DUFL, Inc.: Privacy Shield Policy
DUFL, Inc. (“DUFL”) respect your privacy. DUFL has certified that it abides by the EU- U.S. Privacy Shield (“Privacy Shield”) principles as agreed between the U.S. Department of Commerce and the European Commission regarding the processing of Personal Data transferred from the European Economic Area (“EEA”) to the United States (“Privacy Shield Principles”). This Privacy Shield Policy (“Policy”) outlines our general policy and practices for implementing and complying with the Privacy Shield Principles for Personal Data, including the ways in which we collect, use and protect Personal Data.
For purposes of this Policy:
“Personnel” means any current, former or prospective employee of DUFL. For purposes of this Policy only, “Personnel” also includes any independent contractor of DUFL.
“Customer” means any current, former or prospective user of DUFL services.
“Personal Data” means any information, that (i) is transferred to DUFL in the U.S. from the EEA, (ii) is recorded in any form, (iii) relates to an identified or identifiable individual, and (iv) can be linked to that individual.
EU-US Privacy Shield
DUFL receives Personal Data: (i) in connection with DUFL’s client relationships including without limitation promotion and delivery of services, marketing and sales and client administration (such as contract negotiations and file maintenance); (ii) directly from individuals when, for example, they visit DUFL’s website and provide Personal Data to DUFL or contact DUFL through other media, such as email or telephone, (iii) directly from Personnel. From its website, DUFL receives contact and professional data, including name, title, employer, work address, telephone number, and email address. In connection with its’ services, DUFL may serve as a Data Processor to DUFL’s clients. In its capacity as a Data Processor, DUFL may receive Personal Data that is relevant to the services DUFL is providing.
DUFL obtains and processes Personal Data in connection with the provision of its services.
Please direct any inquiries or complaints regarding our compliance with the Principles to the point of contact listed in the “How to Contact DUFL” section below. If DUFL does not resolve your complaint, you may submit your complaint free of charge to the BBB EU Privacy Shield, an alternative dispute resolution provider based in the United States, as detailed in our “Recourse, Enforcement and Liability” section below.
DUFL may be required to disclose an individual’s Personal Data to comply with or respond to lawful requests made by public authorities, including: to meet national security or law enforcement requirements; to comply with governmental, professional and legal obligations or inquiries; carry out investigations and perform internal administrative activities.
DUFL is subject to the investigatory and enforcement powers of the FTC. If DUFL shares Personal Data with a third-party service provider that processes the data solely on DUFL’ behalf, then DUFL will be liable for that third party’s processing of Personal Data in violation of the Principles, unless DUFL can prove that it is not responsible for the event giving rise to the damage. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, DUFL is potentially liable.
DUFL may disclose Personal Data without offering an opportunity to opt out (i) to service providers the firm has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, (iv) when DUFL believes disclosure is necessary to prevent physical harm or financial loss, or (v) in connection with an investigation of suspected or actual illegal activity. DUFL also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, DUFL will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with DUFL’s privacy policies.
DUFL uses Personal Data only for the purposes indicated in this Policy unless it has a legal basis, such as consent, to use it for other purposes. Where required by law, DUFL obtains prior opt-in consent at the time of collection for the processing of Personal Data for marketing purposes.
Accountability for Onward Transfer of Personal Data
DUFL may share Personal Data with non-affiliated parties as indicated in the “Choice” section above. DUFL also may share Personal Data as specified in notices and other materials DUFL may provide to Personnel or others and in connection with DUFL’s services.
Except as permitted or required by applicable law, DUFL requires non-affiliated parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Principles.
DUFL takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of personal data.
Data Integrity & Purpose Limitation
DUFL takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, DUFL may rely on its Customers and clients and third parties using the services (with respect to Personal Data of individuals with whom DUFL does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the other individuals. Personnel and individuals (and clients or third parties, as appropriate) may contact DUFL as indicated in the “How to Contact DUFL” section below to request that DUFL update or correct relevant Personal Data.
DUFL acknowledges that individuals have the right to access the Personal Data DUFL maintains about them. DUFL also provides a reasonable opportunity for individuals to correct, amend or delete that information where it is inaccurate, as appropriate. DUFL may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. The right to access Personal Data also may be limited in some circumstances by local law requirements. If you would like to access, or seek to correct, amend, or delete inaccurate data, then please send an e-mail to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
In circumstances in which DUFL maintains Personal Data about individuals with whom DUFL does not have a direct relationship because DUFL obtained the data as a data processor, those clients and third parties are responsible for providing the relevant individuals with access to their Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, the relevant individuals should direct their questions to the appropriate party from which DUFL obtained the Personal Data. When an individual is unable to contact the appropriate party, or does not obtain a response, DUFL will provide reasonable assistance in forwarding the individual’s request to the appropriate party.
We strive to provide you with choices regarding the information you provide to us. If you do not want us to share your aggregated and de-identified information then you can opt-out of some or all of these practices by emailing DUFL at email@example.com.
Recourse, Enforcement and Liability
DUFL has established procedures for periodically verifying implementation of and compliance with the Principles. DUFL conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the firm’s privacy practices have been implemented as represented.
Attention: Legal Department
401 South Mill Avenue, Suite 201
Tempe, AZ 85281
DUFL has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
DUFL is subject to the investigatory and enforcement powers of the FTC.
In circumstances in which DUFL maintains Personal Data about individuals with whom DUFL does not have a direct relationship because DUFL obtained the data as a data processor for its clients or third parties using the claims management services, individuals may submit complaints concerning the processing of their Personal Data to the relevant client or third party, in accordance with the client’s or third party’s dispute resolution process. DUFL will participate in this process at the request of the client, third party or individual.
How to Contact DUFL
To contact DUFL with questions or concerns about this Policy or DUFL’s practices concerning Personal Data:
Attention: Legal Department
401 South Mill Avenue, Suite 201
Tempe, AZ 85281