Safe Harbor Compliance

EchoSpan acknowledges the European Union ("EU") and Swiss standard for personal data protection, as set forth in the European Commission's Directive on Data Protection and the Swiss Federal Act on Data Protection. EchoSpan has a need to collect and process Human Resource Data of our clients in the EU and Switzerland, and to transfer such data to the United States of America ("US"). This Policy addresses the privacy concerns of individuals in the EU and Switzerland and the business concerns of the company.

To effect this Policy, EchoSpan will adhere to U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor framework concerning the transfer of Human Resource Data from the EU and Switzerland to the US and will self-certify to the United States Department of Commerce compliance with the U.S.-EU Safe Harbor Principles and the U.S.-Swiss Safe Harbor Framework. This Policy applies to all data transmissions from EchoSpan clients in EU countries and Switzerland to the United States. This includes transmission of data over phone lines, computer lines, and in hard copy, and includes such material as employee indicative information (name, email address, company), 360-degree feedback responses, performance evaluations, and any other information submitted electronically to the company.

Guidelines
EchoSpan has adopted the seven Safe Harbor principles of notice, choice, onward transfer (transfer to third parties), access, security, data integrity and enforcement with respect to human resource data to be transferred to the U.S. from EchoSpan operations in the EU.

  • Notice: EchoSpan will notify employees in the EU about the purposes for which human resource data will be collected and used. Information will be provided on how employees can contact EchoSpan with inquiries or complaints regarding human resource data. EchoSpan will give notice to employees regarding third parties to which it discloses the information, and restrictions that limit the information's use and disclosure.
     
  • Choice: Prior to releasing human resource data to a third party, EchoSpan will give an individual employee the opportunity to choose whether their human resource data is disclosed to that third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by that individual. For sensitive data, an affirmative choice will be given to the employee if the human resource data is to be disclosed to a third party or used for a purpose other than its original purpose or the purposes authorized subsequently by the individual.
     
  • Onward transfer: (transfer to third parties) : Prior to disclosing human resource data to a third-party, EchoSpan will apply the notice and choice principles, enumerated above. EchoSpan will commit to ensuring that the third party keeper of human resource data also subscribes to the Safe Harbor Principles or any other EU adequacy finding. EchoSpan will also enter into a written agreement with such third party requiring that the third party provide at least the same level of personal data protection as is maintained by EchoSpan.
     
  • Access: Employees covered under this policy will have access to personnel information about them that EchoSpan holds and will be able to correct, amend or delete information if it is inaccurate (the exception is when the burden or expense of providing access would be disproportionate to the risks of the individual privacy in the case in question or the rights of persons other than the individual would be violated.)
     
  • Security: EchoSpan will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
     
  • Data Integrity: Human resource data kept by EchoSpan will be relevant for the purposes for which it is to be used. EchoSpan will take reasonable steps to ensure that the data is reliable and that it is applied to its intended use. EchoSpan will also ensure that the information is accurate, complete and correct.
     
  • Enforcement: To ensure compliance with these Safe Harbor Principles, EchoSpan will:
    • Commit to cooperate with the Data Protection Authorities (DPAs) of the EU countries and Switzerland in the investigation and resolution of complaints and will comply with any advice given by DPAs;
      Employ a procedure for verifying that the commitment the company has made to adhere to the Safe Harbor Principles has been implemented;
    • Remedy issues arising out of any failure to comply with the Principles. EchoSpan acknowledges that its failure to provide an annual self-certification to the Department of Commerce will remove it from its list of participants and the transfers of information will not be allowed unless EchoSpan otherwise complies with the EU Data Protection Directive and the Swiss Federal Act on Data Protection
    • The EchoSpan Legal Department will be the internal mechanism for ensuring compliance with the Safe Harbor Principles and facilitating the independent recourse mechanism referenced in item 7 above of this Policy.

Access to the human resource data of EU employees will be to a limited number of users on a need-to-know basis.

Definitions
European Union: The European Union ("EU") consists of 27 member countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, France, Finland, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and United Kingdom.

Self-Certification to the Department of Commerce: EchoSpan must certify to the U.S. Department of Commerce that it will abide by the U.S.-EU Safe Harbor Principles and the U.S. Switzerland Safe Harbor Principles. EchoSpan must also state annually in its published privacy policy statement that it adheres to the Safe Harbor.

Sensitive Data: Sensitive data is data that pertains to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, income records, health, sexual orientation or alleged commission of any offense. This data may not be transferred unless an individual gives explicit consent.

Responsibilities
Questions regarding the transmission of human resource data from the European Union (EU) or Switzerland to the United States or any other location, or any further transmission of the personnel data once received in the United States, should be referred to the EchoSpan Legal Department.

EchoSpan Legal Department
258 Madison Avenue
Decatur, GA 30030

That office is responsible for maintaining this document.

To learn more about the Safe Harbor program, and to view EchoSpan�s certification, please visit http://www.export.gov/safeharbor/ .

360-Degree Feedback
Product Overview
Features & Pricing
Competency Library
Review Templates
Feedback Reports
Supported Languages
Product Guides
Development Planning
Security & Availability
Other Services
Engagement Surveys
Project Management
Custom Solutions
Consultant Licensing
About EchoSpan
Company Overview
Support
Contact Us
News and Articles
Other Links
Site Map
Terms & Conditions
Privacy Policy
Privacy Shield
GDPR Compliance
Data Processing Agreement
Phone: 404-496-4096

Toll Free: 888-300-9978

Fax: 404-496-4096
 

Copyright 2024 EchoSpan, Inc.
NEU-PRD-WEB02

Our website uses cookies
Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing EchoSpan, you agree to our use of cookies.
I Understand More Info