EchoSpan acknowledges the European Union ("EU") and Swiss standard for personal
data protection, as set forth in the European Commission's Directive on Data
Protection and the Swiss Federal Act on Data Protection. EchoSpan has a need to
collect and process Human Resource Data of our clients in the EU and
Switzerland, and to transfer such data to the United States of America ("US").
This Policy addresses the privacy concerns of individuals in the EU and
Switzerland and the business concerns of the company.
To effect this Policy, EchoSpan will adhere to U.S.-EU Safe Harbor Framework and
the U.S.-Swiss Safe Harbor framework concerning the transfer of Human Resource
Data from the EU and Switzerland to the US and will self-certify to the United
States Department of Commerce compliance with the U.S.-EU Safe Harbor Principles
and the U.S.-Swiss Safe Harbor Framework. This Policy applies to all data transmissions from EchoSpan
clients in EU countries and
Switzerland to the United States. This includes transmission of data over phone
lines, computer lines, and in hard copy, and includes such material as
employee indicative information (name, email address, company),
360-degree feedback responses, performance evaluations, and any other
information submitted electronically to the company.
Guidelines
EchoSpan has adopted the seven Safe Harbor principles of notice, choice, onward
transfer (transfer to third parties), access, security, data integrity and
enforcement with respect to human resource data to be transferred to the U.S.
from EchoSpan operations in the EU.
- Notice: EchoSpan will notify employees in the EU about the purposes for which
human resource data will be collected and used. Information will be provided on
how employees can contact EchoSpan with inquiries or complaints regarding human
resource data. EchoSpan will give notice to employees regarding third parties to
which it discloses the information, and restrictions that limit the
information's use and disclosure.
- Choice: Prior to releasing human resource data to a third party, EchoSpan will
give an individual employee the opportunity to choose whether their human
resource data is disclosed to that third party or used for a purpose
incompatible with the purpose for which it was originally collected or
subsequently authorized by that individual. For sensitive data, an affirmative
choice will be given to the employee if the human resource data is to be
disclosed to a third party or used for a purpose other than its original purpose
or the purposes authorized subsequently by the individual.
- Onward transfer: (transfer to third parties) : Prior to disclosing human
resource data to a third-party, EchoSpan will apply the notice and choice
principles, enumerated above. EchoSpan will commit to ensuring that the third
party keeper of human resource data also subscribes to the Safe Harbor
Principles or any other EU adequacy finding. EchoSpan will also enter into a
written agreement with such third party requiring that the third party provide
at least the same level of personal data protection as is maintained by
EchoSpan.
- Access: Employees covered under this policy will have access to personnel
information about them that EchoSpan holds and will be able to correct, amend or
delete information if it is inaccurate (the exception is when the burden or
expense of providing access would be disproportionate to the risks of the
individual privacy in the case in question or the rights of persons other than
the individual would be violated.)
- Security: EchoSpan will take reasonable precautions to protect personal
information from loss, misuse and unauthorized access, disclosure, alteration
and destruction.
- Data Integrity: Human resource data kept by EchoSpan will be relevant for the
purposes for which it is to be used. EchoSpan will take reasonable steps to
ensure that the data is reliable and that it is applied to its intended use.
EchoSpan will also ensure that the information is accurate, complete and
correct.
- Enforcement: To ensure compliance with these Safe Harbor
Principles, EchoSpan will:
- Commit to cooperate with the Data Protection Authorities (DPAs) of the EU
countries and Switzerland in the investigation and resolution of complaints and
will comply with any advice given by DPAs;
Employ a procedure for verifying that the commitment the company has made to adhere to the Safe Harbor Principles has been implemented; - Remedy issues arising out of any failure to comply with the Principles. EchoSpan acknowledges that its failure to provide an annual self-certification to the Department of Commerce will remove it from its list of participants and the transfers of information will not be allowed unless EchoSpan otherwise complies with the EU Data Protection Directive and the Swiss Federal Act on Data Protection
- The EchoSpan Legal Department will be the internal mechanism for ensuring compliance with the Safe Harbor Principles and facilitating the independent recourse mechanism referenced in item 7 above of this Policy.
- Commit to cooperate with the Data Protection Authorities (DPAs) of the EU
countries and Switzerland in the investigation and resolution of complaints and
will comply with any advice given by DPAs;
Access to the human resource data of EU employees will be to a limited number of
users on a need-to-know basis.
Definitions
European Union: The European Union ("EU") consists of 27 member countries:
Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, France,
Finland, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, and United Kingdom.
Self-Certification to the Department of Commerce: EchoSpan must certify to the
U.S. Department of Commerce that it will abide by the U.S.-EU Safe Harbor
Principles and the U.S. Switzerland Safe Harbor Principles. EchoSpan must also
state annually in its published privacy policy statement that it adheres to the
Safe Harbor.
Sensitive Data: Sensitive data is data that pertains to racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade union
membership, income records, health, sexual orientation or alleged commission of
any offense. This data may not be transferred unless an individual gives
explicit consent.
Responsibilities
Questions regarding the transmission of human resource data from the European
Union (EU) or Switzerland to the United States or any other location, or any
further transmission of the personnel data once received in the United States,
should be referred to the EchoSpan Legal Department.
EchoSpan Legal Department
258 Madison Avenue
Decatur, GA 30030
That office is responsible for maintaining this document.
To
learn more about the Safe Harbor program, and to view EchoSpan�s
certification, please visit
http://www.export.gov/safeharbor/ .