EU-U.S. Privacy Shield Framework
Updated: November 2017
This Policy Addresses:
- A. Personal Information Collected
- B. Anaqua's Use of PII -- General
- C. Licensee's Use of PII -- Software
- D. Licensee's Use of PII -- Hosting Services
- E. Consulting Services
- F. Other Services
- G. Enhancement of the Customer Experience
- H. Information Disclosed to Third Parties
- I. On-Line Information
- J. Security Measures
- K. Links
- L. Policy Updates
- M. Security Breaches
- N. Contact Us
- O. EU-U.S. Privacy Shield Framework
A. Personal Information Collected
As a general principle, Anaqua limits the information collected about you to only what is needed for conducting our business, including the offering of products and services by us or by third parties that might be of interest to you. You may choose to provide “personally identifiable information” (PII) to Anaqua in a number of ways: in person, telephonically, by eMail or electronically via our websites. Examples of how you may share PII with us include: requesting a brochure or product information, issuing an RFP, ordering software or services from us, responding to Anaqua surveys, attending Anaqua-sponsored events or conferences, or applying for a job. We may also obtain PII from third parties (for example, credit agencies or background checks), but only if we have first obtained your permission.
General Examples of PII are:
- Name (including company name for business customers)
- E-mail address
- Credit card number, financial/bank account number or wire transfer information, including routing numbers and instructions
- Passwords or personal identification codes (PINs)
- Date of birth
- Social Security number or other government identification number
- Employee number
- Professional employment information
- Company contact information for business customers
Anaqua’s software products and services involve the management of intellectual assets such as patents, trademarks and trade secrets. When our Licensees subscribe to our products and services, they may collect additional information such as:
The following information is NOT PII:
- Mailing address, unless unlisted or restricted at your request
- Telephone number ,unless unlisted or restricted at your request
- IP Address allowing you to access our internet services
- PII included in aggregate data compiled by Anaqua
Anaqua may compile or aggregate PII from numerous customers or Web visitors to collect data about groups of customers or potential customers or categories of service. Anaqua does not consider this “aggregate” information as PII because the aggregated information does not contain the PII of any individual customer or Web visitor.
B. Anaqua's use of Personally Identifiable Information -- General
Anaqua uses PII to provide products and services to meet our customers' needs, including new products or services. Anaqua may share PII with any Anaqua-affiliated company, and these companies are subject to the terms of this Policy.
Anaqua uses employee PII to communicate with and manage our employees.
Anaqua retains PII only as long as is necessary for Anaqua to comply with business, tax and legal requirements. For customers and employees, this retention period is likely to be the entire time you are our customer or employee, depending on the type of PII.
Anaqua commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Anaqua does not:
- Collect PII from you unless you provide it to us in person, telephonically or electronically by visiting our websites, including information you provide in order to use our services.
- Sell the names and addresses of Anaqua Web visitors to unaffiliated suppliers without your prior approval.
- Allow third parties to change your PII, without complying with our security policies.
C. Licensees' use of Personally Identifiable Information -- Software
Anaqua’s licensees can use our Software products to collect PII from their employees, affiliates, law firms and agents. The collection, access, administration and storage of this PII is under the control of our licensees, with no involvement or access by Anaqua personnel. The only occasional exception to this statement is if a Client provides Anaqua personnel emergency access to their Anaqua software, usually for the purposes of diagnosing and fixing a software program error.
D. Licensees' use of Personally Identifiable Information -- Hosting Services
Anaqua Licensees contract with Anaqua to provide hosting services for their Anaqua software. When we do so, we always utilize a data center that is at least SSAE 16 compliant, and whose practices and infrastructure comply with the EU-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Anaqua participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Anaqua is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
Anaqua is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Anaqua complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Anaqua is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Anaqua may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
When Anaqua provides hosting services to our Licensees, Anaqua never collects personal information for or on behalf of our licensees. Our licensees have exclusive responsibility for collecting and storing PII in the Anaqua software that we host for them. Anaqua technical support employees may have occasional access to the Licensee-collected personal information. This access in incidental to the Anaqua employees' performance of their IT-related duties for the technical maintenance and backup of the hosting environment. Backups of Licensee’s data are always encrypted.
