PRIVACY POLICY
Privacy Policy
TERIS respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners, and others who may use its services. TERIS strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business with a tradition of upholding the highest ethical standards in its business practices. TERIS, at the directive of its Clients, acts as a Data Processor for data, some of this data may be personal information. This Privacy Policy sets forth the privacy principles under the EU-US and Swiss-US Privacy Shield Frameworks that TERIS follows with respect to the protection and transfers of personal information from the European Union (EU) and the United Kingdom. The EU- US Privacy Shield Framework includes the Member States of the EU, plus Iceland, Liechtenstein, and Norway [1]. Additionally, this Privacy Policy adheres to the principles set forth in the Swiss-US Privacy Shield Framework with respect to the protection and transfers of personal information from Switzerland to the United States.
SCOPE
This Privacy Policy applies to all personal information received by TERIS in the United States from the EU, the United Kingdom and from Switzerland, in any format, including electronic, paper, or verbal. TERIS, through its corporate headquarters in Scottsdale, AZ (TERIS – Phoenix, LLC) or its Austin, TX (Digital Discovery Solutions, LLP dba TERIS - AUSTIN) or New York locations (TERIS – NYC, LLC) is an electronic discovery service provider. This policy applies to all personal information TERIS handles (except as noted below), including online, offline, and manually processed data. The types of personal data TERIS collects, acting as an Agent-Processor includes name, mail, email addresses, biometric and any other data it is directed to collect by our Client-Controller.
DEFINITIONS
For purposes of this Privacy Policy, the following definitions shall apply:
“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
TERIS functions as the “Agent-Processor,” which collects or uses personal information under the instructions of, and solely for, the Controller.
TERIS clients are the “Data Controller,” which means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"TERIS" means TERIS, its predecessors, successors, subsidiaries, divisions, and groups in the United States.
"Personal information" or “Personally Identifiable Information” means any information or set of information that identifies or could be used to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, TERIS will treat as sensitive personal information any information received from the Data Controller, or a designee of the Data Controller, where the third party treats and identifies the information as sensitive.
PRIVACY PRINCIPLES
The following privacy principles are based on the EU-US and Swiss-US Privacy Shield Frameworks.
Notice and Choice
To the extent permitted by the EU-US and Swiss-US Privacy Shield Frameworks, TERIS reserves the right to process personal information in the course of providing professional services to its Client-Controllers without the knowledge of the individuals involved. Where TERIS collects personal information directly from individuals or receives personal information from its subsidiaries, affiliates, or Client-Controllers in the EU, the United Kingdom or Switzerland, it does so pursuant to the agreement with its Client-Controller. TERIS does not sell personal information. TERIS only utilizes data at the directive of the Data Controller, or the Data Controller’s non-agent third party. If this policy changes, TERIS will update the Privacy Policy to identify those non-agents and provide individuals with opt-out or opt-in (as applicable) choice prior to sharing their data.
Data Integrity and Purpose Limitation
TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual.
Onward Transfers and Disclosures
TERIS only processes personal information at the specific direction of their Client- Controller and only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual.
TERIS does not disclose personal information to any third party except as specifically instructed by the client, or as may be required by law, regulatory authority or court order. Examples of third parties that may receive our client’s data are our client’s counsel and electronic discovery vendors engaged by our clients in conjunction with the legal matters in which we are engaged.
Note that TERIS may be required to release EU, United Kingdom and/or Swiss personal information in response to lawful request by public authorities, including to meet national security or law enforcement requirements.
TERIS is liable for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages. Permitted transfers of information, either to third parties or within TERIS, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
EU-US and Swiss-US Privacy Shield Frameworks
TERIS complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom and Switzerland. TERIS has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/.
Data Security
TERIS will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients. TERIS has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, TERIS cannot guarantee the security of information on or transmitted via the Internet or a document review tool.
Access and Correction
Consumers, including EU, United Kingdom and Swiss consumers, have a right to reasonable access to their personal information. Consumers may have access to their personal information about them TERIS holds and may be able to correct, amend, or delete that information where it is inaccurate (and, in the case of EU, United Kingdom and Swiss consumers whose data has been transferred in reliance on Privacy Shield, where it has been processed in violation of the Principles). If a consumer becomes aware that information TERIS maintains about that individual is inaccurate or if an individual would like to update or review his or her information, the individual must contact the Client-Controller that has contracted with TERIS. If the consumer does not know who the Client-Controller is, they may contact TERIS at [email protected]. The individual right of access may be limited, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Choice
TERIS will provide an individual opt-out choice, or opt-in for sensitive data, before we share individual data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
Recourse & Dispute Resolution
TERIS utilizes the self-assessment approach to assure its compliance with this privacy statement. TERIS periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. TERIS encourages interested persons to raise any concerns with us using the contact information below. TERIS will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy with forty-five days of receipt.
