“The solution screens and re-screens our records on a daily basis to ensure total compliance. We are very satisfied with Visual Compliance’s ability to handle a large volume of screenings and return the results right away.”
DIRECTOR OF COMPLIANCE,CRUISE LINE INDUSTRY
ECUSTOMS PRIVACY SHIELD POLICY
Descartes Visual Compliance (USA) LLC doing business as eCustoms (“eCustoms”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that eCustoms obtains from Customers located in the European Union and European Economic Arrangement and Switzerland to which Privacy Shield applies.
The Federal Trade Commission (FTC) has jurisdiction over eCustoms’ compliance with the Privacy Shield.
All eCustoms employees who handle Personal Data from EU and EEA countries and Switzerland are required to comply with the Principles stated in this Policy.
“Business Data” means data that is entered or uploaded for processing by Customer in order to carry out International Trade Compliance functions. Depending on the function selected, Business Data may include information about trading partners and other types of business contacts, products or trade transactions.
“Customer” means a company or other institution who has contracted with eCustoms to use the Services.
“Customer/User Information” means information about Customer or its employees, agents or other persons acting on behalf of Customer who are registered users of the Services or communicate with eCustoms in relation to Customer’s use of the Services.
“Customer Personnel” means employees, agents or other persons acting on behalf of Customer who are registered users of the Services or communicate with eCustoms in relation to Customer’s use of the Services.
“Data Subject” means an identified or identifiable natural living person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Europe” or “European” refers to a country in the European Union or European Economic Arrangement (EEA) that is be covered by the Privacy Shield program.
“Personal Data” as defined under the EU Regulation 2016/679 per 25 May 2018 (“GDPR”) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified , directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Services” means the SAAS software and related services provided by eCustoms.
“Third Party” means any individual or entity that is neither an eCustoms nor an eCustoms employee, agent, contractor, or representative.
This Policy applies to the processing of Personal Information that eCustoms receives in the United States concerning Customer Personnel who reside in the European Union (or EEA) or Switzerland. eCustoms provides products and services to businesses only.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
- eCustoms’ Role as an SAAS Software Service Provider
eCustoms provides a hosted SAAS software service that provides customers with a number of Export Compliance functions including but not limited to denied party screening and product classification. eCustoms also provides other related offerings to its Customers.
In providing the Service, eCustoms receives Business Data submitted for processing by the Service and Customer/User Data required to provide the Services and manage the business relationship between eCustoms and the Customer.
In receiving and processing the Business Data, eCustoms acts as a Data Processor, receiving, processing and storing any Personal Data it may contain only as directed by Customer.
- Responsibilities and Management
eCustoms has designated the Legal Department to oversee its information security program, including its compliance with the EU – US Privacy Shield and Swiss-US Privacy Shield programs. The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to:
eCustoms will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. eCustoms personnel will receive training, as applicable, to effectively implement this Policy.
- Renewal and Verification
eCustoms will renew its EU – US Privacy Shield and Swiss – US Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certifications or if it employs a different adequacy mechanism.
Prior to the re-certification, eCustoms will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Customer Contact are accurate and that the company has appropriately implemented these practices.
- Collection of Personal Data
eCustoms is a provider of SAAS software subscription services that help Customers manage International Trade Compliance. In using these Services, Customer Personnel may, on behalf of Customer enter or upload Business Data for processing and storage on the Service. This data may include Personal Information about Customer’s trade partners and other individuals or legal entities. When receiving, processing and storing Business Data, eCustoms is acting solely as a Data Processor and performs these actions only as directed by Customer. Business Data regarding individuals and entities that is processed and stored on the Service consists of names and addresses as well as other optional information, as determined by the Customer.
eCustoms provides the Services to companies who license the Services on a subscription basis. eCustoms collects Customer/User Data when Customer Personnel purchase Service subscriptions on behalf of Customer, set up user accounts, log-in to their account, complete surveys, request information or otherwise communicate with us. For example, eCustoms Customer Personnel may seek telephone or email support for the service or to manage their account.
The Customer/User Data that we collect may vary based on the types of interactions that Customer Personnel have with eCustoms. As a general matter, eCustoms collects the following types of Personal Data from its Customer Personnel: work contact information, including, a contact person’s name, work email address, work mailing address, work telephone number, title, and company name. In order to collect payment for Services, Customer company level credit card and/or bank account information may be collected.
When Customer Personnel use our services online, we will collect their IP address and browser type. We may associate IP address and browser type with a specific Customer.
