Privacy Shield Notice
Effective as of: January 9, 2019
Updated: January 5, 2021
COMPLIANCE WITH THE EU-U.S. AND SWISS-U.S. PRIVACY SHIELD FRAMEWORKS
When Blueback Global transfers personal information of clients’ personnel across national borders, we do so in compliance with applicable law. For our clients whose use of Blueback Global’s services results in the transfer of their personnel’s personal information from the EEA, the United Kingdom, or Switzerland to non-EEA countries, Blueback Global relies on Standard Contractual Clauses and adequacy decisions about certain countries, as applicable. Our contract with clients includes a Data Processing Agreement (“DPA”) that includes the Standard Contractual Clauses (“SCCs”).
Blueback Global Inc. has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (“EEA”), the United Kingdom, and Switzerland to the United States.
Although the EU-U.S. and Swiss-U.S. Privacy Shield have been ruled invalid for the transfer of data in July 2020, where personal information has already been transferred to the U.S. on the basis of the EU-U.S. or Swiss-U.S. Privacy Shield, we will continue to protect personal information from the EU, the United Kingdom, and Switzerland according to the standards of the Privacy Shield and applicable EU law. To learn more about the Privacy Shield program, or to view the certification for Blueback Global Inc., please see https://www.privacyshield.gov/.
With respect to personal information processed on behalf of our clients that have personnel residing in EEA, United Kingdom, and Switzerland, under EU privacy laws, as part of Blueback Global providing services to the business customer, this personal information of consumers may be transferred by outside of EEA, United Kingdom and Switzerland under SCC, as described above.
Scope. Our commitment to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework covers personal information collected from the EEA or Switzerland and transferred to the U.S., including Blueback Global users, Site visitors (including job applicants), service provider, and human resources data. Blueback employees please see the Internal Privacy Notice for more information on Privacy Shield as it relates to human resources data.
Choice. You also have the right to opt out of (i) disclosures of your personal information to third parties not identified at the time of collection or subsequently authorized and (ii) uses of personal information for purposes materially different from those disclosed at the time of collection or subsequently authorized. To exercise this right, please see the “Contact Us” section below.
Accountability for Onward Transfer. If we receive personal information subject to our certification under the Privacy Shield and then transfer such information to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if the agent processes such information in a manner inconsistent with the Privacy Shield except when we are not responsible for the event giving rise to the damage.
Security. We have taken reasonable steps to help protect the personal information we collect. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information in all circumstances. If you have any questions about the security of our Services, please contact us using the email address listed in “Contact Us” section below.
RECOURSE, ENFORCEMENT AND LIABILITY
Our Internal Recourse Mechanism. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints should first contact us at [email protected] or at the address listed in the “Contact Us” section below. We will respond to your request within a reasonable timeframe, but in no event less than forty-five (45) days after receipt of your complaint.
Independent Recourse Mechanism. If a complaint cannot be resolved through our internal process, we commit to cooperate with the panel established by the EU/EEA data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and will comply with the advice given by the DPAs with regard to personal information transferred from the EU/EEA and with the advice given by the FDPIC with regard to personal information transferred from Switzerland. Such individuals may direct complaints about their personal information to their respective DPA or the FDPIC (as applicable).
Binding Arbitration. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Regulatory Oversight. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
CHANGES TO THIS NOTICE
We may update this Notice to account for changes consistent with the requirements of the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks. Any changes we make to this Notice in the future will be posted on this page. The updated Notice will take effect as soon as it has been updated or otherwise communicated to you. We encourage you to review this Notice for updates each time you use our Services.
If you have questions about this Notice or our information handling practices, you can e-mail us at [email protected], or by mail at 21710 Stevens Creek Blvd., Suite 225, Cupertino, CA 95014.