Effective: October 4, 2020
IronScales Inc. (“IronScales”, “we” or “our”) has certified with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield with respect to the Personal Data (defined below) we receive and process from our Customers (defined below) or from IronScales Ltd. (“IronScales Ltd.”).
IronScales complies with the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union (“EU”), the United Kingdom (“UK”) and/or Switzerland (as applicable), to the United States. IronScales has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and our Privacy Shield certification will be available here. If there is any conflict between the terms in this notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
“Customer” means a prospective, current, or former customer, or client of IronScales and/or IronScales Ltd.
“Employee(s)” means prospective, current and former employees and job applicants of IronScales Ltd. who are located in EU.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
IronScales’s participation in the Privacy Shield applies to Personal Data subject to EU, UK and Swiss data protection law that (i) IronScales receives from IronScales Ltd. and/or (ii) IronScales collects and/or processes directly from Customers on behalf of IronScales Ltd. IronScales acts as a processor of the Personal Data we Process on behalf of the Customers.
3. PURPOSES OF DATA PROCESSINGS.
IronScales provides its Customers with an advanced anti-phishing threat protection platform, and is made available to its Customers on a software as a service (SaaS) basis (the “Service”). IronScales will only process Personal Data we receive from our Customers for the purpose of providing the Service to the respective Customer. In order to fulfill this purpose, we may also process Personal Data to correct and address technical or service problems, to follow instructions of our Customers who submitted the Personal Data, or in response to contractual requirements, to comply with applicable laws, regulations and orders from public authorities or courts, to exercise or defense of legal claims (whether in court proceedings or in an administrative or out-of-court procedures) or to respond to contractual requirements.
IronScales receives information from IronScales Ltd. concerning Employees. The purposes for which IronScales collects and uses Employees Personal Data to assess an individual as a candidate, and once you are an Employee for compensation, payroll, and benefit planning and administration (e.g. salary, tax withholding, tax equalization, awards, insurance and pension), workforce development, education, training, performance management, problem resolution (e.g., internal reviews, grievances), internal investigations, auditing, compliance, risk management and security purposes, Employee communications and as required or expressly authorized by laws or regulations applicable to IronScales’ business or by government agencies that oversee or regulate our business. Employee Personal Data may be shared with various third parties and third-party agents in the normal course of business.
4.ONWARD TRANSFERS OF PERSONAL DATA.
Subject to Section 6 below, we will not transfer Personal Data originating in the EU, UK and/or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We may transfer Personal Data to: (i) cloud service providers; and (ii) anti malware sub-processors, who need the information in order to provide services to, or perform activities on our behalf. In cases of onward transfer to third parties of Personal Data of EU and UK individuals received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, IronScales is potentially liable.
5.RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.
Data subjects and Employees have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data we have processed on behalf of one of the Customers, please contact email@example.com and provide your name and contact information, and observe the required formalities under applicable law
6.REQUIREMENT TO DISCLOSE
IronScales may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts public authorities, including to meet national security or law enforcement requirement.
7.PRIVACY SHIELD INDEPENDENT RECOURSE MECHANISM.
In compliance with the Privacy Shield Principles, IronScales commits to resolve complaints about our collection or use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact IronScales at: firstname.lastname@example.org or by postal mail sent to:
Attn: Privacy Shield Inquiry
3342 Acorn Falls Drive
Marietta, GA 30062
IronScales has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles to an alternative dispute resolution provider the United States Council for International Business (USCIB), which has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities. If you do not receive timely acknowledgment of your privacy related complaint, or if your privacy complaint is not satisfactorily addressed, or if your compliant concerns human resource data transferred from the EU, UK and Switzerland in the context of the employment relationship, you can contact the USCIB for further information. please visit https://www.uscib.org/dispute-resolution-ud-835/ for more information and to file a complaint.
8.U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.
IronScales is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles outlined in this notice.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.