Safe Harbor
NICMAN LABS AND NICMAN GROUP SAFE HARBOR PRIVACY NOTICE
Nicman Group LLC and its wholly-owned subsidiaries located in the US (collectively “Nicman,” “our,” “we” or “us”) participate in the U.S.-EU Safe Harbor Framework and the U.S.- Swiss Safe Harbor Framework (“Safe Harbor”) as set forth by the U.S. Department of Commerce. Safe Harbor allows companies to self-certify with the U.S. Department of Commerce that they comply with several key privacy principles: Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement (the “Privacy Principles”). For companies that elect to self-certify, Safe Harbor allows transfers of data to the U.S. Nicman has certified that it adheres to the Privacy Principles with respect to personal information within the scope of this Safe Harbor Privacy Notice. To learn more about the Safe Harbor program, and to view Nicman certifications, please visit www.export.gov/safeharbor. This Safe Harbor Privacy Notice is supplemental to Nicman’s corporate Privacy Statement (available at www.nicmanlabs.com/privacy-policy).
DEFINED TERMS
Nicman wholly-owned subsidiaries means Nicman Group. Personal Information is information that can be used to personally identify, locate, or contact you as an individual, such as your name, address, telephone number, email address, credit card and other financial information, and similar information. In some jurisdictions it includes information that identifies a legal entity, such as a company. Services means hosting services, cloud computing and supplementary services, collectively.
SCOPE
This Safe Harbor Notice applies to Personal Information Nicman knowingly collects from individuals and legal entities who reside in the EU member countries, the EEA, and Switzerland, as well as Personal Information that Nicman receives from its subsidiaries located in the EU, EEA, and Switzerland. When Nicman collects Personal Information. Nicman may collect Personal Information about its prospective and existing customers, employees, vendors, service providers, channel partners and other persons located in the EU, EEA, and Switzerland. Nicman uses this information to: (i) provide the Services to its customers (these purposes may include any of the following: process service requests, negotiate contracts, handle orders, process payments, communicate with customers about orders, services, promotional offers and marketing to such businesses, providing customer support, manage customer relationships, developing and improving the services, fraud detection and prevention, compliance with governmental, legislative and regulatory bodies, and to investigate complaints about the use of the Services); (ii) manage relations with its vendors and service providers; (iii) carry out financial and other business operations; (iv) perform its own human resources functions; and (v) assist our affiliates located in the EU, EEA, and Switzerland in providing services to their customers, to manage vendor relations and contracts, to manage human resources functions, and their internal financial and other business operations.
PRIVACY PRINCIPLES
Nicman practices regarding the collection, storage, transfer, use, and other processing of Personal Information within the Scope of this Notice, follow the Privacy Principles and are further described below and in our Privacy Statement. When Nicman customers store, transmit or process personal information using the Services. When utilizing the Services, Nicman customers may process personal information controlled by them (“Customer Data”). Consistent with the Safe Harbor Privacy Framework, the extent to which we apply the Privacy Principles is limited when Nicman customers use the Services to process Customer Data. Nicman does not determine the Customer Data collected, stored, and transmitted by its customers using the Services and/or how Customer Data is classified, accessed, exchanged or otherwise processed. In these situations, it is Nicman’s customers rather than Nicman who decide the reasons for which the Customer Data will be processed. Nicman customers are solely responsible for complying with the Privacy Principles regarding Customer Data that have originated in the EU, EEA, and Switzerland. Nicman customers must use reasonable security precautions in connection with their use of the Services. Nicman customers are solely responsible for determining the suitability of the Services in light of the type of Customer Data processed and shall implement appropriate measures to protect personal information they control and process when using the Services. Nicman customers will remain responsible for compliance with applicable data protection principles and applicable local laws and regulations regarding the Customer Data. Nicman provides the Services at the direction of its customers and defines its obligations with respect to Customer Data in its agreements with its customers. Nicman also has in place an intercompany data processing agreement (in accordance with the standards of the EU Data Protection Directive).
1. Notice. As described in our Privacy Statement, Nicman will give you timely and appropriate notice describing what Personal Information we are collecting about you, how we will use it, and the types of third parties with whom we may share it. Generally, we provide this notice by posting our Privacy Statement, or by providing a specific privacy notice, at the point of collecting Personal Information.
2. Choice. When Nicman collects Personal Information directly from individuals within the EU, EEA, and Switzerland via its websites or other means, it will do so pursuant to its Privacy Statement and, to the extent it is applicable and required by the Safe Harbor Principles, offer such individuals the choice to opt-out of having their Personal Information disclosed to a third party not listed in our Privacy Statement or used for a purpose other than that for which it was collected originally.
