Data Privacy Framework Standards
This Data Privacy Framework Statement (the “Statement”) sets forth the privacy principles followed by SAC-IT INC in connection with the transfer and protection of “Personal Information” received from the European Union (E.U.), United Kingdom (UK) and Switzerland.
About The Data Privacy Framework
SAC-IT INC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. SAC-IT INC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data transferred from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. SAC-IT has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data transferred from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
The Data Privacy Framework (DPF) program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables eligible U.S.-based organizations to self-certify their compliance pursuant to the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. To participate in the DPF program, a U.S.-based organization is required to self-certify to the ITA via the Department’s DPF program website (i.e., this website) and publicly commit to comply with the DPF Principles. While the decision by an eligible U.S.-based organization to self-certify its compliance pursuant to and participate in the relevant part(s) of the DPF program is voluntary, effective compliance upon self-certification is compulsory. Once such an organization self-certifies to the ITA and publicly declares its commitment to adhere to the DPF Principles that commitment is enforceable under U.S. law. “Personal Information” means information that can directly or indirectly lead to the identification of a living person, such as an individual’s name, address, e-mail, telephone number, license number, medical identification number, photograph, or other identifying characteristic. The identification can occur by reference to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity. Personal Information does not include information that has been anonymized, encoded or otherwise stripped of its identifiers, or information that is publicly available, unless combined with other non-public personal information.
Scope
This Statement governs Personal Information transferred from countries in the E.U., UK and Switzerland to the United States on behalf of SAC-IT INC. It applies to Personal Information in electronic and off-line formats.
Third Parties
SAC-IT INC will not share personally identifiable information with third parties unless stated at the time of collection and except as follows:
SAC-IT INC may store customer data with third-party data centers or managed service platforms as part of SAC-IT INC’s hosted software offering, but only with third parties that meet SAC-IT INC’s information security standards, as evidenced by certifications for their information security management system (ISO 27001, SAS 70).
SAC-IT INC or its customers may share information with affiliated entities for the purposes of providing software services.
SAC-IT INC’s corporate website contains links to other sites. SAC-IT INC is not responsible for the privacy practices or the content of such third-party websites. Third party vendors, including Google, display SAC-IT INC online advertisements on sites on the internet. These third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to SAC-IT INCs website. Users may opt out of Google’s use of cookies by visiting the Google advertising opt-out page. Also keep in mind that SAC-IT INC’s website may make chat rooms, forums, message boards, and/or news groups available to its users. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information.
Use of Cookies
When you view one of our websites or advertisements, we may store some information on your computer. This information will be in the form of a “Cookie” or similar file and will be used to determine ways to improve our websites, advertisements, products or services. For example, Cookies allow us to tailor a website to better match your interests and preferences.
Data Privacy Framework Principles
The following privacy principles apply to the transfer, collection, use or disclosure of Personal Information from the E.U., UK and Switzerland by SAC-IT.
Notice
SAC-IT INC informs individuals in the E.U., UK and Switzerland about the purposes for which it collects and uses their Personal Information, how to contact SAC-IT INC, the types of third parties with which SAC-IT INC shares their Personal Information, and the choice and means SAC-IT INC offers for limiting the use and disclosure of their Personal Information.
Choice
SAC-IT INC will not process Personal Information about E.U., UK or Swiss individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. SAC-IT INC also provides E.U., UK and Swiss individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their Personal Information will not be further processed.
Consistent with the DPF supplemental principles, SAC-IT INC may not be in a position to furnish notice in certain limited situations. Specifically, notice is not required where the processing of E.U., UK or Swiss Personal Information is necessary to respond to a government inquiry; is required by applicable laws, court orders or government regulations; or is necessary to protect SAC-INT INC’s legal interests and providing notice would interfere with those interests.
Accountability for Onward Transfers
SAC-IT INC complies with the DPF Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions. SAC-IT INC will only transfer Personal Information about E.U., UK and Swiss individuals to third-parties where the third-party (a) has provided satisfactory assurances to SAC-IT INC that it will protect the information consistently with this Statement; or (b) is located in the E.U. or a country considered “adequate” for privacy by the EC, and therefore is required to comply with the E.U. data protection laws or substantially equivalent privacy laws depending upon where the Personal Information originated. Where SAC-IT INC has knowledge that a third-party to whom it has provided E.U., UK or Swiss Personal Information is processing that information in a manner contrary to this Statement, SAC-IT INC will take reasonable steps to prevent or stop the processing.
Security
SAC-IT INC takes reasonable precautions to protect E.U., UK and Swiss Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
SAC-IT INC seeks to ensure that any Personal Information held about E.U., UK and Swiss individuals is accurate, complete, current and otherwise reliable in relation to the purposes for which the information was obtained. SAC-IT INC collects Personal Information that is adequate, relevant and not excessive for the purposes for which it is to be processed. E.U., UK and Swiss individuals have a responsibility to assist SAC-IT INC in maintaining accurate, complete, and current Personal Information about them.
Access and Correction
Upon written request to SAC-IT INC, SAC-IT INC will provide E.U., UK and Swiss individuals with reasonable access to their Personal Information. SAC-IT INC will also take reasonable steps to allow E.U., UK and Swiss individuals to review their information for the purposes of correcting their information. There are certain limitations to the Access and Correction right, as set forth on the DPF website.
Recourse, Enforcement, and Liability
SAC-IT INC has established internal mechanisms to verify its ongoing adherence to this Statement. SAC-IT INC is also subject to the investigatory and enforcement powers of the US federal government, including the Federal Trade Commission (FTC). SAC-IT INC also encourages individuals covered by this Statement to raise any concerns about our processing of their Personal Information by contacting the appropriate SAC-IT INC officer at the address below or by contacting their local privacy officer or Legal Department. SAC-IT INC will seek to resolve any concerns. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, SAC-IT INC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Limitation On Scope Of Principles
Adherence to these Privacy Principles may be limited to the extent required to meet a legal, governmental, national security or public interest obligation.
Complaints, Dispute Resolution, Data Subject Requests, Arbitration and Limiting the Use and Disclosure of Personal Information
In compliance with DPF Principles, SAC-IT INC Software Inc. commits to resolve complaints about our collection or use of your personal information, respond to requests made by individuals to access their personal data and limit the use and disclosure of personal data. To issue a complaint, make a request to access your personal information or otherwise limit the use and disclosure of your personal data, please contact SAC-IT INC Inc.’s Chief Privacy Officer at: cpo@sac-it.us – +1 407.203.7424
If a complaint cannot be resolved through the above channel, under certain conditions, you may invoke binding arbitration, provided that notice has been delivered to SAC-IT INC and following the procedures and subject to conditions set forth in Data Privacy Framework Annex I. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, SAC-IT INC commits to cooperate and comply with, as applicable, the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Contact Information:
SAC-IT INC.
226 N Nova Rd suite 338
Ormond Beach, FL, 32174, USA
Phone: 1.407.203.7424
Email: cpo@sac-it.us
Click here to add your own text