” means any information or set of information that identifies or could be used by or on behalf of TERIS, its customers or agents of its customers, to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, TERIS will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

PRIVACY PRINCIPLES

The following privacy principles are based on the EU-US and Swiss-US Privacy Shield Frameworks.

Notice and Choice To the extent permitted by the EU-US and Swiss-US Privacy Shield Frameworks, TERIS reserves the right to process personal information in the course of providing professional services to its client-Controllers without the knowledge of individuals involved. Where TERIS collects personal information directly from individuals in the EU or Switzerland, it will inform them about the purposes for which it collects and uses personal information about them, the types of third party Controllers for which TERIS discloses that information, the choices TERIS offers individuals for limiting the use and disclosure of personal information about them, and how to contact TERIS.

Where TERIS receives personal information from its subsidiaries, affiliates or other Controller entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

Data Integrity and Purpose Limitation TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Onward Transfers and Disclosures
    TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
  • • TERIS has the provided Notice and Choice, consistent the EU-US and Swiss-US Privacy Shield principles;
  • • to the extent necessary to meet national security, public interest, or law enforcement requirements;
  • • the information in question is publicly available;
  • • the disclosure is reasonably necessary for the establishment or defense of legal claims.

    TERIS may disclose an individual's personal information to another TERIS entity or to an Agent-Processor vendor providing services on TERIS’ or the individual's behalf consistent with the purpose for which the information was obtained, if the Agent-Processor, with respect to the information in question:
  • acts only on instructions from the Controller; and
  • Controller remains responsible for compliance with these Principles.

TERIS is potentially liable for unlawful onward transfers to third parties. Permitted transfers of information, either to third parties or within TERIS, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

EU-US and Swiss-US Privacy Shield Frameworks TERIS complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. TERIS has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/

List of Active Privacy Shield Participants: https://www.privacyshield.gov/list

Data Security TERIS will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients. TERIS has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, TERIS cannot guarantee the security of information on or transmitted via the Internet or a document review tool.

Access and Correction EU and Swiss consumers have a right to reasonable access to their personal information. If an EU or Swiss consumer becomes aware that information TERIS maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact TERIS using the contact information below. TERIS will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birthdate, and social security number. TERIS may request additional identifying information as a security precaution. In addition, TERIS may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the EU-US and Swiss-US Privacy Shield Frameworks. In some circumstances, TERIS may charge a reasonable fee, where warranted, for access to personal information.

Recourse & Dispute Resolution TERIS utilizes the self-assessment approach to assure its compliance with this privacy statement. TERIS periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. TERIS encourages interested persons to raise any concerns with us using the contact information below. TERIS will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy with forty-five days of receipt. Please see page 6 of this Privacy Policy for TERIS contact information.

For complaints that cannot be resolved between TERIS and the complainant, TERIS has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Frameworks:

EU-US and Swiss-US Privacy Shield For disputes involving all personal information received by TERIS from the EU and Switzerland, in compliance with the EU-US and Swiss-US Privacy Shield Principles, TERIS commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact TERIS at:

Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Suite 150
Phoenix, AZ 85012
USA
privacy@TERIS.com

TERIS has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus (CBBB). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

    Binding Arbitration is available under the EU-US and Swiss-US Privacy Shield Frameworks after an individual has (1) raised the claimed violation directly with TERIS and has afforded TERIS an opportunity to resolve the issue within forty-five days; (2) and has made use of the independent recourse mechanism (CBBB) listed above; and has (3) raised the issue through their Data Protection Authority to the Department of Commerce and afforded the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
  • • As set forth in the Arbitral Model of Annex I (EU-US and Swiss-US Privacy Shield Framework Principles Issued by the U.S. Dept. of Commerce), invoking binding arbitration is an option available to an individual to determine, for residual claims, whether TERIS has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes and is expressly limited by Section I.5 of the EU-US and Swiss-US Privacy Shield Framework Principles.

Enforcement and Liability TERIS will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. TERIS is subject to the jurisdiction of the Federal Trade Commission which is committed to the enforcement of the EU-US and Swiss-US Privacy Shield Frameworks. Additionally, any employee that TERIS determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.

Limitation on Application of Principles Adherence by TERIS to the Privacy Principles of the EU-US and Swiss-US Privacy Shield frameworks may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Internet Privacy TERIS sees the Internet and the use of other technologies as valuable tools to communicate and interact with consumers, employees, healthcare professionals, business partners, and others. TERIS recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy governing the treatment of personal information collected through websites that it operates. With respect to personal information that is transferred from the European Union or Switzerland to the U.S., the Internet Privacy Policy is subordinate to this policy. However, the Internet Privacy Policy also reflects additional legal requirements and evolving standards with respect to Internet privacy. TERIS’ Internet Privacy Policy can be provided upon request using the contact information below.

CONTACT INFORMATION

Questions or comments regarding TERIS’ EU-US And/or Swiss-US Privacy Shield certifications, or access requests under these Frameworks, should be submitted to TERIS by mail or e-mail as follows:

Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Suite 150
Phoenix, AZ 85012
USA
privacy@TERIS.com

CHANGES TO THIS PRIVACY SHIELD PRIVACY POLICY

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. A notice will be posted on the TERIS website (www.TERIS.com) for 60 days whenever this Privacy Shield Privacy Policy is changed in a material way.

EFFECTIVE DATE: 24 July, 2017

TERIS self-certifies with: