Safe Harbor Privacy PolicySPECTRUM Human Resource Systems Corporation |
|
SPECTRUM Human Resource Systems Corporation (“Spectrum”) has elected to self-certify to the Department of Commerce that it adheres to the Safe Harbor Privacy Principles and the Frequently Asked Questions (collectively, the “Safe Harbor Principles”) established by the U.S. Department of Commerce. Spectrum’s compliance under the Safe Harbor Principles assures our clients that transmit personal information from the European Union to Spectrum that Spectrum provides “adequate” privacy protection for covered data, as defined and required by the European Commission’s Directive on Data Protection. Spectrum performs software implementations, data conversions and other services for its clients. Spectrum also hosts human resource information systems in the United States for its hosted and subscription clients. Spectrum acts as a data processor and does not control or monitor its clients’ data. Spectrum’s clients determine which data elements are included in their human resource information systems and whether each data element is populated for employees in various countries. With the exception of performing data imports or as otherwise directed by its clients, Spectrum does not collect or enter data into its clients’ software systems. At the direction of its clients, Spectrum may transmit data to third parties for interface/integration purposes with third party software products. Any access to or use of client data by Spectrum is incidental to performing Spectrum’s contractual obligations to its clients as a processor.The Safe Harbor is based on the following seven Principles: 1. Notice. As a data processor for its clients, Spectrum does not inform individuals about the purposes for which their personal information is collected and used by its clients (the individuals’ employers). Spectrum relies on its clients to provide any required notices.
2. Choice. As a data processor for its clients, Spectrum does not offer individuals a choice regarding the purposes for which their personal information is collected and used by its clients (the individuals’ employers). Spectrum relies on its clients to provide and comply with any required options. 3. Onward Transfer. Spectrum occasionally transfers personal information to third parties that act as agents for its clients (with regard to interfaces/integrations with third party software products) or for Spectrum (with regard to software implementations). When Spectrum transfers personal information as described above, Spectrum either ascertains that the third party subscribes to the Safe Harbor Principles, is subject to the European Union’s Directive on Data Privacy or another adequacy finding, or enters into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the relevant Principles. 4. Security. Security is extremely important to Spectrum and our clients. Accordingly, Spectrum takes significant security precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Spectrum relies on its clients to establish in the software appropriate password requirements and user roles and levels of access. 5. Data Integrity. As a data processor for its clients, Spectrum does not typically collect, access or use the personal information provided by its clients. Spectrum relies on its clients (the individuals’ employers) to ensure that personal information is relevant for the purposes for which it is used, reliable for its intended use, accurate, complete and current. 6. Access. Personal information may be accessed only by authorized users at Spectrum and its clients. As a data processor for its clients, Spectrum believes that individuals should contact their employers to access and review personal information. The burden and expense for Spectrum to identify individuals and provide access for them to correct, amend or delete information would be disproportionate to the risks to the individuals’ privacy, and would possibly violate Spectrum’s contractual obligations to its clients. 7. Enforcement. Individuals who believe that Spectrum has violated the Safe Harbor Principles or this Safe Harbor Privacy Policy should send a written notice to Spectrum’s Chief Administrative Officer & General Counsel (707 Seventeenth Street, Suite 3800, Denver, Colorado 80202-3438, USA, jromley@spectrumhr.com, or fax to 303-592-3233). If your complaint is not adequately addressed by Spectrum, you may contact the appropriate European Data Authorities. Because Spectrum processes human resources data for its clients, Spectrum has agreed to cooperate with the European Data Authorities as its independent dispute resolution mechanism. Spectrum notifies and trains appropriate team members regarding its privacy policies and practices and the consequences for failing to comply with them. Spectrum and its outside auditors periodically review Spectrum’s policies and practices to determine its compliance. Spectrum reserves the right to change this Safe Harbor Privacy Policy at any time in accordance with the Safe Harbor Principles. 05/08/08 |