The European Commission's Directive on Data Protection (October 1998) prohibits the transfer of Personal Data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. In order to bridge these different privacy approaches and provide a streamlined means for US organizations to comply with the Directive, the US Department of Commerce, in consultation with the European Commission, developed a "Safe Harbor" framework. The Safe Harbor—approved by the EU in July 2000—is a way for US companies to avoid experiencing difficulties with their dealings with the EU or potentially facing prosecution by EU authorities under European privacy laws.
3. Safe Harbor Privacy Statement
4. Compliance with Safe Harbor
The US Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the "adequacy standard" requirement under EU law that protection be given to Personal Data transferred from the EU to the US. Company commits to adhere to the privacy principles of the Safe Harbor Program administered by the U.S. Department of Commerce. Information on the Safe Harbor Program can be found at the program's website http://export.gov/safeharbor. Consistent with its commitment to protect personal privacy, Company adheres to the following Safe Harbor
4.2 The Information Collected and How it is Used
The following privacy principles apply to the collection, use, and disclosure of Personal Data by Company.
4.2.1 Web Related
4.2.2 Personal Data Submitted to Company
All personally identifiable information received by Company is voluntarily submitted by employees or by others on the employees' behalf with their explicit or implicit consent. Those providing the information may include individuals providing references; third parties responding to authorized background checks; workplace monitoring mechanisms; third parties sending email, mail or other deliveries to employees; other employees completing performance appraisals, and colleagues providing comments with respect to an employee's performance; where appropriate, from medical professionals; individuals conducting investigations in support of allegations of unlawful or inappropriate activity; and otherwise as required or permitted by law
4.2.3 Use of Personal Data by Company
The purposes for which we may use employee personal data it are specified in greater detail below in Appendix A.
5. Company Safe Harbor Privacy Principles
The privacy principles in this policy are based on the Safe Harbor Principles:
Where Company collects Personal Data directly from employees, it will inform them about the type of Personal Data collected, the purposes for which it collects and uses the "Personal Data," and the types of third parties to which Company discloses or may disclose that information, and the choices and means, if any, Company offers individuals for limiting the use and disclosure of their "Personal Data." Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Company, or as soon as practicable thereafter, and in any event before Company uses or discloses the information for a purpose other than that for which it was originally collected.
Company will offer individuals the opportunity to choose ("opt out") whether their Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For "Sensitive Personal Data," Company will give individuals the opportunity to affirmatively and explicitly consent ("opt in") to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company will provide individuals with reasonable mechanisms to exercise their choices.
5.3 Transfers to Vendor Partners
On occasion, Company will provide information stored on our servers to vendor partners, for the purpose of integrating with that vendor's product or service offerings, e.g., to providers of insurance products that Company employees have voluntary requested and agreed to purchase via payroll deduction. This integration is performed at the request of our vendor partner to further their business needs and to provide services or to improve those services. Data that is shared may include name, e-mail address, employee ID, address, Social Security Number, date of birth and other information; but Company only transmits to these vendors data that is essential to the fulfillment of the product or service that the employee has voluntarily agreed to purchase. Contractual agreements are made between Company and the vendor to whom the data is being transferred. Company's vendor partners are assumed to hold similar privacy standards as Company. If Company becomes aware that a vendor is using or disclosing Personal Data or "Sensitive Personal Data" in a manner that is improper or that is contrary to this Safe Harbor Policy, Company will take commercially reasonable measures to stop or prevent the use or disclosure of such data.
5.4 Access and Correction
Information that is stored about the users of Company's web site(s) is accessible and editable directly from within Company's intranet site(s). Company permits users to edit, correct, or delete any information that they feel is inaccurate or incomplete. Should an individual not be able to access or correct this information, the individual should contact the Payroll department at 757.989.2980 to obtain information about how to access and edit Personal Data or Sensitive Personal Data within the site.
5.5 Integrity of Data
Company will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Company will take commercially reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
5.6 Security of Information
Company will take all reasonable precautions to protect all "Personal" and "Sensitive Personal" data in its possession from unauthorized access, loss, or misuse. This includes, but is not limited to, the use of 128-bit encryption technology, regularly scheduled backups of data, secured storage of all Sensitive Personal information and access limitations and restrictions to the servers and computers that contain such data.
5.7 Enforcement of Policy
5.8 Resolution of Disputes
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to Company's Safe Harbor Officer at the address given below. Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy. For complaints that cannot be resolved between Company and the complainant, Company has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.
5.9 Limitations on Application
Company's adherence to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule, or regulation. Web sites created by Company may contain links to other Web sites. Please be aware that Company is not responsible for the privacy practices of these web sites. Company does not endorse them or make any representations about them or any information, services, products, or materials found on them. Users are strongly encouraged to read the privacy policies of any third-party sites accessed through links.
6. Contact Information
Questions, comments or concerns regarding the Safe Harbor Policy may be directed to: Build.com, Inc. John Allen Waldrop, III Assistant General Counsel 12500 Jefferson Avenue Newport News, VA 23602 Johnallen.firstname.lastname@example.org
The practices described in this Policy are current as of January 1, 2012. Company reserves the right to modify or amend this policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments. This policy may be changed periodically in accordance with the requirements of the Safe Harbor Principles. Changes to the Safe Harbor policy will be posted on Company's corporate web site-www.build.com-or concerned parties may request notification of updates via e-mail.
8. Effective Date
This policy takes effect on January 1, 2012.