- Use of Personal Data
Business Data entered or uploaded to the Services by Customer Personnel is used only to carry out the functions and processes initiated by Customer Personnel on behalf of Customer. For example, Customer Personnel may initiate screening of trade partners or other individuals for presence on US or international watch lists or process trade transactions such as imports or exports in which such individuals have participated.
eCustoms uses Personal Data that it collects directly from its Customer Personnel for the following business purposes, without limitation:
- maintaining and supporting its products, delivering and providing the requested products/services, and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to a Customer);
- Informing Customer of additional services that may be available or providing other informational communications;
- verifying identity (e.g., for online access to accounts);
- as requested by the Customer Personnel on behalf of Customer; and
- as otherwise required by law.
- Disclosures/Onward Transfer of Personal Data
eCustoms will not disclose Personal Data to a third party, except as stated below:
eCustoms may disclose Personal Data to subcontractors and third-party agents who assist eCustoms in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, eCustoms will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist eCustoms in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the Principles; and (c) notify eCustoms if the recipient is no longer able to provide the required protections. Upon notice, eCustoms will act promptly to stop and remediate unauthorized processing of Personal Date by a recipient. eCustoms will remain liable for onward transfers to its subcontractors and third-party agents.
eCustoms may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. If such a request involves Business Data being processed for a Customer, to the extent permitted, eCustoms will inform Customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
- Sensitive Data
eCustoms does not collect Sensitive Data.
- Data Security
eCustoms has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to eCustoms’ electronic information systems requires user authentication via password or similar means. eCustoms also employs access restrictions, limiting the scope of employees who have access to Personal Data. Further, eCustoms uses secure encryption technology to protect certain categories of personal data.
- Data Integrity and Purpose Limitation
Customer is responsible for a) limiting their collection of Business Data containing Personal Data to that which is necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes; b) ensuring that Personal Data they collect is accurate, complete, current and reliable for its intended uses; c) providing eCustoms with instructions for the processing of Personal Data consistent with such purposes. eCustoms will process Personal Data only in accordance with the customer’s or prospective customer’s instructions.
In the performance of Services, eCustoms will request only information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements (such as document retention standards), or to preserve or defend eCustoms’ legal rights.
eCustoms shall only process Customer/User Data in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, eCustoms shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
When eCustoms receives Business Data, it does so on Customer’s behalf. Customer is responsible for providing access to, or correction, amendment or deletion of Personal Data contained within Customer’s Business Data to their Data Subjects.
Customer Personnel have the right to know what Personal Data about them has been collected and stored and to ensure that such Personal Data is accurate and relevant for the purposes for which eCustoms collected it.
Upon reasonable request and as required by the Privacy Shield principles, eCustoms allows Customer Personnel access to their Personal Data, in order to correct or amend such data where inaccurate. Customer Personnel may edit their Personal Data by contacting eCustoms by phone or email. To request erasure of Personal Data, Customer Personnel should submit a written request to eCustoms.
When eCustoms receives and processes Business Data, it does so on Customer’s behalf. Customer is responsible for providing their Data Subjects with the ability to request limitation of the use or disclosure of their Personal Data. eCustoms will cooperate with Customers’ instructions regarding Data Subjects’ choices.
When required by the Privacy Shield, eCustoms will offer individuals the opportunity to opt out of (1) disclosures of Personal Information to a third party, or (2) our use of Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Customer may also opt out of any newsletters, product announcements or other informational communications.
- Enforcement and Dispute Resolution
In compliance with the EU – US Privacy Shield Principles and Swiss – US Privacy Shield Principles, eCustoms commits to resolve complaints about your privacy and our collection or use of your personal information. EU, EEA and Swiss individuals with questions or concerns about the use of their Personal Data should contact us at: .
If a Customer’s question or concern cannot be satisfied through this process eCustoms has further committed to refer unresolved privacy complaints under EU – US Privacy Shield or Swiss – US Privacy Shield to an independent dispute resolution mechanism operated by the ICDR/AAA.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by eCustoms, EU, EEA and Swiss individuals may bring a complaint before the ICDR/AAA Privacy Shield Program which is accessible at http://go.adr.org/privacyshield.html.
Finally, as a last resort and in limited situations, EU, EEA and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
- Changes to This Policy
eCustoms may revise this Policy at any time. If eCustoms decides to materially change this Policy, eCustoms will post the revised Policy at this location.