Symplicity recognizes that the EU has established strict protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of the EU. To provide adequate protection for certain EU Personal Data relating to website visitors, customers, prospective customers, partners, vendors, third party suppliers and contractors that Symplicity receives in the U.S., Symplicity has elected to self-certify to the EU-U.S. Privacy Shield Framework administered by the U.S. Department of Commerce (“Privacy Shield”). Symplicity adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
For purposes of enforcing compliance with the Privacy Shield, Symplicity is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov.
Symplicity collects EU Personal Data (i) from individuals who visit our website and voluntarily provide their information, and (ii) from our customers, vendors, contractors and agents, including the following specific types of information:
Contact information, including name, address, email address and phone number Student records provided by Symplicity’s higher education customers Professional and employment information Financial information Identification information, including driver’s license and passport numbers
Symplicity collects, uses and processes EU Personal Data for the purposes of:
Providing information about our products, services and events Providing products, services and support to our customers Communicating with business partners, vendors, agents and contractors about business matters Analysis of information in order to improve business practices, products and services Conducting related tasks for legitimate business purposes Other purposes disclosed at the time of collection Compliance with legal requirements
Symplicity will only process EU Personal Data in ways that are compatible with the purpose for which Symplicity collected the EU Personal Data, or for purposes that the individual or entity providing the EU Personal Data later authorizes. Before we use your EU Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Symplicity maintains reasonable procedures to help ensure that EU Personal Data is reliable for its intended use, accurate, complete, and current.
We may collect, or our customers may provide to us when using Symplicity services, certain EU Personal Data that is regarded as “sensitive,” including data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life. When we directly collect sensitive EU Personal Data, we will obtain opt-in consent where the Privacy Shield requires, including if we disclose sensitive EU Personal Data to third parties, or before we use sensitive EU Personal Data for a different purpose than we collected it for or than the data subject later authorized.
Third Party Agents or Service Providers
We may transfer EU Personal Data to our third party agents or service providers that perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those third party agents and service providers requiring them to provide the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third party agents and service providers process EU Personal Data in accordance with our Privacy Shield obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third party agents or service providers that perform services on our behalf for their handling of EU Personal Data that we transfer to them.
In some cases, we may transfer EU Personal Data to unaffiliated third party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EU Personal Data to third party data controllers for the following purposes:
Sponsors and exhibitors at certain Symplicity events receive EU Personal Data about attendees, which the sponsors and exhibitors may use for their own promotional purposes. To facilitate provision of services to Symplicity customers, Symplicity may provide EU Personal Data to third party software and services companies whose products interact with Symplicity products and services in certain instances where an Symplicity customer is also a client of such third party.
We will only provide your EU Personal Data to third party data controllers where you have not opted-out of such disclosures. We enter into written contracts with any unaffiliated third party data controllers requiring them to provide the same level of protection for EU Personal Data that the Privacy Shield requires. We also limit their use of your EU Personal Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your EU Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EU Personal Data is protected with the same level of protection that the Privacy Shield requires.
Under certain circumstances, we may be required to disclose your EU Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.
Symplicity maintains reasonable and appropriate security measures to protect EU Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access the EU Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EU Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. If your EU Personal Data was provided to us by a Symplicity customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.
You can direct any questions or complaints about the use or disclosure of your EU Personal Data to us as noted below (Contact Us). We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU Personal Data within 45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint directly with Symplicity and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) at http://ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf.
If you have any questions about this Policy or would like to request access to your EU Personal Data, please contact us as follows:
Attn: Privacy Officer
3003 Washington Blvd. STE900
Arlington, VA 22201
+1 (703) 351-0200
FAX: +1 (703) 373-7032
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.
Effective Date: March 1, 2017