As a global provider of forensic collections, electronic discovery and related services, Kiersted Systems, L.P. (“Kiersted”) places the highest value on ensuring the security of all data entrusted to us by our clients. We respect individual privacy rights and have in place internal protocols to assure that our security and privacy practices comply both with US and international law. The following Safe Harbor Privacy Policy describes the principles we agree to follow with respect to the collection, preservation and transfer of personal data from the European Union (“EU”) and/or the European Economic Area (“EEA”) to the United States for electronic data discovery processing, web hosting, and related services.
Definitions
“Personal Information” shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
“Sensitive Information” shall mean personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.
Notice
Kiersted will inform individuals about the purposes for which it collects and uses personal information, how to contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information, and the choices and means the organization offers individuals for limiting its use and disclosure. This notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to the organization or as soon thereafter as is practicable, but in any event before the organization uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.
Choice
Kiersted will offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purposes for which it was originally collected or subsequently authorized by the individual. Individuals will be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. For sensitive information, affirmative or explicit (opt in) choice will be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Onward Transfer
Kiersted will comply with the Notice and Choice Principles as described above for all data which is disclosed or transferred to a third party acting as its agent.
Kiersted will obtain assurances from its agent prior to transferring data that they will safeguard personal information consistent with this policy. Kiersted will require that its agent either (i) subscribe to the EU Safe Harbor Principles, the EU Data Protection Directive, or another adequacy finding; or (ii) enter into a written agreement with Kiersted requiring them to provide the same level of protection as Kiersted.
Security
Kiersted will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Kiersted occupies a state-of-art high security facility which maintains physical, electronic and managerial protocols to limit access to data except to those who have a specific business purpose for maintaining and processing such information. Individuals who have been granted access to personal information are aware of their responsibilities to protect the confidentiality, security and integrity of that information.
Data Integrity
Kiersted will use personal information only in ways which are compatible with the purposes for which it was collected or subsequently authorized by the individual. To the extent necessary for these purposes, Kiersted will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
Access
Upon request, Kiersted will grant individuals reasonable access to personal information that it holds about them. Kiersted will also take reasonable steps to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Enforcement
Individuals who wish to file a complaint regarding our handling of personal data in accordance with this policy should contact Kiersted in writing at our corporate headquarters.
Kiersted/Systems
Attn: Safe Harbor Enforcement
1301 Fannin Street, Suite 750
Houston, TX 77002
USA
Filing the complaint in English will expedite our response. We will review all complaints received to verify whether our handling of the personal data is consistent with this policy. If we determine that any actions we have taken are in fact not consistent with this policy, we will immediately take action to remedy any issues we may have caused. If we are unable to resolve the situation to the satisfaction of the individual concerned, we agree to mediate the issue through the American Arbitration Association.