E. Consulting Services
F. Other Services
G. Enhancement of the Customer Experience
Because we appreciate the trust you have placed in us, we continually look for ways to enhance your customer experience, both on our web site and with our software products. We customarily host an annual user Conference, and obtain PII in connection with that event. From time-to-time, we may notify you about an Anaqua product or service using the information you have provided to us either in person, telephonically or electronically by visiting our websites, including information you provide to use our services. We strive to limit our offers to those we think you would benefit from and appreciate receiving. We want every contact you have with us to be a positive experience. If you prefer not to receive these Anaqua value-added services, offers and opportunities, just contact us at [email protected].
Anaqua complies with all applicable laws and regulations regarding “Do Not Call” Lists. Generally, Anaqua is allowed to contact its customers, even if the customers are registered with federal or state Do Not Call Lists, because of our relationship with you. Anaqua will, of course, honor any request to remove your name from our telephone, mail or e-mail solicitation lists and will delete your information from existing files within a reasonable time period. Just contact us at [email protected].
H. Information Disclosed to Third Parties
Anaqua does not sell PII of its customers to third parties. In limited circumstances, Anaqua may provide PII to third parties:
- To assist us in developing, promoting, establishing, maintaining and/or providing Anaqua-related products and services to you, including joint marketing efforts or promotions, but PII may not be used by the third parties for any other purpose;
- To assist us in establishing accounts, billing, collecting payment, enforcing the Terms and Conditions or the Acceptable Use Policy of our Anaqua services where permitted by law, and protecting or enforcing our rights or property or the services of our other customers from fraudulent, abusive, or unlawful use by you of our services;
- To comply, when required by law, with court or administrative orders, civil or criminal subpoenas, warrants from law enforcement agencies, federal or state regulatory requirements, mandatory governmental audits, E911 reporting requirements, grand jury investigations, civil or criminal governmental investigations or reporting required by the National Center for Missing and Exploited Children, designated by federal law as a reporting mechanism for child pornography; and
- To appropriate law enforcement, 911 centers or emergency services when Anaqua, in good faith, believes the disclosure is necessary to protect a person, Anaqua property or the public from an immediate threat of serious harm.
I. On-Line Information
J. Security Measures
Anaqua uses security techniques designed to protect your information from unauthorized access, including firewalls and access control procedures. We have security measures in place to protect against the loss, misuse and alteration of information under our control, or information that is processed by our software and under the control of our licensees. For example, when you use Anaqua software over the Internet, the information exchange between you and the Anaqua software is encrypted using the Secure Sockets Layer (SSL) protocol.
All Anaqua employees are bound by non-disclosure agreements designed to prevent them from disclosing any PII. Further, Anaqua’s employee guidelines state that Anaqua employees must abide by all state and federal laws and regulations in the performance of their job duties.
Our policies also limit access to PII to only those employees, contractors, agents or representatives that require the information to perform their jobs or assist Anaqua with providing products and services to you.
Further Anaqua complies with and is ISO 9000 certified.
L. Policy Updates
M. Security Breaches
While our goal is to prevent any unauthorized disclosure of PII, Anaqua cannot guarantee that an unauthorized disclosure will not occur. We will make reasonable efforts to contact you if we determine that security breach has occurred, and that there is a reasonable risk of identity theft or as otherwise required by law.
N. Contact Us
In compliance with the Privacy Shield Principles, Anaqua commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Anaqua at: 617 927-5820 or [email protected]; or write to us at Anaqua, Inc., ATTN: Privacy Officer, 31 St James Ave, Suite 1100, Boston, MA 02116 USA.
Anaqua has further committed to refer unresolved Privacy Shield complaints to TrustArc, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.trustarc.com/ for more information or to file a complaint. The services of TrustArc are provided at no cost to you.
If you have questions, concerns, or complaints about this Policy or Anaqua’s privacy practices, please contact an Anaqua customer care representative; email us at [email protected]; or write to us at Anaqua, Inc., ATTN: Privacy Officer, 31 St James Ave, Suite 1100, Boston, MA 02116 USA. We will respond to your inquiries in a timely manner.
O. EU-U.S. Privacy Shield Framework
Dispute Resolution. For complaints that cannot be resolved between Anaqua and the user, such disputes will be arbitrated by the American Arbitration Association.