Symplicity recognizes that the EU, the United Kingdom and Switzerland established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EU, the United Kingdom and Switzerland, respectively. To provide adequate protection for certain Personal Data relating to website visitors, customers, prospective customers, partners, vendors, third party suppliers and contractors that Symplicity receives in the U.S., Symplicity has elected to self-certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce (“Privacy Shield”). Symplicity adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
For purposes of enforcing compliance with the Privacy Shield, Symplicity is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov.
Symplicity collects Personal Data (i) from individuals who visit our website and voluntarily provide their information, and (ii) from our customers, vendors, contractors and agents, including the following specific types of information:
Contact information, including name, address, email address and phone number Student records provided by Symplicity’s higher education customers Professional and employment information Financial information Identification information, including driver’s license and passport numbers
Symplicity collects, uses and processes Personal Data for the purposes of:
Providing information about our products, services and events Providing products, services and support to our customers Communicating with business partners, vendors, agents and contractors about business matters Analysis of information in order to improve business practices, products and services Conducting related tasks for legitimate business purposes Other purposes disclosed at the time of collection Compliance with legal requirements
Symplicity will only process Personal Data in ways that are compatible with the purpose for which Symplicity collected the Personal Data, or for purposes that the individual or entity providing the Personal Data later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Symplicity maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
We may collect, or our customers may provide to us when using Symplicity services, certain Personal Data that is regarded as “sensitive,” including data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life. When we directly collect sensitive Personal Data, we will obtain opt-in consent where the Privacy Shield requires, including if we disclose sensitive Personal Data to third parties, or before we use sensitive Personal Data for a different purpose than we collected it for or than the data subject later authorized.
Third Party Agents or Service Providers
We may transfer Personal Data to our third party agents or service providers that perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those third party agents and service providers requiring them to provide the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third party agents and service providers process Personal Data in accordance with our Privacy Shield obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.
In some cases, we may transfer Personal Data to unaffiliated third party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third party data controllers for the following purposes:
Sponsors and exhibitors at certain Symplicity events receive Personal Data about attendees, which the sponsors and exhibitors may use for their own promotional purposes. To facilitate provision of services to Symplicity customers, Symplicity may provide Personal Data to third party software and services companies whose products interact with Symplicity products and services in certain instances where an Symplicity customer is also a client of such third party.
We will only provide your Personal Data to third party data controllers where you have not opted-out of such disclosures. We enter into written contracts with any unaffiliated third party data controllers requiring them to provide the same level of protection for Personal Data that the Privacy Shield requires. We also limit their use of your Personal Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your Personal Data is protected with the same level of protection that the Privacy Shield requires.
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.
Symplicity maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. If your Personal Data was provided to us by a Symplicity customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.
In compliance with the Privacy Shield Principles, Symplicity commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Symplicity at firstname.lastname@example.org. Symplicity has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your Privacy Shield complaint from us, or if we have not addressed your Privacy Shield complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint directly with Symplicity and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) at http://ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf.
If you have any questions about this Policy or would like to request access to your Personal Data, please contact us as follows:
Attn: Privacy Officer
3003 Washington Blvd. STE900
Arlington, VA 22201
+1 (703) 351-0200
FAX: +1 (703) 373-7032
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.
Effective Date: April 5, 2018.