“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
TERIS functions as the “Agent-Processor”, non-Controller, which collects or uses personal information under the instructions of, and solely for, the Controller.
TERIS clients are the “Data Controller”, which means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"TERIS" means TERIS, its predecessors, successors, subsidiaries, divisions, and groups in the United States.
"Personal information" or “Personal Identifiable Information” means any information or set of information that identifies or could be used by or on behalf of TERIS, its customers or agents of its customers, to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, TERIS will treat as sensitive personal information any information received from the Data Controller, or a designee of the Data Controller, where that the third party treats and identifies the information as sensitive.
The following privacy principles are based on the EU-US and Swiss-US Privacy Shield Frameworks.
Notice and Choice
Data Integrity and Purpose Limitation
TERIS processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
Onward Transfers and Disclosures
TERIS only processes personal information at the specific direction of their Client-Controller and only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, TERIS takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
TERIS does not disclose personal information to any third party except as specifically instructed by the client, or as may be required by law, regulatory authority or court order. Examples of third parties that may receive our client’s data are our client’s counsel and electronic discovery vendors engaged by our clients in conjunction with the legal matters in which we are engaged.
Note that TERIS may be required to release EU and/or Swiss personal information in response to lawful request by public authorities including to meet national security or law enforcement requirements.
TERIS is liable for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages. Permitted transfers of information, either to third parties or within TERIS, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
EU-US and Swiss-US Privacy Shield Frameworks
TERIS will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients. TERIS has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, TERIS cannot guarantee the security of information on or transmitted via the Internet or a document review tool.
Access and Correction
Consumers, including EU and Swiss consumers, have a right to reasonable access to their personal information. Consumers may have access to their personal information about them TERIS holds and may be able to correct, amend, or delete that information where it is inaccurate (and, in the case of EU and Swiss consumers whose data has been transferred in reliance on Privacy Shield, where it has been processed in violation of the Principles). If a consumer becomes aware that information TERIS maintains about that individual is inaccurate or if an individual would like to update or review his or her information, the individual must contact the Client-Controller that has contracted with TERIS. If the consumer does not know who the
Client-Controller is, they may contact TERIS at email@example.com The individual right of access may be limited, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
TERIS will provide an individual opt-out choice, or opt-in for sensitive data, before we share individual data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
Recourse & Dispute Resolution
TERIS utilizes the self-assessment approach to assure its compliance with this privacy statement. TERIS periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. TERIS encourages interested persons to raise any concerns with us using the contact information below. TERIS will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy with forty-five days of receipt. Please see below on this page for TERIS contact information.
For complaints that cannot be resolved between TERIS and the complainant, TERIS has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Frameworks:
Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Phoenix, AZ 85012
TERIS has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus (CBBB). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Binding Arbitration is available under the EU-US and Swiss-US Privacy Shield Frameworks after an individual has (1) raised the claimed violation directly with TERIS and has afforded TERIS an opportunity to resolve the issue within forty-five days; (2) and has made use of the independent recourse mechanism (CBBB) listed above; and has (3) raised the issue through their Data Protection Authority to the Department of Commerce and afforded the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
- As set forth in the Arbitral Model of Annex I (EU-US and Swiss-US Privacy Shield Framework Principles Issued by the U.S. Dept. of Commerce), invoking binding arbitration is an option available to an individual to determine, for residual claims, whether TERIS has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes and is expressly limited by Section I.5 of the EU-US and Swiss-US Privacy Shield Framework Principles.
TERIS will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. TERIS is subject to the regulatory and enforcement authority of the Federal Trade Commission which is committed to the enforcement of the EU-US and Swiss-US Privacy Shield Frameworks. Additionally, any employee that TERIS determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.
Limitation on Application of Principles
Adherence by TERIS to the Privacy Principles of the EU-US and Swiss-US Privacy Shield frameworks may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding TERIS’ EU-US And/or Swiss-US Privacy Shield certifications, or access requests under these Frameworks, should be submitted to TERIS by mail or e-mail as follows:/span>
Office of the General Counsel
Chief Privacy Officer
3550 North Central Avenue
Phoenix, AZ 85012
EFFECTIVE DATE: 14 February, 2019
TERIS self-certifies with:
Privacy Shield Framework
 References to the EU and its Member States will be read as including Iceland, Liechtenstein, and Norway
Digital forensics requires that data handling and analysis be performed only by an experienced professional with appropriate credentials. TERIS' digital forensics experts have the appropriate training, background, and credentials to properly execute any data mining unecessary for the discovery process.
TERIS provides unparalleled electronic discovery services that help bridge the gap between traditional methods and new technologies. We provide early, in-depth information about your data so that litigation teams can make informed, timely decisions about their case.
TERIS has built its stellar reputation in the eDiscovery industry by focusing on three core pillars of strength: People, Process, and Technology. There's no question that having the proper blend of technology and operational processes to guide that technology has been extremely important to TERIS’ striking success.
At TERIS, we have helped to define current industry standards in the eDiscovery and Information Governance spaces through a longstanding commitment to hiring and developing thought-leaders and subject matter experts.
As an alternative to in-house systems, TERIS simplifies online document management with complete hosting and repository solutions. This approach enhances productivity while providing optimal access to documents even when teams are working remotely.
TERIS offers complete digital document imaging and coding to translate existing physical documentation into a fully enabled searchable database. Sophisticated imaging systems and traditional page-by-page quality control on every project undertaken by TERIS has helped define new industry-wide standards.