For complaints that cannot be resolved between TERIS and the complainant, TERIS has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Frameworks:
For disputes involving all personal information received by TERIS from the EU, the United Kingdom and Switzerland, in compliance with the EU-US and Swiss-US Privacy Shield Principles, TERIS commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact TERIS at:
Office of the General Counsel
Chief Privacy Officer
11333 N. Scottsdale Rd., Ste. #294
Scottdale, AZ 85254
USA
[email protected]
TERIS has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU-US PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/bbb-privacy-shield/eu-dispute-resolution for more information and to file a complaint.
Binding Arbitration is available under the EU-US and Swiss-US Privacy Shield
Frameworks after an individual has (1) raised the claimed violation directly with TERIS and has afforded TERIS an opportunity to resolve the issue within forty-five days; (2) has made use of the independent recourse mechanism listed above; and (3) has raised the issue through their Data Protection Authority to the Department of Commerce and afforded the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
- As set forth in the Arbitral Model of Annex I (EU-US and Swiss-US Privacy Shield Framework Principles Issued by the U.S. Dept. of Commerce), invoking binding arbitration is an option available to an individual to determine, for residual claims, whether TERIS has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes and is expressly limited by Section I.5 of the EU-US and Swiss-US Privacy Shield Framework Principles.
Enforcement
TERIS will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. TERIS is subject to the regulatory and enforcement authority of the Federal Trade Commission which is committed to the enforcement of the EU-US and Swiss-US Privacy Shield Frameworks. Additionally, any employee that TERIS determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.
Limitation on Application of Principles
Adherence by TERIS to the Privacy Principles of the EU-US and Swiss-US Privacy Shield frameworks may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Internet Privacy
TERIS recognizes the importance of maintaining the privacy of information collected online. TERIS does not sell or share any information that you submit through the “Contact Us” form.
CONTACT INFORMATION
Questions or comments regarding TERIS’ EU-US and/or Swiss-US Privacy Shield certifications, or access requests under these Frameworks, should be submitted to TERIS by mail or e-mail as follows:
Office of the General Counsel
Chief Privacy Officer
11333 N. Scottsdale Rd., Ste. #294
Scottsdale, AZ 85254
[email protected]
CHANGES TO THIS PRIVACY SHIELD PRIVACY POLICY
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. A notice will be posted on the TERIS website (www.TERIS.com) for 60 days whenever this Privacy Shield Privacy Policy is changed in a material way.
EFFECTIVE DATE: March 20, 2020
TERIS self-certifies with the Privacy Shield Framework
[1] References to the EU and its Member States will be read as including Iceland, Liechtenstein, and Norway
Digital Forensics
Digital forensics requires that data handling and analysis be performed only by an experienced professional with appropriate credentials. TERIS' digital forensics experts have the appropriate training, background, and credentials to properly execute any data mining unecessary for the discovery process.
eDiscovery
TERIS provides unparalleled electronic discovery services that help bridge the gap between traditional methods and new technologies. We provide early, in-depth information about your data so that litigation teams can make informed, timely decisions about their case.
Project Management
TERIS has built its stellar reputation in the eDiscovery industry by focusing on three core pillars of strength: People, Process, and Technology. There's no question that having the proper blend of technology and operational processes to guide that technology has been extremely important to TERIS’ striking success.
Consulting
At TERIS, we have helped to define current industry standards in the eDiscovery and Information Governance spaces through a longstanding commitment to hiring and developing thought-leaders and subject matter experts.
Repository Hosting
As an alternative to in-house systems, TERIS simplifies online document management with complete hosting and repository solutions. This approach enhances productivity while providing optimal access to documents even when teams are working remotely.
Document Imaging
TERIS offers complete digital document imaging and coding to translate existing physical documentation into a fully enabled searchable database. Sophisticated imaging systems and traditional page-by-page quality control on every project undertaken by TERIS has helped define new industry-wide standards.
Optimize your eDiscovery. Find what matters, when it matters.
Client Log-In
Call us at
888.99.TERIS
Disclosures