3. Onward Transfer. When disclosing Personal Information to third-party service providers who perform functions on its behalf, Nicman takes appropriate measures to protect your privacy and the Personal Information it transfers as described in the Privacy Statement. In such event Personal Information will only be shared with third parties to the extent reasonably necessary for them to perform their services for Nicman, or when Nicman must comply with applicable law, and they will not be authorized to use it for any other purpose, unless you have consented to such disclosure.
4. Access. As described in our Privacy Statement, Nicman offers individuals from whom it directly collects information reasonable access to their Personal Information and will afford such individuals a reasonable opportunity to correct, amend, or delete inaccurate information. Such requests may be subject to a reasonable fee. If Nicman receives a request for access to Personal Information from its customers’ clients, Nicman will, for commercial and security reasons, inform the customer and coordinate such access through its customer who controls such Personal Information.
5. Security. As described in our Privacy Statement, we are committed to industry best practices when it comes to preventing loss, misuse, unauthorized access, disclosure, alteration, and destruction of the information we collect for our own business purposes. Our security practices regarding the Services are governed solely by our agreements with our customers and nothing contained in our Privacy Statement or this Safe Harbor Notice shall be construed to alter specific terms and conditions applicable to the Services. Our hosting services have been assessed by third party auditors in accordance with the ISO 27001 and SSAE 16 and ISAE 3402 compliance frameworks. The Nicman Description of Controls is available to our customers. Nicman customers will remain responsible for implementing appropriate security measures for any personal information processed when using the Services in accordance with data protection laws applicable to them. o In addition to the obligations stated in our terms of service or any agreements our customers sign with Nicman, customers who utilize the Services provided by Nicman are responsible for ensuring compliance with applicable data protection laws relative to the use of the Services and are responsible to implement security measures appropriate to the nature and volume of data stored on or transferred to the hosted system provided by Nicman. o Customers retain full administrative rights and control of the hosted system and are the system administrator on how the Customer Data is stored, classified or exchanged. Customers are processing the Customer Data on the hosted system remotely, have full access to log into the servers remotely, and may make changes to their hosted environment as needed, including but not limited to, uploading content, configuring software and security settings, adding or removing local users and changing passwords.
6. Data Integrity. If Nicman collects information directly from individuals within the EU, EEA, and Switzerland, it will, to the extent it is applicable and required by the Safe Harbor Principles, and in accordance with its Privacy Statement, take reasonable measures to verify that personal information it collects is relevant and reliable for its intended use, and that it is accurate, complete, and current.
7. Enforcement and Dispute Resolution. Nicman uses a self-assessment approach to assure compliance with this Safe Harbor Notice and its Privacy Statement, and periodically verifies that this Notice and the Privacy Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Privacy Principles. In compliance with the Privacy Principles, Nicman commits to resolve complaints about your privacy and its collection or use of your Personal Information. We encourage interested persons to raise any concerns using the contact information below and we will investigate and attempt to resolve any complaints and disputes regarding the collection, use, and disclosure of Personal Information in accordance with the Privacy Principles. Individuals based in the EU, EEA or Switzerland who have inquiries or complaints regarding this Safe Harbor Notice should first contact Nicman by email: privacy@nicmanlabs.com Nicman has further committed to refer unresolved privacy complaints under the U.S.-EU and U.S.-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureau. If you do not receive timely acknowledgment of your complaint, or if you feel that we have not satisfactorily addressed your complaint, you can visit the BBB EU SAFE HARBOR website at www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint. Please note that the BBB EU SAFE HARBOR cannot handle all privacy complaints, but only those related to alleged violations of the Safe Harbor Privacy Principles. If your personal information is collected and processed by a Nicman customer, we encourage you to reach out directly to the customer.
LIMITATIONS
As described above, Nicman’s adherence to the Privacy Principles may be limited by its role as a cloud hosting service provider (namely, when Nicman customers use the Services to process Customer Data), as well as any applicable legal, regulatory, ethical, or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation. In addition, Nicman reserves the right to disclose Personal Information reasonably related to the sale or disposition of all or part of its business.
NICMAN PRIVACY STATEMENT
Nicman maintains a global Privacy Statement governing the privacy of information collected by Nicman and its entities around the world through its websites and by other means, which can be viewed at www.nicmanlabs.com/privacy-policy.
MODIFICATION OF THIS SAFE HARBOR PRIVACY NOTICE
Nicman may amend this Safe Harbor Privacy Notice from time to time with or without notice in accordance with the Safe Harbor Principles. Any modified policy will be posted on our websites.
CONTACT INFORMATION
Questions, concerns, or complaints concerning the collection and subsequent use of Personal Information by Nicman pursuant to this Safe Harbor Privacy Notice should be directed to the following email: privacy@nicmanlabs.com
©2016 Nicman Labs & Nicman Group LLC