EU and Switzerland Safe Harbor Policy

Introduction

Wildbit, LLC (“Wildbit”) acknowledges the standards for personal data protection in the European Union and Switzerland. Through its relationship with a global customer base, Wildbit has access to Personally Identifiable Information (PII) of customers in the EEA and Switzerland. This Policy addresses the privacy concerns of European/Swiss customers due to data transfer between Wildbit’s European/Swiss and U.S. business units and/or locations.

To affect this Policy, Wildbit will adhere to the United States Department of Commerce Safe Harbor Principles and will self-certify to the United States Department of Commerce compliance with the European/Swiss Safe Harbor Principles. This Policy applies to all PII data transmissions from Wildbit operations in the EEA/Switzerland to the United States. This includes transmission of data over phone lines, computer lines, and hard copy and includes any material that identifies a particular individual customer.

The use of EEA/Swiss customer PII may include personal telephone numbers, addresses, credit card or bank account information, and any other material that identifies a particular individual customer of Wildbit.

Responsibilities

In implementing this policy, Wildbit will annually self-certify to the Department of Commerce, that it agrees to adhere to the EU/Swiss Safe Harbor Principles.

Wildbit acknowledges that its failure to provide an annual self-certification to the Department of Commerce will result in the removal of Wildbit from the list of participants.

Questions regarding the transmission of personal data from the EEA/Switzerland to the United States or any other non-EEA/non-Swiss location, or any further transmission of the personal data once received in the United States, should be referred to Wildbit’s Support Group at support@postmarkapp.com.

Alternatively, you can opt-out of our e-mail communications by ticking the opt-out box at the bottom of the email.

Guidelines

Wildbit has adopted the seven Safe Harbor principles of notice, choice, onward transfer (transfer to third parties), access, security, data integrity and enforcement with respect to PII and sensitive data to be transferred to the U.S. from Wildbit operations in the EEA/Switzerland.

Notice – Wildbit will notify customers in the EEA/Switzerland about the purposes for which personal data will be collected and used. Information will be provided on how customers can contact Wildbit with inquiries or complaints regarding personal data. Wildbit will give notice to customers regarding third parties to which it discloses the information, and restrictions that limit the information’s use and disclosure. In certain situations, data is “anonymized” so that the names of the data subjects are not known by data processors within Wildbit. In these cases, data subjects do not need to be notified.

Choice – Prior to releasing personal data to a third party, Wildbit will give an individual customer the opportunity to choose whether their personal data is disclosed to that third party, used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by that individual. For sensitive data, an affirmative choice will be given to the customer if the personal data is to be disclosed to a third party or used for a purpose other than its original purpose or the purposes authorized subsequently by the individual.

Onward transfer – (transfer to third parties) – Prior to disclosing personal data to a third party, Wildbit will apply the notice and choice principles, enumerated above. Wildbit will commit to ensuring that the third party keeper of personal data also subscribes to the EU/Swiss Safe Harbor Principles or any other EU/Swiss adequacy finding. Wildbit will also enter into a written agreement with such third party requiring that the third party provide at least the same level of personal data protection as is maintained by Wildbit.

Access – Customers covered under this policy will have access to personal information about themselves that Wildbit holds and will be able to correct, amend or delete information if it is inaccurate (the exception is when the burden or expense of providing access would be disproportionate to the risks of the individual privacy in the case in question or the rights of persons other than the individual would be violated.)

Security – Wildbit will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Access to personally identifiable personal data of EEA/Swiss customers will be to a limited number of users on a need to know basis.

Data Integrity – Personal data kept by Wildbit will be relevant for the purposes for which it is to be used. Wildbit will take reasonable steps to ensure that the data is reliable and that it is applied to its intended use. Wildbit will also ensure that the information is accurate, complete and correct.

