EU-US and Swiss-US PRIVACY SHIELD FRAMEWORKS
The United States Department of Commerce (DOC) and the European Commission (EC) have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Union to the United States (the “EU-US Privacy Shield”). The EC has recognized the EU-US Privacy Shield as providing adequate data protection (MEMO/16/2462). The DOC and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of principles that enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States (the “Swiss-US Privacy Shield”). Consistent with its commitment to protect personal privacy, TERIS adheres to the principles set forth in the EU-US and Swiss-US Privacy Shield Frameworks.
“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Agent-Processor” means any third party processor, non-Controller, which collects or uses personal information under the instructions of, and solely for, Controller.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"TERIS" means TERIS, its predecessors, successors, subsidiaries, divisions, and groups in the United States.
Personal information" or “Personal Identifiable Information” means any information or set of information that identifies or could be used by or on behalf of TERIS, its customers or agents of its customers, to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, TERIS will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
The following privacy principles are based on the EU-US and Swiss-US Privacy Shield Frameworks.
Notice and Choice To the extent permitted by the EU-US and Swiss-US Privacy Shield Frameworks, TERIS reserves the right to process personal information in the course of providing professional services to its client-Controllers without the knowledge of individuals involved. Where TERIS collects personal information directly from individuals in the EU or Switzerland, it will inform them about the purposes for which it collects and uses personal information about them, the types of third party Controllers for which TERIS discloses that information, the choices TERIS offers individuals for limiting the use and disclosure of personal information about them, and how to contact TERIS.
Where TERIS receives personal information from its subsidiaries, affiliates or other Controller entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
Data Integrity and Purpose Limitation TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
Onward Transfers and Disclosures
TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
- TERIS has the provided Notice and Choice, consistent the EU-US and Swiss-US Privacy Shield principles;
- To the extent necessary to meet national security, public interest, or law enforcement requirements;
- The information in question is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims.
TERIS may disclose an individual's personal information to another TERIS entity or to an Agent-Processor vendor providing services on TERIS’ or the individual's behalf consistent with the purpose for which the information was obtained, if the Agent-Processor, with respect to the information in question:
- Acts only on instructions from the Controller; and
- Controller remains responsible for compliance with these Principles.
TERIS is potentially liable for unlawful onward transfers to third parties. Permitted transfers of information, either to third parties or within TERIS, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
List of Active Privacy Shield Participants: https://www.privacyshield.gov/list
Data Security TERIS will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients. TERIS has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, TERIS cannot guarantee the security of information on or transmitted via the Internet or a document review tool.
Access and Correction EU and Swiss consumers have a right to reasonable access to their personal information. If an EU or Swiss consumer becomes aware that information TERIS maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact TERIS using the contact information below. TERIS will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birthdate, and social security number. TERIS may request additional identifying information as a security precaution. In addition, TERIS may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the EU-US and Swiss-US Privacy Shield Frameworks. In some circumstances, TERIS may charge a reasonable fee, where warranted, for access to personal information.
For complaints that cannot be resolved between TERIS and the complainant, TERIS has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Frameworks:
Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Phoenix, AZ 85012
TERIS has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus (CBBB). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Binding Arbitration is available under the EU-US and Swiss-US Privacy Shield Frameworks after an individual has (1) raised the claimed violation directly with TERIS and has afforded TERIS an opportunity to resolve the issue within forty-five days; (2) and has made use of the independent recourse mechanism (CBBB) listed above; and has (3) raised the issue through their Data Protection Authority to the Department of Commerce and afforded the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
- As set forth in the Arbitral Model of Annex I (EU-US and Swiss-US Privacy Shield Framework Principles Issued by the U.S. Dept. of Commerce), invoking binding arbitration is an option available to an individual to determine, for residual claims, whether TERIS has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes and is expressly limited by Section I.5 of the EU-US and Swiss-US Privacy Shield Framework Principles.
Enforcement and Liability TERIS will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. TERIS is subject to the jurisdiction of the Federal Trade Commission which is committed to the enforcement of the EU-US and Swiss-US Privacy Shield Frameworks. Additionally, any employee that TERIS determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.
Limitation on Application of Principles Adherence by TERIS to the Privacy Principles of the EU-US and Swiss-US Privacy Shield frameworks may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding TERIS’ EU-US And/or Swiss-US Privacy Shield certifications, or access requests under these Frameworks, should be submitted to TERIS by mail or e-mail as follows:
Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Phoenix, AZ 85012
EFFECTIVE DATE: January 28, 2018
TERIS self-certifies with:
Privacy Shield Framework
Digital forensics requires that data handling and analysis be performed only by an experienced professional with appropriate credentials. TERIS' digital forensics experts have the appropriate training, background, and credentials to properly execute any data mining unecessary for the discovery process.
TERIS provides unparalleled electronic discovery services that help bridge the gap between traditional methods and new technologies. We provide early, in-depth information about your data so that litigation teams can make informed, timely decisions about their case.
TERIS has built its stellar reputation in the eDiscovery industry by focusing on three core pillars of strength: People, Process, and Technology. There's no question that having the proper blend of technology and operational processes to guide that technology has been extremely important to TERIS’ striking success.
At TERIS, we have helped to define current industry standards in the eDiscovery and Information Governance spaces through a longstanding commitment to hiring and developing thought-leaders and subject matter experts.
As an alternative to in-house systems, TERIS simplifies online document management with complete hosting and repository solutions. This approach enhances productivity while providing optimal access to documents even when teams are working remotely.
TERIS offers complete digital document imaging and coding to translate existing physical documentation into a fully enabled searchable database. Sophisticated imaging systems and traditional page-by-page quality control on every project undertaken by TERIS has helped define new industry-wide standards.