Litéra Safe Harbor Policy
LITÉRA SAFE HARBOR POLICY
Effective as of June 4, 2015
Definitions (for purposes of the Litéra Safe Harbor Policy)
For purposes of this policy, the following definitions shall apply:
“Agent” shall mean a third party that collects personal information or uses personal information under the direction and instruction of, and exclusively for, Litéra or to which Litéra discloses personal information to for use on Litéra’s behalf.
“Litéra Corp.” and/or “Litéra” shall mean Litéra Corporation, its predecessors, successors, subsidiaries, divisions and/or groups within the United States.
“Personal Information” shall mean any and all information, other than that which is publicly disclosed without being combined with Personal Information, including telephone numbers, personnel records, insurance records, insurance information, credit card information, and other patient information.
“Sensitive Personal Information” shall mean personal information that identifies about an individual the following: an individual’s race; an individual’s national origin; an individual’s ethnic origin; an individual’s political affiliations; an individual’s religious beliefs and views; an individual’s trade union membership; an individual’s personal views or activities; an individual’s health concerns; an individual’s sex life; an individual’s social security benefits information; or an individual’s information pertaining to criminal proceedings, administrative proceedings, or other pending proceedings. Further, any information Litéra receives from a third party will be treated as sensitive personal information if the third party identifies the information as sensitive personal information.
“European Union” shall mean an association of European members (nations) Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.
Litéra acknowledges and respects the privacy rights of our employees, customers, business partners, and others. At Litéra, one of our primary missions is to comply with the laws of each country that we do business in, which includes compliance with respect to the collection, use and disclosure of personal information. In so complying, we strive to ensure that employees are informed about their obligations to maintain the privacy of non employee individuals.
This Litéra Safe Harbor Policy (the “Policy”) sets forth the principles that Litéra adheres to with respect to the transfer of “Personal Information” to and from the member states of the European Union and Switzerland to the United States. The information below sets forth the measures Litéra undertakes to maintain privacy, while also complying with recognized adequacy standards.
Our Policy applies to the following:
- Any individual who provides “Personal Information”;
- All locations where Litéra conducts business or operates in; and
- All types of contact, which includes but is not limited to, in person contact, written contact and electronic contact.
Why does Litéra Corp. have the Policy?
In 1998, the European Commission’s Directive on Data Protection (the “Directive”) went into effect and precludes the transfer of personal data to non-European Union members (nations) that do not have protocols in place to meet the established European adequacy standards for privacy protection. The United States is a non-European Union nation, and because the United States generally allows American companies to address privacy issues through self-regulation, the European Commission deemed that the United States did not meet its adequacy standards.
In order to resolve these differences, the U.S. Department of Commerce, in conjunction with the European Commission, developed what is entitled the “Safe Harbor” framework (the “U.S.-EU Safe Harbor Framework”). Under this framework, U.S. companies who voluntary develop and enforce certain privacy practices are deemed to meet the relevant requirements of the Directive. Moreover, the U.S. Department of Commerce and the Federal Data Protection and Information Commissioner (the “Commissioner”) of Switzerland have agreed to a similar Safe Harbor framework (the “U.S.-Swiss Safe Harbor Framework”), enabling U.S. companies to comply with specific data protection requirements existing under Swiss law. Litéra complies with and adheres to all of the principles set forth in the U.S.-EU Safe Harbor Framework, as well as the U.S.-Switzerland Safe Harbor Framework. Litéra has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view Litéra certification, please visit http://www.export.gov/safeharbor/.
In accordance with the Safe Harbor Framework(s) described above, Litéra has developed the following principles:
Notice – where Litéra collects information directly from individuals in the EU or Switzerland, we will inform them of the purpose of collecting the information, the purpose for the use of their personal information, the types of non-agent third parties to which Litéra discloses that information to, and all choices and means available that the individuals have to limit the use and disclosure of their personal information.
Litéra will provide notice to all individuals upon being asked to provide personal information, or as soon as practicable thereafter. Should Litéra choose to use or disclose the information for a purpose other than that which it was originally collected, then Litéra will provide notice to all individuals prior to the alternate use or disclosure unless required to do otherwise by law.
Choice – Litéra offers all individuals the opportunity to choose whether their personal information will be disclosed to a non-agent third party or will be used for purposes other than those for which it was originally collected. With respect to sensitive personal information, Litéra will give every individual the opportunity to affirmatively and explicitly consent to the disclosure of the information to a non-agent third party or consent to the use of the information for purposes other than those for which it was originally collected. All individuals will be provided reasonable mechanisms to exercise their choices with respect to their personal information and sensitive personal information.
Transfer of Information – Litéra will obtain expressed assurances from its third party agents that the third party agents will protect and preserve the integrity and privacy of all individual’s personal information in a manner consistent with Litéra’s Policy. Litéra will ensure that one of the following is in place prior to transfer: (1) expressed assurances that the third party agent subscribes to the Safe Harbor Privacy Principles; or (2) expressed assurances that the third party agent is subject to the Directive or another adequacy finding; or (3) Litéra has entered into a written agreement with the third party agent that requires the third party agent to provide, at a minimum, the same level of privacy protection as is required by the Safe Harbor Privacy Principles.
Access – Litéra will grant, when requested by the individual, permission and reasonable access to personal information that we hold about them, which includes access to and the ability to correct, amend, or delete any personal information that is inaccurate. Litéra will undertake reasonable measures to allow access to the personal information, however, included in Litéra’s rights to deny access, permission will not be granted where the rights of persons other than the individual would be violated.
Security – Litéra will undertake reasonable measures to ensure the protection of personal information in its possession from any loss, misuse, unauthorized access, disclosure, alteration or destruction.
Data Integrity – Litéra will use the personal information in ways that are compatible with the original purposes for which the personal information was collected. Litéra will undertake reasonable measures to ensure that the personal information provided is relevant to the intended use, the personal information is accurate, the personal information is complete, and the personal information is current.
Enforcement – Litéra will undertake reasonable measures, including auditing, to ensure compliance with and adherence to this Policy. Litéra will provide data privacy training to its employees to ensure an understanding of the purposes of this Policy and the need to adhere to this Policy. Litéra will provide independent recourse mechanisms for individual’s complaints and disputes to be investigated, and will allow for additional action or recourse where allowed by applicable law or initiatives. Upon investigation of complaints and/or disputes, any employee of Litéra that is found to be in violation of this policy will be subject to disciplinary action, which may include termination of employment with Litéra.
Dispute Resolution – Any questions or concerns regarding the use or disclosure of Personal Information should be directed to Litéra’s Data Privacy Officer, either via first class mail or electronic mail, to the following:
Litéra Corp. Attn: Data Privacy Officer
5000 Crossmill Road McLeansville, North Carolina 27301
Litéra will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles set forth in this Policy. For complaints involving Personal Information that cannot be resolved, between Litéra and the individual, the disputes will be referred to the American Arbitration Association for resolution.
Reservation of Rights
Litéra reserves the right to amend this Policy from time to time, or as needed, in order to comply with the requirements of the Safe Harbor Frameworks and the principles encompassed therein. Should any such amendment take place, Litéra will post a notification on the corporate website (www.Litera.com).
Further, Litéra reserves the right to share an individual’s Personal Information as required or authorized by applicable law or regulation, or in response to duly authorized information requests of government authorities.