Enforcement – To ensure compliance with these Safe Harbor Principles, Wildbit will:

  • Commit to cooperate with JAMS as its independent recourse mechanism and with the Data Protection Authorities (DPAs) of the EU/Switzerland in the investigation and resolution of complaints and will comply with any advice given by DPAs;
  • Employ a procedure for verifying that the commitment the company has made to adhere to the Safe Harbor Principles has been implemented;
  • Remedy issues arising out of any failure to comply with the Principles. Wildbit acknowledges that its failure to provide an annual self-certification to the Department of Commerce will remove it from its list of participants and the transfers of information will not be allowed unless Wildbit otherwise complies with the EU/Swiss Data Protection Directive.
  • Wildbit will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Wildbit determines is in violation of this policy will be subject to disciplinary action, up to and including termination of employment.

Dispute Resolution – The Wildbit Support Group (“WSG”) will be the internal mechanism for ensuring compliance with the Safe Harbor Principles and facilitating the independent recourse mechanism referenced in the “Enforcement” section above.

Any questions or concerns regarding the use or disclosure of personal information should be directed to the WSG at the address given below. Wildbit will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. For complaints that cannot be resolved between Wildbit and the complainant, Wildbit has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Safe Harbor Principles:

  • For disputes involving human resources personal information received by Wildbit from the EEA/Switzerland, Wildbit has agreed to cooperate with the data protection authorities in the EU/Switzerland and to participate in the dispute resolution procedures of the panel established by the European/Swiss data protection authorities (“DPAs”);
  • For all other disputes involving personal information received by Wildbit from the EEA/Switzerland, Wildbit has agreed to formal mediation with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at www.jamsadr.com/rules-clauses/rules-international. Individuals who submit a question or concern to Wildbit and who do not receive acknowledgment from Wildbit of the inquiry, or who think their question or concern has not been satisfactorily addressed, should then contact JAMS on the Internet at www.jamsinternational.com/submit-a-case. JAMS will act as a liaison to Wildbit to resolve these disputes. Wildbit will assume the costs of the administrative fees if the mediator makes a written recommendation that finds Wildbit in breach of its duties pursuant to the Safe Harbor. The JAMS dispute resolution process shall be conducted in English.

Limitation of Appliance of Principles

Adherence by Wildbit to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Internet Privacy

Wildbit sees the Internet and the use of other technology as valuable tools to communicate and interact with consumers, employees, business partners, and others. Wildbit recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy (the “IPP”) governing the treatment of personal information collected through web sites that it operates. With respect to personal information that is transferred from the EEA or Switzerland to the U.S., the IPP is subordinate to this Policy. However, the IPP also reflects additional legal requirements and evolving standards with respect to Internet privacy. Wildbit’s Internet Privacy Policy regarding its Postmark product and service can be found at postmarkapp.com/privacy-policy.

Contact Information

Questions or comments regarding this Policy should be submitted to the Wildbit Support Group by mail to:

Natalie Nagele
Wildbit, LLC
225 Chestnut Street
Philadelphia, PA 19106
support@postmarkapp.com

Changes to this Safe Harbor Privacy Policy

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be posted on the Wildbit web page wildbit.com for 60 days whenever this Safe Harbor Privacy Policy is changed in a material way.

Definitions

Wildbit – Means Wildbit, LLC, its predecessors, successors, parents, subsidiaries, divisions, and groups in the United States.

European Union – The European Union (“EU”) consists of 27 independent sovereign states: Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.

European Economic Area – The European Economic Area (“EEA”) unites the EU Member States and the three EEA EFTA States (Iceland, Liechtenstein, and Norway).

Personally Identifiable Information (“PII” or “Personal Data”, for the purposes of this Policy) – Any personal information relating to an identified or identifiable natural person who is a Wildbit customer and who can be identified, directly or indirectly, in particular by a reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

Self-Certification to the Department of Commerce – Wildbit must certify to the U.S. Department of Commerce that it will abide by the Safe Harbor Principles. Wildbit must also state annually in its published privacy policy statement that it adheres to the Safe Harbor principles.

Sensitive Data – Sensitive data is data that pertains to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, income records, health, sexual orientation or alleged commission of any offense. This data may not be transferred to a third party unless an individual gives explicit consent.

This Privacy Policy complies with the US-EU/Swiss Safe Harbor Framework and Wildbit certifies its adherence to the Safe Harbor Privacy Principles.